Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/TXTmYKnGP06TtmltXNFmr6p_7nE.roa
File:                     TXTmYKnGP06TtmltXNFmr6p_7nE.roa (raw, json)
Hash identifier:          SPHtn3t4CiY4cEBo8mEoLuUH8LJxRkAhEPHqKx9WFDs=
Subject key identifier:   4D:74:E6:60:A9:C6:3F:4E:93:B6:69:6D:5C:D1:66:AF:AA:7F:EE:71
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       0194236A3F1DF10526E8AB5826FFEDF19FE1
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/TXTmYKnGP06TtmltXNFmr6p_7nE.roa
Signing time:             Wed 01 Jan 2025 19:49:13 +0000
ROA not before:           Wed 01 Jan 2025 19:49:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43350
IP address blocks:        185.142.141.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 21:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:3f:1d:f1:05:26:e8:ab:58:26:ff:ed:f1:9f:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  1 19:49:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4d74e660a9c63f4e93b6696d5cd166afaa7fee71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:54:ac:09:6d:66:f7:8e:7d:64:74:bc:aa:b7:
                    96:7f:88:e4:c0:55:7d:05:d8:79:ba:4e:51:bb:28:
                    85:e9:5c:e2:e7:8f:1e:6b:3b:51:d3:5f:02:3f:c3:
                    38:78:41:80:ef:bc:c9:2c:c3:e0:b2:a0:06:8b:ef:
                    91:6d:cd:77:33:66:4b:80:cd:81:f1:48:1e:d4:b5:
                    38:49:91:8f:ac:bf:a2:3b:80:3f:f4:09:67:3a:63:
                    3a:26:6f:12:61:44:34:1e:e2:d9:48:bd:a0:88:7a:
                    83:fd:30:e4:6c:89:c9:27:f0:aa:1d:e6:2c:d8:a9:
                    fc:3f:92:a3:31:4e:7c:ec:6f:0f:ae:be:d0:2f:5e:
                    bb:58:20:f5:73:5c:fe:7d:0e:d6:ee:ff:2e:3b:3c:
                    c5:6c:1c:bc:a5:b5:25:a2:70:77:85:c8:cc:b7:c2:
                    95:2c:b9:20:59:65:73:ac:32:db:7a:04:c1:7f:4b:
                    61:e9:1f:7a:24:62:80:5f:95:f5:1b:d5:5b:5e:f8:
                    a0:59:1c:01:ab:08:e5:9c:ec:27:b1:1e:53:0d:fb:
                    f5:bc:50:1d:71:4b:c6:f3:e5:f7:3b:c9:8d:9e:ce:
                    25:10:b3:b1:50:c6:66:2e:e5:40:c7:67:25:b7:30:
                    2c:16:b8:6b:c8:b5:22:e9:5f:ec:bc:7d:c7:e1:4e:
                    a5:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:74:E6:60:A9:C6:3F:4E:93:B6:69:6D:5C:D1:66:AF:AA:7F:EE:71
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/TXTmYKnGP06TtmltXNFmr6p_7nE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.142.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:12:f1:a7:b9:e8:1a:3b:26:df:37:7c:5a:56:0c:cc:6e:9e:
         1d:4e:ec:2b:84:7f:4f:fd:bb:1b:49:31:c2:70:4f:aa:6c:cc:
         2c:db:60:ab:80:f7:b4:1f:4b:47:c4:df:2a:5c:62:1d:ca:20:
         3e:97:1f:48:86:1b:0c:ca:42:9e:13:a8:86:ac:6b:21:0c:05:
         f6:30:bd:9f:c8:69:65:2e:ea:49:c6:99:f8:83:de:7a:e7:e0:
         b3:35:5b:97:cc:44:af:05:f5:52:43:5b:2f:f7:c7:28:47:f0:
         33:62:7a:f4:4e:cf:71:4b:c0:a5:e2:1d:08:a7:78:57:62:bf:
         3f:3d:df:fe:4e:a5:79:5c:95:32:66:12:48:da:81:6b:86:0f:
         64:3b:71:f9:1c:b1:2d:8a:2e:a9:98:02:56:86:80:ef:4d:d1:
         84:a0:b2:3c:f8:69:a7:ee:ba:4b:28:94:ed:17:99:0f:00:6e:
         e3:b5:68:ad:2b:b2:43:ce:af:8c:9a:25:e2:b1:92:db:f3:84:
         f3:25:37:ce:35:86:4b:57:0c:af:6f:93:39:b9:f2:e5:04:43:
         b0:45:77:5b:be:36:b7:ba:f9:55:63:a7:02:39:9a:3c:ca:aa:
         3c:1c:e5:77:b8:e2:aa:ab:4a:3f:64:da:1d:a0:1e:73:33:30:
         11:e5:09:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaj8d8QUm6KtYJv/t8Z/hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjUwMTAxMTk0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDc0ZTY2MGE5YzYzZjRlOTNiNjY5NmQ1Y2QxNjZhZmFhN2ZlZTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFSsCW1m9459ZHS8qreWf4jkwFV9
Bdh5uk5RuyiF6Vzi548eaztR018CP8M4eEGA77zJLMPgsqAGi++Rbc13M2ZLgM2B
8Uge1LU4SZGPrL+iO4A/9AlnOmM6Jm8SYUQ0HuLZSL2giHqD/TDkbInJJ/CqHeYs
2Kn8P5KjMU587G8Prr7QL167WCD1c1z+fQ7W7v8uOzzFbBy8pbUlonB3hcjMt8KV
LLkgWWVzrDLbegTBf0th6R96JGKAX5X1G9VbXvigWRwBqwjlnOwnsR5TDfv1vFAd
cUvG8+X3O8mNns4lELOxUMZmLuVAx2cltzAsFrhryLUi6V/svH3H4U6luwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE105mCpxj9Ok7ZpbVzRZq+qf+5xMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvVFhUbVlLbkdQMDZUdG1sdFhORm1yNnBfN25FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY6NMA0G
CSqGSIb3DQEBCwUAA4IBAQCVEvGnuegaOybfN3xaVgzMbp4dTuwrhH9P/bsbSTHC
cE+qbMws22CrgPe0H0tHxN8qXGIdyiA+lx9IhhsMykKeE6iGrGshDAX2ML2fyGll
LupJxpn4g9565+CzNVuXzESvBfVSQ1sv98coR/AzYnr0Ts9xS8Cl4h0Ip3hXYr8/
Pd/+TqV5XJUyZhJI2oFrhg9kO3H5HLEtii6pmAJWhoDvTdGEoLI8+Gmn7rpLKJTt
F5kPAG7jtWitK7JDzq+MmiXisZLb84TzJTfONYZLVwyvb5M5ufLlBEOwRXdbvja3
uvlVY6cCOZo8yqo8HOV3uOKqq0o/ZNodoB5zMzAR5QnB
-----END CERTIFICATE-----