Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/DSsRI5hyXbqbrB81gRawTMdDwII.roa
File:                     DSsRI5hyXbqbrB81gRawTMdDwII.roa (raw, json)
Hash identifier:          xSkGQb5ZUhnqR/9jRjMRxTgy95U8pJ1gzZ6YNTukCj4=
Subject key identifier:   0D:2B:11:23:98:72:5D:BA:9B:AC:1F:35:81:16:B0:4C:C7:43:C0:82
Certificate issuer:       /CN=468b592f3110bc6c35249a8271a0dac1a9acb0ce
Certificate serial:       018F77B59B9C64F64A0FFE442B6C78126A74
Authority key identifier: 46:8B:59:2F:31:10:BC:6C:35:24:9A:82:71:A0:DA:C1:A9:AC:B0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/DSsRI5hyXbqbrB81gRawTMdDwII.roa
Signing time:             Tue 14 May 2024 15:25:41 +0000
ROA not before:           Tue 14 May 2024 15:25:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3257
IP address blocks:        146.19.50.0/24 maxlen: 24
                          146.19.142.0/24 maxlen: 24
                          185.253.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:77:b5:9b:9c:64:f6:4a:0f:fe:44:2b:6c:78:12:6a:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=468b592f3110bc6c35249a8271a0dac1a9acb0ce
        Validity
            Not Before: May 14 15:25:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d2b112398725dba9bac1f358116b04cc743c082
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ce:3c:cd:a4:83:87:ca:cb:f6:a0:e7:d2:7c:
                    ae:38:97:30:98:66:c5:16:56:38:65:b5:50:01:45:
                    93:bc:94:e1:2a:88:f7:fa:6c:c8:bc:b3:97:e7:31:
                    70:d9:76:a8:b1:6b:1a:0b:b7:9c:fe:47:0f:2e:40:
                    c0:d9:8b:d2:a9:f8:b7:49:bf:a6:34:51:1f:ea:7a:
                    48:73:65:00:9c:14:58:e9:d1:b3:4e:25:05:ea:27:
                    4c:c8:6e:a1:03:ef:a9:97:46:cb:d7:18:c7:13:ba:
                    0e:50:41:da:ed:31:16:c6:5e:04:37:d4:f9:3e:a8:
                    7f:ac:a5:17:cd:fd:c5:42:5f:f9:e4:6b:7b:14:31:
                    7c:71:76:4d:b6:d6:5f:6e:2b:39:55:e9:45:8a:0c:
                    2a:d1:e0:f0:e9:44:d2:4c:58:25:60:b3:c8:de:8d:
                    1f:92:68:d1:0d:4a:a6:bf:39:00:fa:e7:62:75:7e:
                    fd:93:9c:63:62:f1:cb:11:82:94:85:18:af:3a:c5:
                    97:16:6a:9d:ae:37:da:5f:7c:3e:fa:03:86:b4:f6:
                    36:9e:48:2f:33:69:16:8d:4a:16:f7:2d:e9:ee:d0:
                    e4:d2:62:d6:e7:5f:09:0e:63:a5:9c:6f:d6:88:93:
                    13:ff:61:e3:cf:5f:fa:0c:57:ae:3c:44:70:69:6b:
                    cd:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:2B:11:23:98:72:5D:BA:9B:AC:1F:35:81:16:B0:4C:C7:43:C0:82
            X509v3 Authority Key Identifier:
                keyid:46:8B:59:2F:31:10:BC:6C:35:24:9A:82:71:A0:DA:C1:A9:AC:B0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/DSsRI5hyXbqbrB81gRawTMdDwII.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.50.0/24
                  146.19.142.0/24
                  185.253.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:52:81:68:fd:c8:4e:d3:cb:34:9d:0b:d6:ec:24:0c:49:c8:
         70:68:c2:93:eb:fe:44:12:db:da:fb:dd:3c:7b:6b:a5:11:e0:
         44:eb:5f:bc:09:e2:15:57:b7:f5:38:d1:d9:81:4e:00:91:3a:
         cb:42:89:fe:e0:25:26:f3:75:59:c0:c1:f9:02:9e:f4:4c:5c:
         f5:1c:f8:a1:02:f6:f4:79:83:69:ad:88:d5:f3:fd:44:a8:ae:
         e6:c0:45:59:e4:a6:22:82:a4:3a:fb:81:6e:e0:c4:c3:df:d6:
         ba:38:9a:99:20:0b:55:77:ec:12:45:36:16:82:4b:cb:61:09:
         b6:d1:d8:ba:b5:0d:99:cb:90:5e:6f:2e:1b:bf:51:58:52:7c:
         85:fe:9a:17:be:3a:1d:2b:e4:7d:9f:3c:08:75:1c:4b:88:f5:
         d9:bc:a2:bc:63:0f:cd:c2:37:46:e9:2c:ae:bd:3f:5a:2d:c5:
         52:e6:6c:f4:9a:dd:d1:60:69:23:49:b6:4e:46:58:51:9f:e1:
         5d:9b:30:56:f9:bc:17:d1:98:ab:2a:aa:a9:b3:a5:0f:0e:a3:
         40:f2:4d:c2:7a:13:fc:1c:36:55:8f:36:2b:a6:9c:e3:69:37:
         35:ad:1a:eb:ce:42:10:dc:bc:6a:a6:37:f8:90:fb:af:ab:cd:
         ab:45:66:19
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY93tZucZPZKD/5EK2x4Emp0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2OGI1OTJmMzExMGJjNmMzNTI0OWE4MjcxYTBkYWMxYTlh
Y2IwY2UwHhcNMjQwNTE0MTUyNTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDJiMTEyMzk4NzI1ZGJhOWJhYzFmMzU4MTE2YjA0Y2M3NDNjMDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAts48zaSDh8rL9qDn0nyuOJcwmGbF
FlY4ZbVQAUWTvJThKoj3+mzIvLOX5zFw2XaosWsaC7ec/kcPLkDA2YvSqfi3Sb+m
NFEf6npIc2UAnBRY6dGzTiUF6idMyG6hA++pl0bL1xjHE7oOUEHa7TEWxl4EN9T5
Pqh/rKUXzf3FQl/55Gt7FDF8cXZNttZfbis5VelFigwq0eDw6UTSTFglYLPI3o0f
kmjRDUqmvzkA+udidX79k5xjYvHLEYKUhRivOsWXFmqdrjfaX3w++gOGtPY2nkgv
M2kWjUoW9y3p7tDk0mLW518JDmOlnG/WiJMT/2Hjz1/6DFeuPERwaWvNWwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFA0rESOYcl26m6wfNYEWsEzHQ8CCMB8GA1UdIwQY
MBaAFEaLWS8xELxsNSSagnGg2sGprLDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUm90Wkx6RVF2R3cxSkpxQ2NhRGF3YW1zc000LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8yOWUxNjYtOThkMi00OWYyLTg0OTct
MDUwMzc0OWFkZWEwLzEvRFNzUkk1aHlYYnFickI4MWdSYXdUTWREd0lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8yOWUxNjYtOThkMi00OWYyLTg0OTctMDUwMzc0OWFkZWEw
LzEvUm90Wkx6RVF2R3cxSkpxQ2NhRGF3YW1zc000LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAkhMyAwQA
khOOAwQAuf0DMA0GCSqGSIb3DQEBCwUAA4IBAQBrUoFo/chO08s0nQvW7CQMSchw
aMKT6/5EEtva+908e2ulEeBE61+8CeIVV7f1ONHZgU4AkTrLQon+4CUm83VZwMH5
Ap70TFz1HPihAvb0eYNprYjV8/1EqK7mwEVZ5KYigqQ6+4Fu4MTD39a6OJqZIAtV
d+wSRTYWgkvLYQm20di6tQ2Zy5Beby4bv1FYUnyF/poXvjodK+R9nzwIdRxLiPXZ
vKK8Yw/NwjdG6SyuvT9aLcVS5mz0mt3RYGkjSbZORlhRn+FdmzBW+bwX0ZirKqqp
s6UPDqNA8k3CehP8HDZVjzYrppzjaTc1rRrrzkIQ3Lxqpjf4kPuvq82rRWYZ
-----END CERTIFICATE-----