Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/UgqNTs9EYIzgHDf_nlduiQ_k9vU.roa
File:                     UgqNTs9EYIzgHDf_nlduiQ_k9vU.roa (raw, json)
Hash identifier:          Sr5tFptwHA+aEITDwh3TqNnJ6rwvEMDEzuvpALs2Kgo=
Subject key identifier:   52:0A:8D:4E:CF:44:60:8C:E0:1C:37:FF:9E:57:6E:89:0F:E4:F6:F5
Certificate issuer:       /CN=d5637692ff5c45486d1053b149dc1420026cd733
Certificate serial:       018EEAE0D1C044720A8FB0E16881EA339C9E
Authority key identifier: D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/UgqNTs9EYIzgHDf_nlduiQ_k9vU.roa
Signing time:             Wed 17 Apr 2024 07:06:26 +0000
ROA not before:           Wed 17 Apr 2024 07:06:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        80.246.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 06:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ea:e0:d1:c0:44:72:0a:8f:b0:e1:68:81:ea:33:9c:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5637692ff5c45486d1053b149dc1420026cd733
        Validity
            Not Before: Apr 17 07:06:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=520a8d4ecf44608ce01c37ff9e576e890fe4f6f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:47:fe:dc:95:ae:ad:12:21:d0:18:09:6a:0b:
                    f9:ea:02:33:4d:c4:8e:f0:5f:a7:e6:89:fe:b3:26:
                    f7:ce:8d:06:6e:14:c7:1a:91:7c:e1:a2:48:06:79:
                    08:ff:14:45:a7:6e:37:12:fe:2f:2d:f3:96:c3:41:
                    f0:12:3c:6b:32:7e:98:f7:57:e7:4d:c3:7c:fe:a9:
                    df:d6:45:78:1a:1d:2c:fe:df:ec:30:78:c6:1d:69:
                    95:3e:28:b0:37:2c:0a:5d:33:77:7a:1d:97:61:e7:
                    a0:63:95:9e:03:d6:a2:10:05:4b:08:c2:71:1f:28:
                    27:ee:89:b2:e8:e6:42:99:27:fb:0a:39:32:2c:6a:
                    3b:1a:0a:14:8f:a2:e9:41:03:bd:ed:7c:d3:52:83:
                    14:49:14:25:62:2b:3e:a0:a0:4f:b9:ed:ff:e8:56:
                    45:5b:41:9d:d8:6c:60:86:9e:f9:22:14:4d:5a:54:
                    ba:40:35:1a:73:a2:1e:fd:9a:4f:a7:ab:67:3e:0e:
                    3a:b3:b5:60:73:85:5b:09:93:14:08:5d:5f:22:c2:
                    0e:fe:85:d6:7d:9c:2e:8e:4f:1d:7c:1f:a8:84:1b:
                    6f:d5:68:e5:b1:f4:99:35:ff:3a:39:55:54:e3:c9:
                    ad:99:3a:cc:f3:87:a7:34:e6:1b:76:17:fc:0b:bd:
                    25:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:0A:8D:4E:CF:44:60:8C:E0:1C:37:FF:9E:57:6E:89:0F:E4:F6:F5
            X509v3 Authority Key Identifier:
                keyid:D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/UgqNTs9EYIzgHDf_nlduiQ_k9vU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.246.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:bb:a5:a1:df:0e:4c:87:da:42:8d:61:d1:08:63:d0:1d:90:
         b2:8e:2d:5d:e9:a5:a8:73:b8:b2:bc:c8:03:4f:5e:19:0b:06:
         24:53:e6:c1:15:ae:e2:7f:65:8d:2b:77:9a:d0:a2:1b:48:94:
         d5:89:6c:aa:d1:2f:25:03:bc:0b:9f:3f:b9:5c:cd:8f:90:9d:
         f0:7d:bd:aa:81:f7:f0:ee:e3:83:a1:01:63:35:c0:61:51:78:
         67:4f:4a:49:9e:15:b4:9d:6e:f3:4f:bb:c6:67:6b:68:04:bf:
         8d:25:22:e4:2a:ca:ed:31:5d:34:bb:01:9b:8e:79:5d:87:51:
         3f:b1:b5:02:11:ba:70:39:54:c9:64:2d:59:22:0b:63:04:7c:
         67:f7:73:94:62:f0:60:ab:5f:71:88:05:96:3a:a7:63:4b:68:
         59:2d:47:52:d5:c6:cb:a0:08:e9:79:c5:3c:80:31:f6:08:24:
         20:d2:94:35:f9:38:69:66:93:be:fb:2b:09:98:f8:06:77:53:
         95:25:a3:90:ed:2c:ea:45:24:44:36:6d:ed:fb:c8:75:8e:03:
         8b:05:64:ff:6f:95:d3:99:3d:0c:35:5f:72:b2:44:f9:23:39:
         51:58:0b:43:e7:42:e0:06:b3:dc:1f:e2:11:0b:04:9a:62:44:
         7f:46:d2:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7q4NHARHIKj7DhaIHqM5yeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjM3NjkyZmY1YzQ1NDg2ZDEwNTNiMTQ5ZGMxNDIwMDI2
Y2Q3MzMwHhcNMjQwNDE3MDcwNjI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjBhOGQ0ZWNmNDQ2MDhjZTAxYzM3ZmY5ZTU3NmU4OTBmZTRmNmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0f+3JWurRIh0BgJagv56gIzTcSO
8F+n5on+syb3zo0GbhTHGpF84aJIBnkI/xRFp243Ev4vLfOWw0HwEjxrMn6Y91fn
TcN8/qnf1kV4Gh0s/t/sMHjGHWmVPiiwNywKXTN3eh2XYeegY5WeA9aiEAVLCMJx
Hygn7omy6OZCmSf7CjkyLGo7GgoUj6LpQQO97XzTUoMUSRQlYis+oKBPue3/6FZF
W0Gd2Gxghp75IhRNWlS6QDUac6Ie/ZpPp6tnPg46s7Vgc4VbCZMUCF1fIsIO/oXW
fZwujk8dfB+ohBtv1WjlsfSZNf86OVVU48mtmTrM84enNOYbdhf8C70l1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFIKjU7PRGCM4Bw3/55XbokP5Pb1MB8GA1UdIwQY
MBaAFNVjdpL/XEVIbRBTsUncFCACbNczMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDkt
YWRlYWRlMjg2NWMxLzEvVWdxTlRzOUVZSXpnSERmX25sZHVpUV9rOXZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDktYWRlYWRlMjg2NWMx
LzEvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPbmMA0G
CSqGSIb3DQEBCwUAA4IBAQAQu6Wh3w5Mh9pCjWHRCGPQHZCyji1d6aWoc7iyvMgD
T14ZCwYkU+bBFa7if2WNK3ea0KIbSJTViWyq0S8lA7wLnz+5XM2PkJ3wfb2qgffw
7uODoQFjNcBhUXhnT0pJnhW0nW7zT7vGZ2toBL+NJSLkKsrtMV00uwGbjnldh1E/
sbUCEbpwOVTJZC1ZIgtjBHxn93OUYvBgq19xiAWWOqdjS2hZLUdS1cbLoAjpecU8
gDH2CCQg0pQ1+ThpZpO++ysJmPgGd1OVJaOQ7SzqRSRENm3t+8h1jgOLBWT/b5XT
mT0MNV9yskT5IzlRWAtD50LgBrPcH+IRCwSaYkR/RtJ6
-----END CERTIFICATE-----