Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/246769-d876-4f22-9a1c-45c5f456d4bb/1/Kn9QFTXStl2hyCqecDuOHX-yovY.roa
File:                     Kn9QFTXStl2hyCqecDuOHX-yovY.roa (raw, json)
Hash identifier:          xDLEgdMnhuTiSOjZ61M9nP7/ScE4AcNlmUyeAPu2n/A=
Subject key identifier:   2A:7F:50:15:35:D2:B6:5D:A1:C8:2A:9E:70:3B:8E:1D:7F:B2:A2:F6
Certificate issuer:       /CN=4c2f58d394af703fb9ef0fc537bed0e97db75a8f
Certificate serial:       018CC64B2CEAA60DD62B7C434ACE97265600
Authority key identifier: 4C:2F:58:D3:94:AF:70:3F:B9:EF:0F:C5:37:BE:D0:E9:7D:B7:5A:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TC9Y05SvcD-57w_FN77Q6X23Wo8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/246769-d876-4f22-9a1c-45c5f456d4bb/1/Kn9QFTXStl2hyCqecDuOHX-yovY.roa
Signing time:             Mon 01 Jan 2024 18:31:04 +0000
ROA not before:           Mon 01 Jan 2024 18:31:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     559
IP address blocks:        146.136.0.0/16 maxlen: 16
                          152.96.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/246769-d876-4f22-9a1c-45c5f456d4bb/1/TC9Y05SvcD-57w_FN77Q6X23Wo8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/246769-d876-4f22-9a1c-45c5f456d4bb/1/TC9Y05SvcD-57w_FN77Q6X23Wo8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TC9Y05SvcD-57w_FN77Q6X23Wo8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 01:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:2c:ea:a6:0d:d6:2b:7c:43:4a:ce:97:26:56:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c2f58d394af703fb9ef0fc537bed0e97db75a8f
        Validity
            Not Before: Jan  1 18:31:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a7f501535d2b65da1c82a9e703b8e1d7fb2a2f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:5e:21:06:15:26:57:74:88:d2:7d:ca:de:5c:
                    a9:5b:48:06:71:65:10:83:50:6f:55:7d:14:6c:3f:
                    10:20:18:63:19:79:7d:88:a8:ed:02:a0:c6:c7:33:
                    aa:9a:14:8f:53:cd:78:d2:5a:38:c3:3d:62:fb:c2:
                    f7:ad:42:ab:64:49:ad:df:c5:eb:8f:05:c1:d1:5d:
                    cb:01:60:e8:e6:84:66:5e:72:39:f9:07:b5:bf:c1:
                    17:2e:eb:eb:35:78:c1:98:d0:50:d9:1f:fc:d5:8b:
                    ba:dd:17:7c:d1:b4:ef:d3:6a:73:88:8f:33:c7:6a:
                    cd:25:92:05:65:c4:a1:bc:3b:42:c8:9b:21:6d:50:
                    aa:4e:89:a6:3e:46:93:5e:81:65:31:e3:97:ee:a3:
                    e2:ff:e9:e1:84:1d:bb:9b:46:a2:4d:99:9d:29:5d:
                    29:4f:93:72:b2:5b:12:5e:21:aa:bb:f0:3f:b7:ed:
                    e0:70:c7:0b:8c:45:cd:4c:c4:86:da:17:46:27:6b:
                    6c:de:7d:20:74:c1:a0:45:20:79:14:ae:7c:63:e6:
                    82:25:88:a4:11:ee:8b:13:1e:b5:18:2f:9a:a1:ba:
                    49:30:28:2a:6e:07:ac:50:be:e9:b3:bc:72:c9:3f:
                    62:fc:54:97:12:5e:5f:fd:58:e4:92:53:a7:21:79:
                    24:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:7F:50:15:35:D2:B6:5D:A1:C8:2A:9E:70:3B:8E:1D:7F:B2:A2:F6
            X509v3 Authority Key Identifier:
                keyid:4C:2F:58:D3:94:AF:70:3F:B9:EF:0F:C5:37:BE:D0:E9:7D:B7:5A:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TC9Y05SvcD-57w_FN77Q6X23Wo8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/246769-d876-4f22-9a1c-45c5f456d4bb/1/Kn9QFTXStl2hyCqecDuOHX-yovY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/246769-d876-4f22-9a1c-45c5f456d4bb/1/TC9Y05SvcD-57w_FN77Q6X23Wo8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.136.0.0/16
                  152.96.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         77:f9:c1:be:a6:9f:62:0f:69:97:7e:33:4a:5f:00:be:ad:7f:
         9d:82:d6:18:b4:bf:16:97:a6:be:33:a9:cb:f5:59:48:ca:ba:
         fb:80:ed:3d:19:78:4d:c6:54:5e:40:09:7d:2d:3c:c6:3c:6f:
         e5:c9:76:2d:7c:c5:33:2a:a9:6e:bd:3d:c8:f1:12:09:1d:8f:
         5c:00:4c:c1:64:6f:e2:60:52:0a:c9:7b:c3:8c:de:f2:05:fa:
         52:f7:fb:4a:7b:11:e7:15:04:1d:3f:09:84:76:31:eb:42:1f:
         2e:80:7e:98:e7:b2:66:73:fb:02:98:68:07:a8:ec:21:ea:29:
         ec:c7:e5:49:44:f2:5f:29:78:50:96:04:75:38:00:ff:e8:cd:
         67:24:0a:d2:22:18:e7:89:17:e6:2f:0c:4d:54:26:d9:00:eb:
         e6:16:75:00:07:92:71:ce:88:b6:97:16:18:af:92:ec:33:56:
         ff:68:4a:a9:39:7a:db:89:41:9b:c7:e9:2a:09:18:11:f2:2b:
         38:b8:23:f2:d1:eb:03:86:d1:c1:15:6b:a5:67:2f:ff:b2:89:
         63:34:05:21:39:61:f8:b9:04:f9:65:c8:5d:7f:eb:c7:7c:e2:
         7c:f5:ed:47:d0:74:ed:d1:88:0e:29:94:1e:70:cd:c5:38:77:
         fd:13:d0:0b
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAYzGSyzqpg3WK3xDSs6XJlYAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMmY1OGQzOTRhZjcwM2ZiOWVmMGZjNTM3YmVkMGU5N2Ri
NzVhOGYwHhcNMjQwMTAxMTgzMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTdmNTAxNTM1ZDJiNjVkYTFjODJhOWU3MDNiOGUxZDdmYjJhMmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApl4hBhUmV3SI0n3K3lypW0gGcWUQ
g1BvVX0UbD8QIBhjGXl9iKjtAqDGxzOqmhSPU8140lo4wz1i+8L3rUKrZEmt38Xr
jwXB0V3LAWDo5oRmXnI5+Qe1v8EXLuvrNXjBmNBQ2R/81Yu63Rd80bTv02pziI8z
x2rNJZIFZcShvDtCyJshbVCqTommPkaTXoFlMeOX7qPi/+nhhB27m0aiTZmdKV0p
T5NyslsSXiGqu/A/t+3gcMcLjEXNTMSG2hdGJ2ts3n0gdMGgRSB5FK58Y+aCJYik
Ee6LEx61GC+aobpJMCgqbgesUL7ps7xyyT9i/FSXEl5f/VjkklOnIXkkaQIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFCp/UBU10rZdocgqnnA7jh1/sqL2MB8GA1UdIwQY
MBaAFEwvWNOUr3A/ue8PxTe+0Ol9t1qPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEM5WTA1U3ZjRC01N3dfRk43N1E2WDIzV284LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi8yNDY3NjktZDg3Ni00ZjIyLTlhMWMt
NDVjNWY0NTZkNGJiLzEvS245UUZUWFN0bDJoeUNxZWNEdU9IWC15b3ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi8yNDY3NjktZDg3Ni00ZjIyLTlhMWMtNDVjNWY0NTZkNGJi
LzEvVEM5WTA1U3ZjRC01N3dfRk43N1E2WDIzV284LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCMGCCsGAQUFBwEHAQH/BBQwEjAQBAIAATAKAwMAkogDAwCY
YDANBgkqhkiG9w0BAQsFAAOCAQEAd/nBvqafYg9pl34zSl8Avq1/nYLWGLS/Fpem
vjOpy/VZSMq6+4DtPRl4TcZUXkAJfS08xjxv5cl2LXzFMyqpbr09yPESCR2PXABM
wWRv4mBSCsl7w4ze8gX6Uvf7SnsR5xUEHT8JhHYx60IfLoB+mOeyZnP7AphoB6js
Ieop7MflSUTyXyl4UJYEdTgA/+jNZyQK0iIY54kX5i8MTVQm2QDr5hZ1AAeScc6I
tpcWGK+S7DNW/2hKqTl624lBm8fpKgkYEfIrOLgj8tHrA4bRwRVrpWcv/7KJYzQF
ITlh+LkE+WXIXX/rx3zifPXtR9B07dGIDimUHnDNxTh3/RPQCw==
-----END CERTIFICATE-----