Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/0f18df-26ef-4ec6-8667-7218855646e3/1/bt6WUJ6IebHOItGZYvFZ9njiDXM.roa
File:                     bt6WUJ6IebHOItGZYvFZ9njiDXM.roa (raw, json)
Hash identifier:          1mNGQugkWM+yzTq3cp6TpAWFRUm5vKXA7K/1/3Z3ceo=
Subject key identifier:   6E:DE:96:50:9E:88:79:B1:CE:22:D1:99:62:F1:59:F6:78:E2:0D:73
Certificate issuer:       /CN=98e18fadaef7232d3161886acbea8ab323cf3570
Certificate serial:       0191E170C37614B1E09CF4702CB48E4B9B7D
Authority key identifier: 98:E1:8F:AD:AE:F7:23:2D:31:61:88:6A:CB:EA:8A:B3:23:CF:35:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mOGPra73Iy0xYYhqy-qKsyPPNXA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/0f18df-26ef-4ec6-8667-7218855646e3/1/bt6WUJ6IebHOItGZYvFZ9njiDXM.roa
Signing time:             Wed 11 Sep 2024 14:15:49 +0000
ROA not before:           Wed 11 Sep 2024 14:15:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.222.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/0f18df-26ef-4ec6-8667-7218855646e3/1/mOGPra73Iy0xYYhqy-qKsyPPNXA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/0f18df-26ef-4ec6-8667-7218855646e3/1/mOGPra73Iy0xYYhqy-qKsyPPNXA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mOGPra73Iy0xYYhqy-qKsyPPNXA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e1:70:c3:76:14:b1:e0:9c:f4:70:2c:b4:8e:4b:9b:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98e18fadaef7232d3161886acbea8ab323cf3570
        Validity
            Not Before: Sep 11 14:15:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ede96509e8879b1ce22d19962f159f678e20d73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:63:4c:fa:84:c9:d2:a7:24:00:dc:48:65:42:
                    0f:eb:96:54:93:7a:30:7c:13:34:8b:60:93:0b:73:
                    c0:4f:ae:eb:da:9f:c0:f8:99:72:b9:b1:37:6c:61:
                    b6:9c:37:ec:54:78:5e:28:6b:ef:5a:ac:07:3d:b0:
                    95:d1:24:e8:0c:22:4a:62:70:b8:5d:97:bb:ef:36:
                    8b:37:ec:6c:f6:7e:bc:15:8f:05:5c:5f:ac:2d:93:
                    69:9a:ce:75:52:48:48:da:4d:68:37:bd:74:1e:87:
                    33:4d:de:f9:9f:8b:e3:9a:20:d3:e2:8b:b3:31:ff:
                    7c:cc:f5:12:b8:c4:a4:4a:17:4d:34:43:37:d2:16:
                    f7:1a:55:63:d7:fe:67:1c:1e:22:82:14:fb:13:93:
                    41:88:3c:1d:99:11:05:4b:e2:98:76:1c:55:12:7d:
                    a1:62:d9:74:4e:a1:6d:ff:6b:f9:3d:fe:0c:a3:f5:
                    c2:eb:68:ed:e4:b3:2c:9d:62:25:69:63:63:14:2e:
                    f0:86:16:ff:20:ec:d2:5a:d8:e9:9e:50:c3:8d:30:
                    7e:fb:8b:eb:71:5a:0b:0e:51:7c:33:93:be:12:ea:
                    82:c0:83:88:84:41:40:d9:00:eb:3b:06:54:c6:12:
                    c2:f6:1d:f3:9d:ae:81:65:4b:4f:de:bb:0d:74:37:
                    e9:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:DE:96:50:9E:88:79:B1:CE:22:D1:99:62:F1:59:F6:78:E2:0D:73
            X509v3 Authority Key Identifier:
                keyid:98:E1:8F:AD:AE:F7:23:2D:31:61:88:6A:CB:EA:8A:B3:23:CF:35:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mOGPra73Iy0xYYhqy-qKsyPPNXA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/0f18df-26ef-4ec6-8667-7218855646e3/1/bt6WUJ6IebHOItGZYvFZ9njiDXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/0f18df-26ef-4ec6-8667-7218855646e3/1/mOGPra73Iy0xYYhqy-qKsyPPNXA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.222.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:39:6e:8f:e8:f5:69:48:d2:9c:db:15:a5:f2:9b:4b:b9:64:
         27:36:59:7c:6b:e9:e6:ba:3d:11:f3:03:e4:75:ef:f4:3b:84:
         21:94:06:e3:b4:36:76:cf:ab:94:7e:6b:35:cf:cc:8d:7d:30:
         f7:44:69:96:e4:65:19:cb:ae:f2:c9:4f:0b:5d:07:14:36:4d:
         64:c5:96:e8:63:0e:a5:6a:6f:bb:f9:22:9f:c9:18:d9:9d:27:
         98:41:52:5d:c6:30:33:20:cb:d6:bb:ff:bf:a1:52:1c:10:6b:
         ee:d6:f7:c4:4e:df:66:e8:8b:e3:d7:75:f0:7d:67:7b:56:4c:
         da:3c:66:01:7a:76:8d:8f:c1:7a:28:6f:68:55:a2:f3:6d:98:
         1f:a6:8d:b2:78:5f:62:37:08:4c:b4:e5:2c:c3:e9:c0:2d:a4:
         8d:5c:c2:d6:cd:ab:c8:a7:bf:11:b6:55:e7:e5:cf:58:b4:2d:
         7f:11:41:25:7a:f3:e8:09:3a:10:92:79:a8:1f:76:b7:4f:b6:
         b2:b5:99:23:a8:29:d4:10:f1:64:d3:17:43:95:c5:ad:44:d4:
         cb:cd:5f:e0:df:f3:93:27:f6:43:42:30:d0:ca:24:1a:99:a5:
         ab:50:db:51:ec:16:e3:fd:7a:9a:01:30:c3:6b:4d:7f:31:b2:
         d4:3f:7c:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHhcMN2FLHgnPRwLLSOS5t9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4ZTE4ZmFkYWVmNzIzMmQzMTYxODg2YWNiZWE4YWIzMjNj
ZjM1NzAwHhcNMjQwOTExMTQxNTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWRlOTY1MDllODg3OWIxY2UyMmQxOTk2MmYxNTlmNjc4ZTIwZDczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGNM+oTJ0qckANxIZUIP65ZUk3ow
fBM0i2CTC3PAT67r2p/A+JlyubE3bGG2nDfsVHheKGvvWqwHPbCV0SToDCJKYnC4
XZe77zaLN+xs9n68FY8FXF+sLZNpms51UkhI2k1oN710HoczTd75n4vjmiDT4ouz
Mf98zPUSuMSkShdNNEM30hb3GlVj1/5nHB4ighT7E5NBiDwdmREFS+KYdhxVEn2h
Ytl0TqFt/2v5Pf4Mo/XC62jt5LMsnWIlaWNjFC7whhb/IOzSWtjpnlDDjTB++4vr
cVoLDlF8M5O+EuqCwIOIhEFA2QDrOwZUxhLC9h3zna6BZUtP3rsNdDfpzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG7ellCeiHmxziLRmWLxWfZ44g1zMB8GA1UdIwQY
MBaAFJjhj62u9yMtMWGIasvqirMjzzVwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbU9HUHJhNzNJeTB4WVlocXktcUtzeVBQTlhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS8wZjE4ZGYtMjZlZi00ZWM2LTg2Njct
NzIxODg1NTY0NmUzLzEvYnQ2V1VKNkllYkhPSXRHWll2Rlo5bmppRFhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS8wZjE4ZGYtMjZlZi00ZWM2LTg2NjctNzIxODg1NTY0NmUz
LzEvbU9HUHJhNzNJeTB4WVlocXktcUtzeVBQTlhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud75MA0G
CSqGSIb3DQEBCwUAA4IBAQA8OW6P6PVpSNKc2xWl8ptLuWQnNll8a+nmuj0R8wPk
de/0O4QhlAbjtDZ2z6uUfms1z8yNfTD3RGmW5GUZy67yyU8LXQcUNk1kxZboYw6l
am+7+SKfyRjZnSeYQVJdxjAzIMvWu/+/oVIcEGvu1vfETt9m6Ivj13XwfWd7Vkza
PGYBenaNj8F6KG9oVaLzbZgfpo2yeF9iNwhMtOUsw+nALaSNXMLWzavIp78RtlXn
5c9YtC1/EUElevPoCToQknmoH3a3T7aytZkjqCnUEPFk0xdDlcWtRNTLzV/g3/OT
J/ZDQjDQyiQamaWrUNtR7Bbj/XqaATDDa01/MbLUP3wv
-----END CERTIFICATE-----