Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/70139d-1e75-40b5-916a-9c816a40490e/1/38nNkqNYK-t7stFNxJJAAEkR6YA.roa
File:                     38nNkqNYK-t7stFNxJJAAEkR6YA.roa (raw, json)
Hash identifier:          vYEIntnFdV4BSg2pcHvCI8qV4AMtOoSz8+Iv+C6hcm4=
Subject key identifier:   DF:C9:CD:92:A3:58:2B:EB:7B:B2:D1:4D:C4:92:40:00:49:11:E9:80
Certificate issuer:       /CN=98c9c3189bec1379311bd1353fa9749a68dd992d
Certificate serial:       018CC2DAB1092F445F5624F20B9900FE1CA6
Authority key identifier: 98:C9:C3:18:9B:EC:13:79:31:1B:D1:35:3F:A9:74:9A:68:DD:99:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mMnDGJvsE3kxG9E1P6l0mmjdmS0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/70139d-1e75-40b5-916a-9c816a40490e/1/38nNkqNYK-t7stFNxJJAAEkR6YA.roa
Signing time:             Mon 01 Jan 2024 02:29:21 +0000
ROA not before:           Mon 01 Jan 2024 02:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208164
IP address blocks:        194.153.133.0/24 maxlen: 24
                          2a0f:2880:400::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/70139d-1e75-40b5-916a-9c816a40490e/1/mMnDGJvsE3kxG9E1P6l0mmjdmS0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/70139d-1e75-40b5-916a-9c816a40490e/1/mMnDGJvsE3kxG9E1P6l0mmjdmS0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mMnDGJvsE3kxG9E1P6l0mmjdmS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:b1:09:2f:44:5f:56:24:f2:0b:99:00:fe:1c:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98c9c3189bec1379311bd1353fa9749a68dd992d
        Validity
            Not Before: Jan  1 02:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dfc9cd92a3582beb7bb2d14dc49240004911e980
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:8e:b4:99:9c:1d:85:9e:6f:90:2b:16:a3:11:
                    5f:fe:5f:c8:9b:97:0d:ef:f2:1d:8f:0d:22:f2:bb:
                    63:26:aa:cb:70:7b:66:fc:59:c7:f7:64:b3:1c:bf:
                    5d:c3:1f:b7:c6:6a:3c:a3:d2:39:a2:5f:15:02:2b:
                    97:fe:d6:ee:89:3b:d1:6c:eb:40:26:f2:97:bd:1b:
                    bb:50:73:d0:6f:45:db:d8:6d:0a:a5:2b:75:b9:18:
                    08:fb:d9:ee:53:07:ea:fe:fd:d9:ea:2a:03:6b:6a:
                    fa:ed:7a:4f:26:1f:0f:0e:ff:bd:9d:8d:5c:62:cd:
                    47:df:b6:d1:fd:89:22:ef:37:fc:4d:2f:27:a7:7b:
                    0d:eb:32:82:fa:c8:dc:5d:da:c9:1b:c0:26:75:4f:
                    1b:13:e7:1f:6c:18:10:d4:b6:be:19:0a:a7:01:01:
                    2c:35:5b:5e:26:81:4c:c2:17:a8:a0:96:67:62:3f:
                    8b:56:cb:0e:19:55:6c:2a:77:cf:3b:f5:57:ac:05:
                    6e:1b:91:05:3e:d7:d6:31:aa:7b:07:b5:d3:65:40:
                    60:a8:a4:8b:c7:3f:47:d5:23:f7:d6:dc:8d:e7:f4:
                    a7:c7:aa:2f:a3:65:5d:d6:d1:9e:58:a9:00:95:19:
                    73:bd:8c:11:e0:9d:7e:31:d0:16:0d:85:e9:d7:1b:
                    87:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:C9:CD:92:A3:58:2B:EB:7B:B2:D1:4D:C4:92:40:00:49:11:E9:80
            X509v3 Authority Key Identifier:
                keyid:98:C9:C3:18:9B:EC:13:79:31:1B:D1:35:3F:A9:74:9A:68:DD:99:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mMnDGJvsE3kxG9E1P6l0mmjdmS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/70139d-1e75-40b5-916a-9c816a40490e/1/38nNkqNYK-t7stFNxJJAAEkR6YA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/70139d-1e75-40b5-916a-9c816a40490e/1/mMnDGJvsE3kxG9E1P6l0mmjdmS0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.153.133.0/24
                IPv6:
                  2a0f:2880:400::/40

    Signature Algorithm: sha256WithRSAEncryption
         08:59:d3:13:ab:99:3b:53:e6:04:22:24:6f:ab:f8:ae:57:7c:
         d6:7d:d6:05:7f:9c:81:d1:a6:0b:c4:05:fc:61:4a:9d:87:1d:
         a7:d1:3a:f3:eb:83:ce:dd:8c:3a:04:21:ae:2f:ac:e4:52:a3:
         08:47:88:33:2f:6d:6d:64:86:0c:3d:6c:5c:ea:37:4a:a3:d8:
         e0:ed:8c:45:50:48:12:0b:8f:d8:8a:a3:47:7d:2d:6a:04:59:
         6a:4a:2c:ac:f2:15:5e:f7:19:a5:76:c3:2a:21:66:c9:0a:17:
         b5:2e:ae:49:0c:3b:d9:40:93:c5:12:eb:e5:83:cd:a5:dd:52:
         fd:dd:b2:e5:77:47:10:dd:85:df:3c:5d:71:ee:86:b0:e3:2c:
         5f:85:84:3e:76:33:12:cb:57:32:b8:78:06:68:c4:f7:c8:33:
         26:96:27:be:2f:a2:17:8f:90:70:6a:6f:e3:fe:cd:de:4a:14:
         3a:09:38:87:e2:b9:fe:32:e6:65:d3:4d:50:60:21:fe:f1:65:
         9b:ff:34:54:29:14:b9:db:96:01:ba:45:75:af:69:e0:08:78:
         fd:39:25:a9:08:7b:11:19:e3:06:84:63:59:88:a0:6f:ee:24:
         07:5a:d5:6c:52:1b:5b:07:10:0f:2c:ac:50:a2:72:4a:ef:a3:
         c2:c2:c3:be
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzC2rEJL0RfViTyC5kA/hymMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4YzljMzE4OWJlYzEzNzkzMTFiZDEzNTNmYTk3NDlhNjhk
ZDk5MmQwHhcNMjQwMTAxMDIyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmM5Y2Q5MmEzNTgyYmViN2JiMmQxNGRjNDkyNDAwMDQ5MTFlOTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqI60mZwdhZ5vkCsWoxFf/l/Im5cN
7/Idjw0i8rtjJqrLcHtm/FnH92SzHL9dwx+3xmo8o9I5ol8VAiuX/tbuiTvRbOtA
JvKXvRu7UHPQb0Xb2G0KpSt1uRgI+9nuUwfq/v3Z6ioDa2r67XpPJh8PDv+9nY1c
Ys1H37bR/Yki7zf8TS8np3sN6zKC+sjcXdrJG8AmdU8bE+cfbBgQ1La+GQqnAQEs
NVteJoFMwheooJZnYj+LVssOGVVsKnfPO/VXrAVuG5EFPtfWMap7B7XTZUBgqKSL
xz9H1SP31tyN5/Snx6ovo2Vd1tGeWKkAlRlzvYwR4J1+MdAWDYXp1xuHCQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFN/JzZKjWCvre7LRTcSSQABJEemAMB8GA1UdIwQY
MBaAFJjJwxib7BN5MRvRNT+pdJpo3ZktMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbU1uREdKdnNFM2t4RzlFMVA2bDBtbWpkbVMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy83MDEzOWQtMWU3NS00MGI1LTkxNmEt
OWM4MTZhNDA0OTBlLzEvMzhuTmtxTllLLXQ3c3RGTnhKSkFBRWtSNllBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy83MDEzOWQtMWU3NS00MGI1LTkxNmEtOWM4MTZhNDA0OTBl
LzEvbU1uREdKdnNFM2t4RzlFMVA2bDBtbWpkbVMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAwpmFMA4E
AgACMAgDBgAqDyiABDANBgkqhkiG9w0BAQsFAAOCAQEACFnTE6uZO1PmBCIkb6v4
rld81n3WBX+cgdGmC8QF/GFKnYcdp9E68+uDzt2MOgQhri+s5FKjCEeIMy9tbWSG
DD1sXOo3SqPY4O2MRVBIEguP2IqjR30tagRZakosrPIVXvcZpXbDKiFmyQoXtS6u
SQw72UCTxRLr5YPNpd1S/d2y5XdHEN2F3zxdce6GsOMsX4WEPnYzEstXMrh4BmjE
98gzJpYnvi+iF4+QcGpv4/7N3koUOgk4h+K5/jLmZdNNUGAh/vFlm/80VCkUuduW
AbpFda9p4Ah4/TklqQh7ERnjBoRjWYigb+4kB1rVbFIbWwcQDyysUKJySu+jwsLD
vg==
-----END CERTIFICATE-----