Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/5md9c8HQuxG_OL9UlpJwWoEZ_7w.roa
File:                     5md9c8HQuxG_OL9UlpJwWoEZ_7w.roa (raw, json)
Hash identifier:          IOkDpoxE/qzy92kHaoRlaHciS4ayCBhiFKtEa8VBYi8=
Subject key identifier:   E6:67:7D:73:C1:D0:BB:11:BF:38:BF:54:96:92:70:5A:81:19:FF:BC
Certificate issuer:       /CN=4f2d30b015ec4ef1b0d3c64347c8d1b598293f81
Certificate serial:       0193177719B4A1D2CC6C02B08FC4F25FA52B
Authority key identifier: 4F:2D:30:B0:15:EC:4E:F1:B0:D3:C6:43:47:C8:D1:B5:98:29:3F:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/5md9c8HQuxG_OL9UlpJwWoEZ_7w.roa
Signing time:             Sun 10 Nov 2024 19:05:01 +0000
ROA not before:           Sun 10 Nov 2024 19:05:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213893
IP address blocks:        185.149.146.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:17:77:19:b4:a1:d2:cc:6c:02:b0:8f:c4:f2:5f:a5:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f2d30b015ec4ef1b0d3c64347c8d1b598293f81
        Validity
            Not Before: Nov 10 19:05:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6677d73c1d0bb11bf38bf549692705a8119ffbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:cf:5b:af:0b:be:1b:69:d7:78:a4:08:1b:0a:
                    cd:ec:c1:f7:ca:f4:d5:20:39:16:d8:28:be:db:a0:
                    59:2d:bf:0b:56:b4:40:4b:7f:9f:0d:07:a8:90:b3:
                    13:8c:58:f8:c1:90:87:09:c7:10:30:59:8f:40:a9:
                    ee:fe:37:73:12:e0:27:0e:54:92:90:99:be:83:4c:
                    70:a2:d4:1e:ff:f6:f0:7b:77:54:44:8c:d1:85:8b:
                    b2:5b:80:8b:95:0f:67:05:a2:d3:3c:8d:0b:91:44:
                    5e:a7:88:17:bd:4f:2d:08:c1:dc:c6:26:6f:27:d9:
                    2c:5c:d2:74:cb:c8:54:d5:46:e2:4e:41:3a:3b:0d:
                    75:2d:9d:b3:16:ad:e9:b4:a2:24:29:70:7d:e9:7f:
                    82:0f:de:5e:47:ad:d3:cf:4d:64:46:06:61:3b:2f:
                    ba:0b:d3:35:d3:39:77:94:61:ae:a3:cf:d4:de:fb:
                    b3:ab:c8:85:69:74:2f:38:f1:89:ad:b5:e6:2a:39:
                    5b:f2:c5:6c:e4:cb:15:3f:cd:7b:13:f5:be:b3:6a:
                    1a:4d:2c:25:01:7b:a2:d4:eb:52:3f:63:ab:a1:7a:
                    f3:14:79:da:5a:9b:ac:df:11:5a:68:0e:9f:91:db:
                    98:d3:46:6b:de:a7:d7:68:0b:87:48:d3:80:81:0f:
                    6c:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:67:7D:73:C1:D0:BB:11:BF:38:BF:54:96:92:70:5A:81:19:FF:BC
            X509v3 Authority Key Identifier:
                keyid:4F:2D:30:B0:15:EC:4E:F1:B0:D3:C6:43:47:C8:D1:B5:98:29:3F:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/5md9c8HQuxG_OL9UlpJwWoEZ_7w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:9f:20:6b:54:f5:52:3b:58:c6:56:d3:55:5f:e8:8d:ad:ea:
         71:78:4d:67:e6:28:d2:84:78:83:d9:05:b2:28:e1:b5:4a:c8:
         dc:8b:9a:fc:94:22:67:be:e9:93:b7:47:f5:ed:02:41:5c:fa:
         5e:8b:72:de:5a:ca:e8:49:37:b0:ed:87:79:51:5f:66:aa:3b:
         15:fa:bf:68:8a:c3:52:3e:8a:a1:e1:e9:48:8e:05:ef:4d:15:
         21:3e:62:8f:67:87:e2:78:b9:85:7b:b4:9a:69:6c:83:d3:78:
         f3:6e:bc:54:a9:f2:c0:cf:53:3c:c8:55:bb:42:12:36:25:87:
         db:b7:ee:9f:99:74:d9:8b:1f:1a:fb:dc:de:76:8c:dc:2c:67:
         a6:91:44:77:38:67:4d:e6:5e:97:1a:60:9a:02:43:3f:8f:66:
         5f:f8:97:f8:25:00:68:28:fe:f8:66:3f:81:58:33:f1:9f:0d:
         db:86:13:ce:d3:09:aa:fc:3d:e3:11:ff:aa:a6:d8:c2:7b:0e:
         18:f6:f7:c2:ce:2f:69:ad:6c:a2:6c:de:5d:f0:15:d8:e7:ac:
         4f:d4:69:06:37:1f:4c:f8:40:77:bb:b7:ef:96:d8:82:64:92:
         7e:78:a2:a8:e4:1c:30:0f:91:3b:53:d2:4c:26:cb:48:80:23:
         28:31:e0:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMXdxm0odLMbAKwj8TyX6UrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMmQzMGIwMTVlYzRlZjFiMGQzYzY0MzQ3YzhkMWI1OTgy
OTNmODEwHhcNMjQxMTEwMTkwNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjY3N2Q3M2MxZDBiYjExYmYzOGJmNTQ5NjkyNzA1YTgxMTlmZmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhs9brwu+G2nXeKQIGwrN7MH3yvTV
IDkW2Ci+26BZLb8LVrRAS3+fDQeokLMTjFj4wZCHCccQMFmPQKnu/jdzEuAnDlSS
kJm+g0xwotQe//bwe3dURIzRhYuyW4CLlQ9nBaLTPI0LkURep4gXvU8tCMHcxiZv
J9ksXNJ0y8hU1UbiTkE6Ow11LZ2zFq3ptKIkKXB96X+CD95eR63Tz01kRgZhOy+6
C9M10zl3lGGuo8/U3vuzq8iFaXQvOPGJrbXmKjlb8sVs5MsVP817E/W+s2oaTSwl
AXui1OtSP2OroXrzFHnaWpus3xFaaA6fkduY00Zr3qfXaAuHSNOAgQ9skwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOZnfXPB0LsRvzi/VJaScFqBGf+8MB8GA1UdIwQY
MBaAFE8tMLAV7E7xsNPGQ0fI0bWYKT+BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHkwd3NCWHNUdkd3MDhaRFI4alJ0WmdwUDRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi85NjY4YjUtNWU5Mi00YzE4LTliYjkt
NDM1MWJiZjc0YzBjLzEvNW1kOWM4SFF1eEdfT0w5VWxwSndXb0VaXzd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi85NjY4YjUtNWU5Mi00YzE4LTliYjktNDM1MWJiZjc0YzBj
LzEvVHkwd3NCWHNUdkd3MDhaRFI4alJ0WmdwUDRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZWSMA0G
CSqGSIb3DQEBCwUAA4IBAQAxnyBrVPVSO1jGVtNVX+iNrepxeE1n5ijShHiD2QWy
KOG1Ssjci5r8lCJnvumTt0f17QJBXPpei3LeWsroSTew7Yd5UV9mqjsV+r9oisNS
Poqh4elIjgXvTRUhPmKPZ4fieLmFe7SaaWyD03jzbrxUqfLAz1M8yFW7QhI2JYfb
t+6fmXTZix8a+9zedozcLGemkUR3OGdN5l6XGmCaAkM/j2Zf+Jf4JQBoKP74Zj+B
WDPxnw3bhhPO0wmq/D3jEf+qptjCew4Y9vfCzi9prWyibN5d8BXY56xP1GkGNx9M
+EB3u7fvltiCZJJ+eKKo5BwwD5E7U9JMJstIgCMoMeD6
-----END CERTIFICATE-----