Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/b9e6df-da8f-4491-8fe4-5245b135221b/1/ADQP9eb0sJNTO5TKDJg5Hf3lwO4.roa
File:                     ADQP9eb0sJNTO5TKDJg5Hf3lwO4.roa (raw, json)
Hash identifier:          s8eo+e5rTcDypvfHU7bpTDYeNlZnc2+W87V01eOJvDA=
Subject key identifier:   00:34:0F:F5:E6:F4:B0:93:53:3B:94:CA:0C:98:39:1D:FD:E5:C0:EE
Certificate issuer:       /CN=28851c6fc6eb3816e116c8a4a851d0d178c90f31
Certificate serial:       018CC9B88C7CBF859D376A09E6FFF16A02DB
Authority key identifier: 28:85:1C:6F:C6:EB:38:16:E1:16:C8:A4:A8:51:D0:D1:78:C9:0F:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KIUcb8brOBbhFsikqFHQ0XjJDzE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/b9e6df-da8f-4491-8fe4-5245b135221b/1/ADQP9eb0sJNTO5TKDJg5Hf3lwO4.roa
Signing time:             Tue 02 Jan 2024 10:29:24 +0000
ROA not before:           Tue 02 Jan 2024 10:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6939
IP address blocks:        188.241.145.0/24 maxlen: 24
                          2a00:a900:7afe::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/b9e6df-da8f-4491-8fe4-5245b135221b/1/KIUcb8brOBbhFsikqFHQ0XjJDzE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/b9e6df-da8f-4491-8fe4-5245b135221b/1/KIUcb8brOBbhFsikqFHQ0XjJDzE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KIUcb8brOBbhFsikqFHQ0XjJDzE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 02:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:b8:8c:7c:bf:85:9d:37:6a:09:e6:ff:f1:6a:02:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28851c6fc6eb3816e116c8a4a851d0d178c90f31
        Validity
            Not Before: Jan  2 10:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00340ff5e6f4b093533b94ca0c98391dfde5c0ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:86:e1:74:1a:1f:45:47:52:95:7b:fc:b7:ae:
                    ba:bb:f6:c9:76:fd:7f:05:fc:49:d5:bc:ff:90:8d:
                    fb:a3:b2:ff:9b:05:db:6d:57:57:84:52:b6:3f:d9:
                    61:0e:25:02:1c:52:ed:c0:44:fb:4d:3b:93:d3:b9:
                    ca:af:b2:c5:4d:f8:c7:f1:b8:eb:2a:23:0e:1a:61:
                    d3:94:2f:0e:fe:6c:cf:61:a1:b6:b5:75:06:f7:7e:
                    34:3c:9d:a3:48:04:b5:8e:7a:9b:59:df:5b:38:eb:
                    f3:41:ae:4b:98:32:5c:3c:00:a1:e4:8b:0e:00:03:
                    28:3b:73:e5:08:4f:f4:bb:86:86:8f:7c:40:e5:3f:
                    cd:fa:2d:95:7f:59:26:de:39:41:0d:81:84:99:8a:
                    a1:7d:cf:9f:e5:cf:2b:1a:6d:84:f2:c7:86:96:31:
                    50:77:cc:49:4b:67:92:57:8e:80:ed:0a:4a:93:37:
                    9c:d2:e4:75:f5:cd:fe:a0:77:c1:60:5d:18:88:ff:
                    50:cc:9b:e1:c8:bc:bd:c1:54:06:09:d4:a1:85:5f:
                    aa:46:0b:b9:1d:96:59:73:03:af:34:2c:d5:83:d8:
                    0c:b1:01:41:2d:f2:cf:73:ee:83:97:9c:7c:38:07:
                    31:c1:77:d0:31:57:11:4a:49:dc:42:ba:f8:15:0d:
                    b3:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:34:0F:F5:E6:F4:B0:93:53:3B:94:CA:0C:98:39:1D:FD:E5:C0:EE
            X509v3 Authority Key Identifier:
                keyid:28:85:1C:6F:C6:EB:38:16:E1:16:C8:A4:A8:51:D0:D1:78:C9:0F:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KIUcb8brOBbhFsikqFHQ0XjJDzE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/b9e6df-da8f-4491-8fe4-5245b135221b/1/ADQP9eb0sJNTO5TKDJg5Hf3lwO4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/b9e6df-da8f-4491-8fe4-5245b135221b/1/KIUcb8brOBbhFsikqFHQ0XjJDzE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.241.145.0/24
                IPv6:
                  2a00:a900:7afe::/48

    Signature Algorithm: sha256WithRSAEncryption
         86:22:38:7a:c0:06:c2:78:33:aa:67:d9:84:8c:18:ce:90:ef:
         5a:45:25:6d:04:f7:8c:5c:40:d5:12:43:dd:77:4f:0b:80:8f:
         19:b3:00:41:88:c6:55:92:3b:f8:95:04:90:44:80:a2:3f:9e:
         18:e1:4e:f9:c1:73:5b:69:65:89:63:d4:ea:97:e0:ed:00:f9:
         61:3a:4d:93:ea:9a:96:b8:dd:34:14:a0:17:36:49:e6:30:da:
         e9:13:c7:a0:6d:c7:5a:07:4f:c4:16:93:98:7f:ed:fc:d1:79:
         54:c3:ee:8f:8b:3c:63:2f:a9:78:92:ed:33:f7:4e:db:16:ab:
         39:71:62:e9:02:20:d1:6e:d9:ac:e4:38:88:30:30:99:e9:38:
         75:e4:c1:74:41:9b:60:cc:a0:a2:c7:93:85:50:32:84:2c:3a:
         96:93:ee:82:61:81:82:89:c5:c3:45:b9:7f:37:7e:35:31:78:
         20:3f:29:b7:fe:e3:f7:46:32:92:a9:75:b5:c2:b7:5d:28:11:
         b9:e8:a0:fe:76:81:52:ee:7f:8c:49:59:ab:d5:b5:b5:ea:ed:
         51:e0:46:3d:8f:1c:ef:25:8c:4a:c4:9c:be:09:63:d8:29:f9:
         78:ce:a4:c2:83:2c:1c:18:61:13:7c:ae:f1:5c:26:b6:24:9c:
         e4:e1:8d:d5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJuIx8v4WdN2oJ5v/xagLbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4ODUxYzZmYzZlYjM4MTZlMTE2YzhhNGE4NTFkMGQxNzhj
OTBmMzEwHhcNMjQwMTAyMTAyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDM0MGZmNWU2ZjRiMDkzNTMzYjk0Y2EwYzk4MzkxZGZkZTVjMGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4bhdBofRUdSlXv8t666u/bJdv1/
BfxJ1bz/kI37o7L/mwXbbVdXhFK2P9lhDiUCHFLtwET7TTuT07nKr7LFTfjH8bjr
KiMOGmHTlC8O/mzPYaG2tXUG9340PJ2jSAS1jnqbWd9bOOvzQa5LmDJcPACh5IsO
AAMoO3PlCE/0u4aGj3xA5T/N+i2Vf1km3jlBDYGEmYqhfc+f5c8rGm2E8seGljFQ
d8xJS2eSV46A7QpKkzec0uR19c3+oHfBYF0YiP9QzJvhyLy9wVQGCdShhV+qRgu5
HZZZcwOvNCzVg9gMsQFBLfLPc+6Dl5x8OAcxwXfQMVcRSkncQrr4FQ2zMwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAA0D/Xm9LCTUzuUygyYOR395cDuMB8GA1UdIwQY
MBaAFCiFHG/G6zgW4RbIpKhR0NF4yQ8xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0lVY2I4YnJPQmJoRnNpa3FGSFEwWGpKRHpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9iOWU2ZGYtZGE4Zi00NDkxLThmZTQt
NTI0NWIxMzUyMjFiLzEvQURRUDllYjBzSk5UTzVUS0RKZzVIZjNsd080LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9iOWU2ZGYtZGE4Zi00NDkxLThmZTQtNTI0NWIxMzUyMjFi
LzEvS0lVY2I4YnJPQmJoRnNpa3FGSFEwWGpKRHpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAvPGRMA8E
AgACMAkDBwAqAKkAev4wDQYJKoZIhvcNAQELBQADggEBAIYiOHrABsJ4M6pn2YSM
GM6Q71pFJW0E94xcQNUSQ913TwuAjxmzAEGIxlWSO/iVBJBEgKI/nhjhTvnBc1tp
ZYlj1OqX4O0A+WE6TZPqmpa43TQUoBc2SeYw2ukTx6Btx1oHT8QWk5h/7fzReVTD
7o+LPGMvqXiS7TP3TtsWqzlxYukCINFu2azkOIgwMJnpOHXkwXRBm2DMoKLHk4VQ
MoQsOpaT7oJhgYKJxcNFuX83fjUxeCA/Kbf+4/dGMpKpdbXCt10oEbnooP52gVLu
f4xJWavVtbXq7VHgRj2PHO8ljErEnL4JY9gp+XjOpMKDLBwYYRN8rvFcJrYknOTh
jdU=
-----END CERTIFICATE-----