Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/92d564-5d09-428e-af80-8882199bccb4/1/nUo4_9kYWJXZG9i7dn0533cnYMI.roa
File:                     nUo4_9kYWJXZG9i7dn0533cnYMI.roa (raw, json)
Hash identifier:          YhIqrgxLZ/MikQFqHO15X5nUk2cxLJZpktuAn7mLDZ8=
Subject key identifier:   9D:4A:38:FF:D9:18:58:95:D9:1B:D8:BB:76:7D:39:DF:77:27:60:C2
Certificate issuer:       /CN=98e2f4aba0bc9b3e3ab1856497a40071971b704a
Certificate serial:       018CC492E449EDD4BF83B56D85C6A47C46D4
Authority key identifier: 98:E2:F4:AB:A0:BC:9B:3E:3A:B1:85:64:97:A4:00:71:97:1B:70:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mOL0q6C8mz46sYVkl6QAcZcbcEo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/92d564-5d09-428e-af80-8882199bccb4/1/nUo4_9kYWJXZG9i7dn0533cnYMI.roa
Signing time:             Mon 01 Jan 2024 10:30:10 +0000
ROA not before:           Mon 01 Jan 2024 10:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44716
IP address blocks:        185.219.152.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/92d564-5d09-428e-af80-8882199bccb4/1/mOL0q6C8mz46sYVkl6QAcZcbcEo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/92d564-5d09-428e-af80-8882199bccb4/1/mOL0q6C8mz46sYVkl6QAcZcbcEo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mOL0q6C8mz46sYVkl6QAcZcbcEo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:e4:49:ed:d4:bf:83:b5:6d:85:c6:a4:7c:46:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98e2f4aba0bc9b3e3ab1856497a40071971b704a
        Validity
            Not Before: Jan  1 10:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d4a38ffd9185895d91bd8bb767d39df772760c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:5c:b5:34:16:75:d8:8d:e7:b4:6d:1c:70:a1:
                    8a:af:69:16:a6:26:b4:86:ef:ed:f9:14:06:a7:69:
                    26:40:5b:38:70:46:8f:1a:cb:e5:27:c9:56:b1:8f:
                    c6:86:36:95:72:4d:1b:10:c2:bf:01:8d:ea:36:f1:
                    13:60:39:4b:29:26:8f:82:de:02:55:8d:88:01:2b:
                    9b:11:c2:f5:de:70:f4:ec:68:db:0b:8b:3f:5f:29:
                    f8:df:3d:ae:eb:6a:40:f4:a8:e0:0e:83:10:3e:d9:
                    40:a6:e1:8c:e9:66:0e:cd:71:f2:6e:c4:33:86:17:
                    05:28:a4:0e:72:46:d2:1e:34:c0:9f:d0:33:2c:c2:
                    d2:42:80:bc:11:d7:24:97:cb:e3:99:ec:29:8c:ff:
                    44:f7:02:9f:32:4c:f8:03:03:6b:af:ee:5b:17:2a:
                    96:e0:ec:bf:31:7b:e1:b7:ef:b4:49:62:10:65:a9:
                    51:8e:9a:d1:46:c7:0a:92:ad:30:9c:86:d3:22:6e:
                    c9:0d:b9:84:5c:c3:9f:db:dd:4c:36:14:5e:34:85:
                    f7:74:49:33:7c:ec:f4:18:ba:2d:ce:e5:f7:78:62:
                    9f:8f:29:7c:ff:4b:d1:27:75:ac:dc:a5:e8:25:c8:
                    9c:34:39:09:78:2b:a5:79:06:f7:8f:c5:95:54:8e:
                    c3:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:4A:38:FF:D9:18:58:95:D9:1B:D8:BB:76:7D:39:DF:77:27:60:C2
            X509v3 Authority Key Identifier:
                keyid:98:E2:F4:AB:A0:BC:9B:3E:3A:B1:85:64:97:A4:00:71:97:1B:70:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mOL0q6C8mz46sYVkl6QAcZcbcEo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/92d564-5d09-428e-af80-8882199bccb4/1/nUo4_9kYWJXZG9i7dn0533cnYMI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/92d564-5d09-428e-af80-8882199bccb4/1/mOL0q6C8mz46sYVkl6QAcZcbcEo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.219.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2c:7b:a4:ba:af:eb:84:bc:80:51:bc:4c:7d:43:41:bd:d9:ad:
         f2:b0:00:70:41:96:c0:14:3a:3d:98:e7:dd:6c:d5:da:90:d9:
         99:e8:99:1c:ab:06:10:c6:88:8a:2e:66:b4:ce:20:a0:59:25:
         26:bd:1a:05:0a:be:05:40:a9:31:54:c6:43:59:83:47:0a:0a:
         91:8f:85:8c:9e:0f:ad:46:4a:27:bb:b1:3f:9c:b6:ec:80:3e:
         0a:98:44:8e:03:36:49:89:02:7c:84:a2:6e:7c:d3:85:f7:ba:
         90:49:3d:ad:50:88:66:27:5b:07:73:ac:42:10:7e:70:d0:b3:
         59:93:b1:f2:5c:9f:39:ff:d5:e3:c4:08:39:8a:2f:4d:1f:0a:
         c8:c4:7a:23:d9:8d:bf:ac:df:fb:bd:31:8f:49:44:1e:53:3c:
         c3:35:26:0c:54:64:e9:49:62:d0:7c:93:40:da:7e:65:d2:ac:
         57:a9:e9:e8:16:ac:99:fc:c5:ea:d7:54:a2:7c:b4:1b:83:38:
         1a:8c:6e:cd:f8:85:46:17:fb:10:d4:7a:8b:bd:bb:38:ef:36:
         ca:fc:39:91:c0:62:28:b4:81:bd:3b:86:ca:57:5b:72:32:35:
         77:8a:33:90:36:55:aa:ad:b8:fa:ee:92:ca:8d:d8:5d:14:21:
         09:1a:da:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkuRJ7dS/g7VthcakfEbUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4ZTJmNGFiYTBiYzliM2UzYWIxODU2NDk3YTQwMDcxOTcx
YjcwNGEwHhcNMjQwMTAxMTAzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDRhMzhmZmQ5MTg1ODk1ZDkxYmQ4YmI3NjdkMzlkZjc3Mjc2MGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Vy1NBZ12I3ntG0ccKGKr2kWpia0
hu/t+RQGp2kmQFs4cEaPGsvlJ8lWsY/GhjaVck0bEMK/AY3qNvETYDlLKSaPgt4C
VY2IASubEcL13nD07GjbC4s/Xyn43z2u62pA9KjgDoMQPtlApuGM6WYOzXHybsQz
hhcFKKQOckbSHjTAn9AzLMLSQoC8Edckl8vjmewpjP9E9wKfMkz4AwNrr+5bFyqW
4Oy/MXvht++0SWIQZalRjprRRscKkq0wnIbTIm7JDbmEXMOf291MNhReNIX3dEkz
fOz0GLotzuX3eGKfjyl8/0vRJ3Ws3KXoJcicNDkJeCuleQb3j8WVVI7DswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ1KOP/ZGFiV2RvYu3Z9Od93J2DCMB8GA1UdIwQY
MBaAFJji9KugvJs+OrGFZJekAHGXG3BKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbU9MMHE2QzhtejQ2c1lWa2w2UUFjWmNiY0VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS85MmQ1NjQtNWQwOS00MjhlLWFmODAt
ODg4MjE5OWJjY2I0LzEvblVvNF85a1lXSlhaRzlpN2RuMDUzM2NuWU1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS85MmQ1NjQtNWQwOS00MjhlLWFmODAtODg4MjE5OWJjY2I0
LzEvbU9MMHE2QzhtejQ2c1lWa2w2UUFjWmNiY0VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuduYMA0G
CSqGSIb3DQEBCwUAA4IBAQAse6S6r+uEvIBRvEx9Q0G92a3ysABwQZbAFDo9mOfd
bNXakNmZ6JkcqwYQxoiKLma0ziCgWSUmvRoFCr4FQKkxVMZDWYNHCgqRj4WMng+t
Rkonu7E/nLbsgD4KmESOAzZJiQJ8hKJufNOF97qQST2tUIhmJ1sHc6xCEH5w0LNZ
k7HyXJ85/9XjxAg5ii9NHwrIxHoj2Y2/rN/7vTGPSUQeUzzDNSYMVGTpSWLQfJNA
2n5l0qxXqenoFqyZ/MXq11SifLQbgzgajG7N+IVGF/sQ1HqLvbs47zbK/DmRwGIo
tIG9O4bKV1tyMjV3ijOQNlWqrbj67pLKjdhdFCEJGtra
-----END CERTIFICATE-----