Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/ee8c1a-e501-4f31-99e9-3a6640360993/1/Fo_41I57-mePodQ0q0_z5xOxnI4.roa
File:                     Fo_41I57-mePodQ0q0_z5xOxnI4.roa (raw, json)
Hash identifier:          K1aZreeX49DdvKGaWebvilTtUwK3jvLEezAbOhi+7rU=
Subject key identifier:   16:8F:F8:D4:8E:7B:FA:67:8F:A1:D4:34:AB:4F:F3:E7:13:B1:9C:8E
Certificate issuer:       /CN=2d4c93ae051ce26cfbc87efe08e109e4b2cee0b2
Certificate serial:       018CC8DF0F8D01CE6FC3B8A0754E1EDD9998
Authority key identifier: 2D:4C:93:AE:05:1C:E2:6C:FB:C8:7E:FE:08:E1:09:E4:B2:CE:E0:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LUyTrgUc4mz7yH7-COEJ5LLO4LI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/ee8c1a-e501-4f31-99e9-3a6640360993/1/Fo_41I57-mePodQ0q0_z5xOxnI4.roa
Signing time:             Tue 02 Jan 2024 06:31:50 +0000
ROA not before:           Tue 02 Jan 2024 06:31:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44019
IP address blocks:        146.19.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/ee8c1a-e501-4f31-99e9-3a6640360993/1/LUyTrgUc4mz7yH7-COEJ5LLO4LI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/ee8c1a-e501-4f31-99e9-3a6640360993/1/LUyTrgUc4mz7yH7-COEJ5LLO4LI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LUyTrgUc4mz7yH7-COEJ5LLO4LI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:0f:8d:01:ce:6f:c3:b8:a0:75:4e:1e:dd:99:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d4c93ae051ce26cfbc87efe08e109e4b2cee0b2
        Validity
            Not Before: Jan  2 06:31:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=168ff8d48e7bfa678fa1d434ab4ff3e713b19c8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:7d:04:cd:12:19:39:71:63:1f:4b:e0:4f:6a:
                    1b:f0:a4:78:0a:95:e0:c2:a6:e7:60:69:e9:c7:3d:
                    56:97:26:f3:0f:8f:c6:ed:e7:69:70:a2:f1:c2:d8:
                    90:4f:10:66:f2:a0:bb:46:a9:39:b3:ba:f6:63:fb:
                    6b:d7:1f:df:47:5d:4a:e0:59:9f:3d:6c:72:3e:e0:
                    6a:cf:f6:a1:8c:b9:65:93:63:f1:ed:40:f7:1a:6c:
                    05:3c:b0:a4:57:e2:c1:ba:f4:11:0e:ad:14:1c:88:
                    ee:2e:bb:9f:53:7c:44:b6:63:66:28:18:13:10:af:
                    12:a4:48:92:dd:6f:54:42:b0:b8:4d:7a:55:95:43:
                    ec:9a:7e:10:bc:38:f2:8c:f8:ba:15:a8:fc:40:f4:
                    d6:d9:ed:95:dc:2b:18:77:59:11:c9:4c:9e:ef:dc:
                    26:76:d1:32:a0:fe:a7:82:21:a4:18:2d:90:39:3d:
                    aa:6f:a0:a9:fd:fa:ee:05:22:cd:8b:e4:c0:fb:8d:
                    46:31:f3:c4:52:0a:a2:c5:e3:59:21:98:67:98:9b:
                    a1:df:de:2a:07:30:d6:58:13:4d:53:30:cd:2f:e7:
                    b4:82:d7:f7:a8:f5:b5:41:6b:2d:08:fa:32:8b:9f:
                    0c:7b:ba:d3:aa:97:f1:df:82:95:3a:ba:82:eb:1f:
                    eb:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:8F:F8:D4:8E:7B:FA:67:8F:A1:D4:34:AB:4F:F3:E7:13:B1:9C:8E
            X509v3 Authority Key Identifier:
                keyid:2D:4C:93:AE:05:1C:E2:6C:FB:C8:7E:FE:08:E1:09:E4:B2:CE:E0:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LUyTrgUc4mz7yH7-COEJ5LLO4LI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/ee8c1a-e501-4f31-99e9-3a6640360993/1/Fo_41I57-mePodQ0q0_z5xOxnI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/ee8c1a-e501-4f31-99e9-3a6640360993/1/LUyTrgUc4mz7yH7-COEJ5LLO4LI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:34:2a:6e:53:0d:01:46:e4:07:e0:40:65:87:77:2c:0e:a3:
         aa:85:8a:92:45:e3:7b:b8:5a:38:e6:76:c9:96:07:47:ab:b5:
         d3:48:bb:30:3d:f1:86:80:dd:08:f4:21:5c:67:ca:10:89:86:
         d2:d2:68:9a:b9:b3:92:ff:25:35:95:9f:a4:f7:b5:45:03:b8:
         10:e2:c4:12:f8:5f:dd:0b:d0:71:42:60:73:57:9a:c3:e5:4b:
         c3:e4:19:0a:cd:64:3d:e7:10:6b:e1:b2:7d:df:af:f4:41:31:
         91:4c:34:a1:5d:13:8b:83:0a:e4:86:29:eb:4b:19:67:e8:dc:
         14:35:c8:a7:38:06:fb:f5:56:6f:ec:4a:f0:66:18:b5:d1:6c:
         81:e2:26:73:e9:55:94:b3:20:0d:80:fa:f4:0f:b3:e1:5c:9c:
         7d:54:3d:6e:4f:ad:1a:c8:7f:83:ec:86:e7:88:cc:44:ec:db:
         83:c5:c0:47:56:35:51:9a:b8:07:cc:9c:31:88:ea:91:24:b1:
         d4:a6:64:d5:3f:2a:98:7d:d1:bf:6d:2e:04:3d:04:33:7a:6d:
         94:74:af:17:6f:68:3b:d7:ca:20:a4:68:d8:71:0c:dc:09:65:
         1d:ab:d7:85:d4:74:29:85:b0:80:60:ce:54:56:03:a6:b6:dc:
         3a:bd:6d:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3w+NAc5vw7igdU4e3ZmYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkNGM5M2FlMDUxY2UyNmNmYmM4N2VmZTA4ZTEwOWU0YjJj
ZWUwYjIwHhcNMjQwMTAyMDYzMTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjhmZjhkNDhlN2JmYTY3OGZhMWQ0MzRhYjRmZjNlNzEzYjE5YzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr30EzRIZOXFjH0vgT2ob8KR4CpXg
wqbnYGnpxz1WlybzD4/G7edpcKLxwtiQTxBm8qC7Rqk5s7r2Y/tr1x/fR11K4Fmf
PWxyPuBqz/ahjLllk2Px7UD3GmwFPLCkV+LBuvQRDq0UHIjuLrufU3xEtmNmKBgT
EK8SpEiS3W9UQrC4TXpVlUPsmn4QvDjyjPi6Faj8QPTW2e2V3CsYd1kRyUye79wm
dtEyoP6ngiGkGC2QOT2qb6Cp/fruBSLNi+TA+41GMfPEUgqixeNZIZhnmJuh394q
BzDWWBNNUzDNL+e0gtf3qPW1QWstCPoyi58Me7rTqpfx34KVOrqC6x/rVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBaP+NSOe/pnj6HUNKtP8+cTsZyOMB8GA1UdIwQY
MBaAFC1Mk64FHOJs+8h+/gjhCeSyzuCyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFV5VHJnVWM0bXo3eUg3LUNPRUo1TExPNExJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lZThjMWEtZTUwMS00ZjMxLTk5ZTkt
M2E2NjQwMzYwOTkzLzEvRm9fNDFJNTctbWVQb2RRMHEwX3o1eE94bkk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lZThjMWEtZTUwMS00ZjMxLTk5ZTktM2E2NjQwMzYwOTkz
LzEvTFV5VHJnVWM0bXo3eUg3LUNPRUo1TExPNExJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhPxMA0G
CSqGSIb3DQEBCwUAA4IBAQByNCpuUw0BRuQH4EBlh3csDqOqhYqSReN7uFo45nbJ
lgdHq7XTSLswPfGGgN0I9CFcZ8oQiYbS0miaubOS/yU1lZ+k97VFA7gQ4sQS+F/d
C9BxQmBzV5rD5UvD5BkKzWQ95xBr4bJ936/0QTGRTDShXROLgwrkhinrSxln6NwU
NcinOAb79VZv7ErwZhi10WyB4iZz6VWUsyANgPr0D7PhXJx9VD1uT60ayH+D7Ibn
iMxE7NuDxcBHVjVRmrgHzJwxiOqRJLHUpmTVPyqYfdG/bS4EPQQzem2UdK8Xb2g7
18ogpGjYcQzcCWUdq9eF1HQphbCAYM5UVgOmttw6vW0K
-----END CERTIFICATE-----