Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/4cJAvfpHylP_GA2bKt6bfCdFsNM.roa
File:                     4cJAvfpHylP_GA2bKt6bfCdFsNM.roa (raw, json)
Hash identifier:          WNMpszS4wVOtrzalltqyUtF+uFALNiwo37fwI6Lv/FE=
Subject key identifier:   E1:C2:40:BD:FA:47:CA:53:FF:18:0D:9B:2A:DE:9B:7C:27:45:B0:D3
Certificate issuer:       /CN=e760126dce78bc16e66c2e6e7635848ac46846af
Certificate serial:       018E1648EA4E5495DD24E8BCABE92A9F06A5
Authority key identifier: E7:60:12:6D:CE:78:BC:16:E6:6C:2E:6E:76:35:84:8A:C4:68:46:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/4cJAvfpHylP_GA2bKt6bfCdFsNM.roa
Signing time:             Thu 07 Mar 2024 00:21:01 +0000
ROA not before:           Thu 07 Mar 2024 00:21:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        146.247.112.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:16:48:ea:4e:54:95:dd:24:e8:bc:ab:e9:2a:9f:06:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e760126dce78bc16e66c2e6e7635848ac46846af
        Validity
            Not Before: Mar  7 00:21:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1c240bdfa47ca53ff180d9b2ade9b7c2745b0d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:13:7e:55:60:5d:f6:ea:88:95:c9:de:9d:ff:
                    84:85:27:6c:c8:d1:f9:be:91:dc:b7:13:96:75:df:
                    66:40:22:a7:13:b6:fd:53:65:2b:73:81:c5:14:18:
                    f1:06:2f:50:ba:d7:06:77:a9:cd:6e:44:f9:b9:2d:
                    91:cc:62:fc:2d:b0:dc:47:a5:e3:ed:fd:06:0e:c3:
                    30:2c:c1:24:4d:24:a5:21:91:9a:fb:93:c4:fa:33:
                    42:bc:52:12:ad:d6:9d:63:20:8c:89:e2:20:65:d5:
                    ad:17:61:6e:4d:de:31:ad:3b:9b:8d:d6:30:6b:eb:
                    f2:bc:8f:9a:1f:f9:d8:1f:6d:08:a6:0e:68:9c:a6:
                    31:d3:8d:52:a7:9a:04:a3:7b:8d:ee:8d:b6:b2:7d:
                    31:ea:12:e2:b0:fa:7b:10:4b:4a:e3:05:aa:cc:da:
                    64:d6:2b:bd:7d:cc:a0:67:01:dc:58:0b:e8:ed:35:
                    9f:9c:b6:ff:0a:0f:e3:01:9a:c1:e6:76:e5:ee:3f:
                    13:38:d3:68:3d:b6:cf:ce:56:19:30:d4:d9:e8:52:
                    67:39:31:db:43:28:04:69:e6:24:6b:b1:79:44:99:
                    e5:47:68:98:1f:54:de:97:ce:39:68:c8:d9:70:87:
                    16:5e:44:e6:61:8b:44:84:52:28:4b:0a:52:c0:6e:
                    d8:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:C2:40:BD:FA:47:CA:53:FF:18:0D:9B:2A:DE:9B:7C:27:45:B0:D3
            X509v3 Authority Key Identifier:
                keyid:E7:60:12:6D:CE:78:BC:16:E6:6C:2E:6E:76:35:84:8A:C4:68:46:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/4cJAvfpHylP_GA2bKt6bfCdFsNM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.247.112.0/23

    Signature Algorithm: sha256WithRSAEncryption
         99:5a:14:3e:5d:52:f1:61:72:e8:47:c7:87:f2:10:6d:1d:d6:
         50:fe:c4:8f:7c:40:aa:a2:35:d8:ad:ac:c6:d6:01:cf:f9:30:
         70:1d:d7:ad:d4:8f:f0:c2:53:f8:4b:e0:3b:7c:dc:3e:b0:f1:
         d9:d2:ef:77:23:c3:b1:da:7c:c3:8b:ce:01:fb:f2:92:50:3d:
         74:9b:99:85:04:68:62:ad:0e:7f:7f:c2:4c:8d:c0:89:69:df:
         f2:99:3e:31:73:f6:72:cd:73:c8:cd:1a:8f:49:99:b2:b6:bc:
         41:34:40:64:5b:f4:b7:80:79:64:5b:9c:b1:ea:70:65:ca:c4:
         08:f5:9c:c1:96:46:a6:71:a8:21:0c:e7:4d:aa:f8:01:30:8a:
         ab:19:e9:75:3c:5f:d5:64:c1:bb:4b:d2:b1:d1:d5:d1:7c:f8:
         b2:49:ad:c3:74:aa:64:cc:a4:ef:65:5d:29:e1:e2:24:ff:87:
         4c:91:1c:9b:9a:fe:8d:f6:a1:be:1d:fc:0a:a4:bf:d5:f7:10:
         90:53:4f:49:a8:a9:10:8f:da:95:b1:02:77:8f:b4:c3:8b:16:
         78:f7:2c:b9:a9:16:1b:a3:80:cd:b5:d0:73:0b:94:bc:df:64:
         8b:93:3e:b4:68:27:b5:48:f0:5a:dc:fe:90:21:a8:c4:fb:9a:
         49:3f:b9:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4WSOpOVJXdJOi8q+kqnwalMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NjAxMjZkY2U3OGJjMTZlNjZjMmU2ZTc2MzU4NDhhYzQ2
ODQ2YWYwHhcNMjQwMzA3MDAyMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWMyNDBiZGZhNDdjYTUzZmYxODBkOWIyYWRlOWI3YzI3NDViMGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhN+VWBd9uqIlcnenf+EhSdsyNH5
vpHctxOWdd9mQCKnE7b9U2Urc4HFFBjxBi9QutcGd6nNbkT5uS2RzGL8LbDcR6Xj
7f0GDsMwLMEkTSSlIZGa+5PE+jNCvFISrdadYyCMieIgZdWtF2FuTd4xrTubjdYw
a+vyvI+aH/nYH20Ipg5onKYx041Sp5oEo3uN7o22sn0x6hLisPp7EEtK4wWqzNpk
1iu9fcygZwHcWAvo7TWfnLb/Cg/jAZrB5nbl7j8TONNoPbbPzlYZMNTZ6FJnOTHb
QygEaeYka7F5RJnlR2iYH1Tel845aMjZcIcWXkTmYYtEhFIoSwpSwG7YUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOHCQL36R8pT/xgNmyrem3wnRbDTMB8GA1UdIwQY
MBaAFOdgEm3OeLwW5mwubnY1hIrEaEavMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTJBU2JjNTR2QmJtYkM1dWRqV0Vpc1JvUnE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS80ODhmNjEtMmYwMC00NjM5LTk3Yjgt
ZDI0ZjU2MmRlZGQyLzEvNGNKQXZmcEh5bFBfR0EyYkt0NmJmQ2RGc05NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS80ODhmNjEtMmYwMC00NjM5LTk3YjgtZDI0ZjU2MmRlZGQy
LzEvNTJBU2JjNTR2QmJtYkM1dWRqV0Vpc1JvUnE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBkvdwMA0G
CSqGSIb3DQEBCwUAA4IBAQCZWhQ+XVLxYXLoR8eH8hBtHdZQ/sSPfECqojXYrazG
1gHP+TBwHdet1I/wwlP4S+A7fNw+sPHZ0u93I8Ox2nzDi84B+/KSUD10m5mFBGhi
rQ5/f8JMjcCJad/ymT4xc/ZyzXPIzRqPSZmytrxBNEBkW/S3gHlkW5yx6nBlysQI
9ZzBlkamcaghDOdNqvgBMIqrGel1PF/VZMG7S9Kx0dXRfPiySa3DdKpkzKTvZV0p
4eIk/4dMkRybmv6N9qG+HfwKpL/V9xCQU09JqKkQj9qVsQJ3j7TDixZ49yy5qRYb
o4DNtdBzC5S832SLkz60aCe1SPBa3P6QIajE+5pJP7mP
-----END CERTIFICATE-----