Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/D9QVs5sXbONaefJXYMz39y_8YaY.roa
File:                     D9QVs5sXbONaefJXYMz39y_8YaY.roa (raw, json)
Hash identifier:          LyP30YDmMpkkM4eJOqO2nSsRK1k6nsw1TQX+TC+PmtU=
Subject key identifier:   0F:D4:15:B3:9B:17:6C:E3:5A:79:F2:57:60:CC:F7:F7:2F:FC:61:A6
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       018ED368D6D07F50E857A1E98895AECEA602
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/D9QVs5sXbONaefJXYMz39y_8YaY.roa
Signing time:             Fri 12 Apr 2024 17:44:07 +0000
ROA not before:           Fri 12 Apr 2024 17:44:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        146.19.56.0/24 maxlen: 24
                          176.97.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 13:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d3:68:d6:d0:7f:50:e8:57:a1:e9:88:95:ae:ce:a6:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Apr 12 17:44:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0fd415b39b176ce35a79f25760ccf7f72ffc61a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:a0:5e:64:04:7c:bd:77:3f:3e:d5:d6:6b:3d:
                    a5:62:4a:1b:5b:22:a2:b1:52:6b:33:e0:75:7c:a0:
                    f2:12:d3:d8:22:ad:7b:f1:5c:51:40:d1:83:aa:4d:
                    36:3b:d3:7b:5f:1f:d4:61:0a:c8:1b:c5:78:9c:10:
                    1a:67:28:0c:90:07:6b:98:b3:68:5b:b9:f6:14:80:
                    28:c0:37:9c:e6:a4:27:5d:7c:0b:34:e2:54:ce:45:
                    d2:0c:fe:f5:32:5c:3b:14:f5:dc:b6:ac:e6:92:24:
                    7b:c0:a9:70:06:81:00:3e:f1:75:73:1b:7b:0c:1f:
                    72:a0:77:9c:46:b7:e5:41:47:d2:99:46:65:d7:5d:
                    be:a8:2c:ff:1d:54:18:62:12:5d:dd:fd:fb:1f:43:
                    68:26:3f:79:72:32:af:de:5e:16:45:ae:d7:a8:bd:
                    ec:39:68:a5:64:0c:36:a5:96:ff:9a:6a:ce:43:1f:
                    40:65:14:d5:42:43:e8:c1:19:f2:43:d0:02:78:75:
                    d1:a7:6c:2d:0c:73:db:78:e5:04:c8:1a:a1:c9:ee:
                    e5:e9:04:c2:5e:b3:1c:5d:b0:9c:70:74:5b:6d:25:
                    33:c0:05:54:33:61:a4:01:5f:bd:ce:5b:2c:4a:53:
                    39:a7:a7:39:e3:06:e9:f9:f8:25:02:f3:4c:84:78:
                    57:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:D4:15:B3:9B:17:6C:E3:5A:79:F2:57:60:CC:F7:F7:2F:FC:61:A6
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/D9QVs5sXbONaefJXYMz39y_8YaY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.56.0/24
                  176.97.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:6a:c2:ed:05:a2:65:df:73:09:39:a3:be:55:7f:d6:a5:da:
         cf:9d:10:91:47:bf:5c:35:20:6b:4c:bb:23:19:e0:a9:2d:1e:
         50:cf:61:51:1b:94:57:04:c2:9e:0e:f6:77:fa:b3:97:a2:84:
         4c:db:7e:47:c7:a9:ba:1e:2d:8d:38:76:4a:64:fa:50:1f:07:
         9f:07:c6:04:97:3d:03:3d:10:40:84:f0:70:18:ec:8d:d0:62:
         8e:3d:65:5a:9c:61:5d:e9:37:02:36:df:e7:f0:31:6a:40:ea:
         7d:ef:8a:a8:7f:df:55:87:e3:b7:36:52:65:37:b4:94:fe:68:
         fe:3d:b9:ab:de:0c:d5:4c:52:96:79:0a:99:8c:38:df:87:80:
         51:d7:63:da:68:4f:8d:5f:e9:ad:65:1b:5c:25:dd:cd:c0:60:
         9b:eb:b3:96:96:07:73:c4:c9:d4:ba:0f:54:0a:f4:eb:71:30:
         c0:2e:54:c3:d2:f5:aa:ff:f5:33:60:09:12:42:47:b8:d9:35:
         8f:3a:a7:dd:38:6e:7e:bf:7c:5b:ef:17:8f:d9:0e:92:0f:19:
         2d:49:b4:37:4e:a1:b2:c5:6d:30:34:78:27:d3:18:cd:d2:5a:
         b6:95:e5:40:51:ad:28:6a:8e:b6:8f:52:13:eb:bf:08:0b:b0:
         1b:40:ce:a4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY7TaNbQf1DoV6HpiJWuzqYCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjQwNDEyMTc0NDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmQ0MTViMzliMTc2Y2UzNWE3OWYyNTc2MGNjZjdmNzJmZmM2MWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjaBeZAR8vXc/PtXWaz2lYkobWyKi
sVJrM+B1fKDyEtPYIq178VxRQNGDqk02O9N7Xx/UYQrIG8V4nBAaZygMkAdrmLNo
W7n2FIAowDec5qQnXXwLNOJUzkXSDP71Mlw7FPXctqzmkiR7wKlwBoEAPvF1cxt7
DB9yoHecRrflQUfSmUZl112+qCz/HVQYYhJd3f37H0NoJj95cjKv3l4WRa7XqL3s
OWilZAw2pZb/mmrOQx9AZRTVQkPowRnyQ9ACeHXRp2wtDHPbeOUEyBqhye7l6QTC
XrMcXbCccHRbbSUzwAVUM2GkAV+9zlssSlM5p6c54wbp+fglAvNMhHhXVQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA/UFbObF2zjWnnyV2DM9/cv/GGmMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvRDlRVnM1c1hiT05hZWZKWFlNejM5eV84WWFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAkhM4AwQA
sGHNMA0GCSqGSIb3DQEBCwUAA4IBAQBzasLtBaJl33MJOaO+VX/WpdrPnRCRR79c
NSBrTLsjGeCpLR5Qz2FRG5RXBMKeDvZ3+rOXooRM235Hx6m6Hi2NOHZKZPpQHwef
B8YElz0DPRBAhPBwGOyN0GKOPWVanGFd6TcCNt/n8DFqQOp974qof99Vh+O3NlJl
N7SU/mj+Pbmr3gzVTFKWeQqZjDjfh4BR12PaaE+NX+mtZRtcJd3NwGCb67OWlgdz
xMnUug9UCvTrcTDALlTD0vWq//UzYAkSQke42TWPOqfdOG5+v3xb7xeP2Q6SDxkt
SbQ3TqGyxW0wNHgn0xjN0lq2leVAUa0oao62j1IT678IC7AbQM6k
-----END CERTIFICATE-----