Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/4t6r70E3__97iYyIaTJbf21DaUU.roa
File:                     4t6r70E3__97iYyIaTJbf21DaUU.roa (raw, json)
Hash identifier:          kTDO3cBwSnha1NF1NvIjHG4LUZIzamEl4+PuhvWw2e0=
Subject key identifier:   E2:DE:AB:EF:41:37:FF:FF:7B:89:8C:88:69:32:5B:7F:6D:43:69:45
Certificate issuer:       /CN=e760126dce78bc16e66c2e6e7635848ac46846af
Certificate serial:       018EE1BF2F5C3E8D9BB943092A0E3CD44E80
Authority key identifier: E7:60:12:6D:CE:78:BC:16:E6:6C:2E:6E:76:35:84:8A:C4:68:46:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/4t6r70E3__97iYyIaTJbf21DaUU.roa
Signing time:             Mon 15 Apr 2024 12:33:06 +0000
ROA not before:           Mon 15 Apr 2024 12:33:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210542
IP address blocks:        146.247.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e1:bf:2f:5c:3e:8d:9b:b9:43:09:2a:0e:3c:d4:4e:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e760126dce78bc16e66c2e6e7635848ac46846af
        Validity
            Not Before: Apr 15 12:33:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2deabef4137ffff7b898c8869325b7f6d436945
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:b6:80:49:db:0c:c3:9e:77:77:a8:3d:78:71:
                    9d:21:a6:7a:d7:6c:84:ab:5b:8e:6d:b1:84:1a:40:
                    93:d4:12:77:5d:9b:11:1c:92:93:87:42:f6:27:ed:
                    60:d2:f0:7a:79:50:de:81:ed:9e:db:cb:e1:04:7e:
                    0b:9d:fd:98:86:92:0b:4b:0c:0b:4b:9b:70:3d:68:
                    b5:fb:32:13:04:fe:04:44:4a:b2:7a:17:bb:23:03:
                    75:24:5a:83:de:cc:2b:5a:3c:7d:71:a9:fe:db:1e:
                    df:27:4b:75:8d:a2:c8:0e:5e:c5:9f:bc:0d:71:86:
                    83:ee:a5:cb:58:1f:8e:52:ec:2a:2e:7d:3d:ef:f9:
                    d9:7c:5c:c4:74:31:4e:dd:7e:c5:0c:55:1e:5c:bd:
                    8b:06:6b:b7:e5:e6:5c:32:5b:93:2e:e6:49:36:6c:
                    0c:f7:02:29:e7:c3:da:d7:99:8b:aa:ae:a5:5f:32:
                    8d:1e:fa:fc:00:09:d8:00:fb:a6:c3:86:dc:84:aa:
                    b2:7e:07:39:49:6d:ab:85:cc:91:7c:ee:91:af:a5:
                    ce:41:89:16:5e:65:12:af:cd:01:79:6a:6a:b8:b3:
                    24:38:e4:aa:b1:46:cd:2d:7a:22:d8:f3:3f:67:aa:
                    00:00:3d:58:a9:ff:97:cf:04:7f:44:33:53:7e:4d:
                    0e:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:DE:AB:EF:41:37:FF:FF:7B:89:8C:88:69:32:5B:7F:6D:43:69:45
            X509v3 Authority Key Identifier:
                keyid:E7:60:12:6D:CE:78:BC:16:E6:6C:2E:6E:76:35:84:8A:C4:68:46:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/4t6r70E3__97iYyIaTJbf21DaUU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.247.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:d4:d3:f6:ca:6d:33:01:e2:23:4b:42:1f:ce:f4:22:93:7d:
         18:7d:36:e5:cb:3e:ff:51:b2:56:30:2e:68:d0:b3:78:16:2d:
         dd:5b:8e:30:2a:31:0d:2e:8d:55:13:04:eb:7f:d7:fe:f1:6d:
         4d:73:74:ba:1b:45:57:6b:81:7b:ca:60:9b:ed:3e:35:42:6d:
         f5:21:96:69:db:8c:82:09:e3:0b:db:5d:33:8d:ae:d4:6c:74:
         71:59:28:b7:d2:88:70:a7:0c:52:96:81:dc:e9:c7:1b:17:92:
         d5:f0:a1:48:3c:02:55:13:c6:be:d3:5f:04:95:fc:5c:90:c0:
         2f:d4:0b:0c:0c:18:fe:3c:22:60:25:29:a8:ef:ff:3b:ec:69:
         18:19:78:89:3f:5d:97:f7:bb:ac:df:ff:3e:70:0b:f9:a1:1a:
         f0:0a:55:25:5f:2f:4b:62:84:fe:98:68:c3:4f:0c:c5:3c:23:
         50:fa:9a:79:d8:73:db:a2:8a:0b:68:01:da:aa:f0:ac:a0:93:
         3a:51:73:ab:f3:c2:24:45:30:3f:5e:5c:72:51:3b:a7:31:44:
         1a:0b:0c:3a:cb:15:56:57:d3:09:a7:3a:41:60:52:e2:ee:a2:
         43:bf:70:01:48:19:46:23:15:4f:0c:00:bd:e9:c8:0f:24:98:
         12:13:20:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7hvy9cPo2buUMJKg481E6AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NjAxMjZkY2U3OGJjMTZlNjZjMmU2ZTc2MzU4NDhhYzQ2
ODQ2YWYwHhcNMjQwNDE1MTIzMzA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmRlYWJlZjQxMzdmZmZmN2I4OThjODg2OTMyNWI3ZjZkNDM2OTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoraASdsMw553d6g9eHGdIaZ612yE
q1uObbGEGkCT1BJ3XZsRHJKTh0L2J+1g0vB6eVDege2e28vhBH4Lnf2YhpILSwwL
S5twPWi1+zITBP4EREqyehe7IwN1JFqD3swrWjx9can+2x7fJ0t1jaLIDl7Fn7wN
cYaD7qXLWB+OUuwqLn097/nZfFzEdDFO3X7FDFUeXL2LBmu35eZcMluTLuZJNmwM
9wIp58Pa15mLqq6lXzKNHvr8AAnYAPumw4bchKqyfgc5SW2rhcyRfO6Rr6XOQYkW
XmUSr80BeWpquLMkOOSqsUbNLXoi2PM/Z6oAAD1Yqf+XzwR/RDNTfk0OKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOLeq+9BN///e4mMiGkyW39tQ2lFMB8GA1UdIwQY
MBaAFOdgEm3OeLwW5mwubnY1hIrEaEavMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTJBU2JjNTR2QmJtYkM1dWRqV0Vpc1JvUnE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS80ODhmNjEtMmYwMC00NjM5LTk3Yjgt
ZDI0ZjU2MmRlZGQyLzEvNHQ2cjcwRTNfXzk3aVl5SWFUSmJmMjFEYVVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS80ODhmNjEtMmYwMC00NjM5LTk3YjgtZDI0ZjU2MmRlZGQy
LzEvNTJBU2JjNTR2QmJtYkM1dWRqV0Vpc1JvUnE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkvdtMA0G
CSqGSIb3DQEBCwUAA4IBAQCL1NP2ym0zAeIjS0IfzvQik30YfTblyz7/UbJWMC5o
0LN4Fi3dW44wKjENLo1VEwTrf9f+8W1Nc3S6G0VXa4F7ymCb7T41Qm31IZZp24yC
CeML210zja7UbHRxWSi30ohwpwxSloHc6ccbF5LV8KFIPAJVE8a+018ElfxckMAv
1AsMDBj+PCJgJSmo7/877GkYGXiJP12X97us3/8+cAv5oRrwClUlXy9LYoT+mGjD
TwzFPCNQ+pp52HPboooLaAHaqvCsoJM6UXOr88IkRTA/XlxyUTunMUQaCww6yxVW
V9MJpzpBYFLi7qJDv3ABSBlGIxVPDAC96cgPJJgSEyBL
-----END CERTIFICATE-----