Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/PS51UNxwGBnZ4R0ghkEyLoWclfA.roa
File:                     PS51UNxwGBnZ4R0ghkEyLoWclfA.roa (raw, json)
Hash identifier:          uANvgVBp527GglE/kPO3P+aRQarfh+N/lcx78UlmQQE=
Subject key identifier:   3D:2E:75:50:DC:70:18:19:D9:E1:1D:20:86:41:32:2E:85:9C:95:F0
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA29F0C83CB43A8E7C86F5F3D9CBF931
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/PS51UNxwGBnZ4R0ghkEyLoWclfA.roa
Signing time:             Tue 02 Jan 2024 12:33:15 +0000
ROA not before:           Tue 02 Jan 2024 12:33:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42782
IP address blocks:        146.120.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:f0:c8:3c:b4:3a:8e:7c:86:f5:f3:d9:cb:f9:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d2e7550dc701819d9e11d208641322e859c95f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:fc:4a:5b:43:6c:3a:4a:ce:e2:f8:fd:ae:fa:
                    2d:b9:68:bc:bf:a8:ac:35:22:ee:f5:89:1b:9f:3c:
                    26:4c:c1:4d:81:60:74:ad:41:63:c4:4e:73:fe:50:
                    20:ce:88:84:54:e7:82:7b:4f:56:ce:0b:c0:18:b5:
                    52:1e:05:94:1d:13:a5:dc:83:5e:93:34:5f:fe:7c:
                    2b:d9:ef:25:95:9c:52:7b:78:52:a8:08:85:9d:49:
                    e3:40:52:4c:93:ba:bf:52:52:55:0d:bc:74:8f:27:
                    cc:04:4c:26:61:dd:6b:ce:02:43:cc:28:58:bc:82:
                    47:18:2c:24:8d:9b:11:55:95:3b:f3:52:43:26:aa:
                    1e:1b:51:47:96:be:3e:cd:1a:d3:4d:5d:23:ec:42:
                    43:83:a1:be:b1:bf:12:18:07:50:e3:2c:2a:19:e8:
                    a0:d8:9b:3a:f6:80:01:cf:97:dd:40:fe:47:d7:34:
                    9c:c4:78:4d:8b:8a:f6:3c:73:0e:6e:f9:75:2d:4f:
                    ce:b2:ce:05:b4:68:a5:9b:d3:b4:e1:93:11:f7:7d:
                    cc:b2:7a:02:2f:a9:cb:e7:34:c6:e7:c5:5e:b7:58:
                    04:71:40:80:3f:25:6d:d9:07:e4:46:40:1e:15:21:
                    7b:52:5b:c0:51:59:ee:98:f6:6a:1c:84:75:6a:76:
                    b9:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:2E:75:50:DC:70:18:19:D9:E1:1D:20:86:41:32:2E:85:9C:95:F0
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/PS51UNxwGBnZ4R0ghkEyLoWclfA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.120.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:8b:b3:ec:16:8b:0b:70:a4:fd:5e:27:5e:3a:19:76:b5:f8:
         15:4f:76:7b:f7:c8:11:66:29:39:72:24:52:81:b9:c3:6b:e2:
         03:7e:87:f5:c2:eb:1f:07:1c:80:dd:ca:d6:b7:2c:e3:67:89:
         09:47:eb:54:1e:ba:3b:e2:dd:3b:7a:8e:94:32:b4:29:cc:49:
         bc:2c:ea:ad:3c:09:80:36:36:93:b4:38:38:e7:96:8d:1d:16:
         11:6d:8e:4c:9f:3a:a7:2d:0d:18:4d:0a:14:e3:c2:03:49:d7:
         a5:6d:b4:1a:d4:fc:d6:50:5e:8a:89:1f:4b:41:5c:86:da:18:
         bd:b4:65:bf:54:10:d7:80:ee:b3:7a:2a:5d:94:89:7e:54:4b:
         20:51:88:ae:e0:69:be:f0:d6:27:01:50:dd:be:1c:70:15:53:
         32:75:1c:84:fc:ef:65:99:a5:5d:1b:80:95:3c:99:92:aa:93:
         fa:91:5b:bd:08:6c:59:03:11:0c:bd:fc:cd:28:03:21:0c:e5:
         a4:06:49:58:f1:be:d2:2f:30:68:72:c0:9f:fd:00:aa:a5:e9:
         99:81:7b:8d:53:e1:20:d1:b0:b8:bb:a2:f0:fc:28:01:bb:f4:
         ce:8f:e6:0a:0e:7f:0f:b1:66:5c:38:63:25:fe:3a:0b:e0:7e:
         c8:05:5f:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKfDIPLQ6jnyG9fPZy/kxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDJlNzU1MGRjNzAxODE5ZDllMTFkMjA4NjQxMzIyZTg1OWM5NWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsPxKW0NsOkrO4vj9rvotuWi8v6is
NSLu9YkbnzwmTMFNgWB0rUFjxE5z/lAgzoiEVOeCe09WzgvAGLVSHgWUHROl3INe
kzRf/nwr2e8llZxSe3hSqAiFnUnjQFJMk7q/UlJVDbx0jyfMBEwmYd1rzgJDzChY
vIJHGCwkjZsRVZU781JDJqoeG1FHlr4+zRrTTV0j7EJDg6G+sb8SGAdQ4ywqGeig
2Js69oABz5fdQP5H1zScxHhNi4r2PHMObvl1LU/Oss4FtGilm9O04ZMR933MsnoC
L6nL5zTG58Vet1gEcUCAPyVt2QfkRkAeFSF7UlvAUVnumPZqHIR1ana54QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD0udVDccBgZ2eEdIIZBMi6FnJXwMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvUFM1MVVOeHdHQm5aNFIwZ2hrRXlMb1djbGZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAknjGMA0G
CSqGSIb3DQEBCwUAA4IBAQAJi7PsFosLcKT9XideOhl2tfgVT3Z798gRZik5ciRS
gbnDa+IDfof1wusfBxyA3crWtyzjZ4kJR+tUHro74t07eo6UMrQpzEm8LOqtPAmA
NjaTtDg455aNHRYRbY5MnzqnLQ0YTQoU48IDSdelbbQa1PzWUF6KiR9LQVyG2hi9
tGW/VBDXgO6zeipdlIl+VEsgUYiu4Gm+8NYnAVDdvhxwFVMydRyE/O9lmaVdG4CV
PJmSqpP6kVu9CGxZAxEMvfzNKAMhDOWkBklY8b7SLzBocsCf/QCqpemZgXuNU+Eg
0bC4u6Lw/CgBu/TOj+YKDn8PsWZcOGMl/joL4H7IBV9n
-----END CERTIFICATE-----