Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/b6af9d-47ba-4b92-b41a-838a4505735a/1/UpMjMDt3cuHs4SwtnWZm8R7V9os.roa
File:                     UpMjMDt3cuHs4SwtnWZm8R7V9os.roa (raw, json)
Hash identifier:          qeFM3POHkCk+jL1xlpd3imIz2xGuq5x2C6iLfrRmCM8=
Subject key identifier:   52:93:23:30:3B:77:72:E1:EC:E1:2C:2D:9D:66:66:F1:1E:D5:F6:8B
Certificate issuer:       /CN=69737c6e0602be3804e277580bab7e21e6e33474
Certificate serial:       0192ECF3C789722F2407AAD0D0ECB2F666B2
Authority key identifier: 69:73:7C:6E:06:02:BE:38:04:E2:77:58:0B:AB:7E:21:E6:E3:34:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aXN8bgYCvjgE4ndYC6t-IebjNHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/b6af9d-47ba-4b92-b41a-838a4505735a/1/UpMjMDt3cuHs4SwtnWZm8R7V9os.roa
Signing time:             Sat 02 Nov 2024 12:57:32 +0000
ROA not before:           Sat 02 Nov 2024 12:57:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     395793
IP address blocks:        146.19.122.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/b6af9d-47ba-4b92-b41a-838a4505735a/1/aXN8bgYCvjgE4ndYC6t-IebjNHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/b6af9d-47ba-4b92-b41a-838a4505735a/1/aXN8bgYCvjgE4ndYC6t-IebjNHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aXN8bgYCvjgE4ndYC6t-IebjNHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ec:f3:c7:89:72:2f:24:07:aa:d0:d0:ec:b2:f6:66:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69737c6e0602be3804e277580bab7e21e6e33474
        Validity
            Not Before: Nov  2 12:57:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=529323303b7772e1ece12c2d9d6666f11ed5f68b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:82:92:03:ff:0e:fd:2d:ca:8f:61:8e:34:ee:
                    22:46:3e:7c:8b:bf:dc:b2:d8:58:3a:0b:e8:71:31:
                    49:c9:11:7d:cf:f2:4c:54:6c:29:ac:fb:9c:7d:55:
                    d6:a3:57:bd:2b:2a:ea:c2:61:0f:97:f8:70:f7:92:
                    cf:f3:79:1b:45:af:69:03:74:e7:c8:11:a7:66:65:
                    b0:c7:0a:e8:30:a7:dc:a8:ee:7e:a3:6d:e7:e9:80:
                    7c:65:7a:f2:43:42:29:dd:49:02:64:41:d0:40:ff:
                    36:d2:5d:ad:4d:56:19:3e:b3:e8:8f:93:4f:73:10:
                    71:c1:96:9d:d7:0b:20:85:3a:d3:64:ce:b8:25:21:
                    be:a6:f0:9f:e0:7f:84:29:52:56:96:6a:7f:13:a8:
                    62:97:46:c7:cb:bf:d1:56:23:dd:d0:64:3c:15:3d:
                    19:c5:84:a4:2b:5a:94:a5:2a:35:07:e1:21:e9:a4:
                    02:66:61:66:4d:58:8f:21:4e:ed:ee:8b:b0:4a:88:
                    13:d9:07:20:36:8e:8e:51:dc:09:b0:86:96:26:e2:
                    8f:93:a6:d6:72:c5:67:85:2a:e1:75:6a:a4:1d:63:
                    0e:82:b2:ed:92:8f:40:7f:66:8e:bd:d4:35:d8:69:
                    02:ef:6a:80:3b:65:71:f2:fc:b3:56:68:12:96:cc:
                    65:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:93:23:30:3B:77:72:E1:EC:E1:2C:2D:9D:66:66:F1:1E:D5:F6:8B
            X509v3 Authority Key Identifier:
                keyid:69:73:7C:6E:06:02:BE:38:04:E2:77:58:0B:AB:7E:21:E6:E3:34:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aXN8bgYCvjgE4ndYC6t-IebjNHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/b6af9d-47ba-4b92-b41a-838a4505735a/1/UpMjMDt3cuHs4SwtnWZm8R7V9os.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/b6af9d-47ba-4b92-b41a-838a4505735a/1/aXN8bgYCvjgE4ndYC6t-IebjNHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:e0:bf:58:d6:6c:2e:d3:87:82:99:d4:99:5e:ee:22:da:72:
         b8:5d:09:6e:83:19:c1:d6:cb:fa:90:6a:c4:a0:09:c8:7e:d5:
         2d:e9:1b:88:72:1b:80:da:3f:58:0a:f2:bb:2e:37:6d:99:ea:
         38:13:25:19:b4:ac:be:eb:22:ed:6e:a9:21:e5:04:9c:a6:62:
         bc:80:f9:56:f2:ad:d6:5e:32:0a:e4:5d:b3:b9:2a:0d:52:fa:
         74:fb:5a:3d:2c:81:da:41:ee:62:3d:b8:44:44:41:0c:65:fb:
         01:18:41:98:ec:92:3c:2f:f4:cb:16:ac:8b:21:3a:7a:98:b7:
         90:fc:a6:a4:87:be:ba:2a:22:7e:bb:a9:7f:ad:27:04:b2:92:
         7b:92:11:c6:5c:8a:e7:f5:d3:8a:6f:18:68:a8:27:95:7a:75:
         c0:f9:14:dc:7d:14:c5:7a:9b:2e:e7:ff:55:43:7f:41:a1:71:
         8e:3d:06:8c:0d:1c:0c:95:24:01:39:1c:8a:c7:2e:dc:06:30:
         b7:b4:53:99:7c:97:61:1c:9d:c8:f5:19:51:41:b8:56:a0:fb:
         92:50:92:c9:ea:a2:53:49:bf:27:7e:81:10:1d:1e:5c:60:08:
         c6:02:66:16:c0:d3:08:83:27:8e:f4:6a:a2:18:15:97:75:65:
         21:39:c0:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLs88eJci8kB6rQ0Oyy9mayMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5NzM3YzZlMDYwMmJlMzgwNGUyNzc1ODBiYWI3ZTIxZTZl
MzM0NzQwHhcNMjQxMTAyMTI1NzMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjkzMjMzMDNiNzc3MmUxZWNlMTJjMmQ5ZDY2NjZmMTFlZDVmNjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYKSA/8O/S3Kj2GONO4iRj58i7/c
sthYOgvocTFJyRF9z/JMVGwprPucfVXWo1e9KyrqwmEPl/hw95LP83kbRa9pA3Tn
yBGnZmWwxwroMKfcqO5+o23n6YB8ZXryQ0Ip3UkCZEHQQP820l2tTVYZPrPoj5NP
cxBxwZad1wsghTrTZM64JSG+pvCf4H+EKVJWlmp/E6hil0bHy7/RViPd0GQ8FT0Z
xYSkK1qUpSo1B+Eh6aQCZmFmTViPIU7t7ouwSogT2QcgNo6OUdwJsIaWJuKPk6bW
csVnhSrhdWqkHWMOgrLtko9Af2aOvdQ12GkC72qAO2Vx8vyzVmgSlsxl2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFKTIzA7d3Lh7OEsLZ1mZvEe1faLMB8GA1UdIwQY
MBaAFGlzfG4GAr44BOJ3WAurfiHm4zR0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVhOOGJnWUN2amdFNG5kWUM2dC1JZWJqTkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9iNmFmOWQtNDdiYS00YjkyLWI0MWEt
ODM4YTQ1MDU3MzVhLzEvVXBNak1EdDNjdUhzNFN3dG5XWm04UjdWOW9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9iNmFmOWQtNDdiYS00YjkyLWI0MWEtODM4YTQ1MDU3MzVh
LzEvYVhOOGJnWUN2amdFNG5kWUM2dC1JZWJqTkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhN6MA0G
CSqGSIb3DQEBCwUAA4IBAQA04L9Y1mwu04eCmdSZXu4i2nK4XQlugxnB1sv6kGrE
oAnIftUt6RuIchuA2j9YCvK7Ljdtmeo4EyUZtKy+6yLtbqkh5QScpmK8gPlW8q3W
XjIK5F2zuSoNUvp0+1o9LIHaQe5iPbhEREEMZfsBGEGY7JI8L/TLFqyLITp6mLeQ
/Kakh766KiJ+u6l/rScEspJ7khHGXIrn9dOKbxhoqCeVenXA+RTcfRTFepsu5/9V
Q39BoXGOPQaMDRwMlSQBORyKxy7cBjC3tFOZfJdhHJ3I9RlRQbhWoPuSUJLJ6qJT
Sb8nfoEQHR5cYAjGAmYWwNMIgyeO9GqiGBWXdWUhOcBV
-----END CERTIFICATE-----