Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/isUSzxZ49dbz8CqHHUwiVhVzOFw.roa
File:                     isUSzxZ49dbz8CqHHUwiVhVzOFw.roa (raw, json)
Hash identifier:          ekPkPBrDXGBJ9m5r54mNHtxYetPGOw+9mlPHu1puJW0=
Subject key identifier:   8A:C5:12:CF:16:78:F5:D6:F3:F0:2A:87:1D:4C:22:56:15:73:38:5C
Certificate issuer:       /CN=767f3bd4bfbd3071c38cd4d7092bd3490920c3d9
Certificate serial:       018CC3B743E33B1589D309DCFCB319786031
Authority key identifier: 76:7F:3B:D4:BF:BD:30:71:C3:8C:D4:D7:09:2B:D3:49:09:20:C3:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dn871L-9MHHDjNTXCSvTSQkgw9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/isUSzxZ49dbz8CqHHUwiVhVzOFw.roa
Signing time:             Mon 01 Jan 2024 06:30:16 +0000
ROA not before:           Mon 01 Jan 2024 06:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     142299
IP address blocks:        146.19.69.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/dn871L-9MHHDjNTXCSvTSQkgw9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/dn871L-9MHHDjNTXCSvTSQkgw9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dn871L-9MHHDjNTXCSvTSQkgw9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:02:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:43:e3:3b:15:89:d3:09:dc:fc:b3:19:78:60:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=767f3bd4bfbd3071c38cd4d7092bd3490920c3d9
        Validity
            Not Before: Jan  1 06:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ac512cf1678f5d6f3f02a871d4c22561573385c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:94:a4:43:1b:a5:c1:a7:84:09:a5:5b:52:77:
                    d5:a6:b4:d3:54:33:71:38:a4:fb:43:8c:30:2d:14:
                    29:c2:06:20:b4:d7:7f:92:50:5b:22:11:f0:25:45:
                    a4:ec:46:4c:a3:cc:65:e1:22:bd:e9:1f:fa:c6:e2:
                    f7:ee:e7:48:6b:bf:74:57:3a:83:54:c5:3b:86:62:
                    11:30:d6:a1:c5:75:3c:34:a5:15:ce:8b:19:05:e2:
                    c9:ab:35:61:7b:7e:b0:09:25:24:4f:35:46:11:89:
                    53:e8:e0:a9:39:ac:da:04:ea:95:6f:7f:07:47:91:
                    12:22:12:f5:80:14:80:8e:d9:55:54:ee:f1:b8:e2:
                    cd:53:cf:69:e6:20:36:9b:d0:19:47:8b:a4:59:01:
                    1c:93:ce:3f:8a:3b:a7:d1:5c:15:9f:89:4d:3d:fe:
                    d2:eb:fa:25:d6:65:c0:85:32:7a:70:09:c7:bf:99:
                    ab:19:cd:c4:28:c0:94:0f:48:43:ce:59:17:57:c8:
                    85:60:c8:4f:28:06:df:f7:a2:f2:48:d8:69:c6:65:
                    2a:e1:a2:18:67:06:c6:ca:11:7e:45:3d:e5:d0:34:
                    0f:49:68:fc:f7:04:9e:d3:28:7b:b2:1c:64:4f:c8:
                    41:b1:0b:2f:b4:05:13:a2:62:4f:cf:7a:af:c5:51:
                    22:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:C5:12:CF:16:78:F5:D6:F3:F0:2A:87:1D:4C:22:56:15:73:38:5C
            X509v3 Authority Key Identifier:
                keyid:76:7F:3B:D4:BF:BD:30:71:C3:8C:D4:D7:09:2B:D3:49:09:20:C3:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dn871L-9MHHDjNTXCSvTSQkgw9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/isUSzxZ49dbz8CqHHUwiVhVzOFw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/dn871L-9MHHDjNTXCSvTSQkgw9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:d0:17:4e:f2:03:b1:17:b7:0a:17:31:05:39:61:6d:d1:d0:
         4e:e1:ab:06:e8:7c:23:7a:9c:1b:9f:5c:5f:9d:e6:e4:ef:f7:
         b0:cb:95:bc:4a:60:20:71:d1:0a:97:33:f2:41:f2:a6:d2:7c:
         7c:56:35:c8:c9:bc:3d:34:0f:b6:02:09:65:80:69:54:47:15:
         84:00:39:21:db:5d:3d:b4:f9:49:c8:d3:b4:e7:61:73:de:c7:
         bc:bd:53:72:44:3d:e7:3d:e1:21:68:0b:88:56:2d:94:92:7c:
         00:92:45:c0:4f:40:35:11:a5:f5:cc:71:ae:da:25:67:62:b9:
         bf:ec:77:9d:96:ba:2e:ae:73:af:30:01:b3:e5:e3:7e:46:08:
         c3:9a:7b:fd:4e:25:f9:ed:ea:63:25:f8:30:4d:65:09:ef:f7:
         76:b6:ab:a9:92:ef:a6:46:30:9c:0e:1a:c1:38:ac:37:fd:fa:
         52:5a:76:a3:d8:1e:1f:4d:00:d8:f9:c2:4e:d7:5c:2a:86:34:
         54:0d:69:81:80:b0:a0:b7:6b:d1:ed:a8:71:07:b8:9a:4f:2d:
         09:d5:b2:c9:55:d3:f6:28:24:10:4c:7e:b9:e7:e5:35:07:8f:
         de:fc:59:d6:b1:58:d8:76:18:2c:51:1d:d0:75:fa:16:28:46:
         63:89:78:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDt0PjOxWJ0wnc/LMZeGAxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2N2YzYmQ0YmZiZDMwNzFjMzhjZDRkNzA5MmJkMzQ5MDky
MGMzZDkwHhcNMjQwMTAxMDYzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWM1MTJjZjE2NzhmNWQ2ZjNmMDJhODcxZDRjMjI1NjE1NzMzODVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhpSkQxulwaeECaVbUnfVprTTVDNx
OKT7Q4wwLRQpwgYgtNd/klBbIhHwJUWk7EZMo8xl4SK96R/6xuL37udIa790VzqD
VMU7hmIRMNahxXU8NKUVzosZBeLJqzVhe36wCSUkTzVGEYlT6OCpOazaBOqVb38H
R5ESIhL1gBSAjtlVVO7xuOLNU89p5iA2m9AZR4ukWQEck84/ijun0VwVn4lNPf7S
6/ol1mXAhTJ6cAnHv5mrGc3EKMCUD0hDzlkXV8iFYMhPKAbf96LySNhpxmUq4aIY
ZwbGyhF+RT3l0DQPSWj89wSe0yh7shxkT8hBsQsvtAUTomJPz3qvxVEiFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIrFEs8WePXW8/Aqhx1MIlYVczhcMB8GA1UdIwQY
MBaAFHZ/O9S/vTBxw4zU1wkr00kJIMPZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG44NzFMLTlNSEhEak5UWENTdlRTUWtndzlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9mZjVjYzYtOGY2MS00NDdiLWI2NTgt
NGZiNTU5YjNiOWIzLzEvaXNVU3p4WjQ5ZGJ6OENxSEhVd2lWaFZ6T0Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9mZjVjYzYtOGY2MS00NDdiLWI2NTgtNGZiNTU5YjNiOWIz
LzEvZG44NzFMLTlNSEhEak5UWENTdlRTUWtndzlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhNFMA0G
CSqGSIb3DQEBCwUAA4IBAQC00BdO8gOxF7cKFzEFOWFt0dBO4asG6Hwjepwbn1xf
nebk7/ewy5W8SmAgcdEKlzPyQfKm0nx8VjXIybw9NA+2AgllgGlURxWEADkh2109
tPlJyNO052Fz3se8vVNyRD3nPeEhaAuIVi2UknwAkkXAT0A1EaX1zHGu2iVnYrm/
7HedlrournOvMAGz5eN+RgjDmnv9TiX57epjJfgwTWUJ7/d2tqupku+mRjCcDhrB
OKw3/fpSWnaj2B4fTQDY+cJO11wqhjRUDWmBgLCgt2vR7ahxB7iaTy0J1bLJVdP2
KCQQTH655+U1B4/e/FnWsVjYdhgsUR3QdfoWKEZjiXhc
-----END CERTIFICATE-----