Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/ee8c1a-e501-4f31-99e9-3a6640360993/1/iGsfjx7wUgPTFBTP6J6qWS2J20E.roa
File:                     iGsfjx7wUgPTFBTP6J6qWS2J20E.roa (raw, json)
Hash identifier:          /8k5izhxQgLa6XPswwP3IlBsn6pR6yrQzIRpIxteS8E=
Subject key identifier:   88:6B:1F:8F:1E:F0:52:03:D3:14:14:CF:E8:9E:AA:59:2D:89:DB:41
Certificate issuer:       /CN=2d4c93ae051ce26cfbc87efe08e109e4b2cee0b2
Certificate serial:       0194228E055E74C3F60782E159A40B497194
Authority key identifier: 2D:4C:93:AE:05:1C:E2:6C:FB:C8:7E:FE:08:E1:09:E4:B2:CE:E0:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LUyTrgUc4mz7yH7-COEJ5LLO4LI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/ee8c1a-e501-4f31-99e9-3a6640360993/1/iGsfjx7wUgPTFBTP6J6qWS2J20E.roa
Signing time:             Wed 01 Jan 2025 15:48:40 +0000
ROA not before:           Wed 01 Jan 2025 15:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44019
IP address blocks:        146.19.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/ee8c1a-e501-4f31-99e9-3a6640360993/1/LUyTrgUc4mz7yH7-COEJ5LLO4LI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/ee8c1a-e501-4f31-99e9-3a6640360993/1/LUyTrgUc4mz7yH7-COEJ5LLO4LI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LUyTrgUc4mz7yH7-COEJ5LLO4LI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:05:5e:74:c3:f6:07:82:e1:59:a4:0b:49:71:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d4c93ae051ce26cfbc87efe08e109e4b2cee0b2
        Validity
            Not Before: Jan  1 15:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=886b1f8f1ef05203d31414cfe89eaa592d89db41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ec:7a:6d:8a:45:1a:33:f1:cc:64:d4:e5:ea:
                    c9:08:39:4d:25:fc:f1:ec:45:de:3c:e4:10:b5:cb:
                    14:12:a5:ab:36:a5:82:cf:7f:35:44:01:c4:ad:43:
                    d3:88:6a:77:3b:f0:92:61:d0:07:6b:9d:82:d6:08:
                    44:49:ae:7b:d0:2b:c9:c2:c7:8d:fe:6a:0f:08:d0:
                    53:a3:48:db:a3:9c:66:db:fc:82:7a:e0:97:94:48:
                    38:90:78:93:5c:3a:cf:97:dd:1f:bb:c7:b8:d5:d3:
                    f8:87:d5:97:93:4a:6e:5f:10:1e:00:b0:24:fd:2d:
                    8b:d2:c6:33:9c:ea:84:d6:d4:43:7f:95:c0:d6:08:
                    57:f5:0f:61:11:1a:5f:ce:0f:c6:60:34:12:5a:9f:
                    c2:c0:67:7e:a8:f9:e6:d0:3b:3a:e9:a9:53:ba:8d:
                    92:b9:f1:ea:54:92:78:bb:f6:7f:b6:d5:fe:3f:e0:
                    3d:aa:f5:39:cc:a9:cb:0c:e0:71:c3:d8:87:ca:41:
                    b5:b8:40:94:14:67:d8:ca:83:cb:44:93:be:f6:0d:
                    eb:88:ea:f2:81:2b:cb:14:c5:84:08:b5:cf:74:a2:
                    15:21:58:d8:db:77:54:62:f2:21:67:99:93:ea:9f:
                    27:ae:89:01:7f:91:27:23:98:89:d0:34:1f:8c:97:
                    92:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:6B:1F:8F:1E:F0:52:03:D3:14:14:CF:E8:9E:AA:59:2D:89:DB:41
            X509v3 Authority Key Identifier:
                keyid:2D:4C:93:AE:05:1C:E2:6C:FB:C8:7E:FE:08:E1:09:E4:B2:CE:E0:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LUyTrgUc4mz7yH7-COEJ5LLO4LI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/ee8c1a-e501-4f31-99e9-3a6640360993/1/iGsfjx7wUgPTFBTP6J6qWS2J20E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/ee8c1a-e501-4f31-99e9-3a6640360993/1/LUyTrgUc4mz7yH7-COEJ5LLO4LI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:f4:0f:51:54:ef:4b:ff:e2:e5:30:8e:56:d1:ec:4d:0c:95:
         f7:e2:b5:2e:45:7a:a4:ba:28:39:07:3b:22:72:3f:86:27:e5:
         4a:16:53:93:f1:78:03:25:2f:e0:9a:e7:0f:65:b6:60:57:88:
         2c:d9:b2:5a:2b:63:4b:62:d7:12:5e:d9:6e:be:d9:53:2b:a8:
         92:88:7a:25:e7:b0:d3:1e:8d:85:0a:be:49:c3:55:28:65:24:
         fc:a5:de:81:39:e7:6f:ed:31:eb:a0:45:af:03:bd:c0:88:aa:
         a0:1a:aa:aa:8a:08:9c:63:40:04:f4:aa:0a:9c:76:de:72:c0:
         52:d4:60:27:aa:bf:1f:99:9c:d2:b9:a8:ab:44:db:a7:44:73:
         b9:c8:bd:de:36:21:63:0f:e0:3a:3b:fc:35:7c:7f:da:4b:20:
         56:e4:a7:b5:1e:06:dc:68:fa:67:07:29:b7:6f:58:fd:3c:db:
         13:58:a6:62:9c:bb:e0:26:c6:00:0c:ed:df:cc:7e:a2:df:b8:
         9c:5e:97:e4:ae:f5:62:14:24:15:f2:4b:76:ae:58:a0:a3:f2:
         11:45:57:f0:85:02:2b:7f:73:5d:bf:55:7d:70:6f:a6:ae:4e:
         c4:a6:94:c8:4b:d4:d4:5f:f9:fd:9c:da:5c:54:24:4d:42:cb:
         4b:60:77:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijgVedMP2B4LhWaQLSXGUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkNGM5M2FlMDUxY2UyNmNmYmM4N2VmZTA4ZTEwOWU0YjJj
ZWUwYjIwHhcNMjUwMTAxMTU0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODZiMWY4ZjFlZjA1MjAzZDMxNDE0Y2ZlODllYWE1OTJkODlkYjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+x6bYpFGjPxzGTU5erJCDlNJfzx
7EXePOQQtcsUEqWrNqWCz381RAHErUPTiGp3O/CSYdAHa52C1ghESa570CvJwseN
/moPCNBTo0jbo5xm2/yCeuCXlEg4kHiTXDrPl90fu8e41dP4h9WXk0puXxAeALAk
/S2L0sYznOqE1tRDf5XA1ghX9Q9hERpfzg/GYDQSWp/CwGd+qPnm0Ds66alTuo2S
ufHqVJJ4u/Z/ttX+P+A9qvU5zKnLDOBxw9iHykG1uECUFGfYyoPLRJO+9g3riOry
gSvLFMWECLXPdKIVIVjY23dUYvIhZ5mT6p8nrokBf5EnI5iJ0DQfjJeS5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIhrH48e8FID0xQUz+ieqlktidtBMB8GA1UdIwQY
MBaAFC1Mk64FHOJs+8h+/gjhCeSyzuCyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFV5VHJnVWM0bXo3eUg3LUNPRUo1TExPNExJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lZThjMWEtZTUwMS00ZjMxLTk5ZTkt
M2E2NjQwMzYwOTkzLzEvaUdzZmp4N3dVZ1BURkJUUDZKNnFXUzJKMjBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lZThjMWEtZTUwMS00ZjMxLTk5ZTktM2E2NjQwMzYwOTkz
LzEvTFV5VHJnVWM0bXo3eUg3LUNPRUo1TExPNExJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhPxMA0G
CSqGSIb3DQEBCwUAA4IBAQBE9A9RVO9L/+LlMI5W0exNDJX34rUuRXqkuig5Bzsi
cj+GJ+VKFlOT8XgDJS/gmucPZbZgV4gs2bJaK2NLYtcSXtluvtlTK6iSiHol57DT
Ho2FCr5Jw1UoZST8pd6BOedv7THroEWvA73AiKqgGqqqigicY0AE9KoKnHbecsBS
1GAnqr8fmZzSuairRNunRHO5yL3eNiFjD+A6O/w1fH/aSyBW5Ke1HgbcaPpnBym3
b1j9PNsTWKZinLvgJsYADO3fzH6i37icXpfkrvViFCQV8kt2rligo/IRRVfwhQIr
f3Ndv1V9cG+mrk7EppTIS9TUX/n9nNpcVCRNQstLYHc5
-----END CERTIFICATE-----