Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/790e87-201a-4543-b46c-7298c47454fe/1/x-9Hcz59Zpp5eXVUxitv_8kRf7s.roa
File:                     x-9Hcz59Zpp5eXVUxitv_8kRf7s.roa (raw, json)
Hash identifier:          YRW3doTFYaOz0XNWG6LXnOsbFf5KgyzB4+PUiHLwEBw=
Subject key identifier:   C7:EF:47:73:3E:7D:66:9A:79:79:75:54:C6:2B:6F:FF:C9:11:7F:BB
Certificate issuer:       /CN=1ee51ed90c49cae92fca2e8238114c7638380483
Certificate serial:       018CC42455978D25516FDA1732F21B6683B7
Authority key identifier: 1E:E5:1E:D9:0C:49:CA:E9:2F:CA:2E:82:38:11:4C:76:38:38:04:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HuUe2QxJyukvyi6COBFMdjg4BIM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/790e87-201a-4543-b46c-7298c47454fe/1/x-9Hcz59Zpp5eXVUxitv_8kRf7s.roa
Signing time:             Mon 01 Jan 2024 08:29:24 +0000
ROA not before:           Mon 01 Jan 2024 08:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49321
IP address blocks:        146.19.146.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/790e87-201a-4543-b46c-7298c47454fe/1/HuUe2QxJyukvyi6COBFMdjg4BIM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/790e87-201a-4543-b46c-7298c47454fe/1/HuUe2QxJyukvyi6COBFMdjg4BIM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HuUe2QxJyukvyi6COBFMdjg4BIM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 10:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:55:97:8d:25:51:6f:da:17:32:f2:1b:66:83:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ee51ed90c49cae92fca2e8238114c7638380483
        Validity
            Not Before: Jan  1 08:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7ef47733e7d669a79797554c62b6fffc9117fbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:c1:45:fb:11:7a:40:15:66:77:12:c1:53:95:
                    ba:58:d7:cc:be:90:8b:55:a0:3d:e5:d3:80:8e:ec:
                    b3:3d:7d:72:6a:6b:9b:56:e5:a2:88:54:34:b8:bc:
                    af:9d:3e:b1:50:69:7a:f4:17:89:7d:f3:3c:84:da:
                    f8:c1:cb:d1:1a:29:fd:2f:68:bb:70:ba:3e:8b:6c:
                    3e:8f:58:62:4d:7b:3d:42:7c:11:d6:40:1a:f3:1c:
                    8e:b1:14:6f:b1:29:bb:65:69:7c:f0:29:28:e8:88:
                    3c:8c:77:94:b6:e0:13:c3:51:3a:b6:c7:b5:5b:61:
                    6f:f2:0c:a1:cd:c6:4c:5c:36:d3:51:94:b8:c8:7c:
                    42:12:18:ee:3d:78:7d:9c:30:0d:33:7e:48:a0:b8:
                    57:35:9d:db:91:10:b0:11:2a:54:82:cf:c8:6c:4d:
                    86:51:a7:d0:a3:f3:b7:2b:18:1d:f5:73:57:86:d6:
                    6d:93:2f:4f:b0:03:55:b0:33:26:83:55:f6:d9:4a:
                    5a:a7:dd:ae:4c:34:9a:4f:0c:4b:2c:c4:6a:c8:62:
                    6c:9b:32:06:8e:19:a7:63:87:d4:3f:47:75:94:08:
                    e0:b0:8b:6f:80:00:9c:50:99:b8:dc:51:e4:97:b3:
                    a4:c9:1a:07:7f:d9:92:07:5b:0e:88:56:16:94:44:
                    88:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:EF:47:73:3E:7D:66:9A:79:79:75:54:C6:2B:6F:FF:C9:11:7F:BB
            X509v3 Authority Key Identifier:
                keyid:1E:E5:1E:D9:0C:49:CA:E9:2F:CA:2E:82:38:11:4C:76:38:38:04:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HuUe2QxJyukvyi6COBFMdjg4BIM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/790e87-201a-4543-b46c-7298c47454fe/1/x-9Hcz59Zpp5eXVUxitv_8kRf7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/790e87-201a-4543-b46c-7298c47454fe/1/HuUe2QxJyukvyi6COBFMdjg4BIM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:31:13:13:1d:4a:92:d2:60:26:9f:fb:d6:90:76:89:5f:41:
         ee:a2:9c:c4:d2:ec:96:a3:76:9b:bc:ac:90:5f:36:4f:41:f4:
         9c:53:92:91:1c:50:1a:a4:88:6d:e9:85:ad:6c:ed:03:57:2f:
         c6:03:95:9a:87:2e:3c:38:f0:d3:09:04:6c:b7:94:52:1d:9e:
         77:4b:ce:52:29:24:73:7a:14:82:0c:f8:cd:dc:6a:7c:fe:7c:
         25:e5:03:42:be:f8:af:9b:a3:6d:2f:9e:5b:38:c2:31:09:d6:
         a8:cb:d4:06:2f:ce:97:82:0a:97:d7:f8:65:cf:b2:1b:e1:43:
         e5:60:54:49:a6:f8:d2:ce:6b:5e:a2:b7:49:4d:83:80:40:40:
         24:27:ee:6f:c7:cf:80:b7:d9:78:d6:43:1e:96:4d:ca:51:b6:
         53:af:13:dc:9c:07:1a:28:04:2d:fb:37:0b:5c:4a:4f:a1:fa:
         9d:e2:7a:ea:2c:b3:33:1e:e0:10:74:27:30:3f:50:c8:ab:87:
         e6:67:5a:37:24:45:c0:97:8d:6e:14:73:6a:2f:29:78:47:54:
         ce:cb:7e:64:45:87:19:b4:de:39:3b:54:24:a9:c1:35:52:9f:
         44:ab:b3:31:68:d2:91:f7:b0:37:d7:f5:c7:d4:8f:91:91:db:
         6a:b3:ba:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJFWXjSVRb9oXMvIbZoO3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlZTUxZWQ5MGM0OWNhZTkyZmNhMmU4MjM4MTE0Yzc2Mzgz
ODA0ODMwHhcNMjQwMTAxMDgyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2VmNDc3MzNlN2Q2NjlhNzk3OTc1NTRjNjJiNmZmZmM5MTE3ZmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA18FF+xF6QBVmdxLBU5W6WNfMvpCL
VaA95dOAjuyzPX1yamubVuWiiFQ0uLyvnT6xUGl69BeJffM8hNr4wcvRGin9L2i7
cLo+i2w+j1hiTXs9QnwR1kAa8xyOsRRvsSm7ZWl88Cko6Ig8jHeUtuATw1E6tse1
W2Fv8gyhzcZMXDbTUZS4yHxCEhjuPXh9nDANM35IoLhXNZ3bkRCwESpUgs/IbE2G
UafQo/O3Kxgd9XNXhtZtky9PsANVsDMmg1X22Upap92uTDSaTwxLLMRqyGJsmzIG
jhmnY4fUP0d1lAjgsItvgACcUJm43FHkl7OkyRoHf9mSB1sOiFYWlESIuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMfvR3M+fWaaeXl1VMYrb//JEX+7MB8GA1UdIwQY
MBaAFB7lHtkMScrpL8ougjgRTHY4OASDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHVVZTJReEp5dWt2eWk2Q09CRk1kamc0QklNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi83OTBlODctMjAxYS00NTQzLWI0NmMt
NzI5OGM0NzQ1NGZlLzEveC05SGN6NTlacHA1ZVhWVXhpdHZfOGtSZjdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi83OTBlODctMjAxYS00NTQzLWI0NmMtNzI5OGM0NzQ1NGZl
LzEvSHVVZTJReEp5dWt2eWk2Q09CRk1kamc0QklNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhOSMA0G
CSqGSIb3DQEBCwUAA4IBAQBqMRMTHUqS0mAmn/vWkHaJX0HuopzE0uyWo3abvKyQ
XzZPQfScU5KRHFAapIht6YWtbO0DVy/GA5Wahy48OPDTCQRst5RSHZ53S85SKSRz
ehSCDPjN3Gp8/nwl5QNCvvivm6NtL55bOMIxCdaoy9QGL86XggqX1/hlz7Ib4UPl
YFRJpvjSzmteordJTYOAQEAkJ+5vx8+At9l41kMelk3KUbZTrxPcnAcaKAQt+zcL
XEpPofqd4nrqLLMzHuAQdCcwP1DIq4fmZ1o3JEXAl41uFHNqLyl4R1TOy35kRYcZ
tN45O1QkqcE1Up9Eq7MxaNKR97A31/XH1I+Rkdtqs7r7
-----END CERTIFICATE-----