Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/vnyWPz3sFqQQtilXa0g9fJ23Kk0.roa
File:                     vnyWPz3sFqQQtilXa0g9fJ23Kk0.roa (raw, json)
Hash identifier:          60+U+I703as9MSAtIKh60nL4Ho5JbVSvgwMSMDj6W8k=
Subject key identifier:   BE:7C:96:3F:3D:EC:16:A4:10:B6:29:57:6B:48:3D:7C:9D:B7:2A:4D
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018CC56E13B0BE6C347B8BC09522D9F131E3
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/vnyWPz3sFqQQtilXa0g9fJ23Kk0.roa
Signing time:             Mon 01 Jan 2024 14:29:34 +0000
ROA not before:           Mon 01 Jan 2024 14:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212496
IP address blocks:        146.185.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:13:b0:be:6c:34:7b:8b:c0:95:22:d9:f1:31:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  1 14:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be7c963f3dec16a410b629576b483d7c9db72a4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:0f:69:f7:b7:e0:92:bb:64:45:29:bf:01:f8:
                    8a:26:37:65:21:8c:81:0c:52:aa:c4:c4:91:11:d1:
                    99:ec:ca:b9:01:ec:1a:bc:b5:90:53:c6:79:f0:f9:
                    30:58:57:6f:a9:7f:7e:32:fd:81:07:fe:81:a4:c0:
                    1a:3b:49:17:b6:6b:c8:3c:7d:d8:2d:19:36:9b:f3:
                    2b:9b:6e:61:52:df:25:50:ec:69:cf:ab:3d:2e:90:
                    f6:4f:d1:b9:99:04:a3:39:05:e1:89:e4:a1:ff:1d:
                    08:e9:73:2c:ff:d1:2f:51:3c:bf:e4:ab:fc:a1:f6:
                    72:d8:a6:f2:4c:ac:54:d4:f6:33:83:2a:aa:0b:38:
                    a2:a0:dd:b1:8e:90:55:0b:61:e3:19:63:2f:77:84:
                    bb:f3:77:ee:b5:38:a9:33:d8:ed:fd:c1:b2:e7:cb:
                    55:ca:de:a0:03:56:3b:04:d5:09:ad:b9:39:14:d8:
                    95:53:74:27:4a:27:fa:89:f2:4f:c8:e3:0b:af:8b:
                    60:3d:65:6a:53:9e:2a:6e:22:be:17:3a:33:56:ab:
                    f3:21:26:64:5a:fc:2d:0f:4d:b1:df:d0:19:40:59:
                    c2:11:e1:7d:95:e1:86:f6:7a:8b:d3:39:f1:43:a9:
                    6f:3d:bb:e3:19:b9:f9:fb:78:14:37:0a:07:d0:9f:
                    d3:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:7C:96:3F:3D:EC:16:A4:10:B6:29:57:6B:48:3D:7C:9D:B7:2A:4D
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/vnyWPz3sFqQQtilXa0g9fJ23Kk0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.185.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:de:ef:a1:f5:dd:e1:0e:e1:ef:6d:28:b4:93:2f:b6:ba:a1:
         05:bf:a2:b5:90:8f:b2:b8:0c:17:5a:2b:9d:b9:58:07:9c:cf:
         5f:e1:c0:25:a4:d9:17:31:21:76:1a:23:c0:f0:a9:6e:5d:ae:
         b4:ba:52:cf:79:d3:81:1c:f4:88:ca:d1:0d:47:a3:a6:9e:00:
         9a:ea:01:85:d8:e4:ae:fb:89:a9:cd:da:12:48:41:2d:30:0b:
         cb:5e:ae:98:1d:9f:7e:74:84:5c:a9:ba:7c:c9:7c:b3:a8:85:
         01:3d:3e:9f:3c:f0:53:e6:b3:b9:4b:7f:58:f1:3f:56:0b:eb:
         38:11:c4:75:6a:db:eb:5f:f0:46:0c:9e:cb:46:2e:47:0d:f1:
         cf:4d:68:d4:39:5c:3b:9f:87:02:44:ac:a8:48:b2:61:da:70:
         43:ae:e0:9a:d0:ae:f4:cc:7d:6c:fa:6c:3b:3a:ac:b8:61:e7:
         42:9c:c8:76:42:ca:b7:85:b3:b0:1c:2f:da:aa:5b:8a:5e:7f:
         a7:6c:22:b2:01:6b:cb:c7:e2:3f:95:22:5f:75:a8:5a:05:ef:
         4d:de:65:32:b7:b5:ef:e3:51:98:74:38:75:d4:97:f8:eb:95:
         19:29:e7:e7:61:f5:15:df:79:a7:74:d2:f4:41:bb:ae:ac:89:
         35:2e:a3:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhOwvmw0e4vAlSLZ8THjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwMTAxMTQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTdjOTYzZjNkZWMxNmE0MTBiNjI5NTc2YjQ4M2Q3YzlkYjcyYTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArg9p97fgkrtkRSm/AfiKJjdlIYyB
DFKqxMSREdGZ7Mq5AewavLWQU8Z58PkwWFdvqX9+Mv2BB/6BpMAaO0kXtmvIPH3Y
LRk2m/Mrm25hUt8lUOxpz6s9LpD2T9G5mQSjOQXhieSh/x0I6XMs/9EvUTy/5Kv8
ofZy2KbyTKxU1PYzgyqqCziioN2xjpBVC2HjGWMvd4S783futTipM9jt/cGy58tV
yt6gA1Y7BNUJrbk5FNiVU3QnSif6ifJPyOMLr4tgPWVqU54qbiK+FzozVqvzISZk
WvwtD02x39AZQFnCEeF9leGG9nqL0znxQ6lvPbvjGbn5+3gUNwoH0J/TxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL58lj897BakELYpV2tIPXydtypNMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvdm55V1B6M3NGcVFRdGlsWGEwZzlmSjIzS2swLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkrnvMA0G
CSqGSIb3DQEBCwUAA4IBAQC+3u+h9d3hDuHvbSi0ky+2uqEFv6K1kI+yuAwXWiud
uVgHnM9f4cAlpNkXMSF2GiPA8KluXa60ulLPedOBHPSIytENR6OmngCa6gGF2OSu
+4mpzdoSSEEtMAvLXq6YHZ9+dIRcqbp8yXyzqIUBPT6fPPBT5rO5S39Y8T9WC+s4
EcR1atvrX/BGDJ7LRi5HDfHPTWjUOVw7n4cCRKyoSLJh2nBDruCa0K70zH1s+mw7
Oqy4YedCnMh2Qsq3hbOwHC/aqluKXn+nbCKyAWvLx+I/lSJfdahaBe9N3mUyt7Xv
41GYdDh11Jf465UZKefnYfUV33mndNL0QbuurIk1LqNb
-----END CERTIFICATE-----