Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/d7a3cb-5fe5-4638-a0db-f066a5c96580/1/zoKwYfpT8_eZS1q4g_KuE1FMSbs.roa
File:                     zoKwYfpT8_eZS1q4g_KuE1FMSbs.roa (raw, json)
Hash identifier:          WDneb93RXm/T2fUdTvHHpiPOHoUh1djxm53VpPJwN34=
Subject key identifier:   CE:82:B0:61:FA:53:F3:F7:99:4B:5A:B8:83:F2:AE:13:51:4C:49:BB
Certificate issuer:       /CN=a892a50c88cc0beb0b747bef4b0590bf9770e935
Certificate serial:       018EB69493F7DA3401078E24E612C68FB894
Authority key identifier: A8:92:A5:0C:88:CC:0B:EB:0B:74:7B:EF:4B:05:90:BF:97:70:E9:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qJKlDIjMC-sLdHvvSwWQv5dw6TU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/d7a3cb-5fe5-4638-a0db-f066a5c96580/1/zoKwYfpT8_eZS1q4g_KuE1FMSbs.roa
Signing time:             Sun 07 Apr 2024 03:22:54 +0000
ROA not before:           Sun 07 Apr 2024 03:22:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24429
IP address blocks:        146.19.236.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/d7a3cb-5fe5-4638-a0db-f066a5c96580/1/qJKlDIjMC-sLdHvvSwWQv5dw6TU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/d7a3cb-5fe5-4638-a0db-f066a5c96580/1/qJKlDIjMC-sLdHvvSwWQv5dw6TU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qJKlDIjMC-sLdHvvSwWQv5dw6TU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 09:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:b6:94:93:f7:da:34:01:07:8e:24:e6:12:c6:8f:b8:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a892a50c88cc0beb0b747bef4b0590bf9770e935
        Validity
            Not Before: Apr  7 03:22:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce82b061fa53f3f7994b5ab883f2ae13514c49bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:a7:0b:67:4d:fd:90:a7:8b:7c:47:22:84:18:
                    22:93:ce:99:16:a9:2e:12:11:bc:e2:b6:ae:a1:bc:
                    96:87:71:e6:e2:82:0f:66:5d:56:05:6e:06:bd:38:
                    61:dd:38:34:51:13:27:ef:1c:83:02:34:c0:b3:3e:
                    fe:2d:82:ad:49:04:69:af:ab:da:f0:d0:be:72:b8:
                    2e:ae:55:81:2f:26:1a:63:2b:f5:b9:9e:d9:ee:9b:
                    be:f9:ff:29:f1:9b:35:7a:59:1d:6e:e3:10:24:dc:
                    ed:be:ab:24:06:3c:53:99:f7:d9:01:47:1d:71:28:
                    1b:e4:8e:d9:dc:7e:b5:7b:85:ce:0f:e6:24:ae:00:
                    ad:04:a6:86:88:3b:9d:10:9d:92:3d:b6:d7:f3:ad:
                    64:08:e2:db:ac:e8:58:6c:9f:e5:f3:5f:b1:ec:69:
                    f8:a6:20:43:b3:13:d0:e2:fe:15:d1:85:57:b9:f2:
                    8c:6e:65:97:a1:17:61:ad:34:7d:1c:b2:b5:0c:08:
                    e8:e1:96:26:d8:9d:6b:93:d5:a7:bc:f2:9a:7a:d0:
                    39:64:02:1b:e6:53:76:60:92:82:47:c6:18:a6:92:
                    0c:c6:01:6c:35:a8:b4:4f:8a:d2:92:69:9c:fa:5b:
                    0a:e9:c3:d1:ac:72:62:b9:16:e6:22:d3:1b:e8:0b:
                    e6:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:82:B0:61:FA:53:F3:F7:99:4B:5A:B8:83:F2:AE:13:51:4C:49:BB
            X509v3 Authority Key Identifier:
                keyid:A8:92:A5:0C:88:CC:0B:EB:0B:74:7B:EF:4B:05:90:BF:97:70:E9:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qJKlDIjMC-sLdHvvSwWQv5dw6TU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/d7a3cb-5fe5-4638-a0db-f066a5c96580/1/zoKwYfpT8_eZS1q4g_KuE1FMSbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/d7a3cb-5fe5-4638-a0db-f066a5c96580/1/qJKlDIjMC-sLdHvvSwWQv5dw6TU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:f8:cf:7a:15:c8:16:c9:29:ee:e9:c1:49:f4:7c:36:3b:12:
         e3:6b:7f:e0:cf:b1:4f:96:75:85:96:41:ae:91:29:c0:25:36:
         91:fd:c9:aa:72:98:12:30:b4:56:45:1c:ad:23:bd:ce:4e:b7:
         06:9f:e7:a6:b9:b7:49:bb:6d:c9:c8:e5:b7:6b:f4:b6:dc:50:
         91:2b:d8:13:00:68:f5:6a:25:a6:68:60:ae:0d:bc:00:3d:62:
         f7:57:af:83:34:3e:92:a7:8d:88:c3:47:4f:9a:8e:4e:f2:3b:
         86:34:82:23:36:c6:b2:a9:0f:15:3b:0b:a6:82:cc:08:77:70:
         b3:00:af:4e:0f:d7:10:f0:d1:81:0e:36:f8:e0:56:dc:bd:c6:
         9a:9a:9f:cd:4d:4a:31:e1:4a:0e:c1:d6:8a:df:ea:b9:bf:92:
         8b:c6:52:f2:44:5d:a7:e8:8c:a9:e6:90:73:a5:25:d1:47:1c:
         ea:aa:09:a2:44:4d:12:10:6a:ac:25:62:ee:f6:92:6f:33:77:
         8a:07:42:b7:78:0e:7a:6a:3d:8f:81:0b:83:0c:6d:9f:a7:c7:
         45:73:5d:b7:22:c3:f7:9f:25:5f:89:23:45:3f:e6:ae:23:f6:
         b6:80:bc:dc:71:53:5e:f7:8c:da:be:4c:ee:20:29:b5:fb:3a:
         26:8d:6f:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY62lJP32jQBB44k5hLGj7iUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4OTJhNTBjODhjYzBiZWIwYjc0N2JlZjRiMDU5MGJmOTc3
MGU5MzUwHhcNMjQwNDA3MDMyMjU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTgyYjA2MWZhNTNmM2Y3OTk0YjVhYjg4M2YyYWUxMzUxNGM0OWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6cLZ039kKeLfEcihBgik86ZFqku
EhG84rauobyWh3Hm4oIPZl1WBW4GvThh3Tg0URMn7xyDAjTAsz7+LYKtSQRpr6va
8NC+crgurlWBLyYaYyv1uZ7Z7pu++f8p8Zs1elkdbuMQJNztvqskBjxTmffZAUcd
cSgb5I7Z3H61e4XOD+YkrgCtBKaGiDudEJ2SPbbX861kCOLbrOhYbJ/l81+x7Gn4
piBDsxPQ4v4V0YVXufKMbmWXoRdhrTR9HLK1DAjo4ZYm2J1rk9WnvPKaetA5ZAIb
5lN2YJKCR8YYppIMxgFsNai0T4rSkmmc+lsK6cPRrHJiuRbmItMb6AvmZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM6CsGH6U/P3mUtauIPyrhNRTEm7MB8GA1UdIwQY
MBaAFKiSpQyIzAvrC3R770sFkL+XcOk1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUpLbERJak1DLXNMZEh2dlN3V1F2NWR3NlRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS9kN2EzY2ItNWZlNS00NjM4LWEwZGIt
ZjA2NmE1Yzk2NTgwLzEvem9Ld1lmcFQ4X2VaUzFxNGdfS3VFMUZNU2JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS9kN2EzY2ItNWZlNS00NjM4LWEwZGItZjA2NmE1Yzk2NTgw
LzEvcUpLbERJak1DLXNMZEh2dlN3V1F2NWR3NlRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhPsMA0G
CSqGSIb3DQEBCwUAA4IBAQAD+M96FcgWySnu6cFJ9Hw2OxLja3/gz7FPlnWFlkGu
kSnAJTaR/cmqcpgSMLRWRRytI73OTrcGn+emubdJu23JyOW3a/S23FCRK9gTAGj1
aiWmaGCuDbwAPWL3V6+DND6Sp42Iw0dPmo5O8juGNIIjNsayqQ8VOwumgswId3Cz
AK9OD9cQ8NGBDjb44Fbcvcaamp/NTUox4UoOwdaK3+q5v5KLxlLyRF2n6Iyp5pBz
pSXRRxzqqgmiRE0SEGqsJWLu9pJvM3eKB0K3eA56aj2PgQuDDG2fp8dFc123IsP3
nyVfiSNFP+auI/a2gLzccVNe94zavkzuICm1+zomjW9o
-----END CERTIFICATE-----