Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/cVwZYrkOSY_zWqsUNPr-hOMSGtQ.roa
File:                     cVwZYrkOSY_zWqsUNPr-hOMSGtQ.roa (raw, json)
Hash identifier:          z0i9tLxsy0QmJdBgrqUELkKEqOlZdRQctUa9SY9ZRJs=
Subject key identifier:   71:5C:19:62:B9:0E:49:8F:F3:5A:AB:14:34:FA:FE:84:E3:12:1A:D4
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0194258FEC9A7B3E5E827D85E36664B0E6A3
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/cVwZYrkOSY_zWqsUNPr-hOMSGtQ.roa
Signing time:             Thu 02 Jan 2025 05:49:36 +0000
ROA not before:           Thu 02 Jan 2025 05:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202533
IP address blocks:        146.120.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:ec:9a:7b:3e:5e:82:7d:85:e3:66:64:b0:e6:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=715c1962b90e498ff35aab1434fafe84e3121ad4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:f3:44:72:d6:d1:76:6a:90:67:06:23:12:9c:
                    4d:08:f0:bf:bb:89:92:04:6e:12:d2:6a:99:29:e4:
                    bc:5a:b2:c4:c9:bb:98:c6:52:9d:39:cf:af:09:cb:
                    1d:8b:69:06:a5:62:50:91:4d:b0:a5:22:ab:cf:0b:
                    4a:9f:95:0e:83:d4:c9:fb:45:0f:1e:86:05:88:ff:
                    eb:01:4c:66:fe:fe:7c:c7:1f:20:fd:3b:c9:73:91:
                    79:66:a4:1f:b2:15:72:93:c8:15:75:f3:a2:a7:24:
                    01:ee:52:b2:0f:27:b9:88:02:88:80:6b:bc:27:38:
                    99:43:db:c0:1f:60:90:f6:09:c3:7b:d8:9b:6f:a8:
                    75:04:5f:81:10:58:bc:64:5c:28:4b:c3:12:38:4a:
                    94:61:3b:da:1b:f0:11:3b:22:00:d2:4b:99:69:89:
                    32:05:38:59:aa:8b:1d:ed:ea:3f:5a:0b:25:1e:ba:
                    9e:2b:1c:00:2c:5d:96:c5:74:61:db:3e:95:8d:28:
                    a9:3a:5a:09:49:60:79:db:ed:37:82:60:15:b1:f1:
                    f5:bf:fe:56:04:34:d8:ed:4b:10:45:3e:2a:7a:ad:
                    6c:7b:cc:f2:7d:b0:31:a1:7c:59:c7:c0:a9:e1:4d:
                    d1:8c:35:89:98:4a:72:5f:b7:7a:14:44:9e:fd:a5:
                    c9:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:5C:19:62:B9:0E:49:8F:F3:5A:AB:14:34:FA:FE:84:E3:12:1A:D4
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/cVwZYrkOSY_zWqsUNPr-hOMSGtQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.120.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:13:20:03:44:95:99:a7:48:e5:ff:96:a1:39:0b:3d:62:d4:
         aa:0b:d9:81:78:a8:b2:0f:f6:70:96:08:54:0c:10:85:1d:fb:
         43:39:a8:c3:a5:cf:7a:55:13:42:2a:e7:aa:f8:95:18:44:2e:
         34:54:3d:59:8c:74:2b:24:41:52:aa:a7:c5:73:59:0f:46:3e:
         d3:e5:bb:c6:c5:a2:4b:03:22:01:3f:a6:c3:5e:2a:59:00:c1:
         02:62:df:6b:f9:3a:26:c9:35:07:cb:0b:d1:a0:3d:e9:72:56:
         eb:68:ec:a8:54:28:e0:8f:df:5e:a9:70:58:7c:b2:e3:44:a8:
         27:c9:67:09:f3:9b:75:fc:6f:6f:44:fe:d7:5b:70:2c:8e:6e:
         ff:01:2e:04:c7:82:9b:4c:6b:e3:15:ef:e4:fe:63:f0:64:b7:
         79:13:05:03:21:50:a9:33:76:8e:d8:bc:06:3b:4f:17:fc:c1:
         ea:29:2a:d3:e7:0f:5b:7f:13:75:0c:c2:33:d7:05:4f:50:93:
         4d:28:83:5e:8f:fb:24:b0:6b:74:8b:e7:f4:bd:c2:20:ee:b6:
         d7:ce:ab:3b:7b:78:89:04:e7:0d:ec:1e:3e:e9:a3:f7:45:a3:
         a7:e9:df:56:72:6f:cb:29:63:6f:ad:19:c6:f4:5f:a2:79:b6:
         ab:3a:f0:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj+yaez5egn2F42ZksOajMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTVjMTk2MmI5MGU0OThmZjM1YWFiMTQzNGZhZmU4NGUzMTIxYWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3fNEctbRdmqQZwYjEpxNCPC/u4mS
BG4S0mqZKeS8WrLEybuYxlKdOc+vCcsdi2kGpWJQkU2wpSKrzwtKn5UOg9TJ+0UP
HoYFiP/rAUxm/v58xx8g/TvJc5F5ZqQfshVyk8gVdfOipyQB7lKyDye5iAKIgGu8
JziZQ9vAH2CQ9gnDe9ibb6h1BF+BEFi8ZFwoS8MSOEqUYTvaG/AROyIA0kuZaYky
BThZqosd7eo/WgslHrqeKxwALF2WxXRh2z6VjSipOloJSWB52+03gmAVsfH1v/5W
BDTY7UsQRT4qeq1se8zyfbAxoXxZx8Cp4U3RjDWJmEpyX7d6FESe/aXJwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHFcGWK5DkmP81qrFDT6/oTjEhrUMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvY1Z3Wllya09TWV96V3FzVU5Qci1oT01TR3RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkngUMA0G
CSqGSIb3DQEBCwUAA4IBAQAAEyADRJWZp0jl/5ahOQs9YtSqC9mBeKiyD/ZwlghU
DBCFHftDOajDpc96VRNCKueq+JUYRC40VD1ZjHQrJEFSqqfFc1kPRj7T5bvGxaJL
AyIBP6bDXipZAMECYt9r+TomyTUHywvRoD3pclbraOyoVCjgj99eqXBYfLLjRKgn
yWcJ85t1/G9vRP7XW3Asjm7/AS4Ex4KbTGvjFe/k/mPwZLd5EwUDIVCpM3aO2LwG
O08X/MHqKSrT5w9bfxN1DMIz1wVPUJNNKINej/sksGt0i+f0vcIg7rbXzqs7e3iJ
BOcN7B4+6aP3RaOn6d9Wcm/LKWNvrRnG9F+iebarOvBP
-----END CERTIFICATE-----