Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/iy9K4Hze5dXCreYtZv0NttTqcas.roa
File:                     iy9K4Hze5dXCreYtZv0NttTqcas.roa (raw, json)
Hash identifier:          AVBurdvPNRlGepMff0NnwbYDGfBCooPFh7tZerQuDlo=
Subject key identifier:   8B:2F:4A:E0:7C:DE:E5:D5:C2:AD:E6:2D:66:FD:0D:B6:D4:EA:71:AB
Certificate issuer:       /CN=db1d6eba463b7564abfae938b46ed47187de0ec0
Certificate serial:       0191748C60ED9EB7B230592D2FB4C38114FA
Authority key identifier: DB:1D:6E:BA:46:3B:75:64:AB:FA:E9:38:B4:6E:D4:71:87:DE:0E:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/iy9K4Hze5dXCreYtZv0NttTqcas.roa
Signing time:             Wed 21 Aug 2024 10:47:22 +0000
ROA not before:           Wed 21 Aug 2024 10:47:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14576
IP address blocks:        146.19.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:02:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:74:8c:60:ed:9e:b7:b2:30:59:2d:2f:b4:c3:81:14:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db1d6eba463b7564abfae938b46ed47187de0ec0
        Validity
            Not Before: Aug 21 10:47:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b2f4ae07cdee5d5c2ade62d66fd0db6d4ea71ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b0:8b:e5:aa:82:6c:2b:56:6e:c9:9d:4a:83:
                    25:2d:8e:96:01:1c:44:f0:18:6e:da:6e:f3:fe:dc:
                    76:ce:d6:36:37:49:cd:ff:18:c9:dc:a0:81:b1:b4:
                    dd:c7:8b:9a:7b:04:aa:27:e3:c1:bb:e6:70:65:ce:
                    d2:e3:3d:21:74:0e:45:18:91:51:5f:10:c4:3f:2c:
                    c6:ae:87:85:ea:24:85:e2:67:65:52:cd:84:06:0c:
                    bb:4f:3e:fa:94:41:ee:6d:25:23:dd:89:53:65:3b:
                    fd:a6:3d:80:d0:22:ca:a6:fd:20:c6:52:0f:c9:a0:
                    17:bc:2f:33:c9:1a:52:df:ad:ec:95:69:94:19:99:
                    0c:86:94:55:bb:4a:54:fd:e2:0c:b7:3e:8c:9a:22:
                    e1:81:3e:a7:1f:53:bb:e5:d0:a5:08:5c:95:6a:db:
                    c8:0a:5a:8c:35:1b:dd:24:7f:3a:39:b4:05:0d:ba:
                    f7:b0:74:26:97:de:7e:30:a9:58:77:95:d7:1a:93:
                    cf:61:ee:57:e6:b4:b5:26:b1:b8:8d:de:d9:6b:72:
                    80:f3:52:c8:8e:bd:ba:e8:7d:f3:7e:0b:78:dc:38:
                    28:6f:ed:4c:26:e6:f2:c0:fc:cb:fe:bf:d2:43:67:
                    4e:6b:3e:8b:76:14:7e:0d:13:7f:42:5c:58:01:92:
                    db:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:2F:4A:E0:7C:DE:E5:D5:C2:AD:E6:2D:66:FD:0D:B6:D4:EA:71:AB
            X509v3 Authority Key Identifier:
                keyid:DB:1D:6E:BA:46:3B:75:64:AB:FA:E9:38:B4:6E:D4:71:87:DE:0E:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/iy9K4Hze5dXCreYtZv0NttTqcas.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:54:c7:0b:b2:c3:83:d3:ad:48:e0:bb:35:b5:75:4b:89:1b:
         81:ab:5c:a4:18:c5:dd:e5:1a:e2:d6:81:75:18:e5:5e:a1:26:
         4a:c7:43:40:5f:39:d6:7e:71:fc:c0:4d:56:71:aa:ce:3a:3e:
         a3:f5:5d:b9:90:a6:b2:68:0f:ac:51:8a:16:0b:ee:78:37:a0:
         19:8b:74:f4:69:a2:f3:4e:e1:1f:80:45:03:b2:84:aa:7b:82:
         2a:f4:ff:06:a3:a1:f6:40:98:00:bf:a3:71:ab:4b:9a:8b:3b:
         ad:2c:00:06:ec:7c:37:c8:75:78:ba:31:c8:17:e9:70:e4:a1:
         a6:66:29:2c:3d:25:84:33:74:8e:44:97:ed:a6:39:18:79:e3:
         8c:46:4f:6f:a4:7e:b7:22:26:6e:87:f0:e6:bc:04:55:5e:b6:
         a2:02:1c:0f:20:ee:59:3a:60:78:65:cb:c8:aa:00:ed:cb:2f:
         38:37:b7:de:12:d1:c3:c1:db:21:7c:15:60:1f:ee:94:e2:d0:
         d4:2b:ea:cf:87:2a:99:67:bc:88:29:10:cf:9f:48:50:59:28:
         62:f2:f8:8d:48:c7:e3:c4:ce:24:ac:b9:4c:e8:e0:3f:56:de:
         78:75:e2:28:ef:45:4c:da:7b:2d:90:ee:d5:09:ce:a2:91:54:
         ae:9a:4d:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZF0jGDtnreyMFktL7TDgRT6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiMWQ2ZWJhNDYzYjc1NjRhYmZhZTkzOGI0NmVkNDcxODdk
ZTBlYzAwHhcNMjQwODIxMTA0NzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjJmNGFlMDdjZGVlNWQ1YzJhZGU2MmQ2NmZkMGRiNmQ0ZWE3MWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLCL5aqCbCtWbsmdSoMlLY6WARxE
8Bhu2m7z/tx2ztY2N0nN/xjJ3KCBsbTdx4uaewSqJ+PBu+ZwZc7S4z0hdA5FGJFR
XxDEPyzGroeF6iSF4mdlUs2EBgy7Tz76lEHubSUj3YlTZTv9pj2A0CLKpv0gxlIP
yaAXvC8zyRpS363slWmUGZkMhpRVu0pU/eIMtz6MmiLhgT6nH1O75dClCFyVatvI
ClqMNRvdJH86ObQFDbr3sHQml95+MKlYd5XXGpPPYe5X5rS1JrG4jd7Za3KA81LI
jr266H3zfgt43Dgob+1MJubywPzL/r/SQ2dOaz6LdhR+DRN/QlxYAZLbbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIsvSuB83uXVwq3mLWb9DbbU6nGrMB8GA1UdIwQY
MBaAFNsdbrpGO3Vkq/rpOLRu1HGH3g7AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMngxdXVrWTdkV1NyLXVrNHRHN1VjWWZlRHNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80ZjY5ODUtYjk0YS00N2NjLWEzMDAt
NmYyY2Y0ZjAzY2ViLzEvaXk5SzRIemU1ZFhDcmVZdFp2ME50dFRxY2FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80ZjY5ODUtYjk0YS00N2NjLWEzMDAtNmYyY2Y0ZjAzY2Vi
LzEvMngxdXVrWTdkV1NyLXVrNHRHN1VjWWZlRHNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhOMMA0G
CSqGSIb3DQEBCwUAA4IBAQAZVMcLssOD061I4Ls1tXVLiRuBq1ykGMXd5Rri1oF1
GOVeoSZKx0NAXznWfnH8wE1WcarOOj6j9V25kKayaA+sUYoWC+54N6AZi3T0aaLz
TuEfgEUDsoSqe4Iq9P8Go6H2QJgAv6Nxq0uaizutLAAG7Hw3yHV4ujHIF+lw5KGm
ZiksPSWEM3SORJftpjkYeeOMRk9vpH63IiZuh/DmvARVXraiAhwPIO5ZOmB4ZcvI
qgDtyy84N7feEtHDwdshfBVgH+6U4tDUK+rPhyqZZ7yIKRDPn0hQWShi8viNSMfj
xM4krLlM6OA/Vt54deIo70VM2nstkO7VCc6ikVSumk2E
-----END CERTIFICATE-----