Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/3LBPKFM2tCMSdl8TM4QakanBF-E.roa
File:                     3LBPKFM2tCMSdl8TM4QakanBF-E.roa (raw, json)
Hash identifier:          ckSPYNiWmkoVJkF7/rLUTjAnGtIMKaVNoHIq10t48eA=
Subject key identifier:   DC:B0:4F:28:53:36:B4:23:12:76:5F:13:33:84:1A:91:A9:C1:17:E1
Certificate issuer:       /CN=0969a2a39635b797476f1f1633ae8f27bf33b533
Certificate serial:       0192448593F761EA8B43A9428B284959C99E
Authority key identifier: 09:69:A2:A3:96:35:B7:97:47:6F:1F:16:33:AE:8F:27:BF:33:B5:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/3LBPKFM2tCMSdl8TM4QakanBF-E.roa
Signing time:             Mon 30 Sep 2024 20:00:57 +0000
ROA not before:           Mon 30 Sep 2024 20:00:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212953
IP address blocks:        146.19.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:44:85:93:f7:61:ea:8b:43:a9:42:8b:28:49:59:c9:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0969a2a39635b797476f1f1633ae8f27bf33b533
        Validity
            Not Before: Sep 30 20:00:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dcb04f285336b42312765f1333841a91a9c117e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:7f:c1:29:13:e2:91:7c:71:ec:5b:30:8f:bc:
                    54:b6:40:59:64:12:b8:33:dd:86:46:bc:39:6e:fd:
                    41:a1:f8:0e:69:14:25:32:54:74:12:b1:36:30:10:
                    cf:43:a3:ae:6c:e2:ba:75:f2:d8:10:5a:fd:a7:dc:
                    29:4f:25:6d:1e:22:fc:0e:40:12:53:15:e8:f2:d7:
                    8d:42:e1:48:9f:1e:5e:c0:3f:4c:a1:dc:cb:37:52:
                    14:07:8f:98:1b:51:1b:c4:ba:80:27:f5:ce:f3:97:
                    e7:61:ae:f7:90:d6:49:dc:be:17:12:c6:8e:51:94:
                    22:91:da:3a:22:f0:d6:68:1c:24:85:17:a5:6c:43:
                    e0:53:58:a9:2a:56:c1:4a:84:15:a1:1c:b7:83:67:
                    b6:33:90:82:bf:e9:e4:18:e7:16:70:fc:44:3e:6b:
                    1b:d4:46:d5:0f:8b:b0:a3:49:2e:85:3c:e3:c3:ef:
                    71:9e:50:5a:70:65:5b:4c:c8:01:34:00:33:7d:20:
                    1b:47:9d:da:c8:64:a5:46:2f:84:70:75:b5:aa:11:
                    41:4f:40:fb:9a:a9:c0:d9:82:cf:74:7f:22:c1:bb:
                    5a:b4:2c:5f:6f:92:2f:6c:54:0e:85:24:68:ce:be:
                    c1:6e:92:c6:34:89:c4:78:58:8b:79:1e:4e:91:3a:
                    16:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:B0:4F:28:53:36:B4:23:12:76:5F:13:33:84:1A:91:A9:C1:17:E1
            X509v3 Authority Key Identifier:
                keyid:09:69:A2:A3:96:35:B7:97:47:6F:1F:16:33:AE:8F:27:BF:33:B5:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CWmio5Y1t5dHbx8WM66PJ78ztTM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/3LBPKFM2tCMSdl8TM4QakanBF-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/6db427-f7dc-4ea9-ae95-41490872fc4e/1/CWmio5Y1t5dHbx8WM66PJ78ztTM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:94:77:3d:26:65:7d:41:3f:74:11:62:bf:37:98:09:83:b9:
         8b:18:6d:17:eb:c1:5e:fa:00:97:c9:1d:a2:a6:06:28:36:75:
         5f:26:a7:ab:98:0d:ad:78:4d:b5:f2:c9:ef:73:91:97:d2:23:
         d2:f0:a4:7a:46:87:c2:3a:1c:e6:40:69:cf:ca:dd:83:6d:58:
         55:a5:55:5e:0f:35:ad:ea:0f:a0:47:38:b8:b9:0c:f9:88:20:
         6c:93:83:1c:85:f1:fc:f7:66:c7:c8:ea:f5:49:68:33:34:e0:
         8d:81:90:fd:c3:70:32:43:1e:20:17:5d:04:b9:b1:0a:00:26:
         f3:63:c7:2b:01:e1:ec:de:6e:85:c8:66:6f:68:34:05:e5:93:
         f7:98:63:8d:30:83:f1:26:c8:b7:4a:72:01:3f:4a:23:74:82:
         3f:4e:4c:d5:f6:c7:dd:d0:e0:d3:e0:36:5b:48:89:c7:e2:cd:
         1e:6e:8e:34:4c:cd:2d:6d:68:9a:06:7a:19:eb:75:ed:34:d4:
         d0:e8:f1:b0:70:45:12:01:88:b4:03:4d:01:48:f1:40:2d:a0:
         3d:3d:e4:d3:48:7d:9d:b3:05:83:24:f8:b8:a7:8a:72:eb:da:
         1a:80:9f:22:de:02:f7:60:f2:35:e2:c8:36:71:44:7d:d0:a7:
         30:f5:80:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJEhZP3YeqLQ6lCiyhJWcmeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NjlhMmEzOTYzNWI3OTc0NzZmMWYxNjMzYWU4ZjI3YmYz
M2I1MzMwHhcNMjQwOTMwMjAwMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2IwNGYyODUzMzZiNDIzMTI3NjVmMTMzMzg0MWE5MWE5YzExN2UxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwX/BKRPikXxx7Fswj7xUtkBZZBK4
M92GRrw5bv1BofgOaRQlMlR0ErE2MBDPQ6OubOK6dfLYEFr9p9wpTyVtHiL8DkAS
UxXo8teNQuFInx5ewD9ModzLN1IUB4+YG1EbxLqAJ/XO85fnYa73kNZJ3L4XEsaO
UZQikdo6IvDWaBwkhRelbEPgU1ipKlbBSoQVoRy3g2e2M5CCv+nkGOcWcPxEPmsb
1EbVD4uwo0kuhTzjw+9xnlBacGVbTMgBNAAzfSAbR53ayGSlRi+EcHW1qhFBT0D7
mqnA2YLPdH8iwbtatCxfb5IvbFQOhSRozr7BbpLGNInEeFiLeR5OkToW5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNywTyhTNrQjEnZfEzOEGpGpwRfhMB8GA1UdIwQY
MBaAFAlpoqOWNbeXR28fFjOujye/M7UzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1dtaW81WTF0NWRIYng4V002NlBKNzh6dFRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC82ZGI0MjctZjdkYy00ZWE5LWFlOTUt
NDE0OTA4NzJmYzRlLzEvM0xCUEtGTTJ0Q01TZGw4VE00UWFrYW5CRi1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC82ZGI0MjctZjdkYy00ZWE5LWFlOTUtNDE0OTA4NzJmYzRl
LzEvQ1dtaW81WTF0NWRIYng4V002NlBKNzh6dFRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhM5MA0G
CSqGSIb3DQEBCwUAA4IBAQCIlHc9JmV9QT90EWK/N5gJg7mLGG0X68Fe+gCXyR2i
pgYoNnVfJqermA2teE218snvc5GX0iPS8KR6RofCOhzmQGnPyt2DbVhVpVVeDzWt
6g+gRzi4uQz5iCBsk4MchfH892bHyOr1SWgzNOCNgZD9w3AyQx4gF10EubEKACbz
Y8crAeHs3m6FyGZvaDQF5ZP3mGONMIPxJsi3SnIBP0ojdII/TkzV9sfd0ODT4DZb
SInH4s0ebo40TM0tbWiaBnoZ63XtNNTQ6PGwcEUSAYi0A00BSPFALaA9PeTTSH2d
swWDJPi4p4py69oagJ8i3gL3YPI14sg2cUR90Kcw9YDm
-----END CERTIFICATE-----