Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/8f5119-6dcc-43a2-8daf-f3211d91520d/1/q2snSpVa7HdUmQxIJ-hXjDgiNsk.roa
File:                     q2snSpVa7HdUmQxIJ-hXjDgiNsk.roa (raw, json)
Hash identifier:          64m2mY3EcdohNAqjgomkxc8z4QeyXmAhzI37SoXlWuw=
Subject key identifier:   AB:6B:27:4A:95:5A:EC:77:54:99:0C:48:27:E8:57:8C:38:22:36:C9
Certificate issuer:       /CN=6baa05c6f8f9bfd70e3d41fe05bafc50d1253bf5
Certificate serial:       018CC56EA9262FD822E0E4A7B6B6B5A340F7
Authority key identifier: 6B:AA:05:C6:F8:F9:BF:D7:0E:3D:41:FE:05:BA:FC:50:D1:25:3B:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a6oFxvj5v9cOPUH-Bbr8UNElO_U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/8f5119-6dcc-43a2-8daf-f3211d91520d/1/q2snSpVa7HdUmQxIJ-hXjDgiNsk.roa
Signing time:             Mon 01 Jan 2024 14:30:12 +0000
ROA not before:           Mon 01 Jan 2024 14:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        146.19.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/8f5119-6dcc-43a2-8daf-f3211d91520d/1/a6oFxvj5v9cOPUH-Bbr8UNElO_U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/8f5119-6dcc-43a2-8daf-f3211d91520d/1/a6oFxvj5v9cOPUH-Bbr8UNElO_U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a6oFxvj5v9cOPUH-Bbr8UNElO_U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:a9:26:2f:d8:22:e0:e4:a7:b6:b6:b5:a3:40:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6baa05c6f8f9bfd70e3d41fe05bafc50d1253bf5
        Validity
            Not Before: Jan  1 14:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab6b274a955aec7754990c4827e8578c382236c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:da:2c:58:83:93:ac:36:49:1a:bc:34:88:27:
                    54:90:8e:2c:a8:08:7f:31:04:c6:bf:1d:9b:dd:9a:
                    e3:34:64:a2:61:e3:c6:59:a4:82:ad:88:17:8a:46:
                    99:cc:e2:c3:28:14:75:75:02:95:8c:83:87:42:82:
                    7e:c9:94:37:40:80:ce:17:ef:40:fd:9e:50:23:0c:
                    f9:f9:26:0d:a1:41:00:99:fb:6d:0d:e6:f0:7c:fd:
                    f9:6a:11:61:ba:41:a6:ab:a4:a5:ea:30:86:60:37:
                    a6:57:a7:65:46:58:19:5d:1c:e8:da:2e:19:93:0e:
                    76:60:c3:7d:5e:71:84:56:70:f3:4a:05:7e:ca:21:
                    06:64:f2:3e:80:55:66:9d:9c:88:96:6e:03:0c:fe:
                    e5:f9:7a:de:e3:19:9b:fe:9c:50:eb:49:70:64:8e:
                    a7:88:b6:a2:de:3b:9b:d7:a2:e9:4f:0e:58:69:73:
                    4c:0c:71:3c:93:6f:73:b9:1f:53:d8:fa:b1:a9:11:
                    a7:15:52:b7:62:e7:15:a6:64:84:9d:ac:fb:8a:4d:
                    34:67:07:f4:bb:84:99:10:55:d2:48:cb:88:12:9f:
                    16:12:e8:8e:2b:2f:90:93:7b:38:a2:cc:8c:7a:68:
                    83:9e:68:f5:9b:38:3b:46:4d:85:72:fc:38:61:9f:
                    72:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:6B:27:4A:95:5A:EC:77:54:99:0C:48:27:E8:57:8C:38:22:36:C9
            X509v3 Authority Key Identifier:
                keyid:6B:AA:05:C6:F8:F9:BF:D7:0E:3D:41:FE:05:BA:FC:50:D1:25:3B:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6oFxvj5v9cOPUH-Bbr8UNElO_U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8f5119-6dcc-43a2-8daf-f3211d91520d/1/q2snSpVa7HdUmQxIJ-hXjDgiNsk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/8f5119-6dcc-43a2-8daf-f3211d91520d/1/a6oFxvj5v9cOPUH-Bbr8UNElO_U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:28:a4:8a:5d:0a:26:69:72:28:18:59:8a:26:63:63:8c:2d:
         b4:42:7c:74:f6:be:18:50:a0:fd:53:f4:80:62:8f:50:1b:68:
         59:dd:d6:61:7a:35:14:46:3d:a1:e0:08:51:94:d2:d5:b6:99:
         4a:8b:80:3a:31:7e:b6:c1:26:8e:27:20:79:85:1d:02:19:87:
         c3:5b:53:24:8d:51:a1:ab:45:03:9c:77:50:44:72:58:4b:3e:
         50:17:2d:1e:4d:6e:47:09:c2:1b:c9:da:67:8c:92:22:d6:fa:
         28:56:ba:6f:32:6a:2b:c3:5f:12:b3:23:f2:68:3f:b1:b9:67:
         35:95:5a:b9:92:37:74:c8:75:d7:f5:e1:6b:8f:1e:6c:08:39:
         82:91:51:5b:d8:9c:24:41:16:78:8a:1f:fa:9f:6f:a2:6c:6e:
         3d:32:2a:b8:5d:17:5c:5a:69:92:de:a1:34:19:f7:9b:36:35:
         55:7c:3f:52:9a:7c:18:30:30:9a:fd:3b:61:7e:39:4b:94:8b:
         cb:f0:39:75:e2:78:f5:ad:fb:27:a8:d9:6c:c3:d6:c6:3c:e4:
         5b:d7:ab:c5:07:84:92:ec:1a:89:cf:84:7e:85:d4:c4:79:aa:
         c9:e2:9e:62:f6:57:41:09:66:5b:74:3d:67:04:0a:76:3f:ea:
         83:2e:b7:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbqkmL9gi4OSntra1o0D3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYWEwNWM2ZjhmOWJmZDcwZTNkNDFmZTA1YmFmYzUwZDEy
NTNiZjUwHhcNMjQwMTAxMTQzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjZiMjc0YTk1NWFlYzc3NTQ5OTBjNDgyN2U4NTc4YzM4MjIzNmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh9osWIOTrDZJGrw0iCdUkI4sqAh/
MQTGvx2b3ZrjNGSiYePGWaSCrYgXikaZzOLDKBR1dQKVjIOHQoJ+yZQ3QIDOF+9A
/Z5QIwz5+SYNoUEAmfttDebwfP35ahFhukGmq6Sl6jCGYDemV6dlRlgZXRzo2i4Z
kw52YMN9XnGEVnDzSgV+yiEGZPI+gFVmnZyIlm4DDP7l+Xre4xmb/pxQ60lwZI6n
iLai3jub16LpTw5YaXNMDHE8k29zuR9T2PqxqRGnFVK3YucVpmSEnaz7ik00Zwf0
u4SZEFXSSMuIEp8WEuiOKy+Qk3s4osyMemiDnmj1mzg7Rk2Fcvw4YZ9yGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKtrJ0qVWux3VJkMSCfoV4w4IjbJMB8GA1UdIwQY
MBaAFGuqBcb4+b/XDj1B/gW6/FDRJTv1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTZvRnh2ajV2OWNPUFVILUJicjhVTkVsT19VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC84ZjUxMTktNmRjYy00M2EyLThkYWYt
ZjMyMTFkOTE1MjBkLzEvcTJzblNwVmE3SGRVbVF4SUotaFhqRGdpTnNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC84ZjUxMTktNmRjYy00M2EyLThkYWYtZjMyMTFkOTE1MjBk
LzEvYTZvRnh2ajV2OWNPUFVILUJicjhVTkVsT19VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhPMMA0G
CSqGSIb3DQEBCwUAA4IBAQDHKKSKXQomaXIoGFmKJmNjjC20Qnx09r4YUKD9U/SA
Yo9QG2hZ3dZhejUURj2h4AhRlNLVtplKi4A6MX62wSaOJyB5hR0CGYfDW1MkjVGh
q0UDnHdQRHJYSz5QFy0eTW5HCcIbydpnjJIi1vooVrpvMmorw18SsyPyaD+xuWc1
lVq5kjd0yHXX9eFrjx5sCDmCkVFb2JwkQRZ4ih/6n2+ibG49Miq4XRdcWmmS3qE0
GfebNjVVfD9SmnwYMDCa/TthfjlLlIvL8Dl14nj1rfsnqNlsw9bGPORb16vFB4SS
7BqJz4R+hdTEearJ4p5i9ldBCWZbdD1nBAp2P+qDLrfb
-----END CERTIFICATE-----