Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/okmrS3MAeCGkajH0g9nEl4QdGVo.roa
File:                     okmrS3MAeCGkajH0g9nEl4QdGVo.roa (raw, json)
Hash identifier:          UuGatYmxYnLQPEz6I45Aj5HUMzevfoaTRLkkn05wa24=
Subject key identifier:   A2:49:AB:4B:73:00:78:21:A4:6A:31:F4:83:D9:C4:97:84:1D:19:5A
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       01959A1432C845C7622B2F21415D269C4015
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/okmrS3MAeCGkajH0g9nEl4QdGVo.roa
Signing time:             Sat 15 Mar 2025 13:52:49 +0000
ROA not before:           Sat 15 Mar 2025 13:52:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     153393
IP address blocks:        146.19.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 23:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:9a:14:32:c8:45:c7:62:2b:2f:21:41:5d:26:9c:40:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Mar 15 13:52:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a249ab4b73007821a46a31f483d9c497841d195a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:77:74:23:e9:1e:e3:25:2e:02:21:a6:f2:07:
                    2b:61:70:ed:06:53:77:42:7e:67:f7:d9:a0:f6:02:
                    f7:e9:62:39:7e:c2:f7:70:a4:ef:e1:94:04:ed:4d:
                    e5:ce:51:97:94:1b:84:16:e3:5d:47:d1:36:9f:30:
                    36:52:42:b9:7a:9e:01:33:24:58:d1:55:56:64:e0:
                    92:54:0a:7d:3e:c4:ef:ab:d4:58:cb:0e:cb:5f:dd:
                    35:35:5b:35:bc:ad:88:91:7b:d7:2e:61:f6:de:6a:
                    ca:aa:7b:69:80:30:c5:ff:be:64:d4:5b:d8:78:b1:
                    22:e4:2c:29:62:45:be:08:ff:5d:19:7b:ed:e5:0c:
                    1c:13:3c:07:d5:b6:30:c5:41:93:a3:23:81:ba:56:
                    a5:fa:bc:dd:54:dd:b0:8c:1a:a4:37:9b:9b:c7:35:
                    f9:b5:31:4b:0e:0e:7d:89:e6:c7:40:42:86:82:9b:
                    5b:0a:7e:73:12:bd:c9:a3:d9:e8:89:ec:09:35:16:
                    79:90:c6:52:be:67:7f:2c:63:44:72:51:bd:41:5b:
                    05:57:00:8d:5e:58:48:cd:18:61:f2:de:60:16:03:
                    6b:fb:68:50:31:47:93:41:fb:f7:1e:87:74:78:60:
                    b4:55:3a:ff:e6:5b:b9:3c:46:1f:4a:f6:44:8e:85:
                    8c:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:49:AB:4B:73:00:78:21:A4:6A:31:F4:83:D9:C4:97:84:1D:19:5A
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/okmrS3MAeCGkajH0g9nEl4QdGVo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:a9:3e:19:1d:8c:17:b3:1a:23:6c:b1:c5:f8:f9:bf:e7:7d:
         e3:42:b8:a1:2c:f3:b5:9e:d1:8c:a6:26:6d:6c:db:bd:69:a2:
         df:20:31:ad:60:d2:7b:d6:ae:6c:85:06:7b:17:07:90:fa:c5:
         e2:56:1f:87:b8:85:7c:7f:db:e2:1a:5f:c5:ad:33:f2:26:51:
         2e:eb:fa:ce:c7:c2:58:07:6d:a4:b9:ef:c0:fa:d3:0b:4b:ac:
         e8:0c:27:f1:e2:96:fa:40:a1:3a:25:3e:d7:23:dc:c3:ce:93:
         09:49:45:aa:c4:e8:d0:9b:e2:a2:c1:17:61:41:e1:6d:5b:25:
         3f:74:0a:b3:9c:03:3a:26:46:f8:b2:a9:a1:00:58:79:2e:e8:
         10:77:2b:0a:28:51:3b:43:94:f5:2c:4c:48:ea:c5:d3:8c:b4:
         f5:dd:c4:11:7a:76:bf:23:28:74:5b:16:7d:35:f5:2b:30:8e:
         75:0a:45:d9:e0:14:38:a0:46:35:9c:32:b3:fd:36:ea:aa:8e:
         94:da:f2:28:74:f4:d9:6a:71:68:cc:25:eb:e4:bc:9b:99:b2:
         83:9d:12:78:a5:67:ec:92:2c:d7:83:7d:a8:a9:b5:50:4d:42:
         58:72:ea:d1:24:02:96:74:07:89:5e:03:e6:bf:04:a6:f0:09:
         3b:f4:fe:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWaFDLIRcdiKy8hQV0mnEAVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjUwMzE1MTM1MjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjQ5YWI0YjczMDA3ODIxYTQ2YTMxZjQ4M2Q5YzQ5Nzg0MWQxOTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArXd0I+ke4yUuAiGm8gcrYXDtBlN3
Qn5n99mg9gL36WI5fsL3cKTv4ZQE7U3lzlGXlBuEFuNdR9E2nzA2UkK5ep4BMyRY
0VVWZOCSVAp9PsTvq9RYyw7LX901NVs1vK2IkXvXLmH23mrKqntpgDDF/75k1FvY
eLEi5CwpYkW+CP9dGXvt5QwcEzwH1bYwxUGToyOBulal+rzdVN2wjBqkN5ubxzX5
tTFLDg59iebHQEKGgptbCn5zEr3Jo9noiewJNRZ5kMZSvmd/LGNEclG9QVsFVwCN
XlhIzRhh8t5gFgNr+2hQMUeTQfv3Hod0eGC0VTr/5lu5PEYfSvZEjoWMRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJJq0tzAHghpGox9IPZxJeEHRlaMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvb2ttclMzTUFlQ0drYWpIMGc5bkVsNFFkR1ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhM4MA0G
CSqGSIb3DQEBCwUAA4IBAQAAqT4ZHYwXsxojbLHF+Pm/533jQrihLPO1ntGMpiZt
bNu9aaLfIDGtYNJ71q5shQZ7FweQ+sXiVh+HuIV8f9viGl/FrTPyJlEu6/rOx8JY
B22kue/A+tMLS6zoDCfx4pb6QKE6JT7XI9zDzpMJSUWqxOjQm+KiwRdhQeFtWyU/
dAqznAM6Jkb4sqmhAFh5LugQdysKKFE7Q5T1LExI6sXTjLT13cQRena/Iyh0WxZ9
NfUrMI51CkXZ4BQ4oEY1nDKz/Tbqqo6U2vIodPTZanFozCXr5LybmbKDnRJ4pWfs
kizXg32oqbVQTUJYcurRJAKWdAeJXgPmvwSm8Ak79P5c
-----END CERTIFICATE-----