Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/baZ3lK0RUqMYBcv4_ZE-FMcKq4Y.roa
File:                     baZ3lK0RUqMYBcv4_ZE-FMcKq4Y.roa (raw, json)
Hash identifier:          Pye1uq2rRtMv4qWnzaKbY5tyIhueG8KOo2aZhtwf9lg=
Subject key identifier:   6D:A6:77:94:AD:11:52:A3:18:05:CB:F8:FD:91:3E:14:C7:0A:AB:86
Certificate issuer:       /CN=8ad9281aafefc8375ad8b4b7e604899555952237
Certificate serial:       018F10F08296AFB9CB69F0B60848AF13BF80
Authority key identifier: 8A:D9:28:1A:AF:EF:C8:37:5A:D8:B4:B7:E6:04:89:95:55:95:22:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/itkoGq_vyDda2LS35gSJlVWVIjc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/baZ3lK0RUqMYBcv4_ZE-FMcKq4Y.roa
Signing time:             Wed 24 Apr 2024 16:29:08 +0000
ROA not before:           Wed 24 Apr 2024 16:29:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210986
IP address blocks:        146.19.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/itkoGq_vyDda2LS35gSJlVWVIjc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/itkoGq_vyDda2LS35gSJlVWVIjc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/itkoGq_vyDda2LS35gSJlVWVIjc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:10:f0:82:96:af:b9:cb:69:f0:b6:08:48:af:13:bf:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ad9281aafefc8375ad8b4b7e604899555952237
        Validity
            Not Before: Apr 24 16:29:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6da67794ad1152a31805cbf8fd913e14c70aab86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:39:d6:5b:f1:15:62:66:ee:cd:74:93:11:f3:
                    6d:a7:4e:d5:7e:ae:17:ca:09:ce:eb:16:aa:f8:ad:
                    ab:41:97:8f:c3:28:43:de:2f:41:77:84:d8:36:f5:
                    13:ca:79:42:17:25:49:e5:bc:85:6f:bb:6d:86:8d:
                    54:d5:57:ad:9c:4f:4f:8b:70:50:f9:0a:cd:b3:f5:
                    ef:12:ad:70:f8:f3:70:5a:03:94:45:7a:42:c4:99:
                    c1:3b:ab:d6:94:ac:3d:80:c6:79:2d:17:32:1f:44:
                    e5:cb:cb:de:05:ff:89:35:8a:d3:1b:d8:d9:11:3a:
                    97:2e:63:38:5d:0f:f4:b4:00:88:1c:ab:5b:60:d5:
                    9e:25:67:98:fa:4a:71:3b:67:f6:bf:96:7f:0b:fd:
                    11:f6:83:5a:b0:96:4d:bc:d5:a4:e8:d6:93:1f:87:
                    42:ce:aa:ad:82:4d:d4:b8:a9:94:03:b5:97:9a:ee:
                    b7:5c:4f:2e:1c:4d:a6:39:3d:ac:79:52:c2:f2:54:
                    04:b5:a9:5d:d7:bc:92:11:e2:d4:db:f1:69:0b:b1:
                    36:8d:14:de:36:32:74:41:1d:ab:e1:a8:ef:67:df:
                    9f:77:bf:18:b5:48:f6:94:3d:ad:44:65:0a:a6:e2:
                    c1:ae:3f:e9:63:91:33:58:ba:f2:de:66:ff:c8:ab:
                    eb:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:A6:77:94:AD:11:52:A3:18:05:CB:F8:FD:91:3E:14:C7:0A:AB:86
            X509v3 Authority Key Identifier:
                keyid:8A:D9:28:1A:AF:EF:C8:37:5A:D8:B4:B7:E6:04:89:95:55:95:22:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/itkoGq_vyDda2LS35gSJlVWVIjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/baZ3lK0RUqMYBcv4_ZE-FMcKq4Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/058509-2fe7-486b-b4ad-8c74f9dd67fc/1/itkoGq_vyDda2LS35gSJlVWVIjc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:66:73:75:62:5a:e7:3b:f7:47:ac:44:92:e0:6a:df:e4:eb:
         d6:17:a7:c4:1c:4f:d3:0b:9d:83:74:90:f2:4f:e3:31:34:f0:
         38:e3:28:5a:00:4e:00:a9:d4:b5:76:3f:e9:9f:e2:0d:cb:cf:
         01:67:ae:2e:88:76:26:d0:e9:92:8b:47:ed:8b:1d:cd:23:e5:
         b0:23:d8:9d:81:3a:c8:4b:fd:59:ce:1f:b1:f6:de:2a:c2:28:
         fd:93:f7:d0:63:b7:43:3f:f6:cd:e0:a3:13:d8:4c:bb:39:c5:
         a2:29:17:09:cd:d7:3d:42:55:fd:b9:cf:b7:cb:6c:5f:03:32:
         ee:22:29:a7:67:af:98:5a:b3:15:7a:01:be:ff:37:5a:a2:3e:
         53:4a:fc:26:17:30:cc:b6:2e:58:6b:d9:aa:c0:bd:6a:07:2a:
         fe:e8:a7:4d:3d:9d:6c:1d:d4:34:6f:f8:f0:1f:7d:78:24:dc:
         c4:88:44:d7:5b:4e:1e:75:ca:4e:84:92:74:c7:8e:9a:8e:af:
         5d:1c:62:95:1f:cb:8a:ed:15:ff:e2:10:17:69:a7:d8:e4:dd:
         5b:a6:df:86:62:1e:ac:b4:5f:51:d7:2c:0a:15:7e:67:94:2f:
         6b:00:39:98:c9:3f:53:10:34:ce:a4:00:af:35:eb:ec:b3:e4:
         5b:cb:a3:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8Q8IKWr7nLafC2CEivE7+AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhZDkyODFhYWZlZmM4Mzc1YWQ4YjRiN2U2MDQ4OTk1NTU5
NTIyMzcwHhcNMjQwNDI0MTYyOTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGE2Nzc5NGFkMTE1MmEzMTgwNWNiZjhmZDkxM2UxNGM3MGFhYjg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojnWW/EVYmbuzXSTEfNtp07Vfq4X
ygnO6xaq+K2rQZePwyhD3i9Bd4TYNvUTynlCFyVJ5byFb7ttho1U1VetnE9Pi3BQ
+QrNs/XvEq1w+PNwWgOURXpCxJnBO6vWlKw9gMZ5LRcyH0Tly8veBf+JNYrTG9jZ
ETqXLmM4XQ/0tACIHKtbYNWeJWeY+kpxO2f2v5Z/C/0R9oNasJZNvNWk6NaTH4dC
zqqtgk3UuKmUA7WXmu63XE8uHE2mOT2seVLC8lQEtald17ySEeLU2/FpC7E2jRTe
NjJ0QR2r4ajvZ9+fd78YtUj2lD2tRGUKpuLBrj/pY5EzWLry3mb/yKvrSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG2md5StEVKjGAXL+P2RPhTHCquGMB8GA1UdIwQY
MBaAFIrZKBqv78g3Wti0t+YEiZVVlSI3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXRrb0dxX3Z5RGRhMkxTMzVnU0psVldWSWpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC8wNTg1MDktMmZlNy00ODZiLWI0YWQt
OGM3NGY5ZGQ2N2ZjLzEvYmFaM2xLMFJVcU1ZQmN2NF9aRS1GTWNLcTRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC8wNTg1MDktMmZlNy00ODZiLWI0YWQtOGM3NGY5ZGQ2N2Zj
LzEvaXRrb0dxX3Z5RGRhMkxTMzVnU0psVldWSWpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhNPMA0G
CSqGSIb3DQEBCwUAA4IBAQBmZnN1YlrnO/dHrESS4Grf5OvWF6fEHE/TC52DdJDy
T+MxNPA44yhaAE4AqdS1dj/pn+INy88BZ64uiHYm0OmSi0ftix3NI+WwI9idgTrI
S/1Zzh+x9t4qwij9k/fQY7dDP/bN4KMT2Ey7OcWiKRcJzdc9QlX9uc+3y2xfAzLu
IimnZ6+YWrMVegG+/zdaoj5TSvwmFzDMti5Ya9mqwL1qByr+6KdNPZ1sHdQ0b/jw
H314JNzEiETXW04edcpOhJJ0x46ajq9dHGKVH8uK7RX/4hAXaafY5N1bpt+GYh6s
tF9R1ywKFX5nlC9rADmYyT9TEDTOpACvNevss+Rby6O4
-----END CERTIFICATE-----