Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/f686b2-ff33-41e1-9b1c-f10603b3768d/1/S_N6hX4nVCKOImWMZT4io6TUKTg.roa
File:                     S_N6hX4nVCKOImWMZT4io6TUKTg.roa (raw, json)
Hash identifier:          UAIO+3nuPTbV4tKWOsISElDKkM2iBZs8uCznROzs8NE=
Subject key identifier:   4B:F3:7A:85:7E:27:54:22:8E:22:65:8C:65:3E:22:A3:A4:D4:29:38
Certificate issuer:       /CN=45c5c1262e83d7bfa902c2c862a15f1e42d25591
Certificate serial:       018D7E7E7DF361C36659D46E1791ECFFA33F
Authority key identifier: 45:C5:C1:26:2E:83:D7:BF:A9:02:C2:C8:62:A1:5F:1E:42:D2:55:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RcXBJi6D17-pAsLIYqFfHkLSVZE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/f686b2-ff33-41e1-9b1c-f10603b3768d/1/S_N6hX4nVCKOImWMZT4io6TUKTg.roa
Signing time:             Tue 06 Feb 2024 12:57:15 +0000
ROA not before:           Tue 06 Feb 2024 12:57:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210484
IP address blocks:        146.19.89.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/f686b2-ff33-41e1-9b1c-f10603b3768d/1/RcXBJi6D17-pAsLIYqFfHkLSVZE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/f686b2-ff33-41e1-9b1c-f10603b3768d/1/RcXBJi6D17-pAsLIYqFfHkLSVZE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RcXBJi6D17-pAsLIYqFfHkLSVZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7e:7e:7d:f3:61:c3:66:59:d4:6e:17:91:ec:ff:a3:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45c5c1262e83d7bfa902c2c862a15f1e42d25591
        Validity
            Not Before: Feb  6 12:57:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4bf37a857e2754228e22658c653e22a3a4d42938
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:5d:50:f6:0d:e3:17:b9:14:b7:82:65:34:96:
                    73:a0:5a:55:1f:f1:2d:0f:09:da:e6:1f:8a:c1:b1:
                    40:95:2c:e0:5a:a6:83:e3:f3:52:dc:00:e6:60:a9:
                    c5:8d:cf:14:c8:fc:d6:fc:6d:ae:5b:e1:b8:a6:80:
                    c1:e1:f6:59:7a:a6:a1:86:19:80:e9:8c:1a:12:ca:
                    40:bb:3a:22:68:a4:c0:8b:d5:f2:5f:b8:ef:a4:4d:
                    dc:07:f1:79:aa:28:d6:dd:11:9f:a5:dc:7b:e0:dd:
                    2b:2e:4c:0a:66:ec:a6:d0:38:8f:3f:d5:59:32:8e:
                    1d:03:49:97:e4:98:1d:66:b0:5b:26:79:76:70:42:
                    a9:98:59:e9:93:1d:d0:37:4d:12:fc:0e:0c:44:ff:
                    a7:42:a4:14:70:36:d1:0e:7c:bf:b2:49:94:73:aa:
                    fc:d5:8c:bb:82:e8:56:6e:2d:75:86:da:7c:d4:17:
                    9e:3a:e4:ae:19:d0:ef:b6:88:69:16:d9:3b:1d:12:
                    b6:2f:aa:93:3a:5c:6f:50:e3:bd:3d:8f:2e:77:d1:
                    cb:58:ce:40:1f:24:1b:14:0b:79:a8:17:60:df:a1:
                    78:74:a2:1a:7f:84:48:6a:86:09:02:10:85:ad:18:
                    2a:e3:d9:43:8d:ce:6c:a2:4a:50:b2:a2:09:ad:94:
                    44:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:F3:7A:85:7E:27:54:22:8E:22:65:8C:65:3E:22:A3:A4:D4:29:38
            X509v3 Authority Key Identifier:
                keyid:45:C5:C1:26:2E:83:D7:BF:A9:02:C2:C8:62:A1:5F:1E:42:D2:55:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RcXBJi6D17-pAsLIYqFfHkLSVZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/f686b2-ff33-41e1-9b1c-f10603b3768d/1/S_N6hX4nVCKOImWMZT4io6TUKTg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/f686b2-ff33-41e1-9b1c-f10603b3768d/1/RcXBJi6D17-pAsLIYqFfHkLSVZE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:c8:48:f6:12:2a:fe:9e:46:08:02:76:ae:ac:57:33:74:fb:
         65:b3:71:53:74:ac:9a:d6:05:e5:d1:9b:80:a0:93:13:a7:23:
         03:cc:3f:45:80:74:bc:76:a5:6b:41:4c:9c:4b:7e:5b:bb:b7:
         56:f9:60:a5:98:0c:e5:49:5a:f3:ce:4b:ef:8c:9d:9b:32:91:
         bd:d0:78:33:20:b3:b5:59:15:5a:8f:a9:55:95:94:05:ba:2a:
         ff:18:2e:a6:41:82:8e:61:5d:3b:2a:a1:61:aa:9b:2f:69:e5:
         87:03:6c:56:23:07:5a:47:68:86:9f:a2:d4:f4:2b:c7:2f:82:
         19:47:ac:b6:4d:9e:fc:05:3f:1c:49:c8:6c:2b:a1:44:b1:d8:
         df:59:42:bd:a4:f3:f4:cb:fa:f2:a8:32:18:65:b5:3e:32:f0:
         bd:37:ea:78:a8:a4:6a:6d:9a:c5:eb:fb:ab:02:7c:87:2d:c2:
         45:f9:8e:3c:f4:72:33:72:67:e2:f4:2c:43:bc:62:95:15:d9:
         03:c3:6d:e8:da:0e:1d:35:85:17:05:8a:2c:2c:dd:2f:ae:4b:
         86:3d:1e:33:bf:85:46:bf:16:50:75:78:92:9d:fd:c1:cd:93:
         ed:b8:f1:95:92:0a:e2:e6:1e:b6:05:c5:45:71:1d:0d:5a:08:
         cf:b9:1f:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1+fn3zYcNmWdRuF5Hs/6M/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1YzVjMTI2MmU4M2Q3YmZhOTAyYzJjODYyYTE1ZjFlNDJk
MjU1OTEwHhcNMjQwMjA2MTI1NzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmYzN2E4NTdlMjc1NDIyOGUyMjY1OGM2NTNlMjJhM2E0ZDQyOTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArl1Q9g3jF7kUt4JlNJZzoFpVH/Et
Dwna5h+KwbFAlSzgWqaD4/NS3ADmYKnFjc8UyPzW/G2uW+G4poDB4fZZeqahhhmA
6YwaEspAuzoiaKTAi9XyX7jvpE3cB/F5qijW3RGfpdx74N0rLkwKZuym0DiPP9VZ
Mo4dA0mX5JgdZrBbJnl2cEKpmFnpkx3QN00S/A4MRP+nQqQUcDbRDny/skmUc6r8
1Yy7guhWbi11htp81BeeOuSuGdDvtohpFtk7HRK2L6qTOlxvUOO9PY8ud9HLWM5A
HyQbFAt5qBdg36F4dKIaf4RIaoYJAhCFrRgq49lDjc5sokpQsqIJrZRENwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEvzeoV+J1QijiJljGU+IqOk1Ck4MB8GA1UdIwQY
MBaAFEXFwSYug9e/qQLCyGKhXx5C0lWRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmNYQkppNkQxNy1wQXNMSVlxRmZIa0xTVlpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC9mNjg2YjItZmYzMy00MWUxLTliMWMt
ZjEwNjAzYjM3NjhkLzEvU19ONmhYNG5WQ0tPSW1XTVpUNGlvNlRVS1RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC9mNjg2YjItZmYzMy00MWUxLTliMWMtZjEwNjAzYjM3Njhk
LzEvUmNYQkppNkQxNy1wQXNMSVlxRmZIa0xTVlpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhNZMA0G
CSqGSIb3DQEBCwUAA4IBAQAGyEj2Eir+nkYIAnaurFczdPtls3FTdKya1gXl0ZuA
oJMTpyMDzD9FgHS8dqVrQUycS35bu7dW+WClmAzlSVrzzkvvjJ2bMpG90HgzILO1
WRVaj6lVlZQFuir/GC6mQYKOYV07KqFhqpsvaeWHA2xWIwdaR2iGn6LU9CvHL4IZ
R6y2TZ78BT8cSchsK6FEsdjfWUK9pPP0y/ryqDIYZbU+MvC9N+p4qKRqbZrF6/ur
AnyHLcJF+Y489HIzcmfi9CxDvGKVFdkDw23o2g4dNYUXBYosLN0vrkuGPR4zv4VG
vxZQdXiSnf3BzZPtuPGVkgri5h62BcVFcR0NWgjPuR/4
-----END CERTIFICATE-----