Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/b6468d-10ed-4d48-803c-ea97665c13df/1/ZTmydTpXIXh_aFM6lIMP1nPGi4M.roa
File:                     ZTmydTpXIXh_aFM6lIMP1nPGi4M.roa (raw, json)
Hash identifier:          R6dO91YPQTwtwZipE8GfozYF7WvWuk+GMp9DghrSYmY=
Subject key identifier:   65:39:B2:75:3A:57:21:78:7F:68:53:3A:94:83:0F:D6:73:C6:8B:83
Certificate issuer:       /CN=e2834429775e6555e5742492286254b1da9f1903
Certificate serial:       019420D5A3E46CB4C47304F34E5225C4C829
Authority key identifier: E2:83:44:29:77:5E:65:55:E5:74:24:92:28:62:54:B1:DA:9F:19:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4oNEKXdeZVXldCSSKGJUsdqfGQM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/b6468d-10ed-4d48-803c-ea97665c13df/1/ZTmydTpXIXh_aFM6lIMP1nPGi4M.roa
Signing time:             Wed 01 Jan 2025 07:47:39 +0000
ROA not before:           Wed 01 Jan 2025 07:47:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200023
IP address blocks:        146.19.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/b6468d-10ed-4d48-803c-ea97665c13df/1/4oNEKXdeZVXldCSSKGJUsdqfGQM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/b6468d-10ed-4d48-803c-ea97665c13df/1/4oNEKXdeZVXldCSSKGJUsdqfGQM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4oNEKXdeZVXldCSSKGJUsdqfGQM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:a3:e4:6c:b4:c4:73:04:f3:4e:52:25:c4:c8:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2834429775e6555e5742492286254b1da9f1903
        Validity
            Not Before: Jan  1 07:47:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6539b2753a5721787f68533a94830fd673c68b83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:f3:61:14:1d:7d:f7:32:c3:b5:d6:92:70:6f:
                    70:2b:20:bc:fb:b2:b1:bf:b6:38:b2:06:c5:0c:90:
                    15:10:df:f5:94:a9:b2:63:a4:49:bc:f2:8f:8a:f3:
                    09:57:7b:2a:19:15:a9:3a:be:8d:7f:93:b7:90:4e:
                    7b:c6:b3:10:8a:f5:a5:1f:8d:d4:9b:0a:a9:28:b7:
                    8d:88:b3:0f:ca:33:d5:e2:eb:ba:3e:0a:29:83:e1:
                    86:e6:ea:d5:cb:d0:26:c1:5d:73:54:b9:66:27:dc:
                    5d:3b:ef:5b:be:77:17:3c:34:a4:b2:aa:6c:f5:e1:
                    b5:a9:fb:bf:39:db:db:95:51:9f:14:f9:c3:cf:45:
                    1b:25:eb:c9:9e:eb:a7:fd:c8:9a:d6:39:f5:71:2a:
                    d1:9e:d5:22:4a:a0:b0:d9:5f:6d:1a:13:df:c4:41:
                    89:2e:ec:ae:5c:33:2c:67:8f:6a:14:b0:2d:b4:0b:
                    3d:ca:89:b5:2b:dc:ad:1f:8d:d0:07:f7:ea:6a:e0:
                    92:75:4c:61:3d:74:80:04:6b:1b:69:9e:81:59:c2:
                    87:0b:70:7c:60:17:71:7a:f2:d1:15:3b:a3:a0:4e:
                    ca:36:d9:47:b5:ad:9e:5c:79:0d:ce:c8:85:7e:48:
                    01:74:88:93:55:57:66:49:68:0c:a7:d1:dc:c9:71:
                    d6:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:39:B2:75:3A:57:21:78:7F:68:53:3A:94:83:0F:D6:73:C6:8B:83
            X509v3 Authority Key Identifier:
                keyid:E2:83:44:29:77:5E:65:55:E5:74:24:92:28:62:54:B1:DA:9F:19:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4oNEKXdeZVXldCSSKGJUsdqfGQM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/b6468d-10ed-4d48-803c-ea97665c13df/1/ZTmydTpXIXh_aFM6lIMP1nPGi4M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/b6468d-10ed-4d48-803c-ea97665c13df/1/4oNEKXdeZVXldCSSKGJUsdqfGQM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:e3:b7:50:cc:39:07:52:95:c0:4b:6f:5c:83:88:10:e5:5d:
         3d:1b:f3:3d:6a:d7:c0:2e:b4:b2:c0:8c:ff:ba:11:2c:82:95:
         44:da:06:84:77:aa:01:60:f2:d5:34:0c:7d:05:f3:8f:cd:e2:
         89:22:da:63:1b:a4:1b:03:41:11:d5:67:26:be:8d:26:d7:35:
         1b:ce:43:55:b6:87:c9:ca:70:70:0d:fb:59:44:ce:68:8c:37:
         31:40:b4:51:48:88:66:38:1c:b7:af:a9:24:50:c8:05:d3:f3:
         c9:47:3f:a9:7e:d0:c2:c1:89:14:9e:3d:6f:b8:3b:f9:f9:bc:
         58:41:76:eb:bf:ae:10:f1:21:7c:6d:ef:89:b9:d8:74:fb:f4:
         4c:76:7f:fd:cd:49:65:f7:0f:a5:21:8d:f9:71:15:62:0f:a0:
         4c:da:0e:c9:57:32:4e:21:81:3c:49:99:fa:ba:1a:82:e8:5c:
         33:8c:52:07:d0:14:b6:2f:65:59:91:a9:7a:5e:f5:34:25:dc:
         f7:b6:82:9e:68:50:6b:64:cc:d6:66:0b:53:41:d8:b4:6b:53:
         10:d6:86:e2:69:50:ff:aa:29:20:d5:29:ac:62:d7:80:c4:56:
         75:f4:36:8f:e3:bf:09:0a:93:ff:b8:94:6d:bb:7c:76:e7:b3:
         ee:d3:70:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1aPkbLTEcwTzTlIlxMgpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyODM0NDI5Nzc1ZTY1NTVlNTc0MjQ5MjI4NjI1NGIxZGE5
ZjE5MDMwHhcNMjUwMTAxMDc0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTM5YjI3NTNhNTcyMTc4N2Y2ODUzM2E5NDgzMGZkNjczYzY4YjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyvNhFB199zLDtdaScG9wKyC8+7Kx
v7Y4sgbFDJAVEN/1lKmyY6RJvPKPivMJV3sqGRWpOr6Nf5O3kE57xrMQivWlH43U
mwqpKLeNiLMPyjPV4uu6Pgopg+GG5urVy9AmwV1zVLlmJ9xdO+9bvncXPDSksqps
9eG1qfu/OdvblVGfFPnDz0UbJevJnuun/cia1jn1cSrRntUiSqCw2V9tGhPfxEGJ
LuyuXDMsZ49qFLAttAs9yom1K9ytH43QB/fqauCSdUxhPXSABGsbaZ6BWcKHC3B8
YBdxevLRFTujoE7KNtlHta2eXHkNzsiFfkgBdIiTVVdmSWgMp9HcyXHWJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGU5snU6VyF4f2hTOpSDD9ZzxouDMB8GA1UdIwQY
MBaAFOKDRCl3XmVV5XQkkihiVLHanxkDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNG9ORUtYZGVaVlhsZENTU0tHSlVzZHFmR1FNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9iNjQ2OGQtMTBlZC00ZDQ4LTgwM2Mt
ZWE5NzY2NWMxM2RmLzEvWlRteWRUcFhJWGhfYUZNNmxJTVAxblBHaTRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9iNjQ2OGQtMTBlZC00ZDQ4LTgwM2MtZWE5NzY2NWMxM2Rm
LzEvNG9ORUtYZGVaVlhsZENTU0tHSlVzZHFmR1FNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhP6MA0G
CSqGSIb3DQEBCwUAA4IBAQCs47dQzDkHUpXAS29cg4gQ5V09G/M9atfALrSywIz/
uhEsgpVE2gaEd6oBYPLVNAx9BfOPzeKJItpjG6QbA0ER1Wcmvo0m1zUbzkNVtofJ
ynBwDftZRM5ojDcxQLRRSIhmOBy3r6kkUMgF0/PJRz+pftDCwYkUnj1vuDv5+bxY
QXbrv64Q8SF8be+Judh0+/RMdn/9zUll9w+lIY35cRViD6BM2g7JVzJOIYE8SZn6
uhqC6FwzjFIH0BS2L2VZkal6XvU0Jdz3toKeaFBrZMzWZgtTQdi0a1MQ1obiaVD/
qikg1SmsYteAxFZ19DaP478JCpP/uJRtu3x257Pu03CM
-----END CERTIFICATE-----