Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/rG0UqlnixgUMwnjVLdblPKKpLqk.roa
File:                     rG0UqlnixgUMwnjVLdblPKKpLqk.roa (raw, json)
Hash identifier:          m2925tuDJVjy7bZHdZOVmKQujWzz6gIbzH+Fnj6TxwA=
Subject key identifier:   AC:6D:14:AA:59:E2:C6:05:0C:C2:78:D5:2D:D6:E5:3C:A2:A9:2E:A9
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A5B4A9920EF70B0E00AD932967E30
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/rG0UqlnixgUMwnjVLdblPKKpLqk.roa
Signing time:             Tue 02 Jan 2024 12:33:42 +0000
ROA not before:           Tue 02 Jan 2024 12:33:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216261
IP address blocks:        146.158.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:5b:4a:99:20:ef:70:b0:e0:0a:d9:32:96:7e:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac6d14aa59e2c6050cc278d52dd6e53ca2a92ea9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:b6:7e:f3:dd:28:0e:66:ac:fc:a0:ce:5e:89:
                    59:fc:1f:9d:92:b5:fc:d5:a9:67:10:e2:6a:92:b2:
                    48:df:e4:1a:90:1a:d0:0f:a2:d5:36:0c:f8:c5:e0:
                    00:e7:ab:08:9d:bb:02:4c:a3:87:17:29:c3:0e:e7:
                    dd:4c:01:dc:ac:10:49:19:b6:71:2a:51:f5:5d:5f:
                    d0:5f:d7:ab:e4:8b:4d:20:31:9a:f8:45:1f:b7:1e:
                    46:37:28:66:7e:d3:a3:93:5b:06:60:36:45:c0:1c:
                    8d:4e:a4:87:8a:22:1c:a7:60:50:25:1c:9d:c1:7a:
                    6c:b5:ea:39:b4:60:64:0e:ff:b1:4e:40:28:4a:e3:
                    3d:3b:68:92:ee:15:49:b7:65:b4:6c:59:31:e7:8b:
                    a4:46:a0:78:ae:d7:43:3b:fd:67:36:55:62:f7:65:
                    3e:29:04:d4:cc:c2:19:4b:24:b9:b6:53:36:6a:92:
                    20:f8:6b:45:7b:44:ae:95:b2:d4:94:fd:b2:dd:e1:
                    a7:2e:78:0e:d4:a3:0c:f0:93:e9:27:c7:98:50:08:
                    92:5f:b4:d7:98:8c:a9:68:34:66:ca:3e:2c:4a:18:
                    a5:4c:a6:fb:03:99:19:8a:90:a5:fb:f1:a0:6d:fe:
                    b3:4c:20:06:c9:6a:bd:4b:35:b1:42:3e:3a:a0:04:
                    f3:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:6D:14:AA:59:E2:C6:05:0C:C2:78:D5:2D:D6:E5:3C:A2:A9:2E:A9
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/rG0UqlnixgUMwnjVLdblPKKpLqk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.158.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:42:ac:ff:b3:ae:ce:b9:51:79:ac:d2:44:dd:e8:ee:65:5e:
         e3:cd:51:62:2d:1b:4c:47:4c:6d:e2:81:4f:fc:38:be:e6:8a:
         39:79:74:4b:56:32:93:cf:de:80:29:71:b4:0c:1d:de:e8:ed:
         41:9a:e0:da:2e:64:52:d6:fc:ea:95:55:3d:90:c7:2d:bb:0d:
         af:cd:37:1d:d8:a7:c6:0f:48:e7:2f:62:70:9b:c5:b3:4b:65:
         76:de:ba:72:8f:9d:c2:9e:2b:bd:c0:e8:ca:b5:1e:19:cb:63:
         bf:ab:b6:30:8d:f9:3c:0b:45:90:e2:e3:cf:c8:00:88:38:32:
         4b:c0:5d:01:54:7d:ae:8b:c5:86:f2:b7:a6:8d:3c:2b:bb:b4:
         7e:6a:68:63:aa:90:30:ce:85:1c:98:54:70:b3:b3:dc:dc:60:
         47:33:6a:f3:d5:c4:47:cc:5e:c1:f4:3b:25:f1:17:79:17:59:
         d6:01:b5:a4:55:5b:ec:d5:38:e1:af:3d:f7:b7:f4:e0:34:ff:
         73:58:73:a8:f7:f7:42:0c:5d:d7:f1:cc:cf:9e:5f:7b:69:b8:
         5b:06:cc:c1:9c:c3:b0:4f:76:e2:51:16:95:79:f6:d6:45:8d:
         ca:6f:1a:8f:3e:cb:4b:63:d4:22:67:4d:5a:4f:2e:62:87:53:
         d2:d1:8e:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKltKmSDvcLDgCtkyln4wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzZkMTRhYTU5ZTJjNjA1MGNjMjc4ZDUyZGQ2ZTUzY2EyYTkyZWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrZ+890oDmas/KDOXolZ/B+dkrX8
1alnEOJqkrJI3+QakBrQD6LVNgz4xeAA56sInbsCTKOHFynDDufdTAHcrBBJGbZx
KlH1XV/QX9er5ItNIDGa+EUftx5GNyhmftOjk1sGYDZFwByNTqSHiiIcp2BQJRyd
wXpsteo5tGBkDv+xTkAoSuM9O2iS7hVJt2W0bFkx54ukRqB4rtdDO/1nNlVi92U+
KQTUzMIZSyS5tlM2apIg+GtFe0SulbLUlP2y3eGnLngO1KMM8JPpJ8eYUAiSX7TX
mIypaDRmyj4sShilTKb7A5kZipCl+/Ggbf6zTCAGyWq9SzWxQj46oATzwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKxtFKpZ4sYFDMJ41S3W5TyiqS6pMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvckcwVXFsbml4Z1VNd25qVkxkYmxQS0twTHFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkp5eMA0G
CSqGSIb3DQEBCwUAA4IBAQCHQqz/s67OuVF5rNJE3ejuZV7jzVFiLRtMR0xt4oFP
/Di+5oo5eXRLVjKTz96AKXG0DB3e6O1BmuDaLmRS1vzqlVU9kMctuw2vzTcd2KfG
D0jnL2Jwm8WzS2V23rpyj53Cniu9wOjKtR4Zy2O/q7Ywjfk8C0WQ4uPPyACIODJL
wF0BVH2ui8WG8remjTwru7R+amhjqpAwzoUcmFRws7Pc3GBHM2rz1cRHzF7B9Dsl
8Rd5F1nWAbWkVVvs1Tjhrz33t/TgNP9zWHOo9/dCDF3X8czPnl97abhbBszBnMOw
T3biURaVefbWRY3KbxqPPstLY9QiZ01aTy5ih1PS0Y5u
-----END CERTIFICATE-----