Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/elD2CPARB_SCiElYBqX86L528iA.roa
File:                     elD2CPARB_SCiElYBqX86L528iA.roa (raw, json)
Hash identifier:          4GpojDoTFDR9/As1unQ2wQcCWk8x0pykSLzc87gKTZw=
Subject key identifier:   7A:50:F6:08:F0:11:07:F4:82:88:49:58:06:A5:FC:E8:BE:76:F2:20
Certificate issuer:       /CN=468b592f3110bc6c35249a8271a0dac1a9acb0ce
Certificate serial:       019529A179E2F865FAD7D33CD678183D9A0D
Authority key identifier: 46:8B:59:2F:31:10:BC:6C:35:24:9A:82:71:A0:DA:C1:A9:AC:B0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/elD2CPARB_SCiElYBqX86L528iA.roa
Signing time:             Fri 21 Feb 2025 17:50:02 +0000
ROA not before:           Fri 21 Feb 2025 17:50:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7018
IP address blocks:        146.19.142.0/24 maxlen: 24
                          185.218.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:04:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:29:a1:79:e2:f8:65:fa:d7:d3:3c:d6:78:18:3d:9a:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=468b592f3110bc6c35249a8271a0dac1a9acb0ce
        Validity
            Not Before: Feb 21 17:50:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7a50f608f01107f48288495806a5fce8be76f220
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:24:2f:77:cf:ec:55:b2:91:93:85:eb:5d:3d:
                    74:08:ae:02:b1:12:ef:6d:01:0c:d2:ea:e4:28:98:
                    d1:b1:4d:ae:db:77:f0:11:34:2e:e8:90:dd:2c:5b:
                    d6:65:29:63:6b:42:4d:f4:99:4a:62:61:cc:ca:00:
                    90:a5:56:f8:34:8f:f1:ae:3d:29:50:b9:31:c7:27:
                    10:e0:a7:00:dd:08:86:76:cb:a3:19:bd:92:ba:ce:
                    55:41:70:1e:1b:6e:5d:17:02:2d:41:1f:38:55:12:
                    21:81:6d:af:22:f5:4f:e6:89:55:36:94:d8:fc:23:
                    d4:c7:65:31:f2:62:8a:f5:88:8f:26:69:3b:95:e5:
                    8d:c1:3a:a7:3d:99:48:a2:f4:60:f8:9c:f7:e2:7b:
                    24:3b:3c:ad:2c:a0:ae:a0:ae:cc:1d:80:3b:68:5f:
                    c3:62:82:f0:e7:68:94:9b:04:b8:54:dc:8a:e2:7f:
                    da:d0:8c:46:51:91:4c:1b:29:66:98:7d:2c:5c:6d:
                    27:95:50:1c:b4:15:50:c8:6e:9f:ab:04:13:14:49:
                    b1:52:1a:91:c5:a9:05:da:8a:4e:00:7c:c7:f4:75:
                    0f:28:83:fa:16:e7:c3:8a:ef:56:6a:5c:6b:66:6c:
                    cc:de:87:f7:c6:b0:66:61:eb:9f:bc:ee:7a:aa:04:
                    3f:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:50:F6:08:F0:11:07:F4:82:88:49:58:06:A5:FC:E8:BE:76:F2:20
            X509v3 Authority Key Identifier:
                keyid:46:8B:59:2F:31:10:BC:6C:35:24:9A:82:71:A0:DA:C1:A9:AC:B0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/elD2CPARB_SCiElYBqX86L528iA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.142.0/24
                  185.218.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:af:ac:66:5f:ab:72:5c:19:3c:50:64:69:56:83:47:9b:56:
         45:ae:65:66:fc:e1:be:1d:5a:79:3a:e7:86:53:9e:00:22:be:
         6c:05:a7:e7:6b:6d:89:6e:22:17:6f:a1:31:ca:66:13:82:8b:
         b5:a0:87:ff:36:12:84:e9:b4:85:7c:7b:74:0e:78:ac:4e:9c:
         85:84:58:21:c8:4e:0e:50:98:b1:53:8f:54:a6:6c:2c:95:df:
         8c:b7:50:f8:88:04:ec:14:af:4d:79:58:ec:a0:89:a4:2c:c5:
         bc:a5:db:ba:2f:18:07:ee:26:a9:42:ff:58:a1:c5:81:0a:5e:
         48:74:0e:8a:2b:56:e5:86:70:df:bc:a0:71:fe:8e:13:40:28:
         71:69:1e:fe:c2:dd:35:e2:1f:03:0e:1c:75:e1:95:11:bd:01:
         59:ad:76:2c:b8:0d:19:67:0a:1b:fc:75:85:ce:0d:f0:aa:48:
         81:80:d9:26:84:8a:8f:78:9e:20:a6:0c:4e:e5:64:00:d5:19:
         c1:61:2f:5b:e2:73:18:54:79:71:54:a1:bb:1a:81:eb:fb:2e:
         d5:7d:fa:a4:20:7e:b6:f0:d5:92:65:f8:a0:c7:89:fd:d5:82:
         94:d3:18:a6:6c:82:63:52:93:3a:c0:c0:30:3c:57:2d:55:51:
         f1:5e:76:03
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZUpoXni+GX619M81ngYPZoNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2OGI1OTJmMzExMGJjNmMzNTI0OWE4MjcxYTBkYWMxYTlh
Y2IwY2UwHhcNMjUwMjIxMTc1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTUwZjYwOGYwMTEwN2Y0ODI4ODQ5NTgwNmE1ZmNlOGJlNzZmMjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiQvd8/sVbKRk4XrXT10CK4CsRLv
bQEM0urkKJjRsU2u23fwETQu6JDdLFvWZSlja0JN9JlKYmHMygCQpVb4NI/xrj0p
ULkxxycQ4KcA3QiGdsujGb2Sus5VQXAeG25dFwItQR84VRIhgW2vIvVP5olVNpTY
/CPUx2Ux8mKK9YiPJmk7leWNwTqnPZlIovRg+Jz34nskOzytLKCuoK7MHYA7aF/D
YoLw52iUmwS4VNyK4n/a0IxGUZFMGylmmH0sXG0nlVActBVQyG6fqwQTFEmxUhqR
xakF2opOAHzH9HUPKIP6FufDiu9WalxrZmzM3of3xrBmYeufvO56qgQ/xwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHpQ9gjwEQf0gohJWAal/Oi+dvIgMB8GA1UdIwQY
MBaAFEaLWS8xELxsNSSagnGg2sGprLDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUm90Wkx6RVF2R3cxSkpxQ2NhRGF3YW1zc000LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8yOWUxNjYtOThkMi00OWYyLTg0OTct
MDUwMzc0OWFkZWEwLzEvZWxEMkNQQVJCX1NDaUVsWUJxWDg2TDUyOGlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8yOWUxNjYtOThkMi00OWYyLTg0OTctMDUwMzc0OWFkZWEw
LzEvUm90Wkx6RVF2R3cxSkpxQ2NhRGF3YW1zc000LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAkhOOAwQA
udq4MA0GCSqGSIb3DQEBCwUAA4IBAQCTr6xmX6tyXBk8UGRpVoNHm1ZFrmVm/OG+
HVp5OueGU54AIr5sBafna22JbiIXb6ExymYTgou1oIf/NhKE6bSFfHt0DnisTpyF
hFghyE4OUJixU49Upmwsld+Mt1D4iATsFK9NeVjsoImkLMW8pdu6LxgH7iapQv9Y
ocWBCl5IdA6KK1blhnDfvKBx/o4TQChxaR7+wt014h8DDhx14ZURvQFZrXYsuA0Z
Zwob/HWFzg3wqkiBgNkmhIqPeJ4gpgxO5WQA1RnBYS9b4nMYVHlxVKG7GoHr+y7V
ffqkIH628NWSZfigx4n91YKU0ximbIJjUpM6wMAwPFctVVHxXnYD
-----END CERTIFICATE-----