Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/92d564-5d09-428e-af80-8882199bccb4/1/eNs5MLIX--e4ZR7Ir7n32vWG0eQ.roa
File:                     eNs5MLIX--e4ZR7Ir7n32vWG0eQ.roa (raw, json)
Hash identifier:          4KjYMAbGwz1wyhsAu7pnF6f+/2LSdGll/rKecI5vh8w=
Subject key identifier:   78:DB:39:30:B2:17:FB:E7:B8:65:1E:C8:AF:B9:F7:DA:F5:86:D1:E4
Certificate issuer:       /CN=98e2f4aba0bc9b3e3ab1856497a40071971b704a
Certificate serial:       018CC492E3C82A01EBB47C14D9E86BF72715
Authority key identifier: 98:E2:F4:AB:A0:BC:9B:3E:3A:B1:85:64:97:A4:00:71:97:1B:70:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mOL0q6C8mz46sYVkl6QAcZcbcEo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/92d564-5d09-428e-af80-8882199bccb4/1/eNs5MLIX--e4ZR7Ir7n32vWG0eQ.roa
Signing time:             Mon 01 Jan 2024 10:30:10 +0000
ROA not before:           Mon 01 Jan 2024 10:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8875
IP address blocks:        185.219.152.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/92d564-5d09-428e-af80-8882199bccb4/1/mOL0q6C8mz46sYVkl6QAcZcbcEo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/92d564-5d09-428e-af80-8882199bccb4/1/mOL0q6C8mz46sYVkl6QAcZcbcEo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mOL0q6C8mz46sYVkl6QAcZcbcEo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:e3:c8:2a:01:eb:b4:7c:14:d9:e8:6b:f7:27:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98e2f4aba0bc9b3e3ab1856497a40071971b704a
        Validity
            Not Before: Jan  1 10:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=78db3930b217fbe7b8651ec8afb9f7daf586d1e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:6f:db:8c:f0:4a:10:5b:9b:8d:06:c0:33:ea:
                    af:00:a5:6a:62:f1:5f:9c:c7:a1:a2:07:63:1f:3d:
                    0a:7a:60:20:4f:98:d5:b5:c0:d4:c1:f6:21:32:15:
                    e9:74:c2:4a:33:d4:e7:cf:69:1c:52:42:21:c4:75:
                    e7:d3:bf:89:45:9e:07:56:0f:8d:e7:e8:b0:e8:66:
                    a7:bd:25:c2:7b:cb:dd:98:26:1d:ec:86:1c:99:58:
                    dd:67:fc:a0:a3:1f:1d:7c:7a:53:35:00:45:b0:56:
                    ca:b5:dc:ea:12:aa:b9:30:52:b1:76:18:bc:39:a1:
                    5d:52:cf:3b:d5:05:14:ef:8e:0c:0a:1c:58:8e:b7:
                    3f:06:78:d2:0d:0b:01:a8:aa:c4:bc:93:4d:5b:ad:
                    2f:88:fd:d7:a8:0f:cc:1b:3b:7e:50:80:aa:80:5e:
                    0a:6c:df:3a:62:da:32:18:cc:6f:9e:3f:05:95:d4:
                    83:dd:f1:5f:f4:7f:c7:5a:77:c1:97:d6:2d:12:04:
                    69:74:01:6e:5d:ca:42:25:99:0e:ec:76:ab:e7:54:
                    25:f4:59:22:7c:7f:0d:5f:72:ba:6e:15:31:63:63:
                    65:93:b6:92:20:a9:ba:33:d0:17:c3:85:8a:ec:50:
                    be:ad:39:6b:bd:49:27:31:8d:5a:fa:d1:cf:2b:4c:
                    a4:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:DB:39:30:B2:17:FB:E7:B8:65:1E:C8:AF:B9:F7:DA:F5:86:D1:E4
            X509v3 Authority Key Identifier:
                keyid:98:E2:F4:AB:A0:BC:9B:3E:3A:B1:85:64:97:A4:00:71:97:1B:70:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mOL0q6C8mz46sYVkl6QAcZcbcEo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/92d564-5d09-428e-af80-8882199bccb4/1/eNs5MLIX--e4ZR7Ir7n32vWG0eQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/92d564-5d09-428e-af80-8882199bccb4/1/mOL0q6C8mz46sYVkl6QAcZcbcEo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.219.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:a8:b9:39:7e:f5:49:53:3b:de:7c:d1:9f:e9:e1:b0:58:06:
         7a:e6:b3:8a:c9:bc:5c:8e:8a:2f:5d:80:46:98:4f:02:d1:58:
         b9:8f:c0:35:57:d1:3b:9b:8d:46:e2:83:73:da:87:c0:6b:f6:
         8a:40:ee:b7:ae:d7:9e:b7:1c:c4:7b:1b:0b:f1:0f:1b:6b:bd:
         f5:73:e6:fc:c7:62:2a:4f:67:76:6a:16:1d:30:02:78:92:6e:
         72:30:46:c4:db:2a:36:4c:65:7f:69:0d:04:df:aa:e9:40:34:
         46:d9:ec:84:cb:4b:05:d0:36:94:94:b4:63:e3:a2:10:b1:e7:
         51:38:3d:dd:33:e8:aa:44:df:e7:f1:68:90:38:bb:72:fa:6b:
         a1:6c:dc:54:08:e5:88:6c:8c:73:12:b8:bf:cd:81:3f:ba:bd:
         2b:d8:26:f4:b4:1b:5d:57:be:2c:4c:59:9f:c6:d8:57:08:df:
         f5:9e:1d:95:38:12:73:5d:b0:b7:ec:8a:04:6b:fa:2b:74:8f:
         ab:4c:1d:c7:75:00:b7:68:e1:38:ea:bd:a1:f3:b9:23:0b:a6:
         bd:ed:f8:fe:d5:10:55:e3:2d:d2:b7:fe:31:af:02:37:46:c0:
         70:04:57:68:de:5f:c5:c8:21:d1:4b:aa:11:5f:6c:85:22:a6:
         8c:1c:4c:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkuPIKgHrtHwU2ehr9ycVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4ZTJmNGFiYTBiYzliM2UzYWIxODU2NDk3YTQwMDcxOTcx
YjcwNGEwHhcNMjQwMTAxMTAzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGRiMzkzMGIyMTdmYmU3Yjg2NTFlYzhhZmI5ZjdkYWY1ODZkMWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlG/bjPBKEFubjQbAM+qvAKVqYvFf
nMehogdjHz0KemAgT5jVtcDUwfYhMhXpdMJKM9Tnz2kcUkIhxHXn07+JRZ4HVg+N
5+iw6GanvSXCe8vdmCYd7IYcmVjdZ/ygox8dfHpTNQBFsFbKtdzqEqq5MFKxdhi8
OaFdUs871QUU744MChxYjrc/BnjSDQsBqKrEvJNNW60viP3XqA/MGzt+UICqgF4K
bN86YtoyGMxvnj8FldSD3fFf9H/HWnfBl9YtEgRpdAFuXcpCJZkO7Har51Ql9Fki
fH8NX3K6bhUxY2Nlk7aSIKm6M9AXw4WK7FC+rTlrvUknMY1a+tHPK0ykWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHjbOTCyF/vnuGUeyK+599r1htHkMB8GA1UdIwQY
MBaAFJji9KugvJs+OrGFZJekAHGXG3BKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbU9MMHE2QzhtejQ2c1lWa2w2UUFjWmNiY0VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS85MmQ1NjQtNWQwOS00MjhlLWFmODAt
ODg4MjE5OWJjY2I0LzEvZU5zNU1MSVgtLWU0WlI3SXI3bjMydldHMGVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS85MmQ1NjQtNWQwOS00MjhlLWFmODAtODg4MjE5OWJjY2I0
LzEvbU9MMHE2QzhtejQ2c1lWa2w2UUFjWmNiY0VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuduYMA0G
CSqGSIb3DQEBCwUAA4IBAQB0qLk5fvVJUzvefNGf6eGwWAZ65rOKybxcjoovXYBG
mE8C0Vi5j8A1V9E7m41G4oNz2ofAa/aKQO63rteetxzEexsL8Q8ba731c+b8x2Iq
T2d2ahYdMAJ4km5yMEbE2yo2TGV/aQ0E36rpQDRG2eyEy0sF0DaUlLRj46IQsedR
OD3dM+iqRN/n8WiQOLty+muhbNxUCOWIbIxzEri/zYE/ur0r2Cb0tBtdV74sTFmf
xthXCN/1nh2VOBJzXbC37IoEa/ordI+rTB3HdQC3aOE46r2h87kjC6a97fj+1RBV
4y3St/4xrwI3RsBwBFdo3l/FyCHRS6oRX2yFIqaMHEwQ
-----END CERTIFICATE-----