Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/18b690-c5ae-4fb4-8bf8-63a0be6a8e5f/1/p_T4aOfJgt32cIeHmdCdZaJR0_E.roa
File:                     p_T4aOfJgt32cIeHmdCdZaJR0_E.roa (raw, json)
Hash identifier:          jiCa9LbV82kIu27nzA/kWtY2FEgGHuesgpNQFkD9nkc=
Subject key identifier:   A7:F4:F8:68:E7:C9:82:DD:F6:70:87:87:99:D0:9D:65:A2:51:D3:F1
Certificate issuer:       /CN=aee8e5dfec683ae5f1a0ebe0fb96fa256b304762
Certificate serial:       018CC26D31B8D88D4E666A7F7D4FE54C85C1
Authority key identifier: AE:E8:E5:DF:EC:68:3A:E5:F1:A0:EB:E0:FB:96:FA:25:6B:30:47:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rujl3-xoOuXxoOvg-5b6JWswR2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/18b690-c5ae-4fb4-8bf8-63a0be6a8e5f/1/p_T4aOfJgt32cIeHmdCdZaJR0_E.roa
Signing time:             Mon 01 Jan 2024 00:29:45 +0000
ROA not before:           Mon 01 Jan 2024 00:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210458
IP address blocks:        146.19.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/18b690-c5ae-4fb4-8bf8-63a0be6a8e5f/1/rujl3-xoOuXxoOvg-5b6JWswR2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/18b690-c5ae-4fb4-8bf8-63a0be6a8e5f/1/rujl3-xoOuXxoOvg-5b6JWswR2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rujl3-xoOuXxoOvg-5b6JWswR2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 07:03:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:31:b8:d8:8d:4e:66:6a:7f:7d:4f:e5:4c:85:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aee8e5dfec683ae5f1a0ebe0fb96fa256b304762
        Validity
            Not Before: Jan  1 00:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a7f4f868e7c982ddf670878799d09d65a251d3f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:38:95:9f:2b:29:3a:01:6e:72:e8:ea:d1:89:
                    3b:fa:ab:3f:06:92:28:75:33:31:36:92:32:7f:55:
                    0f:d4:99:1a:77:8f:c5:e0:56:13:ef:20:6f:af:d0:
                    1e:ef:5e:e3:d7:64:6c:13:cc:4c:24:a4:2d:41:bd:
                    f9:5f:1a:b2:c1:bd:0e:13:8e:69:10:4b:53:b4:0b:
                    5c:ef:ee:c2:35:4b:36:75:af:63:10:b0:98:6a:a7:
                    cc:b9:27:1c:e5:b1:63:da:81:48:a0:8f:62:eb:42:
                    0e:e5:2e:97:17:4e:cd:70:df:8e:cf:90:89:c0:71:
                    73:7c:00:b2:97:42:a7:2b:70:cc:34:9c:9f:7e:57:
                    7a:93:e2:bf:b1:78:f7:ac:2b:57:e5:54:4a:9e:0f:
                    ef:37:50:5b:29:de:75:49:f3:11:34:ac:b5:63:e6:
                    5b:0b:b6:94:b5:00:fe:05:ac:6d:3f:ff:7a:a9:bb:
                    09:88:b6:68:e7:e7:5d:28:bf:51:5f:de:6f:79:ea:
                    b1:c7:43:75:21:86:34:1c:dd:b8:d3:fb:18:aa:ca:
                    41:ee:c8:f6:03:17:e6:cc:16:0e:72:43:ba:4f:dc:
                    99:8c:6b:8c:61:a8:cb:1e:4d:3c:d0:84:b8:1d:1c:
                    0a:33:80:4e:f2:f8:ec:ac:7a:b1:e8:5c:9f:3e:55:
                    87:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:F4:F8:68:E7:C9:82:DD:F6:70:87:87:99:D0:9D:65:A2:51:D3:F1
            X509v3 Authority Key Identifier:
                keyid:AE:E8:E5:DF:EC:68:3A:E5:F1:A0:EB:E0:FB:96:FA:25:6B:30:47:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rujl3-xoOuXxoOvg-5b6JWswR2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/18b690-c5ae-4fb4-8bf8-63a0be6a8e5f/1/p_T4aOfJgt32cIeHmdCdZaJR0_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/18b690-c5ae-4fb4-8bf8-63a0be6a8e5f/1/rujl3-xoOuXxoOvg-5b6JWswR2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:17:11:f6:d7:de:8d:70:76:92:74:2e:d9:c2:b6:18:ed:9f:
         10:1c:a6:3d:36:32:d9:a1:d2:08:e5:d0:86:91:a5:99:04:7c:
         e5:1a:98:05:b6:cc:d9:4f:8f:a2:65:0f:13:e1:0d:f0:b8:69:
         3e:bc:fa:35:b4:a1:14:a8:d5:76:d1:b4:07:2e:22:83:70:d3:
         0a:56:b6:ad:46:f1:82:0d:38:79:63:9c:c1:5c:d9:d7:41:6f:
         97:0c:b9:f8:2e:2a:f6:ad:0b:e5:94:bc:1e:03:78:05:19:b1:
         d9:e6:c7:39:89:2e:68:47:61:31:81:ca:e3:6d:ac:48:17:87:
         fe:76:10:3e:cf:b3:6d:cf:b5:ae:57:ed:3f:ec:ce:05:9d:bd:
         1f:a7:ad:5c:d3:21:ef:08:9a:43:d9:5f:5b:76:1d:c4:92:1b:
         1f:d2:7b:ab:b0:fe:97:7b:4b:50:5d:5e:2d:fb:7f:8d:c4:a3:
         f4:4d:e6:ef:b2:67:c0:11:d1:dd:df:4f:9a:9c:35:01:3c:33:
         6b:1d:a8:cb:a1:32:39:63:fc:13:f0:a1:fc:5e:e3:26:ea:71:
         a9:3a:a1:95:b3:e5:91:e9:29:26:93:ab:5f:ec:26:17:ac:c4:
         c6:fd:77:dc:b1:da:35:c6:be:64:52:1d:2e:25:f2:76:57:bd:
         9d:f4:f6:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbTG42I1OZmp/fU/lTIXBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZThlNWRmZWM2ODNhZTVmMWEwZWJlMGZiOTZmYTI1NmIz
MDQ3NjIwHhcNMjQwMTAxMDAyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2Y0Zjg2OGU3Yzk4MmRkZjY3MDg3ODc5OWQwOWQ2NWEyNTFkM2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoTiVnyspOgFucujq0Yk7+qs/BpIo
dTMxNpIyf1UP1Jkad4/F4FYT7yBvr9Ae717j12RsE8xMJKQtQb35Xxqywb0OE45p
EEtTtAtc7+7CNUs2da9jELCYaqfMuScc5bFj2oFIoI9i60IO5S6XF07NcN+Oz5CJ
wHFzfACyl0KnK3DMNJyffld6k+K/sXj3rCtX5VRKng/vN1BbKd51SfMRNKy1Y+Zb
C7aUtQD+BaxtP/96qbsJiLZo5+ddKL9RX95veeqxx0N1IYY0HN240/sYqspB7sj2
AxfmzBYOckO6T9yZjGuMYajLHk080IS4HRwKM4BO8vjsrHqx6FyfPlWHhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKf0+GjnyYLd9nCHh5nQnWWiUdPxMB8GA1UdIwQY
MBaAFK7o5d/saDrl8aDr4PuW+iVrMEdiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnVqbDMteG9PdVh4b092Zy01YjZKV3N3UjJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS8xOGI2OTAtYzVhZS00ZmI0LThiZjgt
NjNhMGJlNmE4ZTVmLzEvcF9UNGFPZkpndDMyY0llSG1kQ2RaYUpSMF9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS8xOGI2OTAtYzVhZS00ZmI0LThiZjgtNjNhMGJlNmE4ZTVm
LzEvcnVqbDMteG9PdVh4b092Zy01YjZKV3N3UjJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhONMA0G
CSqGSIb3DQEBCwUAA4IBAQANFxH2196NcHaSdC7ZwrYY7Z8QHKY9NjLZodII5dCG
kaWZBHzlGpgFtszZT4+iZQ8T4Q3wuGk+vPo1tKEUqNV20bQHLiKDcNMKVratRvGC
DTh5Y5zBXNnXQW+XDLn4Lir2rQvllLweA3gFGbHZ5sc5iS5oR2ExgcrjbaxIF4f+
dhA+z7Ntz7WuV+0/7M4Fnb0fp61c0yHvCJpD2V9bdh3Ekhsf0nursP6Xe0tQXV4t
+3+NxKP0TebvsmfAEdHd30+anDUBPDNrHajLoTI5Y/wT8KH8XuMm6nGpOqGVs+WR
6Skmk6tf7CYXrMTG/Xfcsdo1xr5kUh0uJfJ2V72d9PZL
-----END CERTIFICATE-----