Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/7cf43d-8c85-4817-bd75-230fda66abcb/1/1eAGu-ABlEPU4KJiTuXsMZAbFvU.roa
File:                     1eAGu-ABlEPU4KJiTuXsMZAbFvU.roa (raw, json)
Hash identifier:          i21aTnx+e9HS61Jw+liOBppQXdu89MRUq8Vn/TP1eAA=
Subject key identifier:   D5:E0:06:BB:E0:01:94:43:D4:E0:A2:62:4E:E5:EC:31:90:1B:16:F5
Certificate issuer:       /CN=d78a4914d96009b6822d168a0ed53e936d3a41f8
Certificate serial:       018CC9BC88240D5B360CC10080E5BAC1562A
Authority key identifier: D7:8A:49:14:D9:60:09:B6:82:2D:16:8A:0E:D5:3E:93:6D:3A:41:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/14pJFNlgCbaCLRaKDtU-k206Qfg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/7cf43d-8c85-4817-bd75-230fda66abcb/1/1eAGu-ABlEPU4KJiTuXsMZAbFvU.roa
Signing time:             Tue 02 Jan 2024 10:33:45 +0000
ROA not before:           Tue 02 Jan 2024 10:33:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206575
IP address blocks:        185.98.12.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/7cf43d-8c85-4817-bd75-230fda66abcb/1/14pJFNlgCbaCLRaKDtU-k206Qfg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/7cf43d-8c85-4817-bd75-230fda66abcb/1/14pJFNlgCbaCLRaKDtU-k206Qfg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/14pJFNlgCbaCLRaKDtU-k206Qfg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:88:24:0d:5b:36:0c:c1:00:80:e5:ba:c1:56:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d78a4914d96009b6822d168a0ed53e936d3a41f8
        Validity
            Not Before: Jan  2 10:33:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5e006bbe0019443d4e0a2624ee5ec31901b16f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:3d:6f:1a:8d:41:e9:3f:19:37:f5:88:01:94:
                    f5:7f:30:33:73:80:b3:73:a0:c0:d1:ed:cf:fa:b9:
                    a6:da:4d:47:45:34:cb:be:81:bb:60:23:8a:0a:5a:
                    81:1a:37:7e:11:b5:22:53:98:a4:75:c5:3c:36:82:
                    8d:08:5a:b0:01:8b:2e:5b:dd:a8:07:80:3f:c8:29:
                    99:cb:90:38:e2:d9:d8:86:11:51:fb:cf:0b:79:f9:
                    ec:da:10:9a:65:66:67:f5:72:6b:6b:90:15:e2:1d:
                    52:10:da:a3:9a:7a:2c:71:c5:fa:22:95:e5:50:29:
                    eb:95:1f:d5:7e:04:88:a0:c7:b2:14:74:4f:27:b4:
                    53:69:9d:41:eb:38:c3:1c:2e:88:b2:e6:27:59:fd:
                    db:da:9f:64:c8:82:df:d5:48:f6:8a:b0:39:74:cc:
                    ce:72:cd:7d:af:94:1e:70:a6:04:f8:79:39:7a:df:
                    59:db:17:00:e9:18:9a:06:6a:a5:ee:bf:81:16:4e:
                    8a:da:5c:d5:34:5f:c1:69:e9:37:97:19:24:17:2f:
                    d1:6d:17:63:44:16:01:0b:dd:3c:c6:12:d7:80:09:
                    6c:0c:68:f7:f4:94:4e:8f:9d:c2:32:a7:a3:af:bf:
                    c3:d8:2a:ac:fb:5c:97:1d:80:39:1b:a6:3f:9b:99:
                    b5:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:E0:06:BB:E0:01:94:43:D4:E0:A2:62:4E:E5:EC:31:90:1B:16:F5
            X509v3 Authority Key Identifier:
                keyid:D7:8A:49:14:D9:60:09:B6:82:2D:16:8A:0E:D5:3E:93:6D:3A:41:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/14pJFNlgCbaCLRaKDtU-k206Qfg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/7cf43d-8c85-4817-bd75-230fda66abcb/1/1eAGu-ABlEPU4KJiTuXsMZAbFvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/7cf43d-8c85-4817-bd75-230fda66abcb/1/14pJFNlgCbaCLRaKDtU-k206Qfg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.98.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b4:0d:e9:ec:99:71:a1:e8:9f:db:61:78:0f:e5:4f:ef:7f:fe:
         4c:e9:b9:8d:64:5c:0e:18:3c:a3:fa:8a:72:5e:4a:64:17:2a:
         6b:d7:91:5c:90:2f:a9:ee:02:9f:17:d9:0a:8c:c9:dd:40:d1:
         d8:6c:0a:e4:bd:7f:1d:ab:18:2f:d6:62:f7:84:e9:64:af:77:
         71:71:0f:77:77:6a:d3:79:25:5e:ee:3c:6c:cd:67:e3:83:f4:
         12:24:1b:ae:df:6e:f7:41:98:4b:cf:8d:15:49:fb:ff:57:51:
         5b:95:cf:e1:36:c8:34:4b:49:b5:04:70:92:cc:21:77:d7:e9:
         12:11:00:a0:f8:ea:46:69:12:ef:9e:03:92:94:4c:89:ad:d5:
         45:c1:b6:d0:e8:49:95:ac:e8:1e:0a:27:de:78:5e:59:78:b6:
         d1:71:8e:5c:4e:98:6d:30:dd:7f:49:4e:7c:9c:11:3b:3b:96:
         81:b8:92:98:d2:49:f6:27:18:48:4e:1f:a4:50:12:d3:f3:0d:
         e5:8f:da:cb:ae:0e:b2:24:eb:5f:04:0f:a8:a8:45:b8:3b:aa:
         85:ae:8a:db:9e:a3:f2:61:9e:00:f3:60:1d:aa:6b:e6:74:b0:
         0f:35:2e:49:8e:1d:b5:b8:fe:ff:cd:48:d5:81:e7:4d:b1:73:
         10:7f:24:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvIgkDVs2DMEAgOW6wVYqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3OGE0OTE0ZDk2MDA5YjY4MjJkMTY4YTBlZDUzZTkzNmQz
YTQxZjgwHhcNMjQwMTAyMTAzMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWUwMDZiYmUwMDE5NDQzZDRlMGEyNjI0ZWU1ZWMzMTkwMWIxNmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkT1vGo1B6T8ZN/WIAZT1fzAzc4Cz
c6DA0e3P+rmm2k1HRTTLvoG7YCOKClqBGjd+EbUiU5ikdcU8NoKNCFqwAYsuW92o
B4A/yCmZy5A44tnYhhFR+88Lefns2hCaZWZn9XJra5AV4h1SENqjmnosccX6IpXl
UCnrlR/VfgSIoMeyFHRPJ7RTaZ1B6zjDHC6IsuYnWf3b2p9kyILf1Uj2irA5dMzO
cs19r5QecKYE+Hk5et9Z2xcA6RiaBmql7r+BFk6K2lzVNF/Baek3lxkkFy/RbRdj
RBYBC908xhLXgAlsDGj39JROj53CMqejr7/D2Cqs+1yXHYA5G6Y/m5m1YQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNXgBrvgAZRD1OCiYk7l7DGQGxb1MB8GA1UdIwQY
MBaAFNeKSRTZYAm2gi0Wig7VPpNtOkH4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTRwSkZObGdDYmFDTFJhS0R0VS1rMjA2UWZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi83Y2Y0M2QtOGM4NS00ODE3LWJkNzUt
MjMwZmRhNjZhYmNiLzEvMWVBR3UtQUJsRVBVNEtKaVR1WHNNWkFiRnZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi83Y2Y0M2QtOGM4NS00ODE3LWJkNzUtMjMwZmRhNjZhYmNi
LzEvMTRwSkZObGdDYmFDTFJhS0R0VS1rMjA2UWZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuWIMMA0G
CSqGSIb3DQEBCwUAA4IBAQC0DensmXGh6J/bYXgP5U/vf/5M6bmNZFwOGDyj+opy
XkpkFypr15FckC+p7gKfF9kKjMndQNHYbArkvX8dqxgv1mL3hOlkr3dxcQ93d2rT
eSVe7jxszWfjg/QSJBuu3273QZhLz40VSfv/V1Fblc/hNsg0S0m1BHCSzCF31+kS
EQCg+OpGaRLvngOSlEyJrdVFwbbQ6EmVrOgeCifeeF5ZeLbRcY5cTphtMN1/SU58
nBE7O5aBuJKY0kn2JxhITh+kUBLT8w3lj9rLrg6yJOtfBA+oqEW4O6qFrorbnqPy
YZ4A82AdqmvmdLAPNS5Jjh21uP7/zUjVgedNsXMQfyQ/
-----END CERTIFICATE-----