Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/w080ZTlQKLP7QlcpNh-Zs2Hb5L8.roa
File:                     w080ZTlQKLP7QlcpNh-Zs2Hb5L8.roa (raw, json)
Hash identifier:          BIuSWABWnQFl6i8f33V2pjGrYfg1hNKTmnAEtgxG7cw=
Subject key identifier:   C3:4F:34:65:39:50:28:B3:FB:42:57:29:36:1F:99:B3:61:DB:E4:BF
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A0AAB7AD946A696C651565A2AF6FE
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/w080ZTlQKLP7QlcpNh-Zs2Hb5L8.roa
Signing time:             Tue 02 Jan 2024 12:33:22 +0000
ROA not before:           Tue 02 Jan 2024 12:33:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50516
IP address blocks:        146.158.12.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:0a:ab:7a:d9:46:a6:96:c6:51:56:5a:2a:f6:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c34f3465395028b3fb425729361f99b361dbe4bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:6d:6a:3c:1c:6a:7c:2b:de:c2:8c:c0:0e:6d:
                    ce:02:9c:3d:f5:fe:bc:d7:44:0b:78:8a:84:1d:e4:
                    f9:af:69:21:b5:5c:74:88:ee:6d:e4:ef:97:a6:09:
                    fd:95:d1:e5:a2:a5:64:e4:94:60:ea:ad:a7:06:08:
                    b3:02:42:4a:06:c3:dd:4e:c7:7f:e8:c0:84:fc:ac:
                    24:e9:47:9e:3a:c0:21:41:28:82:40:7e:23:63:02:
                    e0:19:dc:a3:fa:e9:51:6a:9e:8e:e5:c4:8c:f4:5b:
                    60:2b:7c:44:30:ac:16:1b:03:98:36:7e:4a:3f:8e:
                    7c:8c:35:e5:57:c7:86:14:14:78:93:74:9a:c5:bc:
                    9e:af:37:13:66:b7:f5:0e:51:ce:3d:96:8c:9d:c1:
                    4a:e6:57:04:fd:04:51:fc:6a:7a:bd:b9:7e:9f:5a:
                    f2:ca:cb:a3:f1:37:4e:3f:ba:50:6d:e7:49:4a:c4:
                    b0:b4:e2:a7:d9:b8:6d:79:13:aa:37:e1:2d:8f:d3:
                    de:f9:50:1d:02:4c:af:9f:ec:ce:b8:b8:6f:4a:0e:
                    87:b0:3a:b7:1d:a1:6d:18:0c:e8:fc:44:a2:13:bc:
                    9d:3d:ac:b1:ba:02:76:22:03:d9:60:09:1e:63:2d:
                    ad:4f:89:45:d2:82:85:66:d0:83:a4:9b:82:9f:cc:
                    fd:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:4F:34:65:39:50:28:B3:FB:42:57:29:36:1F:99:B3:61:DB:E4:BF
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/w080ZTlQKLP7QlcpNh-Zs2Hb5L8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.158.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a2:a5:3b:7d:96:c9:26:36:20:ae:45:f5:72:93:15:14:5e:d8:
         f0:81:18:63:71:88:78:c7:e3:39:28:b3:38:79:04:e1:6d:0d:
         d4:c9:d1:b6:ef:50:65:fc:db:d6:ac:2e:6b:59:8c:9e:56:34:
         f0:05:e2:8d:38:ed:03:a4:43:af:9e:33:bd:7a:4a:0d:c2:aa:
         35:f9:af:40:4b:9a:09:3c:54:41:f3:7b:c9:2d:ee:63:53:04:
         e4:d0:24:02:73:a6:31:46:f1:df:57:57:df:31:56:ac:4c:9a:
         e4:7a:46:42:45:08:51:dd:a9:3c:8b:ae:09:82:fa:97:53:b1:
         a0:aa:9c:a1:a0:a9:c3:93:78:4e:32:a4:3c:e8:f0:01:d7:5d:
         4f:02:ae:1d:cc:81:5d:a4:5b:18:f5:7f:eb:24:af:34:f1:af:
         0b:ee:da:54:5e:84:d4:3c:05:46:95:cf:9c:94:b4:28:b7:a1:
         d5:62:de:cc:36:f8:af:86:a4:e7:78:14:cb:98:8b:a2:24:73:
         95:e9:1c:d2:c4:c3:f4:15:56:59:bd:4b:f9:1e:a9:2c:4d:79:
         7c:29:ef:0a:c1:4a:98:53:9b:67:a6:d3:c8:9b:07:fe:c0:72:
         14:a9:8b:dd:53:ba:57:60:03:af:06:34:3f:be:a3:a4:94:f7:
         4f:91:d5:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKgqretlGppbGUVZaKvb+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzRmMzQ2NTM5NTAyOGIzZmI0MjU3MjkzNjFmOTliMzYxZGJlNGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnW1qPBxqfCvewozADm3OApw99f68
10QLeIqEHeT5r2khtVx0iO5t5O+Xpgn9ldHloqVk5JRg6q2nBgizAkJKBsPdTsd/
6MCE/Kwk6UeeOsAhQSiCQH4jYwLgGdyj+ulRap6O5cSM9FtgK3xEMKwWGwOYNn5K
P458jDXlV8eGFBR4k3SaxbyerzcTZrf1DlHOPZaMncFK5lcE/QRR/Gp6vbl+n1ry
ysuj8TdOP7pQbedJSsSwtOKn2bhteROqN+Etj9Pe+VAdAkyvn+zOuLhvSg6HsDq3
HaFtGAzo/ESiE7ydPayxugJ2IgPZYAkeYy2tT4lF0oKFZtCDpJuCn8z9iQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMNPNGU5UCiz+0JXKTYfmbNh2+S/MB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvdzA4MFpUbFFLTFA3UWxjcE5oLVpzMkhiNUw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBkp4MMA0G
CSqGSIb3DQEBCwUAA4IBAQCipTt9lskmNiCuRfVykxUUXtjwgRhjcYh4x+M5KLM4
eQThbQ3UydG271Bl/NvWrC5rWYyeVjTwBeKNOO0DpEOvnjO9ekoNwqo1+a9AS5oJ
PFRB83vJLe5jUwTk0CQCc6YxRvHfV1ffMVasTJrkekZCRQhR3ak8i64JgvqXU7Gg
qpyhoKnDk3hOMqQ86PAB111PAq4dzIFdpFsY9X/rJK808a8L7tpUXoTUPAVGlc+c
lLQot6HVYt7MNvivhqTneBTLmIuiJHOV6RzSxMP0FVZZvUv5HqksTXl8Ke8KwUqY
U5tnptPImwf+wHIUqYvdU7pXYAOvBjQ/vqOklPdPkdWW
-----END CERTIFICATE-----