Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/98C9emKFHKSWoxnRXQ4ADLcbKPE.roa
File:                     98C9emKFHKSWoxnRXQ4ADLcbKPE.roa (raw, json)
Hash identifier:          CvGthRHI4SGJQkS5NvABpgXZA0TVYZ7H8kYAxXAYLqo=
Subject key identifier:   F7:C0:BD:7A:62:85:1C:A4:96:A3:19:D1:5D:0E:00:0C:B7:1B:28:F1
Certificate issuer:       /CN=3517c9de927fa75beaef7885f0d88f6f4d2a0ed6
Certificate serial:       019424458AA8D93063C2DE975EE13B74EDD1
Authority key identifier: 35:17:C9:DE:92:7F:A7:5B:EA:EF:78:85:F0:D8:8F:6F:4D:2A:0E:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRfJ3pJ_p1vq73iF8NiPb00qDtY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/98C9emKFHKSWoxnRXQ4ADLcbKPE.roa
Signing time:             Wed 01 Jan 2025 23:48:44 +0000
ROA not before:           Wed 01 Jan 2025 23:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61317
IP address blocks:        185.155.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/NRfJ3pJ_p1vq73iF8NiPb00qDtY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/NRfJ3pJ_p1vq73iF8NiPb00qDtY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRfJ3pJ_p1vq73iF8NiPb00qDtY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:8a:a8:d9:30:63:c2:de:97:5e:e1:3b:74:ed:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3517c9de927fa75beaef7885f0d88f6f4d2a0ed6
        Validity
            Not Before: Jan  1 23:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f7c0bd7a62851ca496a319d15d0e000cb71b28f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:84:40:57:3b:16:b6:7e:76:51:a2:0d:8f:bb:
                    9b:63:b5:3d:c9:04:c7:e3:dc:be:7d:c0:c0:24:10:
                    95:39:23:3e:fc:4e:e1:a5:11:2e:a6:36:7d:4e:56:
                    fb:46:5f:09:90:64:ed:56:94:9d:1f:0c:4e:69:2b:
                    50:25:e7:d1:3e:f8:09:3a:27:95:9c:32:d2:87:af:
                    83:3e:6f:3d:60:9f:7d:a9:63:e8:91:cb:49:f0:7c:
                    29:e4:5f:46:1a:6f:b1:87:03:18:5a:ff:d1:48:f9:
                    89:a9:9e:a0:45:a4:dd:c5:78:97:94:3a:9f:80:81:
                    db:be:68:2d:de:bc:cf:68:01:46:22:58:c0:01:27:
                    03:74:b9:28:e8:9f:2b:41:13:fc:a9:1a:ec:4d:0b:
                    a7:87:f7:44:03:27:55:bc:b9:27:ad:cd:6b:5a:bf:
                    1e:e0:aa:70:98:72:53:8b:c6:78:79:6c:af:52:7e:
                    99:a5:9d:5c:df:28:65:69:b8:6e:2e:4e:6f:47:65:
                    c6:09:5b:01:0c:2b:eb:1a:f6:26:ac:6a:03:73:f2:
                    9f:77:c6:86:80:74:b0:9e:c6:6c:6b:6f:21:57:82:
                    f2:cc:1b:f2:ca:61:3b:db:00:01:8e:fd:af:61:94:
                    ed:64:cc:eb:0c:0e:22:ea:68:06:c2:cf:20:94:69:
                    11:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:C0:BD:7A:62:85:1C:A4:96:A3:19:D1:5D:0E:00:0C:B7:1B:28:F1
            X509v3 Authority Key Identifier:
                keyid:35:17:C9:DE:92:7F:A7:5B:EA:EF:78:85:F0:D8:8F:6F:4D:2A:0E:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRfJ3pJ_p1vq73iF8NiPb00qDtY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/98C9emKFHKSWoxnRXQ4ADLcbKPE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/NRfJ3pJ_p1vq73iF8NiPb00qDtY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:06:2a:42:ce:69:86:d0:2a:cb:f9:dd:05:f9:fd:a6:08:09:
         d1:af:4d:61:d9:99:43:d7:d5:8e:4b:f3:ba:0e:ba:8b:4b:bf:
         7b:04:75:ae:2e:8f:db:72:20:2a:94:17:b6:dd:ad:d1:fb:21:
         07:94:28:61:53:1b:71:70:8d:2c:43:68:9d:e8:ad:bd:ab:5a:
         f8:42:c2:ec:5d:5b:83:42:cf:4c:0f:d8:93:c6:42:6a:89:cb:
         bb:48:e1:86:40:8c:64:94:f0:1a:f1:a6:96:c5:20:f5:cf:70:
         04:8e:b2:ac:e7:6c:0c:15:05:cd:6d:4f:fb:95:cc:75:cf:1a:
         e2:e4:75:7f:6f:57:c1:67:31:98:1d:fb:ec:d3:b8:43:78:a9:
         57:68:03:97:16:ab:2a:d9:02:f9:3f:ad:34:7f:a2:8e:8a:8a:
         43:9b:c5:ac:63:c1:72:3a:08:87:8c:40:44:1e:20:69:b3:73:
         03:ee:9a:fa:f3:4e:03:fe:bc:f6:2c:c0:55:a0:36:48:24:7f:
         32:93:d2:42:62:e6:44:95:ba:c4:7d:df:05:d2:ac:5b:9f:53:
         ed:a0:a5:42:5d:42:1d:bb:0f:a7:e3:f5:37:02:c3:82:59:c6:
         95:2b:87:06:4a:7c:7d:ab:46:aa:fa:5f:31:22:7b:58:59:42:
         99:78:6f:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRYqo2TBjwt6XXuE7dO3RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MTdjOWRlOTI3ZmE3NWJlYWVmNzg4NWYwZDg4ZjZmNGQy
YTBlZDYwHhcNMjUwMTAxMjM0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2MwYmQ3YTYyODUxY2E0OTZhMzE5ZDE1ZDBlMDAwY2I3MWIyOGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqIRAVzsWtn52UaINj7ubY7U9yQTH
49y+fcDAJBCVOSM+/E7hpREupjZ9Tlb7Rl8JkGTtVpSdHwxOaStQJefRPvgJOieV
nDLSh6+DPm89YJ99qWPokctJ8Hwp5F9GGm+xhwMYWv/RSPmJqZ6gRaTdxXiXlDqf
gIHbvmgt3rzPaAFGIljAAScDdLko6J8rQRP8qRrsTQunh/dEAydVvLknrc1rWr8e
4KpwmHJTi8Z4eWyvUn6ZpZ1c3yhlabhuLk5vR2XGCVsBDCvrGvYmrGoDc/Kfd8aG
gHSwnsZsa28hV4LyzBvyymE72wABjv2vYZTtZMzrDA4i6mgGws8glGkR1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPfAvXpihRyklqMZ0V0OAAy3GyjxMB8GA1UdIwQY
MBaAFDUXyd6Sf6db6u94hfDYj29NKg7WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJmSjNwSl9wMXZxNzNpRjhOaVBiMDBxRHRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy85NTRhZGUtODRiNy00NDZkLWE2ZTIt
ZmQzYjMwMDJjMGJiLzEvOThDOWVtS0ZIS1NXb3huUlhRNEFETGNiS1BFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy85NTRhZGUtODRiNy00NDZkLWE2ZTItZmQzYjMwMDJjMGJi
LzEvTlJmSjNwSl9wMXZxNzNpRjhOaVBiMDBxRHRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZvpMA0G
CSqGSIb3DQEBCwUAA4IBAQANBipCzmmG0CrL+d0F+f2mCAnRr01h2ZlD19WOS/O6
DrqLS797BHWuLo/bciAqlBe23a3R+yEHlChhUxtxcI0sQ2id6K29q1r4QsLsXVuD
Qs9MD9iTxkJqicu7SOGGQIxklPAa8aaWxSD1z3AEjrKs52wMFQXNbU/7lcx1zxri
5HV/b1fBZzGYHfvs07hDeKlXaAOXFqsq2QL5P600f6KOiopDm8WsY8FyOgiHjEBE
HiBps3MD7pr6804D/rz2LMBVoDZIJH8yk9JCYuZElbrEfd8F0qxbn1PtoKVCXUId
uw+n4/U3AsOCWcaVK4cGSnx9q0aq+l8xIntYWUKZeG9r
-----END CERTIFICATE-----