Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/6c4c26-e34a-4336-90c8-f90ae9966428/1/2ADFZj7UHAK0CaoKiWV0fpiStGo.roa
File:                     2ADFZj7UHAK0CaoKiWV0fpiStGo.roa (raw, json)
Hash identifier:          z8/o038BwQubvxOjr5krp/OU/fr04G39bhyT3Nesc+Q=
Subject key identifier:   D8:00:C5:66:3E:D4:1C:02:B4:09:AA:0A:89:65:74:7E:98:92:B4:6A
Certificate issuer:       /CN=947e3e5f9eb8089b5ca94f38e6517cfbc5b20063
Certificate serial:       018F80BD124C39A23F9D1F964750B690AAF3
Authority key identifier: 94:7E:3E:5F:9E:B8:08:9B:5C:A9:4F:38:E6:51:7C:FB:C5:B2:00:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lH4-X564CJtcqU845lF8-8WyAGM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/6c4c26-e34a-4336-90c8-f90ae9966428/1/2ADFZj7UHAK0CaoKiWV0fpiStGo.roa
Signing time:             Thu 16 May 2024 09:30:25 +0000
ROA not before:           Thu 16 May 2024 09:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209560
IP address blocks:        141.98.64.0/23 maxlen: 23
                          141.98.66.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/6c4c26-e34a-4336-90c8-f90ae9966428/1/lH4-X564CJtcqU845lF8-8WyAGM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/6c4c26-e34a-4336-90c8-f90ae9966428/1/lH4-X564CJtcqU845lF8-8WyAGM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lH4-X564CJtcqU845lF8-8WyAGM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 15:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:80:bd:12:4c:39:a2:3f:9d:1f:96:47:50:b6:90:aa:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=947e3e5f9eb8089b5ca94f38e6517cfbc5b20063
        Validity
            Not Before: May 16 09:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d800c5663ed41c02b409aa0a8965747e9892b46a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:22:c6:15:50:a8:55:f9:a6:fc:a4:6f:09:b7:
                    7c:43:f8:95:f4:e5:6d:ba:53:5b:e6:c1:0a:64:ac:
                    81:ae:b1:a4:45:d4:0e:bb:db:a7:94:8e:f5:7e:c7:
                    4d:45:e7:1a:a7:1a:cd:c0:f5:83:be:63:53:bf:2c:
                    c8:79:d6:e8:a1:45:30:1c:59:b8:07:2d:0a:07:75:
                    90:4f:8c:30:51:13:31:3c:df:4e:2a:fb:6a:91:ce:
                    e1:80:b5:8a:3d:dd:3f:d0:9e:97:13:c3:82:18:c7:
                    4a:fa:75:5d:6d:9d:9f:31:d6:28:4f:3a:c1:f3:0a:
                    4d:bf:b6:a5:17:26:ee:d8:c3:18:91:f7:eb:35:e7:
                    5e:8e:d4:92:50:89:fa:57:cc:02:01:23:4c:2c:cd:
                    c1:ec:e4:6c:70:a8:3a:33:db:0e:60:9e:4b:36:bc:
                    27:ad:fb:e9:6c:e6:a4:88:ed:35:8b:52:2b:ce:c8:
                    a0:b0:95:7d:6c:d5:c4:88:14:d6:f5:00:3a:d0:01:
                    74:61:10:cb:e1:17:69:21:23:b3:83:73:16:f9:b3:
                    a1:c7:12:68:8b:54:f6:1c:3e:51:5c:ac:2a:de:6c:
                    83:e7:a8:9b:b9:8c:81:38:8d:1c:59:96:8b:ed:63:
                    7d:6c:dc:39:f6:4e:cb:6f:34:e1:dc:e9:c7:09:dd:
                    d9:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:00:C5:66:3E:D4:1C:02:B4:09:AA:0A:89:65:74:7E:98:92:B4:6A
            X509v3 Authority Key Identifier:
                keyid:94:7E:3E:5F:9E:B8:08:9B:5C:A9:4F:38:E6:51:7C:FB:C5:B2:00:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lH4-X564CJtcqU845lF8-8WyAGM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/6c4c26-e34a-4336-90c8-f90ae9966428/1/2ADFZj7UHAK0CaoKiWV0fpiStGo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/6c4c26-e34a-4336-90c8-f90ae9966428/1/lH4-X564CJtcqU845lF8-8WyAGM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         40:37:d9:2f:5b:ae:31:6a:08:6d:4f:ef:77:0c:10:7e:d5:06:
         ec:a6:95:f8:6a:2f:de:2c:c1:59:a8:2b:44:57:b2:33:51:42:
         a9:4c:bf:50:71:3c:3c:10:a4:63:44:69:d0:03:0c:4f:ea:bd:
         95:b6:2d:08:a9:98:c2:eb:31:f8:f7:ba:fb:d1:0e:99:5d:62:
         87:9a:57:42:fc:46:7b:bc:eb:0f:60:a6:61:32:6c:fa:a5:82:
         ec:89:ab:95:c0:c5:f4:8d:01:4d:c8:0a:67:de:e5:33:1d:c3:
         f5:02:c4:e7:68:73:68:c5:40:d8:d3:30:b5:c6:c3:fd:75:fd:
         62:b5:74:ac:1a:c6:15:7f:24:d5:f0:82:9f:c6:07:a8:00:45:
         a6:63:37:a7:52:d1:c6:3e:6b:72:28:9a:f4:89:92:73:4e:77:
         47:c0:69:cc:e3:6b:8f:23:ea:4f:f4:1c:b8:cb:87:ff:ee:49:
         7a:0b:2a:c0:12:a5:4c:6e:f5:8b:fb:dc:ab:2c:a4:1c:95:ce:
         f6:b3:15:c6:1a:61:e4:e4:08:7d:af:83:30:25:6b:17:74:28:
         55:29:bf:dc:1f:e0:f5:07:02:46:0e:3d:5f:59:31:48:fb:93:
         5e:eb:7e:7d:f0:33:57:2f:d3:4f:64:ce:d7:a7:42:4e:0f:66:
         43:5e:90:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+AvRJMOaI/nR+WR1C2kKrzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0N2UzZTVmOWViODA4OWI1Y2E5NGYzOGU2NTE3Y2ZiYzVi
MjAwNjMwHhcNMjQwNTE2MDkzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODAwYzU2NjNlZDQxYzAyYjQwOWFhMGE4OTY1NzQ3ZTk4OTJiNDZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwCLGFVCoVfmm/KRvCbd8Q/iV9OVt
ulNb5sEKZKyBrrGkRdQOu9unlI71fsdNRecapxrNwPWDvmNTvyzIedbooUUwHFm4
By0KB3WQT4wwURMxPN9OKvtqkc7hgLWKPd0/0J6XE8OCGMdK+nVdbZ2fMdYoTzrB
8wpNv7alFybu2MMYkffrNedejtSSUIn6V8wCASNMLM3B7ORscKg6M9sOYJ5LNrwn
rfvpbOakiO01i1IrzsigsJV9bNXEiBTW9QA60AF0YRDL4RdpISOzg3MW+bOhxxJo
i1T2HD5RXKwq3myD56ibuYyBOI0cWZaL7WN9bNw59k7LbzTh3OnHCd3ZNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNgAxWY+1BwCtAmqColldH6YkrRqMB8GA1UdIwQY
MBaAFJR+Pl+euAibXKlPOOZRfPvFsgBjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEg0LVg1NjRDSnRjcVU4NDVsRjgtOFd5QUdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC82YzRjMjYtZTM0YS00MzM2LTkwYzgt
ZjkwYWU5OTY2NDI4LzEvMkFERlpqN1VIQUswQ2FvS2lXVjBmcGlTdEdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC82YzRjMjYtZTM0YS00MzM2LTkwYzgtZjkwYWU5OTY2NDI4
LzEvbEg0LVg1NjRDSnRjcVU4NDVsRjgtOFd5QUdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCjWJAMA0G
CSqGSIb3DQEBCwUAA4IBAQBAN9kvW64xaghtT+93DBB+1QbsppX4ai/eLMFZqCtE
V7IzUUKpTL9QcTw8EKRjRGnQAwxP6r2Vti0IqZjC6zH497r70Q6ZXWKHmldC/EZ7
vOsPYKZhMmz6pYLsiauVwMX0jQFNyApn3uUzHcP1AsTnaHNoxUDY0zC1xsP9df1i
tXSsGsYVfyTV8IKfxgeoAEWmYzenUtHGPmtyKJr0iZJzTndHwGnM42uPI+pP9By4
y4f/7kl6CyrAEqVMbvWL+9yrLKQclc72sxXGGmHk5Ah9r4MwJWsXdChVKb/cH+D1
BwJGDj1fWTFI+5Ne63598DNXL9NPZM7Xp0JOD2ZDXpC2
-----END CERTIFICATE-----