Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/ACdYe9jP6DKDsUu8mvztLfZXtQc.roa
File:                     ACdYe9jP6DKDsUu8mvztLfZXtQc.roa (raw, json)
Hash identifier:          i3xDMKyo7eKo+Vj7X00W7PqeBy31pu9rxvd0pq1nf8s=
Subject key identifier:   00:27:58:7B:D8:CF:E8:32:83:B1:4B:BC:9A:FC:ED:2D:F6:57:B5:07
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0195EB98BCA98C439E36D4C8A10419B4687E
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/ACdYe9jP6DKDsUu8mvztLfZXtQc.roa
Signing time:             Mon 31 Mar 2025 09:46:50 +0000
ROA not before:           Mon 31 Mar 2025 09:46:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211004
IP address blocks:        146.158.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:eb:98:bc:a9:8c:43:9e:36:d4:c8:a1:04:19:b4:68:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Mar 31 09:46:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0027587bd8cfe83283b14bbc9afced2df657b507
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:50:39:e1:f0:ee:01:5c:03:ef:2b:b0:08:a0:
                    20:f4:df:b0:f7:72:2a:c0:11:73:0a:96:4a:51:71:
                    3a:fa:c7:0d:ba:f0:37:0e:8d:24:20:6b:c1:68:73:
                    0a:03:20:01:64:5c:5b:62:7d:76:d7:f1:b2:e9:d6:
                    0d:4f:a9:f9:ba:fe:db:dc:eb:99:1c:53:07:c4:9b:
                    12:ad:86:f9:15:02:d0:3d:a3:66:b2:7b:98:7f:c8:
                    55:48:6c:e6:d9:99:ce:71:af:cf:d2:fa:7f:c3:79:
                    6e:9d:43:75:e3:3f:30:1a:7f:33:cf:26:52:c9:71:
                    0b:16:fe:2b:51:d9:52:14:86:17:a2:9c:8b:9c:4b:
                    7f:98:7a:57:5f:dc:7c:0f:69:45:85:81:4b:3e:52:
                    54:5f:2a:33:83:82:c1:25:71:05:4b:65:33:62:fb:
                    ef:1d:ab:ce:67:d4:3a:5b:69:34:eb:0c:d6:00:93:
                    2e:28:92:f9:0a:61:dd:b5:43:26:8e:b2:41:68:d4:
                    0a:6d:8c:c9:9d:94:76:5a:fb:4a:cb:8c:43:c6:cf:
                    77:a5:c4:72:ef:53:4d:70:d2:20:0d:08:43:1b:2c:
                    d6:dd:73:cb:d6:9f:6d:52:51:d6:85:af:1d:63:f7:
                    2f:a3:25:f4:42:4f:cf:0a:e7:ef:55:60:e7:60:54:
                    cf:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:27:58:7B:D8:CF:E8:32:83:B1:4B:BC:9A:FC:ED:2D:F6:57:B5:07
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/ACdYe9jP6DKDsUu8mvztLfZXtQc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.158.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:c3:f5:71:5c:a4:5f:cf:39:5f:e4:94:79:5f:22:ff:23:6e:
         b4:82:70:39:67:2f:cc:c9:82:28:42:3e:78:63:86:1b:a9:b1:
         71:54:b7:b1:d7:9b:63:d4:63:0b:6b:f4:8f:90:70:99:e3:79:
         a0:eb:f1:ce:5b:ac:18:91:43:12:a0:13:e8:6f:be:c7:e7:67:
         d6:d7:df:9c:99:b5:96:a8:f5:6f:d3:51:6c:09:b0:d8:0b:1b:
         32:6d:a5:a5:9d:c3:c7:05:03:73:bc:33:6a:1b:82:a1:df:ce:
         38:3f:5e:dc:16:0b:df:50:37:5b:7f:c8:98:f9:01:d1:8e:f2:
         40:d2:9c:76:32:39:31:1e:8f:80:b8:e1:0f:07:df:ca:52:64:
         7c:be:9a:5a:48:14:46:ce:31:72:cf:61:ed:49:b0:29:26:f9:
         a2:1f:a4:b6:52:b7:81:f9:3a:bc:cb:fb:d9:ea:d2:ed:88:6d:
         81:e3:91:d5:83:3d:7d:b4:7c:c9:d8:8a:b7:7e:c3:2e:45:4b:
         10:ea:8f:a1:f4:e9:98:48:e4:32:55:3d:1d:7a:1e:5d:95:0b:
         47:bf:6e:9f:e1:4f:34:36:b1:34:19:6f:c1:9a:67:4e:bf:5f:
         d0:41:af:46:d0:19:ba:59:28:46:d8:ef:5b:bf:e6:2a:96:09:
         3c:3e:11:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXrmLypjEOeNtTIoQQZtGh+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMzMxMDk0NjUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDI3NTg3YmQ4Y2ZlODMyODNiMTRiYmM5YWZjZWQyZGY2NTdiNTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1A54fDuAVwD7yuwCKAg9N+w93Iq
wBFzCpZKUXE6+scNuvA3Do0kIGvBaHMKAyABZFxbYn121/Gy6dYNT6n5uv7b3OuZ
HFMHxJsSrYb5FQLQPaNmsnuYf8hVSGzm2ZnOca/P0vp/w3lunUN14z8wGn8zzyZS
yXELFv4rUdlSFIYXopyLnEt/mHpXX9x8D2lFhYFLPlJUXyozg4LBJXEFS2UzYvvv
HavOZ9Q6W2k06wzWAJMuKJL5CmHdtUMmjrJBaNQKbYzJnZR2WvtKy4xDxs93pcRy
71NNcNIgDQhDGyzW3XPL1p9tUlHWha8dY/cvoyX0Qk/PCufvVWDnYFTPdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAAnWHvYz+gyg7FLvJr87S32V7UHMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvQUNkWWU5alA2REtEc1V1OG12enRMZlpYdFFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkp4fMA0G
CSqGSIb3DQEBCwUAA4IBAQB5w/VxXKRfzzlf5JR5XyL/I260gnA5Zy/MyYIoQj54
Y4YbqbFxVLex15tj1GMLa/SPkHCZ43mg6/HOW6wYkUMSoBPob77H52fW19+cmbWW
qPVv01FsCbDYCxsybaWlncPHBQNzvDNqG4Kh3844P17cFgvfUDdbf8iY+QHRjvJA
0px2MjkxHo+AuOEPB9/KUmR8vppaSBRGzjFyz2HtSbApJvmiH6S2UreB+Tq8y/vZ
6tLtiG2B45HVgz19tHzJ2Iq3fsMuRUsQ6o+h9OmYSOQyVT0deh5dlQtHv26f4U80
NrE0GW/BmmdOv1/QQa9G0Bm6WShG2O9bv+Yqlgk8PhH3
-----END CERTIFICATE-----