Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/8u1Ww9yNVHCXoKy959EsUaU71zs.roa
File:                     8u1Ww9yNVHCXoKy959EsUaU71zs.roa (raw, json)
Hash identifier:          MCjwWNvinwMVi61YdY3QarB5BMMcy4gUuYfqYD2T3PI=
Subject key identifier:   F2:ED:56:C3:DC:8D:54:70:97:A0:AC:BD:E7:D1:2C:51:A5:3B:D7:3B
Certificate issuer:       /CN=468b592f3110bc6c35249a8271a0dac1a9acb0ce
Certificate serial:       0194236918BFDE556D29CC84ADE19F57BD7B
Authority key identifier: 46:8B:59:2F:31:10:BC:6C:35:24:9A:82:71:A0:DA:C1:A9:AC:B0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/8u1Ww9yNVHCXoKy959EsUaU71zs.roa
Signing time:             Wed 01 Jan 2025 19:47:57 +0000
ROA not before:           Wed 01 Jan 2025 19:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206750
IP address blocks:        146.19.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 02:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:18:bf:de:55:6d:29:cc:84:ad:e1:9f:57:bd:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=468b592f3110bc6c35249a8271a0dac1a9acb0ce
        Validity
            Not Before: Jan  1 19:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f2ed56c3dc8d547097a0acbde7d12c51a53bd73b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ec:33:47:a6:2b:80:df:d3:41:2c:b3:b5:9a:
                    ba:00:8e:b8:c9:57:50:b6:9b:08:6b:ab:03:b4:79:
                    2d:15:50:51:86:0b:36:2c:f8:bf:5e:f3:71:f9:8b:
                    54:1d:80:91:e9:3c:5f:ac:99:7c:53:22:dd:f4:e0:
                    05:71:7e:87:af:49:cf:e9:40:5f:95:d9:e9:2e:a8:
                    eb:76:21:7b:40:c2:a4:6a:94:cb:73:69:57:fa:8a:
                    18:b2:d0:16:5c:d5:fd:63:e4:be:3d:dd:81:f8:39:
                    a3:7c:3e:a2:56:b1:63:fb:67:a0:4c:b8:bd:03:44:
                    3e:59:de:d8:d7:b8:6d:1f:a3:21:15:08:23:73:b6:
                    d1:0a:4a:c5:b5:22:65:61:bc:45:86:e9:37:9e:f4:
                    5f:df:ca:e8:be:ef:50:65:24:6b:2f:e3:39:c3:87:
                    10:62:cc:94:54:26:2c:dd:31:79:f7:34:9d:88:8b:
                    3b:8c:4c:c5:d7:43:7d:d7:f0:39:b6:47:1e:9d:75:
                    13:af:b1:ed:d9:c7:ed:ee:89:a6:37:7e:4a:e1:37:
                    c6:5e:8e:4f:cb:4d:eb:6d:4b:09:9d:0a:9c:d7:67:
                    37:00:a9:c9:7b:f2:2a:27:bd:73:40:6c:1e:0b:97:
                    87:21:99:79:1f:75:38:44:f0:24:1e:15:17:8c:1c:
                    1e:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:ED:56:C3:DC:8D:54:70:97:A0:AC:BD:E7:D1:2C:51:A5:3B:D7:3B
            X509v3 Authority Key Identifier:
                keyid:46:8B:59:2F:31:10:BC:6C:35:24:9A:82:71:A0:DA:C1:A9:AC:B0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/8u1Ww9yNVHCXoKy959EsUaU71zs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:42:cf:de:80:92:17:90:34:96:97:09:1f:a6:56:98:10:c5:
         0c:86:f4:32:d9:ed:b7:76:0e:99:a7:f1:3b:67:2c:04:ef:a3:
         2e:3e:a4:0a:8a:b9:e1:ea:89:1d:de:9b:47:ad:50:67:97:60:
         42:eb:2d:b7:21:bd:33:f8:a9:2e:ad:ae:56:3a:9e:9f:3d:e5:
         a9:bf:1c:69:98:c6:2e:a0:16:24:02:fc:b4:4a:f2:7e:4b:36:
         a2:cd:e4:43:4a:10:4c:f9:80:01:b5:fe:94:d6:c6:f9:b6:a6:
         94:c1:74:65:08:cf:f7:d4:5b:91:7d:73:07:33:45:22:85:c6:
         d3:5c:ea:eb:56:16:da:ad:d3:8c:a8:d8:f8:5c:a1:e4:b4:03:
         20:9f:f4:24:3e:2f:8d:14:a3:7a:d4:38:77:3c:0a:38:58:4b:
         43:f9:e3:42:de:9a:27:ca:a8:09:a4:5e:06:56:0f:22:2c:01:
         40:ea:7c:e9:9c:2b:6e:80:75:42:94:f4:03:08:68:7e:78:99:
         4e:ad:ae:2a:2d:7c:fb:ef:2e:71:36:58:de:8f:6c:cc:f5:62:
         3d:e2:e1:06:b3:fa:d6:84:6c:52:95:4c:c4:c0:44:26:9d:ad:
         52:c0:96:49:4c:75:eb:b3:c1:57:db:22:20:b7:81:e5:6b:84:
         9f:5f:8b:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaRi/3lVtKcyEreGfV717MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2OGI1OTJmMzExMGJjNmMzNTI0OWE4MjcxYTBkYWMxYTlh
Y2IwY2UwHhcNMjUwMTAxMTk0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmVkNTZjM2RjOGQ1NDcwOTdhMGFjYmRlN2QxMmM1MWE1M2JkNzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+wzR6YrgN/TQSyztZq6AI64yVdQ
tpsIa6sDtHktFVBRhgs2LPi/XvNx+YtUHYCR6TxfrJl8UyLd9OAFcX6Hr0nP6UBf
ldnpLqjrdiF7QMKkapTLc2lX+ooYstAWXNX9Y+S+Pd2B+DmjfD6iVrFj+2egTLi9
A0Q+Wd7Y17htH6MhFQgjc7bRCkrFtSJlYbxFhuk3nvRf38rovu9QZSRrL+M5w4cQ
YsyUVCYs3TF59zSdiIs7jEzF10N91/A5tkcenXUTr7Ht2cft7ommN35K4TfGXo5P
y03rbUsJnQqc12c3AKnJe/IqJ71zQGweC5eHIZl5H3U4RPAkHhUXjBwetQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPLtVsPcjVRwl6CsvefRLFGlO9c7MB8GA1UdIwQY
MBaAFEaLWS8xELxsNSSagnGg2sGprLDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUm90Wkx6RVF2R3cxSkpxQ2NhRGF3YW1zc000LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8yOWUxNjYtOThkMi00OWYyLTg0OTct
MDUwMzc0OWFkZWEwLzEvOHUxV3c5eU5WSENYb0t5OTU5RXNVYVU3MXpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8yOWUxNjYtOThkMi00OWYyLTg0OTctMDUwMzc0OWFkZWEw
LzEvUm90Wkx6RVF2R3cxSkpxQ2NhRGF3YW1zc000LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhMyMA0G
CSqGSIb3DQEBCwUAA4IBAQBbQs/egJIXkDSWlwkfplaYEMUMhvQy2e23dg6Zp/E7
ZywE76MuPqQKirnh6okd3ptHrVBnl2BC6y23Ib0z+Kkura5WOp6fPeWpvxxpmMYu
oBYkAvy0SvJ+SzaizeRDShBM+YABtf6U1sb5tqaUwXRlCM/31FuRfXMHM0UihcbT
XOrrVhbardOMqNj4XKHktAMgn/QkPi+NFKN61Dh3PAo4WEtD+eNC3ponyqgJpF4G
Vg8iLAFA6nzpnCtugHVClPQDCGh+eJlOra4qLXz77y5xNljej2zM9WI94uEGs/rW
hGxSlUzEwEQmna1SwJZJTHXrs8FX2yIgt4Hla4SfX4vI
-----END CERTIFICATE-----