Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/ZhODG9seB9RIxxsvU_4IQru22Ng.roa
File:                     ZhODG9seB9RIxxsvU_4IQru22Ng.roa (raw, json)
Hash identifier:          GPdJmDpIfN62+sAvRqSlLX2ov6wckZI0kvZ3jctrTJQ=
Subject key identifier:   66:13:83:1B:DB:1E:07:D4:48:C7:1B:2F:53:FE:08:42:BB:B6:D8:D8
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A198E387A1AD9E2679448C7422410
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/ZhODG9seB9RIxxsvU_4IQru22Ng.roa
Signing time:             Tue 02 Jan 2024 12:33:25 +0000
ROA not before:           Tue 02 Jan 2024 12:33:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57975
IP address blocks:        146.120.240.0/24 maxlen: 24
                          146.158.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:19:8e:38:7a:1a:d9:e2:67:94:48:c7:42:24:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6613831bdb1e07d448c71b2f53fe0842bbb6d8d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:db:61:f6:c6:dc:01:69:b0:2f:79:83:17:4f:
                    dd:51:87:de:54:e8:33:cc:f1:3e:8a:39:6d:08:d9:
                    ec:66:47:89:51:85:2e:74:3f:bc:d6:8d:8b:00:a1:
                    5f:9f:5c:82:75:1f:83:18:36:c6:09:52:ef:fd:49:
                    d2:fe:89:e2:90:60:73:ff:c4:75:30:ce:f3:ee:39:
                    d0:5a:f9:be:dd:73:83:76:05:30:0d:5c:2d:5f:a8:
                    3f:d8:0d:0b:0f:9d:f4:98:6e:f4:59:80:bf:2d:c8:
                    c1:99:79:7d:1e:d6:80:e5:4b:cb:99:9a:0d:e2:7d:
                    d9:a7:f4:8a:1f:63:13:e6:92:96:d3:a9:a9:44:7e:
                    6e:6a:51:e3:f2:67:59:1a:47:fb:c8:5f:c5:fa:d2:
                    50:be:17:c0:22:6c:79:ae:73:33:b4:a0:15:3f:3b:
                    37:71:d4:42:ea:92:a2:40:16:82:f4:9c:35:40:74:
                    f2:82:77:52:63:74:ca:b6:08:18:e2:52:3b:b6:1c:
                    b0:15:97:f1:b0:d1:a8:f1:b8:90:11:c1:66:cf:6e:
                    62:ce:89:c0:b7:48:03:d0:83:7c:6c:4c:54:db:35:
                    6e:09:92:f7:42:77:64:24:13:3d:c0:f4:88:ba:dd:
                    8b:32:b3:5c:91:e2:bc:96:fe:98:17:92:1b:57:09:
                    3f:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:13:83:1B:DB:1E:07:D4:48:C7:1B:2F:53:FE:08:42:BB:B6:D8:D8
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/ZhODG9seB9RIxxsvU_4IQru22Ng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.120.240.0/24
                  146.158.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:65:d1:83:a3:fa:53:79:34:b4:40:57:e4:8d:40:db:26:5e:
         5c:59:d3:3c:13:ef:8e:95:ee:ae:54:7f:8d:23:58:8f:b6:df:
         6b:65:12:34:20:c7:a7:42:56:a4:5f:f0:f9:61:f7:b8:8a:67:
         27:af:cf:1f:14:9b:3c:e2:9a:f1:e8:a4:ad:99:f5:38:da:48:
         89:8c:27:70:c2:d2:79:49:d1:c9:a3:a0:5d:c7:15:59:55:3f:
         97:f3:27:3e:71:e4:fc:d8:fb:fe:a8:a6:12:10:51:e8:c6:77:
         25:36:01:f8:7d:89:e5:86:4c:e8:09:88:fc:cc:71:83:a0:3d:
         9a:10:78:37:f7:d2:9a:ae:22:27:90:16:e4:08:8d:fd:7f:b5:
         26:a3:54:b8:54:e5:de:d5:46:28:02:9f:4a:bf:c7:6f:84:98:
         be:96:88:ba:cb:77:29:45:12:d5:02:f9:f5:00:2e:f3:49:55:
         41:ee:a7:00:2a:1e:dc:a8:cf:bf:56:9f:fd:59:cc:7c:3e:6e:
         3c:62:fe:ba:48:8d:a1:4a:ac:3a:d6:0f:5b:2f:f0:d7:55:fa:
         5e:bc:bc:47:df:af:4b:fd:12:cd:0a:d5:02:43:f8:f5:64:a5:
         0c:21:d6:fa:31:fc:55:91:3f:b2:f9:9c:3e:30:44:bb:e2:f0:
         7b:f1:5d:ac
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKhmOOHoa2eJnlEjHQiQQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjEzODMxYmRiMWUwN2Q0NDhjNzFiMmY1M2ZlMDg0MmJiYjZkOGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9th9sbcAWmwL3mDF0/dUYfeVOgz
zPE+ijltCNnsZkeJUYUudD+81o2LAKFfn1yCdR+DGDbGCVLv/UnS/onikGBz/8R1
MM7z7jnQWvm+3XODdgUwDVwtX6g/2A0LD530mG70WYC/LcjBmXl9HtaA5UvLmZoN
4n3Zp/SKH2MT5pKW06mpRH5ualHj8mdZGkf7yF/F+tJQvhfAImx5rnMztKAVPzs3
cdRC6pKiQBaC9Jw1QHTygndSY3TKtggY4lI7thywFZfxsNGo8biQEcFmz25izonA
t0gD0IN8bExU2zVuCZL3QndkJBM9wPSIut2LMrNckeK8lv6YF5IbVwk/wQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGYTgxvbHgfUSMcbL1P+CEK7ttjYMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvWmhPREc5c2VCOVJJeHhzdlVfNElRcnUyMk5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAknjwAwQA
kp4PMA0GCSqGSIb3DQEBCwUAA4IBAQCsZdGDo/pTeTS0QFfkjUDbJl5cWdM8E++O
le6uVH+NI1iPtt9rZRI0IMenQlakX/D5Yfe4imcnr88fFJs84prx6KStmfU42kiJ
jCdwwtJ5SdHJo6BdxxVZVT+X8yc+ceT82Pv+qKYSEFHoxnclNgH4fYnlhkzoCYj8
zHGDoD2aEHg399KariInkBbkCI39f7Umo1S4VOXe1UYoAp9Kv8dvhJi+loi6y3cp
RRLVAvn1AC7zSVVB7qcAKh7cqM+/Vp/9Wcx8Pm48Yv66SI2hSqw61g9bL/DXVfpe
vLxH369L/RLNCtUCQ/j1ZKUMIdb6MfxVkT+y+Zw+MES74vB78V2s
-----END CERTIFICATE-----