Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/O0YkX4qTSSZSsOFa-tmk41Ndtdg.roa
File:                     O0YkX4qTSSZSsOFa-tmk41Ndtdg.roa (raw, json)
Hash identifier:          kPmdgzP5KpLEZJZzI9YnBU9KMJ0ksoUVrclQTKF1Oi0=
Subject key identifier:   3B:46:24:5F:8A:93:49:26:52:B0:E1:5A:FA:D9:A4:E3:53:5D:B5:D8
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01942369F17F06363EDDEA6CBB88B78EE3B6
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/O0YkX4qTSSZSsOFa-tmk41Ndtdg.roa
Signing time:             Wed 01 Jan 2025 19:48:53 +0000
ROA not before:           Wed 01 Jan 2025 19:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     22168
IP address blocks:        146.19.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:f1:7f:06:36:3e:dd:ea:6c:bb:88:b7:8e:e3:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jan  1 19:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b46245f8a93492652b0e15afad9a4e3535db5d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:54:5d:f6:1e:9d:ad:fb:48:c6:99:7f:93:cb:
                    b3:37:5a:b4:ad:0e:6d:16:88:e2:88:e6:28:81:5d:
                    c0:8d:d5:78:f7:7e:98:bf:6a:79:97:37:0b:dc:4a:
                    48:3b:f5:d5:80:04:9e:73:03:38:35:ab:51:3b:18:
                    90:4e:1a:22:75:42:8a:45:34:fc:a9:fb:66:be:74:
                    0a:d6:cb:e0:69:74:0a:e0:2d:a3:c0:35:0e:fd:d5:
                    a0:43:41:41:42:fb:41:40:4a:1d:d2:b7:f6:ea:ee:
                    37:d2:b5:92:79:bd:6e:df:e7:20:ea:de:2b:04:36:
                    68:d8:00:df:42:d8:34:d2:58:fe:e8:e1:5b:a9:08:
                    b1:35:e2:f5:91:81:2f:08:59:df:a7:57:ce:9b:ce:
                    20:fa:cf:2c:4a:10:ac:22:3d:68:52:21:1d:6d:90:
                    35:01:4d:95:c4:4a:08:5c:92:cf:d0:78:ee:d3:cb:
                    06:00:2c:a8:a4:8a:b4:66:f1:1c:66:43:52:ab:66:
                    85:a9:7e:a4:d7:1f:c2:0e:5b:07:5b:32:55:0c:f5:
                    e4:b6:b8:89:2c:8e:af:74:d6:77:a4:78:3a:26:69:
                    61:e6:cd:c7:3f:2d:03:7f:8c:bf:05:7c:58:3a:c8:
                    fd:7e:f2:71:bb:e6:f5:0a:97:c5:fe:4b:95:80:ec:
                    33:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:46:24:5F:8A:93:49:26:52:B0:E1:5A:FA:D9:A4:E3:53:5D:B5:D8
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/O0YkX4qTSSZSsOFa-tmk41Ndtdg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:86:95:27:c6:b3:7b:00:72:87:d7:84:27:71:38:7c:5b:66:
         b0:33:cb:cc:d5:61:41:19:bc:17:e0:97:1d:1e:bc:b5:59:01:
         d0:cf:cd:9b:f9:10:40:ca:e4:80:9f:0f:e3:6d:2d:29:9a:31:
         7f:55:cf:c5:db:1d:24:40:6d:73:ab:d2:25:00:ff:39:5e:c9:
         a5:a8:49:19:a5:fb:e9:03:c6:90:d5:b6:80:08:60:74:bc:3e:
         06:46:a0:40:8e:6a:72:b8:78:fd:92:76:50:3f:95:1b:cf:aa:
         e9:2d:6d:18:6a:10:41:b3:35:2f:e2:70:d0:2b:b6:5d:a3:41:
         bd:65:1e:c1:d9:6d:45:b2:0f:d5:82:99:5f:7d:e0:f6:7d:ee:
         58:bd:60:17:5f:b8:f8:07:80:b4:b8:53:25:0f:a9:30:d9:e6:
         e5:f7:35:d3:0d:d9:29:6d:b9:f1:8f:87:3a:29:56:bc:9a:ba:
         b7:1b:cd:83:a3:22:14:0d:dc:dd:98:b5:d8:27:b1:13:bb:09:
         34:83:ba:bc:1e:8d:d7:94:78:fa:18:74:6d:9d:b8:c6:73:65:
         9f:e9:52:5f:23:1b:de:66:23:24:6a:ed:c8:9f:e8:47:0e:c4:
         41:36:f0:89:5b:ef:c9:1f:c0:dd:44:a7:5a:b6:6f:33:be:53:
         94:59:2a:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjafF/BjY+3epsu4i3juO2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwMTAxMTk0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjQ2MjQ1ZjhhOTM0OTI2NTJiMGUxNWFmYWQ5YTRlMzUzNWRiNWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFRd9h6drftIxpl/k8uzN1q0rQ5t
FojiiOYogV3AjdV4936Yv2p5lzcL3EpIO/XVgASecwM4NatROxiQThoidUKKRTT8
qftmvnQK1svgaXQK4C2jwDUO/dWgQ0FBQvtBQEod0rf26u430rWSeb1u3+cg6t4r
BDZo2ADfQtg00lj+6OFbqQixNeL1kYEvCFnfp1fOm84g+s8sShCsIj1oUiEdbZA1
AU2VxEoIXJLP0Hju08sGACyopIq0ZvEcZkNSq2aFqX6k1x/CDlsHWzJVDPXktriJ
LI6vdNZ3pHg6Jmlh5s3HPy0Df4y/BXxYOsj9fvJxu+b1CpfF/kuVgOwzHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDtGJF+Kk0kmUrDhWvrZpONTXbXYMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvTzBZa1g0cVRTU1pTc09GYS10bWs0MU5kdGRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhMUMA0G
CSqGSIb3DQEBCwUAA4IBAQAfhpUnxrN7AHKH14QncTh8W2awM8vM1WFBGbwX4Jcd
Hry1WQHQz82b+RBAyuSAnw/jbS0pmjF/Vc/F2x0kQG1zq9IlAP85XsmlqEkZpfvp
A8aQ1baACGB0vD4GRqBAjmpyuHj9knZQP5Ubz6rpLW0YahBBszUv4nDQK7Zdo0G9
ZR7B2W1Fsg/VgplffeD2fe5YvWAXX7j4B4C0uFMlD6kw2ebl9zXTDdkpbbnxj4c6
KVa8mrq3G82DoyIUDdzdmLXYJ7ETuwk0g7q8Ho3XlHj6GHRtnbjGc2Wf6VJfIxve
ZiMkau3In+hHDsRBNvCJW+/JH8DdRKdatm8zvlOUWSo7
-----END CERTIFICATE-----