Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/eZY_algo9ph6xZLWkDPSQ5bfBck.roa
File:                     eZY_algo9ph6xZLWkDPSQ5bfBck.roa (raw, json)
Hash identifier:          1TTebIjNrUrO4bv/MTH+UViP8F1WNEtGkcE9NB7LuzQ=
Subject key identifier:   79:96:3F:6A:58:28:F6:98:7A:C5:92:D6:90:33:D2:43:96:DF:05:C9
Certificate issuer:       /CN=706d3abbb478b74ef2adef9bb7c4336e34111d51
Certificate serial:       018CC56E291A18D7628FCB3DE97CADECE5F0
Authority key identifier: 70:6D:3A:BB:B4:78:B7:4E:F2:AD:EF:9B:B7:C4:33:6E:34:11:1D:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cG06u7R4t07yre-bt8QzbjQRHVE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/eZY_algo9ph6xZLWkDPSQ5bfBck.roa
Signing time:             Mon 01 Jan 2024 14:29:40 +0000
ROA not before:           Mon 01 Jan 2024 14:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64267
IP address blocks:        146.19.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/cG06u7R4t07yre-bt8QzbjQRHVE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/cG06u7R4t07yre-bt8QzbjQRHVE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cG06u7R4t07yre-bt8QzbjQRHVE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:49:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:29:1a:18:d7:62:8f:cb:3d:e9:7c:ad:ec:e5:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=706d3abbb478b74ef2adef9bb7c4336e34111d51
        Validity
            Not Before: Jan  1 14:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79963f6a5828f6987ac592d69033d24396df05c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:08:71:ac:e5:03:cc:19:85:c0:27:fe:17:3f:
                    30:db:2f:12:7a:2d:f0:2b:6f:f0:9f:17:7b:68:f5:
                    31:16:6c:ae:29:8d:80:79:12:9e:26:9b:7d:eb:54:
                    25:db:91:cb:c6:39:06:3b:79:1d:d8:91:6c:4c:88:
                    60:59:4c:3a:4e:57:62:06:1e:26:e6:1e:34:f1:66:
                    5e:a2:ae:dc:1f:9c:3f:be:9e:a0:10:02:27:7b:7c:
                    84:66:4b:ad:51:e2:5b:7f:48:62:66:1d:40:27:5e:
                    e8:05:de:a7:a9:68:23:6a:fd:1a:16:5b:89:43:e7:
                    bd:e2:73:25:c0:0a:46:c7:28:8a:48:b0:80:03:b5:
                    3e:42:de:7b:af:e0:62:2e:f5:c5:9f:0d:bd:15:e0:
                    78:58:40:d1:b4:10:4c:89:2c:2c:ae:87:b8:0e:66:
                    9c:2d:fc:f1:80:84:3a:e9:df:3f:a1:d9:7c:df:79:
                    9d:9b:aa:df:29:92:11:cf:45:ab:9d:48:6e:62:3d:
                    0e:d8:10:48:15:b1:bc:6d:92:6b:19:04:3a:de:a6:
                    0f:de:c4:04:35:78:7f:97:2a:15:1b:68:9e:c9:78:
                    23:86:ae:df:f9:5d:dd:ac:fd:5d:99:82:8a:90:05:
                    d0:96:5c:45:e2:9c:d6:e0:ce:9a:ce:99:df:84:9e:
                    65:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:96:3F:6A:58:28:F6:98:7A:C5:92:D6:90:33:D2:43:96:DF:05:C9
            X509v3 Authority Key Identifier:
                keyid:70:6D:3A:BB:B4:78:B7:4E:F2:AD:EF:9B:B7:C4:33:6E:34:11:1D:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cG06u7R4t07yre-bt8QzbjQRHVE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/eZY_algo9ph6xZLWkDPSQ5bfBck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/cG06u7R4t07yre-bt8QzbjQRHVE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:64:b3:2f:8c:8e:13:ae:e9:a0:9b:86:fb:b9:e6:67:7c:b0:
         ca:e0:53:83:f4:5d:25:b7:72:7f:36:03:73:0a:16:ea:15:5d:
         2c:52:a2:83:a9:40:23:c8:09:71:fb:72:e1:17:92:f5:2b:e8:
         81:c7:9d:d3:ac:ee:0b:7b:52:9d:1a:79:f6:9c:db:f1:53:9a:
         1c:de:19:10:94:95:6a:48:2b:44:cb:74:c4:fc:8f:5d:a4:29:
         63:be:32:8e:a6:a9:5b:5a:8e:93:6f:58:e9:f0:fb:be:5a:a7:
         00:9e:94:e8:f6:73:f6:9c:09:38:d0:a2:0d:98:59:b5:e9:9a:
         46:ec:fc:24:e8:72:b1:be:9c:15:e8:fa:5c:3f:8e:7d:df:58:
         dc:f1:8c:1c:ec:91:2f:3f:59:5b:21:bb:81:85:fb:5d:a7:a8:
         e5:1e:22:e7:ec:8c:5c:81:85:35:28:75:a5:02:e2:93:f2:b7:
         b3:c6:e1:9c:1e:c8:e3:cf:8a:d6:d4:61:df:44:23:b9:c2:54:
         e5:02:7d:0b:49:d4:cc:4f:14:f1:74:82:5a:44:75:a0:8e:de:
         1d:49:79:81:1e:5e:8e:aa:33:ad:ef:89:87:1d:e1:83:9d:ab:
         72:7d:9d:cc:e2:ca:d1:78:b1:4c:4b:75:bd:55:be:f5:31:42:
         d7:1c:ea:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbikaGNdij8s96Xyt7OXwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNmQzYWJiYjQ3OGI3NGVmMmFkZWY5YmI3YzQzMzZlMzQx
MTFkNTEwHhcNMjQwMTAxMTQyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTk2M2Y2YTU4MjhmNjk4N2FjNTkyZDY5MDMzZDI0Mzk2ZGYwNWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxAhxrOUDzBmFwCf+Fz8w2y8Sei3w
K2/wnxd7aPUxFmyuKY2AeRKeJpt961Ql25HLxjkGO3kd2JFsTIhgWUw6TldiBh4m
5h408WZeoq7cH5w/vp6gEAIne3yEZkutUeJbf0hiZh1AJ17oBd6nqWgjav0aFluJ
Q+e94nMlwApGxyiKSLCAA7U+Qt57r+BiLvXFnw29FeB4WEDRtBBMiSwsroe4Dmac
LfzxgIQ66d8/odl833mdm6rfKZIRz0WrnUhuYj0O2BBIFbG8bZJrGQQ63qYP3sQE
NXh/lyoVG2ieyXgjhq7f+V3drP1dmYKKkAXQllxF4pzW4M6azpnfhJ5lxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHmWP2pYKPaYesWS1pAz0kOW3wXJMB8GA1UdIwQY
MBaAFHBtOru0eLdO8q3vm7fEM240ER1RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0cwNnU3UjR0MDd5cmUtYnQ4UXpialFSSFZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wYzZmNDctNDcxMy00NDcxLWIwOGYt
YTQyMTNjOTNmMWY3LzEvZVpZX2FsZ285cGg2eFpMV2tEUFNRNWJmQmNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wYzZmNDctNDcxMy00NDcxLWIwOGYtYTQyMTNjOTNmMWY3
LzEvY0cwNnU3UjR0MDd5cmUtYnQ4UXpialFSSFZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhMdMA0G
CSqGSIb3DQEBCwUAA4IBAQBMZLMvjI4Trumgm4b7ueZnfLDK4FOD9F0lt3J/NgNz
ChbqFV0sUqKDqUAjyAlx+3LhF5L1K+iBx53TrO4Le1KdGnn2nNvxU5oc3hkQlJVq
SCtEy3TE/I9dpCljvjKOpqlbWo6Tb1jp8Pu+WqcAnpTo9nP2nAk40KINmFm16ZpG
7Pwk6HKxvpwV6PpcP45931jc8Ywc7JEvP1lbIbuBhftdp6jlHiLn7IxcgYU1KHWl
AuKT8rezxuGcHsjjz4rW1GHfRCO5wlTlAn0LSdTMTxTxdIJaRHWgjt4dSXmBHl6O
qjOt74mHHeGDnatyfZ3M4srReLFMS3W9Vb71MULXHOoT
-----END CERTIFICATE-----