Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/eInf5Hn580mlhAso59YfL_FHhFw.roa
File:                     eInf5Hn580mlhAso59YfL_FHhFw.roa (raw, json)
Hash identifier:          LozBuu8ONKJu/NtypjcsahXo9axdHWollZICyK7VRbY=
Subject key identifier:   78:89:DF:E4:79:F9:F3:49:A5:84:0B:28:E7:D6:1F:2F:F1:47:84:5C
Certificate issuer:       /CN=d5637692ff5c45486d1053b149dc1420026cd733
Certificate serial:       0192B2D7254DE1F7EAA64345AD708E4FB297
Authority key identifier: D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/eInf5Hn580mlhAso59YfL_FHhFw.roa
Signing time:             Tue 22 Oct 2024 06:08:17 +0000
ROA not before:           Tue 22 Oct 2024 06:08:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        80.246.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b2:d7:25:4d:e1:f7:ea:a6:43:45:ad:70:8e:4f:b2:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5637692ff5c45486d1053b149dc1420026cd733
        Validity
            Not Before: Oct 22 06:08:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7889dfe479f9f349a5840b28e7d61f2ff147845c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:aa:9a:7e:48:24:e0:f8:a7:32:70:a5:0f:58:
                    7c:8d:4d:36:1d:74:d3:06:41:34:ad:59:33:1d:21:
                    1b:02:3b:0a:85:f5:89:78:c6:56:1a:10:80:a6:08:
                    86:fd:50:ac:69:48:e0:59:ab:7d:e9:2d:d7:76:fd:
                    73:11:3c:e8:22:cc:62:84:1f:ca:69:5b:e1:a3:9d:
                    6e:b5:e3:cf:56:d5:ba:c2:50:b4:bf:28:01:9d:a7:
                    64:c2:fd:9a:33:48:94:00:97:c8:b0:43:7e:0f:83:
                    aa:14:84:66:90:db:8e:ca:f2:93:f5:6f:ec:39:ab:
                    ce:d3:1f:51:b8:37:a2:5f:c2:f6:da:51:70:e2:78:
                    ae:eb:8b:22:16:d7:b1:61:63:b3:08:ed:b6:0e:68:
                    63:ca:06:2d:c6:fb:23:e1:22:ab:cc:33:8e:c7:75:
                    bd:2c:19:b1:9e:ed:9b:69:0e:78:4b:ae:3c:6c:76:
                    88:ca:dd:2c:25:85:cf:54:bc:28:84:39:55:3d:0f:
                    48:4f:ac:fa:34:32:0d:23:c4:83:00:b5:9c:48:c3:
                    b8:4a:6d:8a:dc:1f:47:2c:cf:6e:40:f3:6c:af:1a:
                    b0:8b:05:b4:ef:8c:c8:03:02:b5:50:cb:9a:c8:33:
                    96:4a:5b:3f:06:23:5f:0a:90:b9:a2:d1:d0:f5:9b:
                    f2:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:89:DF:E4:79:F9:F3:49:A5:84:0B:28:E7:D6:1F:2F:F1:47:84:5C
            X509v3 Authority Key Identifier:
                keyid:D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/eInf5Hn580mlhAso59YfL_FHhFw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.246.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:50:d3:ec:e6:02:b0:4b:31:3f:f4:40:f9:f0:c9:a0:5f:38:
         73:92:eb:2a:87:0e:ec:b8:08:29:cc:7e:ed:47:7f:c8:79:7b:
         a7:d3:fe:14:9e:43:54:1c:0c:8f:02:30:ea:b6:45:fc:21:47:
         e7:eb:fb:fd:ab:b8:ff:90:f2:6f:84:48:e0:b5:96:0d:b5:fa:
         23:c3:82:c9:d7:44:ea:39:0c:ae:24:cc:02:b3:22:46:73:b6:
         97:06:ab:03:6d:e7:47:7a:ed:cb:b5:a2:6b:54:18:23:2a:b6:
         3e:4b:72:ee:bc:ac:90:b6:fc:cc:5d:4d:7b:a2:f7:29:d4:95:
         c4:c2:50:e1:bb:8e:7f:62:10:f9:bd:7f:ef:bc:70:3a:f2:29:
         a4:f3:a1:fa:e5:c4:2c:13:ed:c5:1f:d8:ce:12:f2:e0:de:bc:
         25:f7:32:7c:fa:95:6b:11:ec:da:f7:a8:b8:b6:6e:e9:11:9d:
         c1:68:a8:3f:3c:33:c0:46:92:cc:e6:a1:16:6a:e8:e3:9f:50:
         67:70:07:ee:28:49:b4:0f:38:f0:55:a3:2a:74:46:55:ea:40:
         13:a8:d1:81:9a:c0:b2:fd:29:f0:3f:25:31:8f:ee:fe:ff:36:
         aa:6c:06:b2:2b:20:bc:a0:7a:a7:a9:52:ad:75:37:c0:01:40:
         f6:b7:c3:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKy1yVN4ffqpkNFrXCOT7KXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjM3NjkyZmY1YzQ1NDg2ZDEwNTNiMTQ5ZGMxNDIwMDI2
Y2Q3MzMwHhcNMjQxMDIyMDYwODE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODg5ZGZlNDc5ZjlmMzQ5YTU4NDBiMjhlN2Q2MWYyZmYxNDc4NDVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6qafkgk4PinMnClD1h8jU02HXTT
BkE0rVkzHSEbAjsKhfWJeMZWGhCApgiG/VCsaUjgWat96S3Xdv1zETzoIsxihB/K
aVvho51utePPVtW6wlC0vygBnadkwv2aM0iUAJfIsEN+D4OqFIRmkNuOyvKT9W/s
OavO0x9RuDeiX8L22lFw4niu64siFtexYWOzCO22DmhjygYtxvsj4SKrzDOOx3W9
LBmxnu2baQ54S648bHaIyt0sJYXPVLwohDlVPQ9IT6z6NDINI8SDALWcSMO4Sm2K
3B9HLM9uQPNsrxqwiwW074zIAwK1UMuayDOWSls/BiNfCpC5otHQ9Zvy6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHiJ3+R5+fNJpYQLKOfWHy/xR4RcMB8GA1UdIwQY
MBaAFNVjdpL/XEVIbRBTsUncFCACbNczMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDkt
YWRlYWRlMjg2NWMxLzEvZUluZjVIbjU4MG1saEFzbzU5WWZMX0ZIaEZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDktYWRlYWRlMjg2NWMx
LzEvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPbmMA0G
CSqGSIb3DQEBCwUAA4IBAQAxUNPs5gKwSzE/9ED58MmgXzhzkusqhw7suAgpzH7t
R3/IeXun0/4UnkNUHAyPAjDqtkX8IUfn6/v9q7j/kPJvhEjgtZYNtfojw4LJ10Tq
OQyuJMwCsyJGc7aXBqsDbedHeu3LtaJrVBgjKrY+S3LuvKyQtvzMXU17ovcp1JXE
wlDhu45/YhD5vX/vvHA68imk86H65cQsE+3FH9jOEvLg3rwl9zJ8+pVrEeza96i4
tm7pEZ3BaKg/PDPARpLM5qEWaujjn1BncAfuKEm0DzjwVaMqdEZV6kATqNGBmsCy
/SnwPyUxj+7+/zaqbAayKyC8oHqnqVKtdTfAAUD2t8Mf
-----END CERTIFICATE-----