Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/0df1c2-9ad3-41ca-a12e-9f79143e9c60/1/6EzOJnTqlHrk6sDmleK6khFQqH0.roa
File:                     6EzOJnTqlHrk6sDmleK6khFQqH0.roa (raw, json)
Hash identifier:          kBjPY2MyoCvwA27mK4+02rMIQybwvWGRSmN8TD7uIno=
Subject key identifier:   E8:4C:CE:26:74:EA:94:7A:E4:EA:C0:E6:95:E2:BA:92:11:50:A8:7D
Certificate issuer:       /CN=26f55db66c509a9c0a6dfeb023770d5b2ac860b9
Certificate serial:       018FFDBB4235BC95C6270386D4F2ECD9E4A5
Authority key identifier: 26:F5:5D:B6:6C:50:9A:9C:0A:6D:FE:B0:23:77:0D:5B:2A:C8:60:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JvVdtmxQmpwKbf6wI3cNWyrIYLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/0df1c2-9ad3-41ca-a12e-9f79143e9c60/1/6EzOJnTqlHrk6sDmleK6khFQqH0.roa
Signing time:             Sun 09 Jun 2024 16:00:58 +0000
ROA not before:           Sun 09 Jun 2024 16:00:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200019
IP address blocks:        146.19.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/0df1c2-9ad3-41ca-a12e-9f79143e9c60/1/JvVdtmxQmpwKbf6wI3cNWyrIYLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/0df1c2-9ad3-41ca-a12e-9f79143e9c60/1/JvVdtmxQmpwKbf6wI3cNWyrIYLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JvVdtmxQmpwKbf6wI3cNWyrIYLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:fd:bb:42:35:bc:95:c6:27:03:86:d4:f2:ec:d9:e4:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26f55db66c509a9c0a6dfeb023770d5b2ac860b9
        Validity
            Not Before: Jun  9 16:00:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e84cce2674ea947ae4eac0e695e2ba921150a87d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ab:a8:48:0a:74:f3:af:b6:a1:04:c1:e8:f8:
                    f8:55:a6:e2:c9:e3:eb:ee:9f:44:12:2c:e5:76:6a:
                    ed:45:52:91:73:5c:08:7b:8f:3a:06:f7:fc:8f:ea:
                    06:74:eb:64:24:97:05:79:2d:74:8b:67:6a:68:8a:
                    82:61:45:f8:35:b0:9c:3c:3e:07:31:56:ca:6f:e0:
                    a2:09:de:e7:ba:f4:b3:a3:8b:6c:d9:f2:46:8c:6c:
                    9b:29:da:f5:b3:62:ce:93:b7:d1:16:1c:83:93:b0:
                    b3:c8:fb:84:65:10:15:bf:81:b7:d8:11:88:af:19:
                    5b:77:b4:57:7a:46:61:c2:98:27:6e:51:0e:4b:17:
                    ec:60:1b:2f:aa:99:41:8e:48:f5:3b:a4:10:db:3c:
                    3b:51:04:bf:b6:23:6f:57:24:87:de:21:ee:3e:b5:
                    93:4c:a6:1e:a0:fe:1f:db:60:d3:2c:81:03:4c:d7:
                    99:f0:46:db:ef:68:a8:c3:11:e6:20:8a:04:9b:34:
                    e5:25:4d:2f:36:29:9e:a1:d0:4b:4d:ab:5a:95:64:
                    e6:55:ee:06:21:27:e0:33:81:02:e0:dc:e4:66:15:
                    74:69:5a:19:fc:8a:f4:ac:33:ac:82:3a:fb:91:96:
                    ff:48:46:24:69:30:61:dc:ab:42:0a:69:2e:dc:cf:
                    d7:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:4C:CE:26:74:EA:94:7A:E4:EA:C0:E6:95:E2:BA:92:11:50:A8:7D
            X509v3 Authority Key Identifier:
                keyid:26:F5:5D:B6:6C:50:9A:9C:0A:6D:FE:B0:23:77:0D:5B:2A:C8:60:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JvVdtmxQmpwKbf6wI3cNWyrIYLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/0df1c2-9ad3-41ca-a12e-9f79143e9c60/1/6EzOJnTqlHrk6sDmleK6khFQqH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/0df1c2-9ad3-41ca-a12e-9f79143e9c60/1/JvVdtmxQmpwKbf6wI3cNWyrIYLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:47:88:67:63:c4:8c:7b:1b:f1:41:d8:7e:18:dc:ac:5c:b7:
         55:a3:97:9f:04:8e:12:36:22:50:b2:22:3c:49:73:d5:c6:e8:
         1c:62:43:72:1f:d7:9d:7d:43:90:1a:08:6c:93:66:59:0b:d0:
         34:95:3f:10:f7:e8:cc:8a:3a:68:fb:cb:89:f4:bf:da:a7:70:
         29:22:bd:73:21:17:95:fa:c9:9c:7c:e6:a8:2f:e5:4f:fd:70:
         9d:4f:b1:35:70:a5:5a:63:84:53:7c:c3:c9:f2:7c:3f:ec:38:
         98:e8:d2:03:da:1f:15:53:3e:ac:b8:fb:93:88:9a:cf:af:53:
         bd:2d:1d:aa:e8:b2:ae:0c:06:e0:11:25:04:cb:67:59:c1:24:
         61:60:2c:8f:26:44:c7:76:e8:50:0a:3d:48:bb:0b:16:cb:50:
         74:74:fe:b5:1d:8c:3c:07:60:1e:50:66:94:09:b6:b8:4d:44:
         ad:80:43:cf:24:38:96:a6:13:46:e8:2c:a3:92:36:4d:da:f5:
         fd:8d:4a:81:d7:bd:c2:aa:c3:0d:cd:31:38:fc:6a:0b:ae:11:
         ef:eb:d3:da:d8:37:c2:de:c7:fd:86:f1:23:a8:74:29:3a:98:
         93:1f:9e:48:d0:49:b1:9c:46:a3:37:a7:80:a5:30:e3:08:21:
         dc:9a:0d:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/9u0I1vJXGJwOG1PLs2eSlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2ZjU1ZGI2NmM1MDlhOWMwYTZkZmViMDIzNzcwZDViMmFj
ODYwYjkwHhcNMjQwNjA5MTYwMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODRjY2UyNjc0ZWE5NDdhZTRlYWMwZTY5NWUyYmE5MjExNTBhODdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqquoSAp086+2oQTB6Pj4VabiyePr
7p9EEizldmrtRVKRc1wIe486Bvf8j+oGdOtkJJcFeS10i2dqaIqCYUX4NbCcPD4H
MVbKb+CiCd7nuvSzo4ts2fJGjGybKdr1s2LOk7fRFhyDk7CzyPuEZRAVv4G32BGI
rxlbd7RXekZhwpgnblEOSxfsYBsvqplBjkj1O6QQ2zw7UQS/tiNvVySH3iHuPrWT
TKYeoP4f22DTLIEDTNeZ8Ebb72iowxHmIIoEmzTlJU0vNimeodBLTatalWTmVe4G
ISfgM4EC4NzkZhV0aVoZ/Ir0rDOsgjr7kZb/SEYkaTBh3KtCCmku3M/XzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOhMziZ06pR65OrA5pXiupIRUKh9MB8GA1UdIwQY
MBaAFCb1XbZsUJqcCm3+sCN3DVsqyGC5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnZWZHRteFFtcHdLYmY2d0kzY05XeXJJWUxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8wZGYxYzItOWFkMy00MWNhLWExMmUt
OWY3OTE0M2U5YzYwLzEvNkV6T0puVHFsSHJrNnNEbWxlSzZraEZRcUgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8wZGYxYzItOWFkMy00MWNhLWExMmUtOWY3OTE0M2U5YzYw
LzEvSnZWZHRteFFtcHdLYmY2d0kzY05XeXJJWUxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhPVMA0G
CSqGSIb3DQEBCwUAA4IBAQBlR4hnY8SMexvxQdh+GNysXLdVo5efBI4SNiJQsiI8
SXPVxugcYkNyH9edfUOQGghsk2ZZC9A0lT8Q9+jMijpo+8uJ9L/ap3ApIr1zIReV
+smcfOaoL+VP/XCdT7E1cKVaY4RTfMPJ8nw/7DiY6NID2h8VUz6suPuTiJrPr1O9
LR2q6LKuDAbgESUEy2dZwSRhYCyPJkTHduhQCj1IuwsWy1B0dP61HYw8B2AeUGaU
Cba4TUStgEPPJDiWphNG6CyjkjZN2vX9jUqB173CqsMNzTE4/GoLrhHv69Pa2DfC
3sf9hvEjqHQpOpiTH55I0EmxnEajN6eApTDjCCHcmg3k
-----END CERTIFICATE-----