Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/Cxn5iqG6k8OUwTZ8lAEGl-AN6UE.roa
File:                     Cxn5iqG6k8OUwTZ8lAEGl-AN6UE.roa (raw, json)
Hash identifier:          o4xw3Bx60haL8z+Ngzv0wlJMOlZGWlJiy5zdpJFjMso=
Subject key identifier:   0B:19:F9:8A:A1:BA:93:C3:94:C1:36:7C:94:01:06:97:E0:0D:E9:41
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A32806086DFDE3C6575DD09E5D26B
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/Cxn5iqG6k8OUwTZ8lAEGl-AN6UE.roa
Signing time:             Tue 02 Jan 2024 12:33:32 +0000
ROA not before:           Tue 02 Jan 2024 12:33:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64461
IP address blocks:        146.120.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:32:80:60:86:df:de:3c:65:75:dd:09:e5:d2:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b19f98aa1ba93c394c1367c94010697e00de941
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:c1:db:71:b4:5e:46:3e:68:c2:43:71:18:b8:
                    8b:3e:4d:e4:9e:4d:bd:be:4d:44:9b:bb:15:7d:12:
                    d7:12:61:01:a7:3a:8d:6a:9c:44:30:a4:23:ca:85:
                    f8:2f:b1:2e:1e:41:2c:37:6f:de:cd:a9:93:ef:3f:
                    0d:00:f3:ca:d1:8a:52:cb:a7:f9:ce:33:8c:45:58:
                    6a:3e:99:0a:81:6e:83:3e:a2:ee:dc:f4:75:be:53:
                    28:39:3b:47:0b:49:5b:97:e0:c7:8f:90:e7:87:c3:
                    d2:e8:88:e9:a2:94:9f:07:8f:ea:96:1a:21:29:15:
                    18:70:fa:0b:dc:e8:b3:20:d3:66:81:0a:5a:1c:24:
                    44:82:0b:60:7e:74:94:a1:ee:77:bb:8e:cf:b9:ca:
                    5f:4a:da:64:36:2f:89:4c:14:61:92:db:4c:71:95:
                    f2:2c:71:e1:7a:de:c8:45:f7:c9:43:6e:aa:7e:c2:
                    7b:cc:b2:6d:fd:c9:cb:79:23:4c:52:af:34:c8:68:
                    94:e5:05:2c:c7:12:f5:d1:1f:e0:be:69:af:8c:aa:
                    f6:6a:7f:6d:bf:47:4e:d2:46:bb:af:70:95:b0:08:
                    89:b8:ac:95:17:ed:03:6a:97:00:4e:49:9d:cf:95:
                    36:00:a2:2d:ce:64:70:38:ae:08:21:b9:d7:c7:87:
                    e6:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:19:F9:8A:A1:BA:93:C3:94:C1:36:7C:94:01:06:97:E0:0D:E9:41
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/Cxn5iqG6k8OUwTZ8lAEGl-AN6UE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.120.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:35:3f:a5:74:ed:56:5e:35:1c:54:bc:a4:03:02:bd:ec:7a:
         8a:db:4f:26:9d:14:c7:6b:e0:4e:db:a5:3b:38:c1:73:92:34:
         1c:01:3f:16:86:02:ba:b4:29:31:32:f5:14:4a:61:96:ac:8d:
         d6:fc:c7:b7:67:0e:0b:a4:7d:a6:db:89:c0:1f:eb:4b:24:a7:
         2a:04:d6:68:c3:ef:a7:a0:17:51:a3:1a:c9:77:e0:18:24:ba:
         ef:f4:59:13:b0:f8:2b:09:4a:ea:b2:48:91:e1:53:5e:73:3a:
         06:23:51:d7:4e:de:cf:04:c8:96:62:1e:90:80:38:01:98:c2:
         dc:74:92:f5:78:70:3a:76:f3:54:d1:df:f1:32:16:05:2a:00:
         8c:d4:79:ef:a0:8a:cf:f0:f5:8c:08:60:ed:a4:d9:5d:bd:05:
         02:53:9c:e4:c1:95:22:09:d8:74:a1:a6:5b:79:0d:c2:e1:d2:
         8f:9c:30:43:4f:8b:20:b4:a2:43:d0:07:8a:9e:f2:ec:a9:e5:
         4c:f3:ed:eb:16:33:a9:dd:84:15:ee:c6:9f:86:8f:94:6b:3b:
         c7:48:b2:a4:be:74:23:af:c7:c4:45:97:7d:fb:37:aa:49:79:
         49:f0:99:60:e3:4b:a4:5b:ce:ca:c7:25:4c:d7:8c:2a:6a:b4:
         3b:eb:91:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKjKAYIbf3jxldd0J5dJrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjE5Zjk4YWExYmE5M2MzOTRjMTM2N2M5NDAxMDY5N2UwMGRlOTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg8HbcbReRj5owkNxGLiLPk3knk29
vk1Em7sVfRLXEmEBpzqNapxEMKQjyoX4L7EuHkEsN2/ezamT7z8NAPPK0YpSy6f5
zjOMRVhqPpkKgW6DPqLu3PR1vlMoOTtHC0lbl+DHj5Dnh8PS6IjpopSfB4/qlhoh
KRUYcPoL3OizINNmgQpaHCREggtgfnSUoe53u47PucpfStpkNi+JTBRhkttMcZXy
LHHhet7IRffJQ26qfsJ7zLJt/cnLeSNMUq80yGiU5QUsxxL10R/gvmmvjKr2an9t
v0dO0ka7r3CVsAiJuKyVF+0DapcATkmdz5U2AKItzmRwOK4IIbnXx4fm0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAsZ+YqhupPDlME2fJQBBpfgDelBMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvQ3huNWlxRzZrOE9Vd1RaOGxBRUdsLUFONlVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAknheMA0G
CSqGSIb3DQEBCwUAA4IBAQAjNT+ldO1WXjUcVLykAwK97HqK208mnRTHa+BO26U7
OMFzkjQcAT8WhgK6tCkxMvUUSmGWrI3W/Me3Zw4LpH2m24nAH+tLJKcqBNZow++n
oBdRoxrJd+AYJLrv9FkTsPgrCUrqskiR4VNeczoGI1HXTt7PBMiWYh6QgDgBmMLc
dJL1eHA6dvNU0d/xMhYFKgCM1HnvoIrP8PWMCGDtpNldvQUCU5zkwZUiCdh0oaZb
eQ3C4dKPnDBDT4sgtKJD0AeKnvLsqeVM8+3rFjOp3YQV7safho+UazvHSLKkvnQj
r8fERZd9+zeqSXlJ8Jlg40ukW87KxyVM14wqarQ765Ex
-----END CERTIFICATE-----