Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/aa3601-95e2-4ac6-b581-9bb6bb281ea7/1/1-W2YCS8Lz53s_L5TFWXQwFhpRFc.roa
File:                     1-W2YCS8Lz53s_L5TFWXQwFhpRFc.roa (raw, json)
Hash identifier:          jdNyeRh8hq9qHDlhWooBZuHUeDW22jAhxJF9tgDP7rw=
Subject key identifier:   F9:6D:98:09:2F:0B:CF:9D:EC:FC:BE:53:15:65:D0:C0:58:69:44:57
Certificate issuer:       /CN=218dd6c0618bbfeff1a84c94fd64189e1845b188
Certificate serial:       0190F3C5CC6CC971F84C68204E5A41732F8F
Authority key identifier: 21:8D:D6:C0:61:8B:BF:EF:F1:A8:4C:94:FD:64:18:9E:18:45:B1:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IY3WwGGLv-_xqEyU_WQYnhhFsYg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/aa3601-95e2-4ac6-b581-9bb6bb281ea7/1/1-W2YCS8Lz53s_L5TFWXQwFhpRFc.roa
Signing time:             Sat 27 Jul 2024 10:39:04 +0000
ROA not before:           Sat 27 Jul 2024 10:39:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214662
IP address blocks:        185.228.98.0/23 maxlen: 23
                          185.228.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/aa3601-95e2-4ac6-b581-9bb6bb281ea7/1/IY3WwGGLv-_xqEyU_WQYnhhFsYg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/aa3601-95e2-4ac6-b581-9bb6bb281ea7/1/IY3WwGGLv-_xqEyU_WQYnhhFsYg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IY3WwGGLv-_xqEyU_WQYnhhFsYg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 16:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:f3:c5:cc:6c:c9:71:f8:4c:68:20:4e:5a:41:73:2f:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218dd6c0618bbfeff1a84c94fd64189e1845b188
        Validity
            Not Before: Jul 27 10:39:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f96d98092f0bcf9decfcbe531565d0c058694457
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:05:6d:4b:4c:69:36:c2:8a:d6:bf:98:a3:44:
                    52:b0:d0:e0:54:5d:83:73:cd:db:67:8c:dc:09:72:
                    39:82:ba:c1:b8:ca:20:4c:84:a6:58:c8:c2:81:b8:
                    7c:a1:ca:b8:75:94:9f:2c:86:5e:5e:bc:ef:56:d9:
                    95:69:a8:e7:49:4c:d5:8b:ff:56:3f:ec:d0:a1:7d:
                    da:00:5f:87:f9:32:1c:ba:21:f0:32:b7:49:f7:81:
                    42:0a:57:c3:6a:0b:dd:9e:51:4a:10:b3:f0:f5:14:
                    bd:b7:48:34:15:38:c4:6c:24:99:eb:2d:b5:ec:e7:
                    95:e8:a3:58:ee:b0:4d:8e:54:12:9a:fd:b8:0d:2b:
                    72:15:c0:27:23:67:ae:04:7c:4e:e1:52:c5:ce:7c:
                    93:aa:77:78:c4:12:1a:48:3c:f3:53:d9:1f:48:e6:
                    96:f5:85:9e:68:68:b3:a5:f5:24:b7:81:7d:33:99:
                    0c:4e:96:63:14:2c:5f:ca:cc:38:80:27:4c:ad:de:
                    e3:2a:00:ae:26:bf:ff:4d:25:24:6c:6d:76:6a:56:
                    76:fb:b1:ca:80:2a:d5:88:0d:59:52:e4:84:8a:bb:
                    0c:7b:3d:e8:b5:18:00:14:54:2f:5f:e5:6c:08:d6:
                    b6:50:47:f2:6e:29:33:de:85:31:f1:98:61:a4:49:
                    51:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:6D:98:09:2F:0B:CF:9D:EC:FC:BE:53:15:65:D0:C0:58:69:44:57
            X509v3 Authority Key Identifier:
                keyid:21:8D:D6:C0:61:8B:BF:EF:F1:A8:4C:94:FD:64:18:9E:18:45:B1:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IY3WwGGLv-_xqEyU_WQYnhhFsYg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/aa3601-95e2-4ac6-b581-9bb6bb281ea7/1/1-W2YCS8Lz53s_L5TFWXQwFhpRFc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/aa3601-95e2-4ac6-b581-9bb6bb281ea7/1/IY3WwGGLv-_xqEyU_WQYnhhFsYg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.98.0/23

    Signature Algorithm: sha256WithRSAEncryption
         08:6f:45:09:a6:b7:bc:b4:e2:53:2f:b5:35:bd:64:f3:52:25:
         cf:c9:6f:c9:99:d6:b5:e8:cf:81:10:93:e7:00:c5:e8:b3:6f:
         22:33:e6:ba:0f:84:8c:32:1d:f1:82:88:a7:e2:ee:7b:fd:37:
         dc:ae:93:91:72:a1:7b:67:4a:60:9c:64:4c:b9:86:e1:68:b0:
         e5:78:c1:61:2b:8f:34:7e:2c:96:ae:1c:23:02:a4:20:8c:38:
         a6:99:f9:c8:58:2c:0e:ab:49:34:68:18:38:01:c3:78:dc:f9:
         c5:8c:10:fc:59:39:af:c5:14:e9:96:d1:21:ad:f8:a2:19:c1:
         84:2b:15:19:0d:36:d3:0e:77:df:65:fe:d6:e1:bc:d5:eb:4f:
         be:19:f0:f4:3c:98:b2:49:db:ea:ae:1e:b8:e2:62:a1:f5:c7:
         4a:01:fc:5c:03:d2:81:ab:36:8e:91:5b:e0:e7:5b:09:95:ad:
         6f:6d:ca:b8:93:6c:9b:b6:7e:64:03:45:85:b5:09:0e:bb:4d:
         67:59:c0:47:4a:b3:5a:68:4b:8b:9a:7c:b8:d8:3a:96:47:0d:
         d7:f0:4d:4b:57:d5:b6:6e:8c:20:1f:36:85:3c:ee:5a:e1:8e:
         5e:a8:69:06:88:2c:16:d4:bf:ab:f1:86:e9:29:39:2d:01:0c:
         a5:94:a3:aa
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZDzxcxsyXH4TGggTlpBcy+PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxOGRkNmMwNjE4YmJmZWZmMWE4NGM5NGZkNjQxODllMTg0
NWIxODgwHhcNMjQwNzI3MTAzOTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTZkOTgwOTJmMGJjZjlkZWNmY2JlNTMxNTY1ZDBjMDU4Njk0NDU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAVtS0xpNsKK1r+Yo0RSsNDgVF2D
c83bZ4zcCXI5grrBuMogTISmWMjCgbh8ocq4dZSfLIZeXrzvVtmVaajnSUzVi/9W
P+zQoX3aAF+H+TIcuiHwMrdJ94FCClfDagvdnlFKELPw9RS9t0g0FTjEbCSZ6y21
7OeV6KNY7rBNjlQSmv24DStyFcAnI2euBHxO4VLFznyTqnd4xBIaSDzzU9kfSOaW
9YWeaGizpfUkt4F9M5kMTpZjFCxfysw4gCdMrd7jKgCuJr//TSUkbG12alZ2+7HK
gCrViA1ZUuSEirsMez3otRgAFFQvX+VsCNa2UEfybikz3oUx8ZhhpElR/QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPltmAkvC8+d7Py+UxVl0MBYaURXMB8GA1UdIwQY
MBaAFCGN1sBhi7/v8ahMlP1kGJ4YRbGIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVkzV3dHR0x2LV94cUV5VV9XUVluaGhGc1lnLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9hYTM2MDEtOTVlMi00YWM2LWI1ODEt
OWJiNmJiMjgxZWE3LzEvMS1XMllDUzhMejUzc19MNVRGV1hRd0ZocFJGYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYmUvYWEzNjAxLTk1ZTItNGFjNi1iNTgxLTliYjZiYjI4MWVh
Ny8xL0lZM1d3R0dMdi1feHFFeVVfV1FZbmhoRnNZZy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAbnkYjAN
BgkqhkiG9w0BAQsFAAOCAQEACG9FCaa3vLTiUy+1Nb1k81Ilz8lvyZnWtejPgRCT
5wDF6LNvIjPmug+EjDId8YKIp+Lue/033K6TkXKhe2dKYJxkTLmG4Wiw5XjBYSuP
NH4slq4cIwKkIIw4ppn5yFgsDqtJNGgYOAHDeNz5xYwQ/Fk5r8UU6ZbRIa34ohnB
hCsVGQ020w5332X+1uG81etPvhnw9DyYsknb6q4euOJiofXHSgH8XAPSgas2jpFb
4OdbCZWtb23KuJNsm7Z+ZANFhbUJDrtNZ1nAR0qzWmhLi5p8uNg6lkcN1/BNS1fV
tm6MIB82hTzuWuGOXqhpBogsFtS/q/GG6Sk5LQEMpZSjqg==
-----END CERTIFICATE-----