Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/f6dc57-8268-4661-991c-84c3d302cf04/1/jenhggasWhyh2nSRrVpwU8pezDA.roa
File:                     jenhggasWhyh2nSRrVpwU8pezDA.roa (raw, json)
Hash identifier:          AtLTszahnR8leNsulaDhupa0opCkAkBgSZ94YkReS2A=
Subject key identifier:   8D:E9:E1:82:06:AC:5A:1C:A1:DA:74:91:AD:5A:70:53:CA:5E:CC:30
Certificate issuer:       /CN=6ec92c898695e40198b9d92b681b9b954ebfaebb
Certificate serial:       018CC64B0B46C13A941426F7E81B8DEA0CD6
Authority key identifier: 6E:C9:2C:89:86:95:E4:01:98:B9:D9:2B:68:1B:9B:95:4E:BF:AE:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bsksiYaV5AGYudkraBublU6_rrs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/f6dc57-8268-4661-991c-84c3d302cf04/1/jenhggasWhyh2nSRrVpwU8pezDA.roa
Signing time:             Mon 01 Jan 2024 18:30:55 +0000
ROA not before:           Mon 01 Jan 2024 18:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41311
IP address blocks:        89.249.128.0/21 maxlen: 24
                          89.249.136.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/f6dc57-8268-4661-991c-84c3d302cf04/1/bsksiYaV5AGYudkraBublU6_rrs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/f6dc57-8268-4661-991c-84c3d302cf04/1/bsksiYaV5AGYudkraBublU6_rrs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bsksiYaV5AGYudkraBublU6_rrs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:03:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:0b:46:c1:3a:94:14:26:f7:e8:1b:8d:ea:0c:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ec92c898695e40198b9d92b681b9b954ebfaebb
        Validity
            Not Before: Jan  1 18:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8de9e18206ac5a1ca1da7491ad5a7053ca5ecc30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:e9:70:68:a8:0b:28:f2:a8:e8:70:5c:94:68:
                    87:8e:9e:03:7e:3d:4e:be:47:9e:aa:8b:49:a3:93:
                    93:87:2e:b0:a5:c3:97:2c:97:68:66:a6:d1:50:14:
                    b1:0e:1c:f0:1d:46:5b:a9:6c:43:1a:45:a9:3c:f7:
                    12:15:79:62:fd:03:fd:c5:32:07:78:8a:8f:c6:f4:
                    c5:5d:d9:eb:5c:c4:e4:50:5e:5b:ab:0f:da:22:a4:
                    e3:bd:ca:87:d9:60:7a:0e:6c:a2:66:74:79:86:d3:
                    43:20:a2:bd:b2:4d:f0:aa:73:b1:fc:9d:11:f2:a3:
                    ff:f8:66:65:f7:dd:3b:8b:aa:19:14:ba:9b:86:6a:
                    26:d0:f8:64:1b:5e:f8:bf:98:12:76:b7:3b:1d:4c:
                    ea:65:6b:21:a9:1f:73:48:e6:c0:df:f9:e6:2d:27:
                    44:08:9d:6a:8f:04:73:47:dc:78:b8:e0:9b:c3:28:
                    21:17:d0:a0:74:8b:a2:6a:5c:ab:6e:d8:26:b8:20:
                    e4:7e:e7:89:c0:0a:a7:0c:0c:b5:60:b6:96:8c:04:
                    d6:99:5b:12:9f:a4:93:b6:b2:a2:81:91:35:05:bc:
                    82:f0:ea:33:db:19:7f:45:6e:ba:0c:70:bd:71:cc:
                    d4:cc:06:14:bf:5c:f6:d9:92:08:06:f1:2d:ea:bd:
                    b7:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:E9:E1:82:06:AC:5A:1C:A1:DA:74:91:AD:5A:70:53:CA:5E:CC:30
            X509v3 Authority Key Identifier:
                keyid:6E:C9:2C:89:86:95:E4:01:98:B9:D9:2B:68:1B:9B:95:4E:BF:AE:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bsksiYaV5AGYudkraBublU6_rrs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/f6dc57-8268-4661-991c-84c3d302cf04/1/jenhggasWhyh2nSRrVpwU8pezDA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/f6dc57-8268-4661-991c-84c3d302cf04/1/bsksiYaV5AGYudkraBublU6_rrs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.249.128.0-89.249.137.255

    Signature Algorithm: sha256WithRSAEncryption
         43:47:a1:03:cd:75:da:49:46:00:5b:49:4b:14:2c:3f:12:12:
         a7:24:a9:9b:bb:94:71:fd:78:2e:d3:c9:b5:8e:62:52:3d:54:
         ee:46:b0:95:01:3f:a1:0e:f9:41:a3:0c:6d:19:90:5b:98:21:
         1c:7e:10:58:46:db:27:ac:14:f0:a6:fc:c6:eb:6e:59:16:c4:
         41:3d:4a:33:d8:16:f3:97:12:14:f8:a1:46:ab:ff:6c:17:05:
         77:f7:ee:c9:51:4d:c9:37:4e:78:fa:ae:9a:29:c8:7b:02:14:
         13:20:7a:a5:8c:6d:b4:27:66:64:9c:58:0c:c9:01:20:ce:1d:
         bb:12:91:a6:59:36:62:d4:32:18:8e:9e:d6:55:bc:ee:53:5e:
         ba:ce:2a:13:9d:64:6e:07:86:62:07:f7:67:4b:84:64:0e:51:
         1d:60:5c:f7:f6:e6:28:16:65:9b:1f:f6:33:c6:7d:56:8d:ed:
         23:74:29:9c:a9:7f:13:0d:90:7f:57:c4:a7:18:02:af:c8:14:
         1a:0d:15:2e:23:05:ee:53:0e:c7:57:7b:3b:bc:09:11:9c:57:
         de:00:9c:fd:c3:5f:2d:55:8b:5b:07:24:54:41:c0:d7:28:00:
         a2:f6:b1:85:cf:67:cc:41:c4:f9:9d:b6:f8:c2:34:9b:dc:bc:
         77:05:47:5e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzGSwtGwTqUFCb36BuN6gzWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlYzkyYzg5ODY5NWU0MDE5OGI5ZDkyYjY4MWI5Yjk1NGVi
ZmFlYmIwHhcNMjQwMTAxMTgzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGU5ZTE4MjA2YWM1YTFjYTFkYTc0OTFhZDVhNzA1M2NhNWVjYzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgelwaKgLKPKo6HBclGiHjp4Dfj1O
vkeeqotJo5OThy6wpcOXLJdoZqbRUBSxDhzwHUZbqWxDGkWpPPcSFXli/QP9xTIH
eIqPxvTFXdnrXMTkUF5bqw/aIqTjvcqH2WB6DmyiZnR5htNDIKK9sk3wqnOx/J0R
8qP/+GZl9907i6oZFLqbhmom0PhkG174v5gSdrc7HUzqZWshqR9zSObA3/nmLSdE
CJ1qjwRzR9x4uOCbwyghF9CgdIuialyrbtgmuCDkfueJwAqnDAy1YLaWjATWmVsS
n6STtrKigZE1BbyC8Ooz2xl/RW66DHC9cczUzAYUv1z22ZIIBvEt6r23QQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFI3p4YIGrFocodp0ka1acFPKXswwMB8GA1UdIwQY
MBaAFG7JLImGleQBmLnZK2gbm5VOv667MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnNrc2lZYVY1QUdZdWRrcmFCdWJsVTZfcnJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9mNmRjNTctODI2OC00NjYxLTk5MWMt
ODRjM2QzMDJjZjA0LzEvamVuaGdnYXNXaHloMm5TUnJWcHdVOHBlekRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9mNmRjNTctODI2OC00NjYxLTk5MWMtODRjM2QzMDJjZjA0
LzEvYnNrc2lZYVY1QUdZdWRrcmFCdWJsVTZfcnJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAdZ+YAD
BAFZ+YgwDQYJKoZIhvcNAQELBQADggEBAENHoQPNddpJRgBbSUsULD8SEqckqZu7
lHH9eC7TybWOYlI9VO5GsJUBP6EO+UGjDG0ZkFuYIRx+EFhG2yesFPCm/MbrblkW
xEE9SjPYFvOXEhT4oUar/2wXBXf37slRTck3Tnj6rpopyHsCFBMgeqWMbbQnZmSc
WAzJASDOHbsSkaZZNmLUMhiOntZVvO5TXrrOKhOdZG4HhmIH92dLhGQOUR1gXPf2
5igWZZsf9jPGfVaN7SN0KZypfxMNkH9XxKcYAq/IFBoNFS4jBe5TDsdXezu8CRGc
V94AnP3DXy1Vi1sHJFRBwNcoAKL2sYXPZ8xBxPmdtvjCNJvcvHcFR14=
-----END CERTIFICATE-----