Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/a4XEfXRoLLtH2uAjLo1tt1UiFH4.roa
File:                     a4XEfXRoLLtH2uAjLo1tt1UiFH4.roa (raw, json)
Hash identifier:          aHrToi0BfiBj7fXhuNpRSCoBcFCTHD1vIal0Zwk3DdE=
Subject key identifier:   6B:85:C4:7D:74:68:2C:BB:47:DA:E0:23:2E:8D:6D:B7:55:22:14:7E
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       019266C8317EF6248FDF3F1AE703C1707E45
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/a4XEfXRoLLtH2uAjLo1tt1UiFH4.roa
Signing time:             Mon 07 Oct 2024 11:40:48 +0000
ROA not before:           Mon 07 Oct 2024 11:40:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        146.19.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:66:c8:31:7e:f6:24:8f:df:3f:1a:e7:03:c1:70:7e:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Oct  7 11:40:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b85c47d74682cbb47dae0232e8d6db75522147e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:1b:00:44:c2:9f:8a:5a:fa:73:38:f9:d6:8f:
                    51:41:6c:2b:16:68:9b:3c:20:dc:90:6d:d9:2e:fd:
                    25:20:73:57:14:c8:b8:c0:b4:6c:de:2d:78:c3:63:
                    c3:2b:06:6d:1c:1d:1e:15:b1:70:fa:af:3b:c5:91:
                    0e:68:bb:b6:95:e5:e8:88:9d:e3:9e:29:ed:5a:6a:
                    78:10:b1:90:d7:7a:c4:53:ba:65:c3:5c:31:b7:ba:
                    0a:87:77:8b:65:b6:cb:fd:7c:e2:02:d4:16:f4:89:
                    d0:91:68:eb:62:5b:e7:aa:08:c6:3d:47:f7:18:73:
                    d4:25:d0:b0:3c:c8:64:db:c3:30:01:20:51:c0:e1:
                    cb:8d:0a:63:73:88:62:63:46:c6:fe:4f:16:f1:a6:
                    b8:97:3e:66:3c:7d:b9:05:e9:8c:71:5b:88:b8:84:
                    87:08:6e:46:de:2a:69:24:e6:dd:72:bb:dc:d4:7f:
                    01:e4:6d:de:a2:6e:77:f5:5f:fd:5d:88:bb:b0:e6:
                    af:5a:56:43:ba:c5:50:03:8e:17:1c:39:31:db:b6:
                    3d:f2:75:80:f7:d7:23:c0:1d:06:04:14:ba:9e:b1:
                    c6:cb:5b:1c:3b:24:2f:63:86:2a:68:f8:c3:7b:5c:
                    d6:b9:91:49:be:8c:3d:f3:ee:11:7f:68:28:56:2e:
                    76:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:85:C4:7D:74:68:2C:BB:47:DA:E0:23:2E:8D:6D:B7:55:22:14:7E
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/a4XEfXRoLLtH2uAjLo1tt1UiFH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:72:a0:ef:b5:41:ca:6c:5a:aa:53:8b:36:2b:24:93:cc:dc:
         96:28:88:24:54:60:e1:01:59:7b:08:48:5f:23:7d:2f:5f:8f:
         8d:85:36:b0:40:ed:ba:48:93:b8:41:e7:db:93:b2:bf:23:38:
         9d:90:b5:92:76:48:f9:db:9e:f3:10:ad:39:91:f9:a1:a5:5b:
         db:09:be:78:ac:e1:a2:db:dd:0c:92:8e:43:eb:af:f9:22:ec:
         af:ec:44:64:5e:76:c4:51:e8:8e:29:80:7c:b5:75:d5:67:58:
         0a:76:67:a4:8c:d6:37:0d:11:a0:90:7e:19:aa:7d:31:54:6f:
         d6:fa:98:57:68:62:11:cb:ae:77:67:4c:0d:31:cc:1a:68:c0:
         d2:dc:f2:fd:ab:04:cd:67:e7:ae:29:85:b6:6a:6f:c0:97:56:
         46:5a:56:7e:9d:91:f9:2f:d5:8d:ee:07:31:2b:fe:73:b0:05:
         e7:13:84:65:cc:ff:4e:2a:c1:e0:b0:fb:60:4e:84:ef:ff:34:
         be:5c:2e:1d:56:64:a1:a7:79:fa:6e:42:d4:2b:5f:c2:68:53:
         34:b8:8c:b2:18:0b:b1:29:ba:14:ab:d7:44:4b:b5:ce:aa:4c:
         06:fa:da:a3:93:3c:47:46:f4:ce:82:d7:ae:e0:b7:a0:2e:1e:
         81:7f:b1:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJmyDF+9iSP3z8a5wPBcH5FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjQxMDA3MTE0MDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Yjg1YzQ3ZDc0NjgyY2JiNDdkYWUwMjMyZThkNmRiNzU1MjIxNDdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApxsARMKfilr6czj51o9RQWwrFmib
PCDckG3ZLv0lIHNXFMi4wLRs3i14w2PDKwZtHB0eFbFw+q87xZEOaLu2leXoiJ3j
nintWmp4ELGQ13rEU7plw1wxt7oKh3eLZbbL/XziAtQW9InQkWjrYlvnqgjGPUf3
GHPUJdCwPMhk28MwASBRwOHLjQpjc4hiY0bG/k8W8aa4lz5mPH25BemMcVuIuISH
CG5G3ippJObdcrvc1H8B5G3eom539V/9XYi7sOavWlZDusVQA44XHDkx27Y98nWA
99cjwB0GBBS6nrHGy1scOyQvY4YqaPjDe1zWuZFJvow98+4Rf2goVi52TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGuFxH10aCy7R9rgIy6NbbdVIhR+MB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvYTRYRWZYUm9MTHRIMnVBakxvMXR0MVVpRkg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhM4MA0G
CSqGSIb3DQEBCwUAA4IBAQCIcqDvtUHKbFqqU4s2KySTzNyWKIgkVGDhAVl7CEhf
I30vX4+NhTawQO26SJO4Qefbk7K/IzidkLWSdkj5257zEK05kfmhpVvbCb54rOGi
290Mko5D66/5Iuyv7ERkXnbEUeiOKYB8tXXVZ1gKdmekjNY3DRGgkH4Zqn0xVG/W
+phXaGIRy653Z0wNMcwaaMDS3PL9qwTNZ+euKYW2am/Al1ZGWlZ+nZH5L9WN7gcx
K/5zsAXnE4RlzP9OKsHgsPtgToTv/zS+XC4dVmShp3n6bkLUK1/CaFM0uIyyGAux
KboUq9dES7XOqkwG+tqjkzxHRvTOgteu4LegLh6Bf7FI
-----END CERTIFICATE-----