Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/McmvAj0QdrldCkW-Gd_DKySRBlU.roa
File:                     McmvAj0QdrldCkW-Gd_DKySRBlU.roa (raw, json)
Hash identifier:          FLfeuRz+vFnyIKOvqHteQlOmETCNJa04MUNXfv5YmzI=
Subject key identifier:   31:C9:AF:02:3D:10:76:B9:5D:0A:45:BE:19:DF:C3:2B:24:91:06:55
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0192C2F742BA43C86D0C8B98D63E60DCCA2F
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/McmvAj0QdrldCkW-Gd_DKySRBlU.roa
Signing time:             Fri 25 Oct 2024 09:17:17 +0000
ROA not before:           Fri 25 Oct 2024 09:17:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213963
IP address blocks:        146.120.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:12:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:c2:f7:42:ba:43:c8:6d:0c:8b:98:d6:3e:60:dc:ca:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Oct 25 09:17:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31c9af023d1076b95d0a45be19dfc32b24910655
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:d6:27:65:23:7a:21:f3:2f:e1:6d:fd:23:79:
                    e4:12:9e:95:0b:b9:69:95:02:db:87:05:d9:4d:bc:
                    31:89:22:5e:14:85:79:b6:4f:55:0d:b7:9f:12:45:
                    96:26:d3:57:ab:ba:3d:86:16:a2:86:a6:cc:41:01:
                    b3:be:be:c8:05:d5:18:58:eb:21:da:5f:af:07:01:
                    72:58:b9:56:19:b8:24:10:0b:f0:d2:45:66:9c:b1:
                    b3:f6:b8:3e:d5:08:7b:2c:8f:fa:ac:cc:c0:e0:08:
                    5e:33:2e:1f:52:ce:a7:c1:fd:eb:0b:8d:cf:b8:38:
                    6a:69:ab:1d:04:4e:17:92:39:5c:bc:05:57:78:d5:
                    fc:28:b5:ea:22:f6:77:42:a6:7b:56:e5:89:b8:e7:
                    d7:15:92:33:6f:26:cb:9d:79:00:84:01:26:76:64:
                    dd:4b:06:24:49:70:c4:62:3d:14:5e:7c:3e:59:73:
                    2a:62:c6:1f:c2:39:e3:ec:2b:b5:e0:54:18:03:f9:
                    bb:db:67:c3:6f:a5:4e:65:41:a9:45:1b:58:66:d8:
                    f9:7f:e2:af:f5:eb:1c:ef:3f:37:5c:20:41:f3:23:
                    29:2a:f2:2d:ab:ef:94:ff:ad:37:6e:6a:38:23:cd:
                    37:5b:b8:00:e9:59:a1:14:92:34:01:36:72:e5:6a:
                    42:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:C9:AF:02:3D:10:76:B9:5D:0A:45:BE:19:DF:C3:2B:24:91:06:55
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/McmvAj0QdrldCkW-Gd_DKySRBlU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.120.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:58:0a:dc:1d:5f:84:05:bf:a3:19:6a:88:12:2b:34:8b:72:
         d2:5f:6f:7e:45:f2:75:ec:2c:52:03:48:54:f4:2f:fc:73:a4:
         51:0c:ba:59:62:c3:c7:a4:49:df:99:5d:14:ec:a3:ea:5c:af:
         62:0b:62:31:bd:f6:fe:eb:9c:e0:02:ff:4c:13:00:0f:55:76:
         b1:c4:6f:42:1e:b7:8a:db:c9:89:92:e5:af:7a:62:a9:2f:a6:
         8a:d9:86:03:1f:79:d0:db:ba:32:d7:8b:53:9a:f0:8f:d7:cd:
         21:fa:21:dc:27:2f:b8:b7:fc:0c:17:c5:f1:dc:92:94:13:6a:
         dc:e0:bd:12:79:80:36:d3:29:d9:ca:f9:2a:cd:79:a1:a3:4f:
         96:7a:8f:6a:67:bd:26:e0:fc:8c:5f:f5:cb:e2:77:00:80:f9:
         30:bd:2f:13:16:8a:12:0f:3e:20:43:71:ea:63:93:92:15:b0:
         bf:16:91:9b:db:ba:8c:bd:49:a9:6c:ff:b5:94:b7:24:c5:24:
         72:10:e1:bb:85:2b:50:e2:62:92:c1:b5:10:e5:c1:48:88:8b:
         9f:2d:6e:6d:73:c7:27:6f:13:18:a8:81:cb:c7:b3:e6:d0:1d:
         99:25:45:7a:fe:55:ae:c0:6e:bb:17:ab:e8:a7:b5:ff:0c:6d:
         c1:8f:f5:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLC90K6Q8htDIuY1j5g3MovMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQxMDI1MDkxNzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWM5YWYwMjNkMTA3NmI5NWQwYTQ1YmUxOWRmYzMyYjI0OTEwNjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdYnZSN6IfMv4W39I3nkEp6VC7lp
lQLbhwXZTbwxiSJeFIV5tk9VDbefEkWWJtNXq7o9hhaihqbMQQGzvr7IBdUYWOsh
2l+vBwFyWLlWGbgkEAvw0kVmnLGz9rg+1Qh7LI/6rMzA4AheMy4fUs6nwf3rC43P
uDhqaasdBE4XkjlcvAVXeNX8KLXqIvZ3QqZ7VuWJuOfXFZIzbybLnXkAhAEmdmTd
SwYkSXDEYj0UXnw+WXMqYsYfwjnj7Cu14FQYA/m722fDb6VOZUGpRRtYZtj5f+Kv
9esc7z83XCBB8yMpKvItq++U/603bmo4I803W7gA6VmhFJI0ATZy5WpCIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDHJrwI9EHa5XQpFvhnfwyskkQZVMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvTWNtdkFqMFFkcmxkQ2tXLUdkX0RLeVNSQmxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAknhaMA0G
CSqGSIb3DQEBCwUAA4IBAQCJWArcHV+EBb+jGWqIEis0i3LSX29+RfJ17CxSA0hU
9C/8c6RRDLpZYsPHpEnfmV0U7KPqXK9iC2Ixvfb+65zgAv9MEwAPVXaxxG9CHreK
28mJkuWvemKpL6aK2YYDH3nQ27oy14tTmvCP180h+iHcJy+4t/wMF8Xx3JKUE2rc
4L0SeYA20ynZyvkqzXmho0+Weo9qZ70m4PyMX/XL4ncAgPkwvS8TFooSDz4gQ3Hq
Y5OSFbC/FpGb27qMvUmpbP+1lLckxSRyEOG7hStQ4mKSwbUQ5cFIiIufLW5tc8cn
bxMYqIHLx7Pm0B2ZJUV6/lWuwG67F6vop7X/DG3Bj/VS
-----END CERTIFICATE-----