Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/04ea33-83aa-4e56-98cc-f95f66d6055c/1/98MJGhk1mKra8_d90kqTjE1uT-Q.roa
File:                     98MJGhk1mKra8_d90kqTjE1uT-Q.roa (raw, json)
Hash identifier:          zulacSb9h/7mgNjbJZIPjYiY1QxvZ14hIqMyZJhYXAs=
Subject key identifier:   F7:C3:09:1A:19:35:98:AA:DA:F3:F7:7D:D2:4A:93:8C:4D:6E:4F:E4
Certificate issuer:       /CN=3936daf03756baf83ba4f38dbe5d68cb9baceff9
Certificate serial:       0191B29F2FFFD23446B3C6FBF4F0AB9B270D
Authority key identifier: 39:36:DA:F0:37:56:BA:F8:3B:A4:F3:8D:BE:5D:68:CB:9B:AC:EF:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OTba8DdWuvg7pPONvl1oy5us7_k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/04ea33-83aa-4e56-98cc-f95f66d6055c/1/98MJGhk1mKra8_d90kqTjE1uT-Q.roa
Signing time:             Mon 02 Sep 2024 12:04:22 +0000
ROA not before:           Mon 02 Sep 2024 12:04:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     133153
IP address blocks:        195.190.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/04ea33-83aa-4e56-98cc-f95f66d6055c/1/OTba8DdWuvg7pPONvl1oy5us7_k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/04ea33-83aa-4e56-98cc-f95f66d6055c/1/OTba8DdWuvg7pPONvl1oy5us7_k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OTba8DdWuvg7pPONvl1oy5us7_k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:b2:9f:2f:ff:d2:34:46:b3:c6:fb:f4:f0:ab:9b:27:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3936daf03756baf83ba4f38dbe5d68cb9baceff9
        Validity
            Not Before: Sep  2 12:04:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7c3091a193598aadaf3f77dd24a938c4d6e4fe4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:8d:49:18:01:df:0c:da:b1:66:3f:c0:5e:e7:
                    ce:df:a5:14:e3:f1:d4:c5:f0:96:e5:36:c9:67:45:
                    dc:d6:ac:9a:8e:60:7e:45:4b:67:e0:9b:56:08:92:
                    6b:c8:19:96:a9:1a:5c:5b:a5:2e:a1:bc:88:e1:b4:
                    a9:6e:5b:a6:a8:68:da:e8:da:d0:5d:8e:0d:af:59:
                    ac:9e:c5:b4:45:14:ef:f7:01:10:10:bd:cd:be:49:
                    37:cc:c4:9e:c7:07:b7:b4:25:2b:95:9c:ce:f3:a8:
                    7f:8d:a2:2a:89:51:4c:5e:37:d8:74:49:d2:aa:c0:
                    98:3c:32:8f:be:97:21:2e:0e:fd:c8:ef:cc:8b:66:
                    47:5a:cb:ba:9a:69:17:54:7b:0a:2d:29:58:22:a0:
                    d3:59:87:b7:58:1f:d7:ec:dc:39:f8:18:5a:5a:ed:
                    bc:82:a7:13:b2:b8:27:4d:a1:5c:5c:c4:ed:02:c2:
                    cc:98:ec:71:0a:f5:bc:c1:24:8d:a0:ca:8b:5c:1e:
                    62:9f:43:32:41:67:9f:8c:9f:64:89:e2:25:2d:28:
                    f3:ba:5a:21:45:ad:73:41:58:8b:11:94:a5:65:2b:
                    4c:14:e9:a2:42:de:5f:78:18:a7:be:4a:92:5e:ff:
                    88:4d:7a:db:08:84:8b:8e:27:87:4c:aa:fc:16:37:
                    36:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:C3:09:1A:19:35:98:AA:DA:F3:F7:7D:D2:4A:93:8C:4D:6E:4F:E4
            X509v3 Authority Key Identifier:
                keyid:39:36:DA:F0:37:56:BA:F8:3B:A4:F3:8D:BE:5D:68:CB:9B:AC:EF:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OTba8DdWuvg7pPONvl1oy5us7_k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/04ea33-83aa-4e56-98cc-f95f66d6055c/1/98MJGhk1mKra8_d90kqTjE1uT-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/04ea33-83aa-4e56-98cc-f95f66d6055c/1/OTba8DdWuvg7pPONvl1oy5us7_k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.190.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:24:f2:95:f4:b3:8c:3a:4c:88:43:6d:ce:38:95:1e:90:ec:
         45:9b:88:69:3f:82:f4:c4:b6:36:f2:a4:bb:4c:7b:87:12:12:
         c1:7a:36:5e:38:c7:03:a3:fa:7a:1c:bb:3f:c2:17:56:b3:39:
         78:8b:06:b7:5f:e2:2b:bd:08:83:22:b8:b7:8e:75:23:22:3a:
         f7:d4:45:4f:e1:0e:86:fd:47:59:0e:1c:b2:1c:5f:be:e2:96:
         a7:17:8a:15:b8:ba:87:ba:45:d7:47:f1:38:ef:f1:3a:a2:c0:
         82:15:3c:62:35:1b:c8:74:f8:7a:77:31:03:eb:c2:7c:25:7b:
         33:da:d3:33:aa:4f:44:72:91:ee:19:fa:f6:f0:7a:f0:0f:86:
         fc:59:58:3b:85:a4:d1:ea:f9:3c:ba:cb:6b:58:bb:9b:f4:21:
         4f:b5:d8:20:df:8d:6a:c2:63:6e:0b:d8:85:6b:28:ef:bf:67:
         ff:02:56:d6:43:b6:d3:bb:cf:a6:be:6f:41:b7:7c:44:d9:f1:
         d2:86:e8:2c:38:d4:fe:41:61:ff:01:bc:c0:3f:9c:f8:e2:cf:
         4a:06:dd:e1:b4:b7:95:dc:4e:ae:0f:c5:c1:09:0f:5a:f9:6c:
         91:74:5a:fb:57:49:f9:a9:fb:04:dc:3e:b7:ba:84:f6:d0:f5:
         be:a3:32:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGyny//0jRGs8b79PCrmycNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MzZkYWYwMzc1NmJhZjgzYmE0ZjM4ZGJlNWQ2OGNiOWJh
Y2VmZjkwHhcNMjQwOTAyMTIwNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2MzMDkxYTE5MzU5OGFhZGFmM2Y3N2RkMjRhOTM4YzRkNmU0ZmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuo1JGAHfDNqxZj/AXufO36UU4/HU
xfCW5TbJZ0Xc1qyajmB+RUtn4JtWCJJryBmWqRpcW6UuobyI4bSpblumqGja6NrQ
XY4Nr1msnsW0RRTv9wEQEL3Nvkk3zMSexwe3tCUrlZzO86h/jaIqiVFMXjfYdEnS
qsCYPDKPvpchLg79yO/Mi2ZHWsu6mmkXVHsKLSlYIqDTWYe3WB/X7Nw5+BhaWu28
gqcTsrgnTaFcXMTtAsLMmOxxCvW8wSSNoMqLXB5in0MyQWefjJ9kieIlLSjzuloh
Ra1zQViLEZSlZStMFOmiQt5feBinvkqSXv+ITXrbCISLjieHTKr8Fjc2oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPfDCRoZNZiq2vP3fdJKk4xNbk/kMB8GA1UdIwQY
MBaAFDk22vA3Vrr4O6Tzjb5daMubrO/5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1RiYThEZFd1dmc3cFBPTnZsMW95NXVzN19rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy8wNGVhMzMtODNhYS00ZTU2LTk4Y2Mt
Zjk1ZjY2ZDYwNTVjLzEvOThNSkdoazFtS3JhOF9kOTBrcVRqRTF1VC1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy8wNGVhMzMtODNhYS00ZTU2LTk4Y2MtZjk1ZjY2ZDYwNTVj
LzEvT1RiYThEZFd1dmc3cFBPTnZsMW95NXVzN19rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw76LMA0G
CSqGSIb3DQEBCwUAA4IBAQBFJPKV9LOMOkyIQ23OOJUekOxFm4hpP4L0xLY28qS7
THuHEhLBejZeOMcDo/p6HLs/whdWszl4iwa3X+IrvQiDIri3jnUjIjr31EVP4Q6G
/UdZDhyyHF++4panF4oVuLqHukXXR/E47/E6osCCFTxiNRvIdPh6dzED68J8JXsz
2tMzqk9EcpHuGfr28HrwD4b8WVg7haTR6vk8ustrWLub9CFPtdgg341qwmNuC9iF
ayjvv2f/AlbWQ7bTu8+mvm9Bt3xE2fHShugsONT+QWH/AbzAP5z44s9KBt3htLeV
3E6uD8XBCQ9a+WyRdFr7V0n5qfsE3D63uoT20PW+ozKu
-----END CERTIFICATE-----