Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/RW8Kg1DsXFmRn5IHgi6JCfWIkG0.roa
File:                     RW8Kg1DsXFmRn5IHgi6JCfWIkG0.roa (raw, json)
Hash identifier:          U/HE4uD944QJXscSyIlUYkgzZVanvvoyKP97FF1i/8w=
Subject key identifier:   45:6F:0A:83:50:EC:5C:59:91:9F:92:07:82:2E:89:09:F5:88:90:6D
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0194258FEFAC4AD44DED9A4F9C4E6797F204
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/RW8Kg1DsXFmRn5IHgi6JCfWIkG0.roa
Signing time:             Thu 02 Jan 2025 05:49:37 +0000
ROA not before:           Thu 02 Jan 2025 05:49:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204323
IP address blocks:        146.158.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:ef:ac:4a:d4:4d:ed:9a:4f:9c:4e:67:97:f2:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=456f0a8350ec5c59919f9207822e8909f588906d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d5:49:98:d2:d6:60:a4:87:d9:d5:a0:c7:da:
                    2f:33:1b:49:a0:2d:23:15:38:77:21:9e:a2:b6:31:
                    ef:db:ae:df:c9:42:d8:67:bc:39:7a:b5:1d:de:f7:
                    76:da:2e:d9:cd:5a:13:39:51:d5:77:3a:a6:01:39:
                    1f:59:37:ac:e2:bd:83:60:81:36:6d:18:4e:4d:7f:
                    fa:6a:b0:cf:19:9a:49:8b:77:4c:20:aa:d0:15:03:
                    5d:ed:ae:ab:a7:cb:af:03:97:77:33:bd:9b:d1:20:
                    17:d6:76:96:9f:36:b4:02:aa:ae:f6:19:32:98:54:
                    00:1f:58:86:69:ad:33:6f:70:d3:d2:86:23:4c:a9:
                    20:ad:9f:a4:66:88:b2:7d:dd:34:33:50:0b:73:19:
                    ca:2a:a8:68:ec:fe:d8:99:ef:78:73:95:f5:98:61:
                    f9:ea:f7:7e:a5:fc:54:cd:c6:84:1f:88:5e:c8:f6:
                    c6:3f:c2:2f:e1:b1:44:9c:6e:d4:1f:66:3b:b0:92:
                    cc:b9:1d:da:f6:7b:37:2f:d5:fa:ef:0a:34:f9:77:
                    8b:8f:32:17:5c:df:fc:0e:f3:fd:bb:8d:8b:1e:95:
                    85:8e:cd:15:40:3f:a5:44:04:64:42:4e:8f:c5:25:
                    a6:a9:bf:a9:63:84:f7:05:64:e8:fa:1e:aa:e9:42:
                    75:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:6F:0A:83:50:EC:5C:59:91:9F:92:07:82:2E:89:09:F5:88:90:6D
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/RW8Kg1DsXFmRn5IHgi6JCfWIkG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.158.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:52:19:fe:bb:76:1c:f4:de:22:94:e1:3a:9e:da:fd:4b:e8:
         c3:c9:b3:8b:e5:55:da:c8:eb:f1:84:5c:86:74:ca:d7:4a:23:
         a0:fe:94:5b:b3:87:a3:e8:fa:da:e7:1e:9d:53:f3:b9:80:36:
         00:4e:a0:05:73:a7:08:40:fa:c2:1c:83:b0:ef:fd:9e:7d:e8:
         ac:00:e9:f5:ca:29:a8:9f:cf:1a:8e:97:f9:7a:2c:49:8f:8b:
         b5:41:87:c2:3c:49:53:2f:a0:d1:4c:03:b5:7a:05:7c:fc:f3:
         5c:00:c1:a4:54:f7:29:9a:60:68:0d:ee:10:fb:95:c1:e0:83:
         16:0d:3c:20:0d:7b:d6:5c:10:94:2b:4d:aa:5b:47:69:d5:c4:
         c3:85:ca:9d:47:df:3e:39:25:61:a9:be:70:4f:db:11:12:eb:
         44:63:68:b0:a8:0e:e4:87:d1:82:be:69:ec:1a:e0:9e:91:9a:
         78:05:cd:99:0e:20:9f:03:f8:36:4d:5c:06:13:5d:d2:70:e1:
         7b:fd:47:4c:66:b7:f9:13:3f:37:24:dc:a6:00:57:81:f1:76:
         26:f6:f6:38:4d:75:0e:7d:40:f7:dc:c3:0a:05:ac:f7:be:2f:
         0c:4b:3a:07:d4:8b:0f:15:f2:df:d5:5f:b3:20:e4:c9:9e:90:
         c6:95:e2:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj++sStRN7ZpPnE5nl/IEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTZmMGE4MzUwZWM1YzU5OTE5ZjkyMDc4MjJlODkwOWY1ODg5MDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdVJmNLWYKSH2dWgx9ovMxtJoC0j
FTh3IZ6itjHv267fyULYZ7w5erUd3vd22i7ZzVoTOVHVdzqmATkfWTes4r2DYIE2
bRhOTX/6arDPGZpJi3dMIKrQFQNd7a6rp8uvA5d3M72b0SAX1naWnza0Aqqu9hky
mFQAH1iGaa0zb3DT0oYjTKkgrZ+kZoiyfd00M1ALcxnKKqho7P7Yme94c5X1mGH5
6vd+pfxUzcaEH4heyPbGP8Iv4bFEnG7UH2Y7sJLMuR3a9ns3L9X67wo0+XeLjzIX
XN/8DvP9u42LHpWFjs0VQD+lRARkQk6PxSWmqb+pY4T3BWTo+h6q6UJ1DQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEVvCoNQ7FxZkZ+SB4IuiQn1iJBtMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvUlc4S2cxRHNYRm1SbjVJSGdpNkpDZldJa0cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkp4OMA0G
CSqGSIb3DQEBCwUAA4IBAQAyUhn+u3Yc9N4ilOE6ntr9S+jDybOL5VXayOvxhFyG
dMrXSiOg/pRbs4ej6Pra5x6dU/O5gDYATqAFc6cIQPrCHIOw7/2efeisAOn1yimo
n88ajpf5eixJj4u1QYfCPElTL6DRTAO1egV8/PNcAMGkVPcpmmBoDe4Q+5XB4IMW
DTwgDXvWXBCUK02qW0dp1cTDhcqdR98+OSVhqb5wT9sREutEY2iwqA7kh9GCvmns
GuCekZp4Bc2ZDiCfA/g2TVwGE13ScOF7/UdMZrf5Ez83JNymAFeB8XYm9vY4TXUO
fUD33MMKBaz3vi8MSzoH1IsPFfLf1V+zIOTJnpDGleKn
-----END CERTIFICATE-----