Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/pRliMEgs8MpUyEqSC_HCityKvIQ.roa
File:                     pRliMEgs8MpUyEqSC_HCityKvIQ.roa (raw, json)
Hash identifier:          Cs+LVWTNvzVr7deDXD+DU1wbYDRdJUjqpMxCoi4BR8k=
Subject key identifier:   A5:19:62:30:48:2C:F0:CA:54:C8:4A:92:0B:F1:C2:8A:DC:8A:BC:84
Certificate issuer:       /CN=d5637692ff5c45486d1053b149dc1420026cd733
Certificate serial:       018EEAE0D24A1FBD77B0B33D68A8BC7D376A
Authority key identifier: D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/pRliMEgs8MpUyEqSC_HCityKvIQ.roa
Signing time:             Wed 17 Apr 2024 07:06:26 +0000
ROA not before:           Wed 17 Apr 2024 07:06:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198510
IP address blocks:        80.246.224.0/24 maxlen: 24
                          80.246.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ea:e0:d2:4a:1f:bd:77:b0:b3:3d:68:a8:bc:7d:37:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5637692ff5c45486d1053b149dc1420026cd733
        Validity
            Not Before: Apr 17 07:06:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5196230482cf0ca54c84a920bf1c28adc8abc84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:df:ba:fb:94:8f:93:e3:f1:e7:4e:62:81:ff:
                    0f:0b:a7:39:7f:63:3b:75:7f:df:83:cb:d4:92:14:
                    00:3d:41:8d:75:d5:d9:78:e3:df:0b:36:5f:9f:f4:
                    5c:ba:e2:bb:2d:14:6c:10:a7:ab:0e:9f:9b:77:43:
                    23:42:38:7f:69:fc:73:a0:6f:c7:66:46:15:c5:67:
                    0d:fd:14:04:c0:22:48:9c:5a:fb:10:3c:61:e1:4b:
                    fd:d2:b8:ba:27:8c:2b:ca:5f:85:1f:6f:c2:f7:94:
                    fe:9c:cc:6f:a1:e9:38:78:13:c6:00:62:28:a6:38:
                    d0:53:37:a1:9c:6c:c1:51:f2:9e:b8:57:ae:c5:f4:
                    51:ef:34:c4:c3:ee:14:8b:73:b7:76:3b:5f:30:f6:
                    79:4c:59:77:a9:13:ac:af:4d:61:b2:3a:eb:79:cd:
                    02:18:a0:88:ed:64:34:1d:ab:a7:9d:82:0a:4c:a9:
                    a6:3f:26:53:a9:58:4a:4e:d4:82:1f:da:1e:9a:44:
                    fa:67:50:09:cc:99:ac:23:c7:b6:38:79:e0:b9:e8:
                    2c:3a:ea:39:31:7e:07:6c:e4:52:ed:b8:22:5c:39:
                    cf:8c:88:76:f3:8a:dc:2c:fa:d8:c5:8b:41:c7:e4:
                    a0:9e:60:26:23:30:1b:09:b6:f9:95:b7:3a:ea:70:
                    4b:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:19:62:30:48:2C:F0:CA:54:C8:4A:92:0B:F1:C2:8A:DC:8A:BC:84
            X509v3 Authority Key Identifier:
                keyid:D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/pRliMEgs8MpUyEqSC_HCityKvIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.246.224.0/24
                  80.246.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:94:d5:18:ed:c1:e1:07:a3:c1:2f:b3:e6:20:10:59:73:c3:
         5f:a3:39:19:72:34:27:94:fb:d4:12:d9:6d:45:62:47:5a:72:
         3c:9f:f2:38:ff:d5:2e:bc:59:0d:c0:a0:80:0c:af:be:8c:97:
         5e:47:d2:a4:fa:15:1d:d1:cd:b2:cd:f8:21:67:00:06:7e:f5:
         0a:0b:38:a1:c2:66:0b:bf:4e:a9:e6:30:a3:2a:7c:0d:0f:c2:
         e7:bf:5e:80:78:40:78:9e:68:3b:f7:ba:43:6b:5f:37:76:93:
         d3:64:4c:64:2a:da:29:75:7a:8a:d8:f8:43:9d:16:00:e6:66:
         31:f9:c4:f0:71:5d:08:a2:2a:75:0e:d5:f5:fb:52:d7:20:54:
         19:1f:22:eb:44:43:ab:a8:85:7f:0d:f3:3b:b6:8e:cf:7f:1a:
         e0:82:f3:06:89:3b:b6:a6:77:69:47:3b:cb:23:a5:6d:75:5f:
         88:95:15:a8:c1:0d:8b:e6:04:88:be:dd:ac:f1:6d:0b:ea:ff:
         ee:56:5a:24:e5:c5:77:52:2e:78:13:9a:8f:8d:ca:73:90:3d:
         33:e7:af:c8:cf:29:31:80:d8:ad:1e:66:4c:91:b5:2e:65:0b:
         c9:1b:88:fe:fe:b6:5b:d3:99:71:6c:3f:4b:66:66:69:69:2d:
         b8:b9:30:02
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY7q4NJKH713sLM9aKi8fTdqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjM3NjkyZmY1YzQ1NDg2ZDEwNTNiMTQ5ZGMxNDIwMDI2
Y2Q3MzMwHhcNMjQwNDE3MDcwNjI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTE5NjIzMDQ4MmNmMGNhNTRjODRhOTIwYmYxYzI4YWRjOGFiYzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6d+6+5SPk+Px505igf8PC6c5f2M7
dX/fg8vUkhQAPUGNddXZeOPfCzZfn/RcuuK7LRRsEKerDp+bd0MjQjh/afxzoG/H
ZkYVxWcN/RQEwCJInFr7EDxh4Uv90ri6J4wryl+FH2/C95T+nMxvoek4eBPGAGIo
pjjQUzehnGzBUfKeuFeuxfRR7zTEw+4Ui3O3djtfMPZ5TFl3qROsr01hsjrrec0C
GKCI7WQ0HaunnYIKTKmmPyZTqVhKTtSCH9oemkT6Z1AJzJmsI8e2OHnguegsOuo5
MX4HbORS7bgiXDnPjIh284rcLPrYxYtBx+SgnmAmIzAbCbb5lbc66nBLrwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKUZYjBILPDKVMhKkgvxworciryEMB8GA1UdIwQY
MBaAFNVjdpL/XEVIbRBTsUncFCACbNczMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDkt
YWRlYWRlMjg2NWMxLzEvcFJsaU1FZ3M4TXBVeUVxU0NfSENpdHlLdklRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDktYWRlYWRlMjg2NWMx
LzEvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUPbgAwQA
UPblMA0GCSqGSIb3DQEBCwUAA4IBAQCHlNUY7cHhB6PBL7PmIBBZc8NfozkZcjQn
lPvUEtltRWJHWnI8n/I4/9UuvFkNwKCADK++jJdeR9Kk+hUd0c2yzfghZwAGfvUK
CzihwmYLv06p5jCjKnwND8Lnv16AeEB4nmg797pDa183dpPTZExkKtopdXqK2PhD
nRYA5mYx+cTwcV0Ioip1DtX1+1LXIFQZHyLrREOrqIV/DfM7to7PfxrggvMGiTu2
pndpRzvLI6VtdV+IlRWowQ2L5gSIvt2s8W0L6v/uVlok5cV3Ui54E5qPjcpzkD0z
56/IzykxgNitHmZMkbUuZQvJG4j+/rZb05lxbD9LZmZpaS24uTAC
-----END CERTIFICATE-----