Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/c1ff21-5ac2-4e50-936c-651707c91fd3/1/1VjnRsjH9J2pm4uVe978n-iNrLc.roa
File:                     1VjnRsjH9J2pm4uVe978n-iNrLc.roa (raw, json)
Hash identifier:          WbD1CWbWE7mMQBvGdpMQAUMcAbXTa0wFyWWbYENUrVA=
Subject key identifier:   D5:58:E7:46:C8:C7:F4:9D:A9:9B:8B:95:7B:DE:FC:9F:E8:8D:AC:B7
Certificate issuer:       /CN=351c7b5607c536657fd5748f6f65b24ac12eb17d
Certificate serial:       01953C8C2D71FE0E08E46BCBC14DD713CA6F
Authority key identifier: 35:1C:7B:56:07:C5:36:65:7F:D5:74:8F:6F:65:B2:4A:C1:2E:B1:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRx7VgfFNmV_1XSPb2WySsEusX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/c1ff21-5ac2-4e50-936c-651707c91fd3/1/1VjnRsjH9J2pm4uVe978n-iNrLc.roa
Signing time:             Tue 25 Feb 2025 09:59:34 +0000
ROA not before:           Tue 25 Feb 2025 09:59:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49581
IP address blocks:        146.19.191.0/24 maxlen: 24
                          193.111.248.0/24 maxlen: 24
                          193.111.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/c1ff21-5ac2-4e50-936c-651707c91fd3/1/NRx7VgfFNmV_1XSPb2WySsEusX0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/c1ff21-5ac2-4e50-936c-651707c91fd3/1/NRx7VgfFNmV_1XSPb2WySsEusX0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRx7VgfFNmV_1XSPb2WySsEusX0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:3c:8c:2d:71:fe:0e:08:e4:6b:cb:c1:4d:d7:13:ca:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=351c7b5607c536657fd5748f6f65b24ac12eb17d
        Validity
            Not Before: Feb 25 09:59:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d558e746c8c7f49da99b8b957bdefc9fe88dacb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:9c:70:5e:b3:03:b1:65:15:41:5a:c6:5f:e2:
                    56:21:a4:1c:52:8d:03:c8:dd:85:ec:67:aa:53:86:
                    eb:e0:87:55:7f:0d:e1:5f:51:84:31:26:8c:2d:c8:
                    c5:e6:86:d4:b2:7f:6f:35:a3:e0:9d:09:71:43:83:
                    88:60:8d:12:fb:2a:69:46:e6:18:69:4f:4d:f3:db:
                    c0:b0:a7:1f:70:17:e8:e3:f9:a4:1e:4f:7e:76:76:
                    2d:e4:2e:3a:c9:9b:40:fd:62:02:22:aa:10:13:29:
                    09:ef:2e:5f:78:44:65:7e:73:f5:71:36:f6:25:4e:
                    da:30:a6:4e:c2:d8:24:b3:a8:2b:d8:b3:c9:53:1b:
                    73:68:b3:3e:a0:e0:b5:d5:a4:47:fc:62:f9:b0:81:
                    b2:75:c2:11:8e:84:d4:17:e6:5a:5c:f6:e5:88:e4:
                    08:0d:cc:27:4a:10:a9:43:e2:3c:e9:fa:d3:b9:95:
                    f8:18:8f:36:e3:ea:20:94:e7:6f:34:bb:82:c6:d8:
                    92:27:8a:52:06:8a:56:31:01:9b:e7:54:7e:a2:8c:
                    c5:bf:88:b4:1b:76:6a:a6:9b:7d:7e:40:09:a9:94:
                    2a:14:42:6a:05:6d:6e:80:c5:a3:c9:8f:8f:37:09:
                    e8:56:e1:2b:ff:38:2c:13:66:c6:cc:88:30:4a:1a:
                    38:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:58:E7:46:C8:C7:F4:9D:A9:9B:8B:95:7B:DE:FC:9F:E8:8D:AC:B7
            X509v3 Authority Key Identifier:
                keyid:35:1C:7B:56:07:C5:36:65:7F:D5:74:8F:6F:65:B2:4A:C1:2E:B1:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRx7VgfFNmV_1XSPb2WySsEusX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/c1ff21-5ac2-4e50-936c-651707c91fd3/1/1VjnRsjH9J2pm4uVe978n-iNrLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/c1ff21-5ac2-4e50-936c-651707c91fd3/1/NRx7VgfFNmV_1XSPb2WySsEusX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.191.0/24
                  193.111.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:42:38:0c:2c:a1:22:b6:70:f8:0c:4d:6b:10:dd:4d:8f:2a:
         46:c6:7f:86:4b:45:fa:41:24:62:a1:ee:3e:e9:08:80:40:3d:
         b0:86:bd:29:b9:c6:87:9b:b0:bd:65:61:12:ea:4b:eb:b2:bc:
         50:44:18:1f:5c:ff:23:86:e4:99:95:82:7d:2c:19:13:4b:a5:
         ca:2f:c6:e9:d6:0d:14:57:b7:0c:9b:10:04:d0:c8:27:e1:4d:
         7a:19:48:d1:11:ad:38:0a:8a:c9:57:cf:0c:b1:74:3f:b8:fd:
         1c:c1:78:b6:3e:a6:52:f0:bc:ab:ce:d1:35:f7:0b:14:7d:8d:
         17:c7:e2:b1:3c:ad:d2:67:c4:f5:72:cd:13:1a:7a:55:c2:6b:
         88:1f:93:ba:fb:0a:4b:0a:c0:09:f2:e7:2d:bb:58:04:05:6a:
         aa:90:c4:36:b0:ab:50:51:fc:3d:ba:db:2e:99:80:3d:90:2b:
         d1:52:ad:bc:23:dc:90:7d:78:77:de:5b:35:5a:0b:b1:92:c1:
         13:5c:75:09:85:07:0e:60:6f:62:2c:6b:05:52:63:53:9d:82:
         53:c6:aa:50:ec:b6:c5:62:3f:f0:89:7c:db:22:35:cc:e6:b7:
         47:80:4f:83:d2:02:aa:88:67:5d:f6:9d:8b:eb:9f:0c:5e:37:
         93:81:53:09
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZU8jC1x/g4I5GvLwU3XE8pvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWM3YjU2MDdjNTM2NjU3ZmQ1NzQ4ZjZmNjViMjRhYzEy
ZWIxN2QwHhcNMjUwMjI1MDk1OTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTU4ZTc0NmM4YzdmNDlkYTk5YjhiOTU3YmRlZmM5ZmU4OGRhY2I3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4JxwXrMDsWUVQVrGX+JWIaQcUo0D
yN2F7GeqU4br4IdVfw3hX1GEMSaMLcjF5obUsn9vNaPgnQlxQ4OIYI0S+yppRuYY
aU9N89vAsKcfcBfo4/mkHk9+dnYt5C46yZtA/WICIqoQEykJ7y5feERlfnP1cTb2
JU7aMKZOwtgks6gr2LPJUxtzaLM+oOC11aRH/GL5sIGydcIRjoTUF+ZaXPbliOQI
DcwnShCpQ+I86frTuZX4GI824+oglOdvNLuCxtiSJ4pSBopWMQGb51R+oozFv4i0
G3Zqppt9fkAJqZQqFEJqBW1ugMWjyY+PNwnoVuEr/zgsE2bGzIgwSho4hQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNVY50bIx/SdqZuLlXve/J/ojay3MB8GA1UdIwQY
MBaAFDUce1YHxTZlf9V0j29lskrBLrF9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJ4N1ZnZkZObVZfMVhTUGIyV3lTc0V1c1gwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9jMWZmMjEtNWFjMi00ZTUwLTkzNmMt
NjUxNzA3YzkxZmQzLzEvMVZqblJzakg5SjJwbTR1VmU5NzhuLWlOckxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9jMWZmMjEtNWFjMi00ZTUwLTkzNmMtNjUxNzA3YzkxZmQz
LzEvTlJ4N1ZnZkZObVZfMVhTUGIyV3lTc0V1c1gwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAkhO/AwQB
wW/4MA0GCSqGSIb3DQEBCwUAA4IBAQA2QjgMLKEitnD4DE1rEN1NjypGxn+GS0X6
QSRioe4+6QiAQD2whr0pucaHm7C9ZWES6kvrsrxQRBgfXP8jhuSZlYJ9LBkTS6XK
L8bp1g0UV7cMmxAE0Mgn4U16GUjREa04CorJV88MsXQ/uP0cwXi2PqZS8LyrztE1
9wsUfY0Xx+KxPK3SZ8T1cs0TGnpVwmuIH5O6+wpLCsAJ8uctu1gEBWqqkMQ2sKtQ
Ufw9utsumYA9kCvRUq28I9yQfXh33ls1WguxksETXHUJhQcOYG9iLGsFUmNTnYJT
xqpQ7LbFYj/wiXzbIjXM5rdHgE+D0gKqiGdd9p2L658MXjeTgVMJ
-----END CERTIFICATE-----