Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/31081a-8b5a-49ec-9036-862e99973fc3/1/K6jsQf9Pkb_is0gJTcU0dpUzZjw.roa
File:                     K6jsQf9Pkb_is0gJTcU0dpUzZjw.roa (raw, json)
Hash identifier:          Z+/0BCV7NnC5T2cHWLa44+vPj3S9jmtyq6LNSUc5f2Q=
Subject key identifier:   2B:A8:EC:41:FF:4F:91:BF:E2:B3:48:09:4D:C5:34:76:95:33:66:3C
Certificate issuer:       /CN=f7822d4597e5493d15178bfb10e6841dd17e5897
Certificate serial:       018CC7953EA17C383C7B7E58F26E83BA434B
Authority key identifier: F7:82:2D:45:97:E5:49:3D:15:17:8B:FB:10:E6:84:1D:D1:7E:58:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/94ItRZflST0VF4v7EOaEHdF-WJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/31081a-8b5a-49ec-9036-862e99973fc3/1/K6jsQf9Pkb_is0gJTcU0dpUzZjw.roa
Signing time:             Tue 02 Jan 2024 00:31:36 +0000
ROA not before:           Tue 02 Jan 2024 00:31:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12551
IP address blocks:        158.47.0.0/16 maxlen: 24
                          146.133.0.0/16 maxlen: 24
                          146.133.124.0/24 maxlen: 24
                          146.133.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/31081a-8b5a-49ec-9036-862e99973fc3/1/94ItRZflST0VF4v7EOaEHdF-WJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/31081a-8b5a-49ec-9036-862e99973fc3/1/94ItRZflST0VF4v7EOaEHdF-WJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/94ItRZflST0VF4v7EOaEHdF-WJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:3e:a1:7c:38:3c:7b:7e:58:f2:6e:83:ba:43:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7822d4597e5493d15178bfb10e6841dd17e5897
        Validity
            Not Before: Jan  2 00:31:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ba8ec41ff4f91bfe2b348094dc534769533663c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:82:bd:f5:80:81:a0:c0:2f:eb:8e:ff:03:61:
                    46:09:6d:9d:5b:3b:f8:ac:08:d9:b3:82:01:15:74:
                    eb:aa:c9:2d:23:dd:d4:4b:98:2f:ca:40:6a:e0:84:
                    da:80:32:1f:3d:3e:73:b2:47:86:da:3e:3f:6a:df:
                    73:aa:bb:f0:7b:65:be:e7:3e:bb:ad:5a:be:d8:6a:
                    7d:44:d4:95:68:32:92:23:8c:47:99:e2:6b:a0:b0:
                    29:31:5c:b4:04:d5:f2:c4:c2:a1:ec:03:9e:11:25:
                    48:8c:4b:41:9b:74:e5:09:79:f6:30:4d:41:19:bc:
                    60:92:e7:98:38:86:62:77:58:a3:f8:59:62:8a:d2:
                    85:ff:7d:b6:b1:cd:1d:43:21:60:7c:e7:0f:43:c5:
                    13:9e:99:9c:bf:dc:17:c5:eb:e1:db:ae:4a:e5:da:
                    e1:de:f9:84:8f:1c:2b:b5:c4:23:4a:b3:8f:55:b2:
                    64:04:e4:d9:87:0e:d0:c3:5e:27:97:8e:ee:5a:db:
                    1b:54:0f:79:23:ce:d3:f0:b7:23:0d:99:d7:42:59:
                    65:6b:b9:01:6e:1c:f4:b8:f0:13:b6:5d:9a:c6:4e:
                    f4:99:90:b1:ff:5c:1f:05:10:fe:8f:87:4e:75:96:
                    57:95:97:17:45:0a:b3:dc:04:07:a8:41:1c:8e:16:
                    ce:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:A8:EC:41:FF:4F:91:BF:E2:B3:48:09:4D:C5:34:76:95:33:66:3C
            X509v3 Authority Key Identifier:
                keyid:F7:82:2D:45:97:E5:49:3D:15:17:8B:FB:10:E6:84:1D:D1:7E:58:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/94ItRZflST0VF4v7EOaEHdF-WJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/31081a-8b5a-49ec-9036-862e99973fc3/1/K6jsQf9Pkb_is0gJTcU0dpUzZjw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/31081a-8b5a-49ec-9036-862e99973fc3/1/94ItRZflST0VF4v7EOaEHdF-WJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.133.0.0/16
                  158.47.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         38:83:d9:3c:dd:dc:37:8b:5c:3f:53:6f:52:5c:41:ff:2d:e9:
         fd:76:eb:42:3f:05:c0:ba:79:72:84:d5:aa:5f:69:f6:05:06:
         81:c1:89:67:1d:c5:92:e6:b4:b7:ba:5a:1b:17:ea:e9:23:80:
         6c:1e:96:49:31:a3:27:6c:12:94:51:2a:ba:5e:38:a0:02:83:
         a3:f6:63:42:7b:f2:31:51:50:50:e4:a7:f7:da:cb:85:cf:b8:
         43:a8:30:52:bf:21:5e:0b:81:6c:a4:76:4a:2f:e7:26:27:3a:
         fb:0a:4c:80:87:00:16:25:93:2c:e3:45:72:e9:d0:cf:c8:48:
         4c:34:89:62:3c:2e:c6:e5:8d:fb:c8:4c:ef:81:4b:5c:bc:3e:
         52:b9:74:a6:41:5c:f5:15:70:5a:3d:5b:8b:11:55:3c:5b:3e:
         3b:19:cc:ef:3a:9a:3e:12:45:a7:bb:06:c5:64:c0:37:5b:25:
         31:a6:0c:bc:02:e9:75:f5:0f:25:be:9d:23:ff:0a:5e:f2:23:
         a9:9c:e5:96:2a:8d:a6:c9:0b:b8:1e:df:0f:d3:7e:9f:e4:75:
         68:78:8b:b7:75:84:4c:a6:8f:3d:86:a8:79:fc:b0:b2:43:93:
         fd:da:fc:e9:69:97:71:86:55:3a:ee:0f:5d:13:d8:38:cb:e8:
         3b:03:13:db
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAYzHlT6hfDg8e35Y8m6DukNLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3ODIyZDQ1OTdlNTQ5M2QxNTE3OGJmYjEwZTY4NDFkZDE3
ZTU4OTcwHhcNMjQwMTAyMDAzMTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmE4ZWM0MWZmNGY5MWJmZTJiMzQ4MDk0ZGM1MzQ3Njk1MzM2NjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoK99YCBoMAv647/A2FGCW2dWzv4
rAjZs4IBFXTrqsktI93US5gvykBq4ITagDIfPT5zskeG2j4/at9zqrvwe2W+5z67
rVq+2Gp9RNSVaDKSI4xHmeJroLApMVy0BNXyxMKh7AOeESVIjEtBm3TlCXn2ME1B
GbxgkueYOIZid1ij+FliitKF/322sc0dQyFgfOcPQ8UTnpmcv9wXxevh265K5drh
3vmEjxwrtcQjSrOPVbJkBOTZhw7Qw14nl47uWtsbVA95I87T8LcjDZnXQllla7kB
bhz0uPATtl2axk70mZCx/1wfBRD+j4dOdZZXlZcXRQqz3AQHqEEcjhbOWQIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFCuo7EH/T5G/4rNICU3FNHaVM2Y8MB8GA1UdIwQY
MBaAFPeCLUWX5Uk9FReL+xDmhB3RfliXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTRJdFJaZmxTVDBWRjR2N0VPYUVIZEYtV0pjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy8zMTA4MWEtOGI1YS00OWVjLTkwMzYt
ODYyZTk5OTczZmMzLzEvSzZqc1FmOVBrYl9pczBnSlRjVTBkcFV6Wmp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy8zMTA4MWEtOGI1YS00OWVjLTkwMzYtODYyZTk5OTczZmMz
LzEvOTRJdFJaZmxTVDBWRjR2N0VPYUVIZEYtV0pjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCMGCCsGAQUFBwEHAQH/BBQwEjAQBAIAATAKAwMAkoUDAwCe
LzANBgkqhkiG9w0BAQsFAAOCAQEAOIPZPN3cN4tcP1NvUlxB/y3p/XbrQj8FwLp5
coTVql9p9gUGgcGJZx3Fkua0t7paGxfq6SOAbB6WSTGjJ2wSlFEqul44oAKDo/Zj
QnvyMVFQUOSn99rLhc+4Q6gwUr8hXguBbKR2Si/nJic6+wpMgIcAFiWTLONFcunQ
z8hITDSJYjwuxuWN+8hM74FLXLw+Url0pkFc9RVwWj1bixFVPFs+OxnM7zqaPhJF
p7sGxWTAN1slMaYMvALpdfUPJb6dI/8KXvIjqZzlliqNpskLuB7fD9N+n+R1aHiL
t3WETKaPPYaoefywskOT/dr86WmXcYZVOu4PXRPYOMvoOwMT2w==
-----END CERTIFICATE-----