Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/9e29dc-cec9-49e2-bce4-bd90a3f06e16/1/shVxNeuAvqU2EZg6AvUFKFXrrss.roa
File:                     shVxNeuAvqU2EZg6AvUFKFXrrss.roa (raw, json)
Hash identifier:          swqDkI/VzYd3AR5PZIZqpbPJTNwO2OZsMXyq7SU+z6Q=
Subject key identifier:   B2:15:71:35:EB:80:BE:A5:36:11:98:3A:02:F5:05:28:55:EB:AE:CB
Certificate issuer:       /CN=47e94ccb7b601da0ca09469f60f653640fed8c1c
Certificate serial:       019425FDC6FBFAD8284622E2841246A742D0
Authority key identifier: 47:E9:4C:CB:7B:60:1D:A0:CA:09:46:9F:60:F6:53:64:0F:ED:8C:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R-lMy3tgHaDKCUafYPZTZA_tjBw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/9e29dc-cec9-49e2-bce4-bd90a3f06e16/1/shVxNeuAvqU2EZg6AvUFKFXrrss.roa
Signing time:             Thu 02 Jan 2025 07:49:36 +0000
ROA not before:           Thu 02 Jan 2025 07:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201935
IP address blocks:        185.23.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/9e29dc-cec9-49e2-bce4-bd90a3f06e16/1/R-lMy3tgHaDKCUafYPZTZA_tjBw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/9e29dc-cec9-49e2-bce4-bd90a3f06e16/1/R-lMy3tgHaDKCUafYPZTZA_tjBw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R-lMy3tgHaDKCUafYPZTZA_tjBw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 05:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:c6:fb:fa:d8:28:46:22:e2:84:12:46:a7:42:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47e94ccb7b601da0ca09469f60f653640fed8c1c
        Validity
            Not Before: Jan  2 07:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b2157135eb80bea53611983a02f5052855ebaecb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:e4:1e:d9:dc:cd:6e:33:89:88:b1:be:ee:fe:
                    40:36:92:8c:37:99:94:ea:e0:1e:8f:fa:d5:5c:97:
                    41:a6:ab:29:08:9d:aa:94:62:0b:b0:a6:18:3d:7a:
                    b7:77:8c:6c:75:c4:2b:f1:69:bc:b5:c0:2d:ad:db:
                    52:e5:d0:01:a2:7c:b1:50:76:86:43:74:4e:8f:91:
                    f9:f5:5f:10:0b:8d:16:0f:c2:33:24:f4:67:43:fe:
                    d9:86:bd:14:be:f5:65:f4:40:ac:04:8d:5b:83:24:
                    5a:d7:54:91:63:7f:9f:63:36:57:76:5b:ea:db:9e:
                    4d:6b:62:b4:ae:54:d3:e6:22:f5:4b:5e:41:a4:c8:
                    63:55:bd:65:19:95:9d:b2:7a:ee:bd:dc:c5:54:cc:
                    38:aa:ae:7a:2f:de:34:ad:9f:af:b1:86:bc:78:24:
                    62:e3:0f:a6:8c:49:a5:42:ff:d6:c4:ff:e5:4e:cd:
                    e7:97:d9:d1:de:f1:60:e0:75:fe:76:cc:aa:eb:6e:
                    87:c3:79:0f:a0:c3:1e:84:f1:08:f6:72:5d:8e:93:
                    fe:d3:f3:ed:cc:89:8a:b5:cf:ff:83:a7:04:ff:d5:
                    de:3d:b8:26:48:76:64:be:71:23:43:cf:89:cd:b6:
                    47:61:66:67:f3:f1:1e:a5:33:35:9b:c9:de:d3:51:
                    14:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:15:71:35:EB:80:BE:A5:36:11:98:3A:02:F5:05:28:55:EB:AE:CB
            X509v3 Authority Key Identifier:
                keyid:47:E9:4C:CB:7B:60:1D:A0:CA:09:46:9F:60:F6:53:64:0F:ED:8C:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R-lMy3tgHaDKCUafYPZTZA_tjBw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/9e29dc-cec9-49e2-bce4-bd90a3f06e16/1/shVxNeuAvqU2EZg6AvUFKFXrrss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/9e29dc-cec9-49e2-bce4-bd90a3f06e16/1/R-lMy3tgHaDKCUafYPZTZA_tjBw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.23.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:46:d4:bb:84:e1:81:79:45:77:4b:5c:2b:6d:17:35:55:9d:
         b4:ba:fe:4b:16:bc:21:bd:10:ac:89:47:4f:fd:47:19:8d:75:
         12:b1:f8:33:27:42:83:37:c1:13:85:29:f4:7c:a7:d1:f1:95:
         7e:6b:ff:30:1d:7e:e1:22:a8:cf:6f:16:a6:de:ea:e6:55:63:
         b9:9b:a5:00:21:d1:f3:08:f8:8c:93:7e:da:f0:0a:0e:96:24:
         9f:58:a9:01:1e:74:31:f6:0b:a7:c4:fe:73:03:e0:c1:4f:33:
         ed:d2:9a:0c:03:1b:c2:1b:69:aa:fd:92:27:3f:70:21:0a:0d:
         90:8b:a9:48:67:6a:85:b3:a0:b1:79:1c:84:3d:3d:e1:e2:33:
         10:5b:a9:d6:fd:17:c4:59:18:98:2d:c3:39:2d:6e:01:fd:72:
         4d:e0:43:02:eb:83:d3:91:91:1f:9a:a0:bf:59:3d:a1:05:13:
         47:d2:5e:6c:1e:96:8c:84:bd:e5:ca:25:6b:48:b2:f3:0a:b5:
         ba:e5:fe:4d:cb:e5:8b:c1:53:d8:2a:b1:47:d8:35:1a:f8:54:
         f1:7d:69:6f:bf:27:d4:39:3a:cb:a3:46:b5:0f:25:da:d9:0e:
         ce:bc:10:e8:07:51:ef:33:3a:d9:80:32:a4:3d:7d:6b:81:05:
         68:fb:05:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/cb7+tgoRiLihBJGp0LQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3ZTk0Y2NiN2I2MDFkYTBjYTA5NDY5ZjYwZjY1MzY0MGZl
ZDhjMWMwHhcNMjUwMTAyMDc0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjE1NzEzNWViODBiZWE1MzYxMTk4M2EwMmY1MDUyODU1ZWJhZWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoeQe2dzNbjOJiLG+7v5ANpKMN5mU
6uAej/rVXJdBpqspCJ2qlGILsKYYPXq3d4xsdcQr8Wm8tcAtrdtS5dABonyxUHaG
Q3ROj5H59V8QC40WD8IzJPRnQ/7Zhr0UvvVl9ECsBI1bgyRa11SRY3+fYzZXdlvq
255Na2K0rlTT5iL1S15BpMhjVb1lGZWdsnruvdzFVMw4qq56L940rZ+vsYa8eCRi
4w+mjEmlQv/WxP/lTs3nl9nR3vFg4HX+dsyq626Hw3kPoMMehPEI9nJdjpP+0/Pt
zImKtc//g6cE/9XePbgmSHZkvnEjQ8+JzbZHYWZn8/EepTM1m8ne01EUdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLIVcTXrgL6lNhGYOgL1BShV667LMB8GA1UdIwQY
MBaAFEfpTMt7YB2gyglGn2D2U2QP7YwcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUi1sTXkzdGdIYURLQ1VhZllQWlRaQV90akJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC85ZTI5ZGMtY2VjOS00OWUyLWJjZTQt
YmQ5MGEzZjA2ZTE2LzEvc2hWeE5ldUF2cVUyRVpnNkF2VUZLRlhycnNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC85ZTI5ZGMtY2VjOS00OWUyLWJjZTQtYmQ5MGEzZjA2ZTE2
LzEvUi1sTXkzdGdIYURLQ1VhZllQWlRaQV90akJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRdiMA0G
CSqGSIb3DQEBCwUAA4IBAQAvRtS7hOGBeUV3S1wrbRc1VZ20uv5LFrwhvRCsiUdP
/UcZjXUSsfgzJ0KDN8EThSn0fKfR8ZV+a/8wHX7hIqjPbxam3urmVWO5m6UAIdHz
CPiMk37a8AoOliSfWKkBHnQx9gunxP5zA+DBTzPt0poMAxvCG2mq/ZInP3AhCg2Q
i6lIZ2qFs6CxeRyEPT3h4jMQW6nW/RfEWRiYLcM5LW4B/XJN4EMC64PTkZEfmqC/
WT2hBRNH0l5sHpaMhL3lyiVrSLLzCrW65f5Ny+WLwVPYKrFH2DUa+FTxfWlvvyfU
OTrLo0a1DyXa2Q7OvBDoB1HvMzrZgDKkPX1rgQVo+wVu
-----END CERTIFICATE-----