Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/50d9c6-f24a-44af-8ae0-54f6bc85aac0/1/01CHf_9w14ZNhv9S3Xhmvi90F8Q.roa
File:                     01CHf_9w14ZNhv9S3Xhmvi90F8Q.roa (raw, json)
Hash identifier:          ArkBvOvd5Ct0Kx1EUTZrG268WQ9wBIinLxbgoX9Nw3c=
Subject key identifier:   D3:50:87:7F:FF:70:D7:86:4D:86:FF:52:DD:78:66:BE:2F:74:17:C4
Certificate issuer:       /CN=84d60d2dc6ad82a2570e0000fdd993948bc454d8
Certificate serial:       01942067D8D4DEB826C362B112283953DCAA
Authority key identifier: 84:D6:0D:2D:C6:AD:82:A2:57:0E:00:00:FD:D9:93:94:8B:C4:54:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hNYNLcatgqJXDgAA_dmTlIvEVNg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/50d9c6-f24a-44af-8ae0-54f6bc85aac0/1/01CHf_9w14ZNhv9S3Xhmvi90F8Q.roa
Signing time:             Wed 01 Jan 2025 05:47:44 +0000
ROA not before:           Wed 01 Jan 2025 05:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        185.98.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/50d9c6-f24a-44af-8ae0-54f6bc85aac0/1/hNYNLcatgqJXDgAA_dmTlIvEVNg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/50d9c6-f24a-44af-8ae0-54f6bc85aac0/1/hNYNLcatgqJXDgAA_dmTlIvEVNg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hNYNLcatgqJXDgAA_dmTlIvEVNg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 08:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:d8:d4:de:b8:26:c3:62:b1:12:28:39:53:dc:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84d60d2dc6ad82a2570e0000fdd993948bc454d8
        Validity
            Not Before: Jan  1 05:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d350877fff70d7864d86ff52dd7866be2f7417c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:03:4d:78:d5:ab:9e:57:b7:67:11:3c:16:51:
                    23:c7:58:e4:67:62:ac:60:00:87:2f:8e:65:d6:eb:
                    ff:89:5c:84:d4:3b:e5:55:a7:19:88:18:2a:c5:c7:
                    e9:11:f1:bc:74:ca:cf:c7:5c:c6:d4:60:d9:a7:19:
                    4d:85:19:b2:35:7a:72:58:f4:47:00:85:97:1c:66:
                    f5:38:03:a1:06:ab:42:df:41:a7:77:ea:fc:3d:4a:
                    32:5a:97:28:ee:36:64:61:41:c2:1c:30:c8:82:f5:
                    da:44:91:18:70:9d:b8:be:33:1c:64:73:55:24:04:
                    3f:f7:8f:06:86:9a:10:14:a5:d3:c8:e3:8f:0f:f2:
                    97:4b:66:a7:91:56:2f:f1:18:c6:49:24:f5:3c:6a:
                    ee:9a:da:96:68:d7:50:a5:5d:8a:3f:71:3d:74:63:
                    9b:10:7b:41:b3:a5:85:7b:72:52:77:34:91:93:4e:
                    5c:2f:f5:fc:ea:91:4a:fc:6e:9a:1e:e4:f7:24:eb:
                    94:7b:60:02:cb:b4:98:19:1f:2b:ce:4b:6f:95:f9:
                    55:a0:0e:d1:db:23:16:e0:7b:5f:54:de:37:d0:e4:
                    75:23:d6:55:db:0e:6e:75:6b:11:56:1a:2c:0e:44:
                    e4:89:67:73:59:50:2c:15:34:c9:bd:72:cc:05:e2:
                    73:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:50:87:7F:FF:70:D7:86:4D:86:FF:52:DD:78:66:BE:2F:74:17:C4
            X509v3 Authority Key Identifier:
                keyid:84:D6:0D:2D:C6:AD:82:A2:57:0E:00:00:FD:D9:93:94:8B:C4:54:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hNYNLcatgqJXDgAA_dmTlIvEVNg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/50d9c6-f24a-44af-8ae0-54f6bc85aac0/1/01CHf_9w14ZNhv9S3Xhmvi90F8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/50d9c6-f24a-44af-8ae0-54f6bc85aac0/1/hNYNLcatgqJXDgAA_dmTlIvEVNg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.98.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:10:8d:c8:ce:97:9a:6c:0e:8f:5b:25:90:0a:5c:25:33:29:
         0a:70:fb:04:8c:15:92:14:55:5b:da:81:61:47:4f:73:0a:b1:
         44:82:70:02:10:21:0f:af:08:56:98:35:dc:9f:c9:6d:ef:85:
         2e:f5:86:22:3b:4a:1a:8a:00:0e:74:e0:5f:47:75:c3:98:11:
         0b:38:b3:52:bb:4d:93:bf:6b:b0:c8:78:83:5f:6a:f4:10:53:
         67:82:81:7f:95:3a:23:49:2d:b3:5f:58:ad:ae:53:a7:54:b0:
         57:e3:ac:58:90:c3:a4:14:2f:6c:b4:85:14:cf:82:05:87:6a:
         c4:dd:44:b1:12:10:83:8b:d5:7a:c1:ba:84:33:0a:40:11:c5:
         0e:a7:46:40:7d:0e:c0:8a:90:5a:e5:fa:15:a5:3e:96:f1:a4:
         25:e6:d6:3e:66:f1:6f:f8:d5:e2:0b:61:42:41:84:61:79:dd:
         1b:bf:ca:97:9f:74:69:43:4a:96:e4:8a:d1:43:b1:f5:d3:21:
         ce:70:e6:d9:d0:7e:87:ac:67:df:a0:1b:9c:03:ce:28:7c:4f:
         d7:ce:92:65:e5:b2:6f:f8:07:37:16:08:eb:bd:c4:ed:ba:f2:
         a9:97:87:7d:5b:41:1e:39:ee:67:65:48:fb:8a:99:5f:b3:5d:
         e4:30:1e:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ9jU3rgmw2KxEig5U9yqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0ZDYwZDJkYzZhZDgyYTI1NzBlMDAwMGZkZDk5Mzk0OGJj
NDU0ZDgwHhcNMjUwMTAxMDU0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzUwODc3ZmZmNzBkNzg2NGQ4NmZmNTJkZDc4NjZiZTJmNzQxN2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArANNeNWrnle3ZxE8FlEjx1jkZ2Ks
YACHL45l1uv/iVyE1DvlVacZiBgqxcfpEfG8dMrPx1zG1GDZpxlNhRmyNXpyWPRH
AIWXHGb1OAOhBqtC30Gnd+r8PUoyWpco7jZkYUHCHDDIgvXaRJEYcJ24vjMcZHNV
JAQ/948GhpoQFKXTyOOPD/KXS2ankVYv8RjGSST1PGrumtqWaNdQpV2KP3E9dGOb
EHtBs6WFe3JSdzSRk05cL/X86pFK/G6aHuT3JOuUe2ACy7SYGR8rzktvlflVoA7R
2yMW4HtfVN430OR1I9ZV2w5udWsRVhosDkTkiWdzWVAsFTTJvXLMBeJzxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNNQh3//cNeGTYb/Ut14Zr4vdBfEMB8GA1UdIwQY
MBaAFITWDS3GrYKiVw4AAP3Zk5SLxFTYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaE5ZTkxjYXRncUpYRGdBQV9kbVRsSXZFVk5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni81MGQ5YzYtZjI0YS00NGFmLThhZTAt
NTRmNmJjODVhYWMwLzEvMDFDSGZfOXcxNFpOaHY5UzNYaG12aTkwRjhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni81MGQ5YzYtZjI0YS00NGFmLThhZTAtNTRmNmJjODVhYWMw
LzEvaE5ZTkxjYXRncUpYRGdBQV9kbVRsSXZFVk5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWKfMA0G
CSqGSIb3DQEBCwUAA4IBAQAYEI3IzpeabA6PWyWQClwlMykKcPsEjBWSFFVb2oFh
R09zCrFEgnACECEPrwhWmDXcn8lt74Uu9YYiO0oaigAOdOBfR3XDmBELOLNSu02T
v2uwyHiDX2r0EFNngoF/lTojSS2zX1itrlOnVLBX46xYkMOkFC9stIUUz4IFh2rE
3USxEhCDi9V6wbqEMwpAEcUOp0ZAfQ7AipBa5foVpT6W8aQl5tY+ZvFv+NXiC2FC
QYRhed0bv8qXn3RpQ0qW5IrRQ7H10yHOcObZ0H6HrGffoBucA84ofE/XzpJl5bJv
+Ac3FgjrvcTtuvKpl4d9W0EeOe5nZUj7iplfs13kMB5v
-----END CERTIFICATE-----