Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/N0kTkemaawT7zu4zdvvl6S_NNEM.roa
File:                     N0kTkemaawT7zu4zdvvl6S_NNEM.roa (raw, json)
Hash identifier:          K/ZfZ9D/PFbDo5lDKSJ7bYTAGx3HpunTlm5t4EasIxg=
Subject key identifier:   37:49:13:91:E9:9A:6B:04:FB:CE:EE:33:76:FB:E5:E9:2F:CD:34:43
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       018F153C2148A43E9D7093CB0AAA01A7FD5D
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/N0kTkemaawT7zu4zdvvl6S_NNEM.roa
Signing time:             Thu 25 Apr 2024 12:30:13 +0000
ROA not before:           Thu 25 Apr 2024 12:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     22168
IP address blocks:        146.19.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:15:3c:21:48:a4:3e:9d:70:93:cb:0a:aa:01:a7:fd:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Apr 25 12:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37491391e99a6b04fbceee3376fbe5e92fcd3443
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:d5:ad:78:05:cf:54:b1:2c:51:ce:c2:79:10:
                    ba:ad:3e:24:7f:4e:15:ae:87:bf:c8:cd:49:82:ec:
                    67:c1:c0:be:7e:55:65:10:09:72:34:5a:98:bf:1e:
                    ba:8d:34:60:99:26:d4:96:0a:12:fe:be:81:47:06:
                    d0:c4:22:f4:8b:2c:be:8b:7a:51:a9:a2:db:b3:11:
                    cf:69:db:3f:3a:56:d9:af:c7:9c:fe:f7:ae:8f:e3:
                    4b:ff:86:33:64:c1:90:be:0e:a2:c1:cf:46:f7:21:
                    cd:c3:e1:a3:a8:1d:8b:93:f4:9c:73:71:a8:4e:41:
                    21:8f:63:a1:5b:b5:43:21:7b:b5:4b:92:fc:7d:56:
                    b3:1a:65:c5:f1:ae:eb:cd:37:4a:09:19:78:eb:7a:
                    04:f4:f3:8c:3b:8f:f7:54:2d:b2:0f:5e:bc:fc:d4:
                    0a:b7:e8:ee:6d:4c:62:99:3d:1d:09:2a:58:79:cf:
                    09:00:3e:a4:3e:54:29:a4:55:bc:ee:df:5d:b7:1a:
                    1e:4b:f7:ad:cd:f2:a3:12:b3:03:0b:18:15:b0:95:
                    f8:c3:8e:35:4c:83:b6:dc:bd:38:c6:95:cf:b8:7e:
                    b3:e4:aa:8d:81:de:89:6a:a1:a5:91:be:e6:21:c1:
                    fe:99:9a:2f:88:05:8a:43:f5:29:76:76:02:b5:a0:
                    ff:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:49:13:91:E9:9A:6B:04:FB:CE:EE:33:76:FB:E5:E9:2F:CD:34:43
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/N0kTkemaawT7zu4zdvvl6S_NNEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:19:8a:00:51:8e:d5:aa:56:00:4f:c8:dc:c1:db:db:5a:90:
         38:21:97:25:88:5b:b6:54:7f:d9:55:a3:8a:04:3f:2c:79:d8:
         33:56:76:5f:ec:9d:6b:dc:9e:25:63:ce:94:b9:54:8d:55:4c:
         81:93:62:87:98:ff:2d:1c:d8:0d:9b:19:a2:c1:a7:8f:47:12:
         46:1a:6f:8f:02:a6:68:3e:6f:0a:8b:4d:e6:12:49:46:44:78:
         4b:c3:af:d0:c4:0b:e6:af:e4:30:fa:66:37:02:14:88:2e:c3:
         d0:76:89:a7:5a:98:e8:a8:ed:84:70:26:ad:44:14:c7:48:63:
         95:a5:cb:15:15:54:67:18:8b:59:50:f6:33:a4:67:3c:cb:31:
         de:90:be:d7:10:15:bb:73:b4:bb:d6:f4:e9:65:f0:ca:e5:9f:
         54:7b:ba:ab:d3:2f:81:a5:ea:38:26:ce:2e:6d:58:de:a5:c1:
         6c:7a:13:e5:94:ba:67:8d:05:16:82:c7:62:74:4e:69:40:bf:
         76:15:81:d3:b1:16:00:06:57:a9:33:82:e5:ce:0b:59:12:53:
         88:77:52:0d:0d:8d:4c:4d:73:f1:8b:51:c4:35:a0:58:ff:14:
         c7:42:bf:db:0b:70:5a:5c:bb:aa:b7:ff:30:ca:d6:53:f5:fd:
         c9:cd:22:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8VPCFIpD6dcJPLCqoBp/1dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQwNDI1MTIzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzQ5MTM5MWU5OWE2YjA0ZmJjZWVlMzM3NmZiZTVlOTJmY2QzNDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgdWteAXPVLEsUc7CeRC6rT4kf04V
roe/yM1JguxnwcC+flVlEAlyNFqYvx66jTRgmSbUlgoS/r6BRwbQxCL0iyy+i3pR
qaLbsxHPads/OlbZr8ec/veuj+NL/4YzZMGQvg6iwc9G9yHNw+GjqB2Lk/Scc3Go
TkEhj2OhW7VDIXu1S5L8fVazGmXF8a7rzTdKCRl463oE9POMO4/3VC2yD168/NQK
t+jubUximT0dCSpYec8JAD6kPlQppFW87t9dtxoeS/etzfKjErMDCxgVsJX4w441
TIO23L04xpXPuH6z5KqNgd6JaqGlkb7mIcH+mZoviAWKQ/UpdnYCtaD/UQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDdJE5HpmmsE+87uM3b75ekvzTRDMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvTjBrVGtlbWFhd1Q3enU0emR2dmw2U19OTkVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhMUMA0G
CSqGSIb3DQEBCwUAA4IBAQB6GYoAUY7VqlYAT8jcwdvbWpA4IZcliFu2VH/ZVaOK
BD8sedgzVnZf7J1r3J4lY86UuVSNVUyBk2KHmP8tHNgNmxmiwaePRxJGGm+PAqZo
Pm8Ki03mEklGRHhLw6/QxAvmr+Qw+mY3AhSILsPQdomnWpjoqO2EcCatRBTHSGOV
pcsVFVRnGItZUPYzpGc8yzHekL7XEBW7c7S71vTpZfDK5Z9Ue7qr0y+Bpeo4Js4u
bVjepcFsehPllLpnjQUWgsdidE5pQL92FYHTsRYABlepM4LlzgtZElOId1INDY1M
TXPxi1HENaBY/xTHQr/bC3BaXLuqt/8wytZT9f3JzSJ3
-----END CERTIFICATE-----