Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/0df1c2-9ad3-41ca-a12e-9f79143e9c60/1/t47vqYwv2G3DAYynilnZaPwBdt8.roa
File:                     t47vqYwv2G3DAYynilnZaPwBdt8.roa (raw, json)
Hash identifier:          eahrZmg7Ju2njD73hmtcd57eF59Rg6jrVBZ6sVKncgM=
Subject key identifier:   B7:8E:EF:A9:8C:2F:D8:6D:C3:01:8C:A7:8A:59:D9:68:FC:01:76:DF
Certificate issuer:       /CN=26f55db66c509a9c0a6dfeb023770d5b2ac860b9
Certificate serial:       018CC26CFE41691A005F371373F9E85458ED
Authority key identifier: 26:F5:5D:B6:6C:50:9A:9C:0A:6D:FE:B0:23:77:0D:5B:2A:C8:60:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JvVdtmxQmpwKbf6wI3cNWyrIYLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/0df1c2-9ad3-41ca-a12e-9f79143e9c60/1/t47vqYwv2G3DAYynilnZaPwBdt8.roa
Signing time:             Mon 01 Jan 2024 00:29:31 +0000
ROA not before:           Mon 01 Jan 2024 00:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200019
IP address blocks:        146.19.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/0df1c2-9ad3-41ca-a12e-9f79143e9c60/1/JvVdtmxQmpwKbf6wI3cNWyrIYLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/0df1c2-9ad3-41ca-a12e-9f79143e9c60/1/JvVdtmxQmpwKbf6wI3cNWyrIYLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JvVdtmxQmpwKbf6wI3cNWyrIYLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 13:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:fe:41:69:1a:00:5f:37:13:73:f9:e8:54:58:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26f55db66c509a9c0a6dfeb023770d5b2ac860b9
        Validity
            Not Before: Jan  1 00:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b78eefa98c2fd86dc3018ca78a59d968fc0176df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:40:33:24:ed:f4:4b:89:87:a9:51:d4:99:46:
                    d7:57:14:94:82:9a:1d:47:78:5c:46:0b:11:4c:59:
                    60:6d:03:c1:85:da:e2:cf:a2:db:a5:a1:cb:0f:c8:
                    fc:22:68:91:27:6f:07:f7:7c:18:80:ad:6f:26:e2:
                    26:2d:13:34:8a:39:35:71:ef:2b:82:12:67:bf:82:
                    e2:20:51:c9:f4:3a:cf:31:2f:0f:99:72:ce:f4:83:
                    f9:a8:d7:a1:3d:5d:d4:28:07:7c:38:90:b6:7a:10:
                    26:52:d7:89:2f:c4:28:d5:1d:70:12:ff:4b:2e:05:
                    be:1b:5e:12:07:f1:71:38:32:47:8f:86:90:b9:fb:
                    d4:d8:3d:72:0c:9a:a2:9f:f1:67:46:aa:ac:30:70:
                    a4:ad:b2:bd:62:3d:32:94:df:e0:41:7e:2a:c6:9c:
                    78:21:2b:ba:a6:ea:04:c4:fa:d1:b4:97:fe:33:b2:
                    cb:f8:93:35:f6:9f:52:ac:42:01:55:97:65:04:81:
                    ee:a7:1b:22:85:36:05:e2:c5:03:4a:bd:4f:11:c1:
                    42:ad:f9:98:a2:4b:4a:78:b1:b2:23:fb:d0:4a:b8:
                    e6:b1:d5:dc:88:38:d5:eb:b9:55:af:aa:5b:b5:c3:
                    ab:e6:d6:a7:2e:49:26:84:c2:77:f0:e1:50:4a:45:
                    67:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:8E:EF:A9:8C:2F:D8:6D:C3:01:8C:A7:8A:59:D9:68:FC:01:76:DF
            X509v3 Authority Key Identifier:
                keyid:26:F5:5D:B6:6C:50:9A:9C:0A:6D:FE:B0:23:77:0D:5B:2A:C8:60:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JvVdtmxQmpwKbf6wI3cNWyrIYLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/0df1c2-9ad3-41ca-a12e-9f79143e9c60/1/t47vqYwv2G3DAYynilnZaPwBdt8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/0df1c2-9ad3-41ca-a12e-9f79143e9c60/1/JvVdtmxQmpwKbf6wI3cNWyrIYLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:5a:24:7c:ee:80:10:51:62:06:7d:66:88:b9:72:86:94:13:
         6f:ca:b5:e0:1c:c3:e4:41:92:7e:2b:1b:a6:8c:e7:24:2a:07:
         d3:d2:4d:17:75:e3:b9:7d:01:84:ec:0d:19:6e:87:2c:ab:28:
         8f:5e:f5:6a:de:45:b1:65:37:05:14:fb:c3:14:9c:80:2a:91:
         d6:42:58:36:cf:03:fe:5e:5f:e0:61:64:6a:c6:1d:c3:64:d5:
         12:c1:66:8c:5a:92:b9:37:ed:5a:bb:06:79:4c:61:3e:fb:bf:
         3a:9e:5a:99:6e:40:7e:93:33:10:71:6b:34:ef:ae:dc:3c:3d:
         7a:d3:62:0f:7a:f4:c3:6d:55:b4:56:25:a8:e6:93:c5:bd:28:
         b3:8d:73:1f:ec:42:dd:1d:43:b9:08:0f:6d:a4:8e:d6:ba:c1:
         35:42:dc:66:5b:ff:7a:75:e9:1e:91:30:15:18:a4:af:e1:85:
         b4:fd:0a:06:71:8c:1a:36:5d:2a:20:24:e0:aa:c6:86:7f:24:
         d1:28:08:c8:42:a5:29:a7:47:79:61:a7:e4:74:08:e2:32:c3:
         b0:1e:2f:b9:2d:41:74:86:99:9a:96:09:51:74:76:67:74:3c:
         46:ba:f7:74:9f:d8:ce:ae:b7:78:89:cc:ca:71:bc:36:69:5e:
         9e:17:02:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbP5BaRoAXzcTc/noVFjtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2ZjU1ZGI2NmM1MDlhOWMwYTZkZmViMDIzNzcwZDViMmFj
ODYwYjkwHhcNMjQwMTAxMDAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzhlZWZhOThjMmZkODZkYzMwMThjYTc4YTU5ZDk2OGZjMDE3NmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnEAzJO30S4mHqVHUmUbXVxSUgpod
R3hcRgsRTFlgbQPBhdriz6LbpaHLD8j8ImiRJ28H93wYgK1vJuImLRM0ijk1ce8r
ghJnv4LiIFHJ9DrPMS8PmXLO9IP5qNehPV3UKAd8OJC2ehAmUteJL8Qo1R1wEv9L
LgW+G14SB/FxODJHj4aQufvU2D1yDJqin/FnRqqsMHCkrbK9Yj0ylN/gQX4qxpx4
ISu6puoExPrRtJf+M7LL+JM19p9SrEIBVZdlBIHupxsihTYF4sUDSr1PEcFCrfmY
oktKeLGyI/vQSrjmsdXciDjV67lVr6pbtcOr5tanLkkmhMJ38OFQSkVndwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLeO76mML9htwwGMp4pZ2Wj8AXbfMB8GA1UdIwQY
MBaAFCb1XbZsUJqcCm3+sCN3DVsqyGC5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnZWZHRteFFtcHdLYmY2d0kzY05XeXJJWUxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8wZGYxYzItOWFkMy00MWNhLWExMmUt
OWY3OTE0M2U5YzYwLzEvdDQ3dnFZd3YyRzNEQVl5bmlsblphUHdCZHQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8wZGYxYzItOWFkMy00MWNhLWExMmUtOWY3OTE0M2U5YzYw
LzEvSnZWZHRteFFtcHdLYmY2d0kzY05XeXJJWUxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkhPVMA0G
CSqGSIb3DQEBCwUAA4IBAQAyWiR87oAQUWIGfWaIuXKGlBNvyrXgHMPkQZJ+Kxum
jOckKgfT0k0XdeO5fQGE7A0ZbocsqyiPXvVq3kWxZTcFFPvDFJyAKpHWQlg2zwP+
Xl/gYWRqxh3DZNUSwWaMWpK5N+1auwZ5TGE++786nlqZbkB+kzMQcWs0767cPD16
02IPevTDbVW0ViWo5pPFvSizjXMf7ELdHUO5CA9tpI7WusE1QtxmW/96dekekTAV
GKSv4YW0/QoGcYwaNl0qICTgqsaGfyTRKAjIQqUpp0d5YafkdAjiMsOwHi+5LUF0
hpmalglRdHZndDxGuvd0n9jOrrd4iczKcbw2aV6eFwLb
-----END CERTIFICATE-----