Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/ZxclnOZoUoT3oEHzhiXkSMrg0eg.roa
File:                     ZxclnOZoUoT3oEHzhiXkSMrg0eg.roa (raw, json)
Hash identifier:          Kr0x6iL7o5LPltcILFWfUY317piX6FAq2Hq67Mhy69s=
Subject key identifier:   67:17:25:9C:E6:68:52:84:F7:A0:41:F3:86:25:E4:48:CA:E0:D1:E8
Certificate issuer:       /CN=d25622457a1be33a01258866a067e0447dfd8964
Certificate serial:       018CC7956F0683DE3C005D58FDBEB99F5B01
Authority key identifier: D2:56:22:45:7A:1B:E3:3A:01:25:88:66:A0:67:E0:44:7D:FD:89:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0lYiRXob4zoBJYhmoGfgRH39iWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/ZxclnOZoUoT3oEHzhiXkSMrg0eg.roa
Signing time:             Tue 02 Jan 2024 00:31:48 +0000
ROA not before:           Tue 02 Jan 2024 00:31:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     26548
IP address blocks:        146.19.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/0lYiRXob4zoBJYhmoGfgRH39iWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/0lYiRXob4zoBJYhmoGfgRH39iWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0lYiRXob4zoBJYhmoGfgRH39iWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:6f:06:83:de:3c:00:5d:58:fd:be:b9:9f:5b:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d25622457a1be33a01258866a067e0447dfd8964
        Validity
            Not Before: Jan  2 00:31:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6717259ce6685284f7a041f38625e448cae0d1e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:72:3e:fc:d9:ca:9e:8d:30:cb:1e:f4:31:82:
                    9a:ba:03:a2:7e:a4:99:e0:37:6a:e1:9c:77:94:98:
                    5a:8b:3a:ab:0c:46:58:3a:aa:df:de:e5:05:0c:74:
                    ba:67:2a:cb:91:b9:37:de:2f:9d:3a:2c:35:cc:82:
                    61:29:73:2b:6d:d5:cd:d0:c9:8a:d2:ae:21:36:b6:
                    de:f5:c9:d1:8b:c5:2f:5e:22:b8:bb:0d:e2:5c:ec:
                    8d:04:a6:ee:37:a8:76:09:7d:36:64:57:e3:60:62:
                    e2:b4:a5:6d:61:37:0b:a1:7c:5d:09:02:58:b1:18:
                    1d:4a:c4:81:d7:7c:3a:ee:17:53:13:5d:4a:77:83:
                    35:59:5e:59:09:05:38:75:b0:cc:22:53:a6:3f:1d:
                    58:09:9c:f4:7f:5b:ea:58:12:8c:e3:02:2d:bb:6a:
                    c8:6b:5c:cb:09:25:d8:4b:5f:d7:cd:62:7b:1e:af:
                    6c:3c:0f:eb:32:dd:d4:4a:91:52:d2:5b:45:fd:11:
                    38:73:92:f5:73:59:9b:2a:e2:e4:c4:53:08:85:fb:
                    74:f8:f0:68:b4:dc:ff:9a:e4:af:34:a1:98:70:9a:
                    9d:15:93:73:1c:20:b0:a5:65:4f:b9:dd:21:65:45:
                    28:3c:f2:0d:42:49:f4:f9:75:ec:9f:e4:23:74:0d:
                    5c:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:17:25:9C:E6:68:52:84:F7:A0:41:F3:86:25:E4:48:CA:E0:D1:E8
            X509v3 Authority Key Identifier:
                keyid:D2:56:22:45:7A:1B:E3:3A:01:25:88:66:A0:67:E0:44:7D:FD:89:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0lYiRXob4zoBJYhmoGfgRH39iWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/ZxclnOZoUoT3oEHzhiXkSMrg0eg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/26b47b-f2ce-4f2b-9d33-45579e418ff7/1/0lYiRXob4zoBJYhmoGfgRH39iWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:54:ca:f4:34:e3:5f:6c:05:02:e8:c0:fb:c7:38:f6:a1:ce:
         dc:fb:bb:d8:9e:df:5a:6e:1a:5b:c1:57:4d:51:37:e8:28:ab:
         9e:57:b1:2a:0e:46:2f:cf:7b:de:9d:ea:d2:01:86:c2:d6:b0:
         b9:27:c2:12:32:1e:42:3f:e9:64:aa:0c:5a:92:09:e9:39:1b:
         bb:36:ff:86:ff:83:a2:38:10:14:da:a8:3d:f0:0e:9f:1f:ea:
         3f:82:a0:31:65:3b:e3:b2:cf:4f:62:0b:e8:e4:e7:e9:90:fb:
         36:51:b7:16:99:93:99:f1:de:50:d4:f6:2e:fe:33:dc:7e:53:
         fb:b0:9b:b9:97:7b:42:15:1d:79:56:84:ff:8b:95:15:8d:23:
         e7:76:d6:3c:ae:5a:67:1b:45:6d:f4:17:e2:4d:f1:70:74:10:
         5c:ff:1e:e9:5a:19:a9:24:eb:34:c0:87:9c:d5:8f:2d:01:f4:
         e1:a6:e8:79:96:96:ab:1e:d1:f6:8b:6c:88:05:d3:db:66:66:
         a6:c5:29:77:a2:46:e6:89:51:26:9b:c2:f9:28:bb:41:08:25:
         c1:ec:de:83:09:a7:58:7b:be:9c:40:2a:8c:85:2e:dc:77:88:
         e4:53:bc:e8:8c:73:64:00:be:7e:1d:9a:a6:2a:5a:58:a7:30:
         49:61:03:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlW8Gg948AF1Y/b65n1sBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNTYyMjQ1N2ExYmUzM2EwMTI1ODg2NmEwNjdlMDQ0N2Rm
ZDg5NjQwHhcNMjQwMTAyMDAzMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzE3MjU5Y2U2Njg1Mjg0ZjdhMDQxZjM4NjI1ZTQ0OGNhZTBkMWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnI+/NnKno0wyx70MYKaugOifqSZ
4Ddq4Zx3lJhaizqrDEZYOqrf3uUFDHS6ZyrLkbk33i+dOiw1zIJhKXMrbdXN0MmK
0q4hNrbe9cnRi8UvXiK4uw3iXOyNBKbuN6h2CX02ZFfjYGLitKVtYTcLoXxdCQJY
sRgdSsSB13w67hdTE11Kd4M1WV5ZCQU4dbDMIlOmPx1YCZz0f1vqWBKM4wItu2rI
a1zLCSXYS1/XzWJ7Hq9sPA/rMt3USpFS0ltF/RE4c5L1c1mbKuLkxFMIhft0+PBo
tNz/muSvNKGYcJqdFZNzHCCwpWVPud0hZUUoPPINQkn0+XXsn+QjdA1cgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGcXJZzmaFKE96BB84Yl5EjK4NHoMB8GA1UdIwQY
MBaAFNJWIkV6G+M6ASWIZqBn4ER9/YlkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGxZaVJYb2I0em9CSllobW9HZmdSSDM5aVdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC8yNmI0N2ItZjJjZS00ZjJiLTlkMzMt
NDU1NzllNDE4ZmY3LzEvWnhjbG5PWm9Vb1Qzb0VIemhpWGtTTXJnMGVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC8yNmI0N2ItZjJjZS00ZjJiLTlkMzMtNDU1NzllNDE4ZmY3
LzEvMGxZaVJYb2I0em9CSllobW9HZmdSSDM5aVdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhNOMA0G
CSqGSIb3DQEBCwUAA4IBAQB5VMr0NONfbAUC6MD7xzj2oc7c+7vYnt9abhpbwVdN
UTfoKKueV7EqDkYvz3venerSAYbC1rC5J8ISMh5CP+lkqgxakgnpORu7Nv+G/4Oi
OBAU2qg98A6fH+o/gqAxZTvjss9PYgvo5OfpkPs2UbcWmZOZ8d5Q1PYu/jPcflP7
sJu5l3tCFR15VoT/i5UVjSPndtY8rlpnG0Vt9BfiTfFwdBBc/x7pWhmpJOs0wIec
1Y8tAfThpuh5lparHtH2i2yIBdPbZmamxSl3okbmiVEmm8L5KLtBCCXB7N6DCadY
e76cQCqMhS7cd4jkU7zojHNkAL5+HZqmKlpYpzBJYQN+
-----END CERTIFICATE-----