Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/pQmMlw8Y_x41oqlVim-F1jqJiWI.roa
File:                     pQmMlw8Y_x41oqlVim-F1jqJiWI.roa (raw, json)
Hash identifier:          Ae1hfJxu5xmKvpqy9iTQ07XLoNehmn23ztbZHsy9rZg=
Subject key identifier:   A5:09:8C:97:0F:18:FF:1E:35:A2:A9:55:8A:6F:85:D6:3A:89:89:62
Certificate issuer:       /CN=e760126dce78bc16e66c2e6e7635848ac46846af
Certificate serial:       018DDCFFCDD42704C9D6A3E882C107D6F189
Authority key identifier: E7:60:12:6D:CE:78:BC:16:E6:6C:2E:6E:76:35:84:8A:C4:68:46:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/pQmMlw8Y_x41oqlVim-F1jqJiWI.roa
Signing time:             Sat 24 Feb 2024 21:22:48 +0000
ROA not before:           Sat 24 Feb 2024 21:22:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58061
IP address blocks:        146.247.105.0/24 maxlen: 24
                          146.247.110.0/24 maxlen: 24
                          146.247.124.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:dc:ff:cd:d4:27:04:c9:d6:a3:e8:82:c1:07:d6:f1:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e760126dce78bc16e66c2e6e7635848ac46846af
        Validity
            Not Before: Feb 24 21:22:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5098c970f18ff1e35a2a9558a6f85d63a898962
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:26:52:2d:86:70:9e:36:c0:90:68:bd:ca:6a:
                    cb:c8:d0:91:2a:25:67:5e:e5:77:db:69:0e:05:f2:
                    e9:54:a5:49:f7:ff:f9:4f:f9:db:14:ca:19:ee:e7:
                    72:a5:02:88:44:84:6c:16:dc:29:81:85:37:01:cb:
                    40:11:07:4c:19:ae:dd:bb:49:0a:cb:54:be:29:a9:
                    b9:4f:80:c3:53:5f:70:e5:74:a6:d0:a3:dc:ec:6d:
                    9c:cb:b2:c0:bf:82:c5:6e:55:f0:ee:cd:f6:4a:3d:
                    1d:f9:b1:63:d3:f9:22:15:7b:71:f5:0e:a6:f6:e8:
                    56:bf:47:85:8e:d4:92:99:cf:59:7a:63:65:80:ba:
                    63:0d:0f:69:59:b1:b0:a6:31:7b:46:3c:60:88:04:
                    4a:d3:e3:a1:1e:34:75:0a:6f:4b:e2:6c:28:be:fa:
                    68:77:ed:e6:d9:a5:10:47:8c:ae:75:bb:19:19:11:
                    c0:9c:fd:4d:ce:87:d8:2c:52:ca:24:de:e7:e6:be:
                    21:c3:8c:54:00:98:84:77:67:1a:18:52:3b:43:80:
                    7c:cb:cb:94:ac:3d:5b:e8:8a:78:9f:26:f7:ca:9d:
                    b3:4f:23:17:f8:37:e2:3b:6e:91:0f:1a:f5:d2:a2:
                    fc:95:6f:58:d7:0a:ea:ed:84:89:62:4e:8d:c2:01:
                    6c:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:09:8C:97:0F:18:FF:1E:35:A2:A9:55:8A:6F:85:D6:3A:89:89:62
            X509v3 Authority Key Identifier:
                keyid:E7:60:12:6D:CE:78:BC:16:E6:6C:2E:6E:76:35:84:8A:C4:68:46:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/pQmMlw8Y_x41oqlVim-F1jqJiWI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.247.105.0/24
                  146.247.110.0/24
                  146.247.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0b:31:71:3f:91:b1:4f:d4:18:4c:bf:49:0c:2c:a6:d5:07:af:
         31:00:d4:19:38:e1:7f:74:01:ba:11:7f:48:3c:e2:3f:2c:50:
         5c:f4:09:3b:78:22:df:68:73:ed:14:3f:9e:e6:31:0e:0c:d2:
         f3:e5:19:4b:5d:b4:ce:83:10:66:9f:01:7e:49:cb:55:e4:63:
         d1:51:e0:cb:bc:bc:1a:a4:da:cc:36:e7:4b:e1:31:eb:32:7f:
         90:d2:ff:89:da:3a:f1:2b:2f:b6:e9:49:bf:23:f9:38:cf:d3:
         be:5d:80:ed:f0:e5:5a:2b:df:a9:02:b1:e9:c2:1e:82:cd:91:
         8d:a7:db:10:77:89:39:37:24:06:88:af:02:f5:2f:a5:1c:a5:
         d1:df:de:55:3c:18:c0:d6:48:72:3d:d0:94:7d:c7:cf:5c:cf:
         d5:c1:65:4d:0f:28:ac:2d:57:ba:70:a8:23:79:2d:58:10:84:
         fe:0d:fe:27:3c:90:c4:a9:31:6b:4d:f8:5d:38:4a:76:02:d1:
         ae:6f:47:ab:0c:60:f9:0c:fc:01:a4:2d:2a:d2:fc:8f:e1:38:
         41:b7:7b:0a:31:f9:17:c5:56:1c:58:fb:82:ac:21:fb:ca:b0:
         0c:0e:fa:b2:44:54:39:2d:d4:50:b7:71:c0:78:91:fe:35:2f:
         2b:e9:3c:75
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY3c/83UJwTJ1qPogsEH1vGJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NjAxMjZkY2U3OGJjMTZlNjZjMmU2ZTc2MzU4NDhhYzQ2
ODQ2YWYwHhcNMjQwMjI0MjEyMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTA5OGM5NzBmMThmZjFlMzVhMmE5NTU4YTZmODVkNjNhODk4OTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhSZSLYZwnjbAkGi9ymrLyNCRKiVn
XuV322kOBfLpVKVJ9//5T/nbFMoZ7udypQKIRIRsFtwpgYU3ActAEQdMGa7du0kK
y1S+Kam5T4DDU19w5XSm0KPc7G2cy7LAv4LFblXw7s32Sj0d+bFj0/kiFXtx9Q6m
9uhWv0eFjtSSmc9ZemNlgLpjDQ9pWbGwpjF7RjxgiARK0+OhHjR1Cm9L4mwovvpo
d+3m2aUQR4yudbsZGRHAnP1NzofYLFLKJN7n5r4hw4xUAJiEd2caGFI7Q4B8y8uU
rD1b6Ip4nyb3yp2zTyMX+DfiO26RDxr10qL8lW9Y1wrq7YSJYk6NwgFslwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKUJjJcPGP8eNaKpVYpvhdY6iYliMB8GA1UdIwQY
MBaAFOdgEm3OeLwW5mwubnY1hIrEaEavMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTJBU2JjNTR2QmJtYkM1dWRqV0Vpc1JvUnE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS80ODhmNjEtMmYwMC00NjM5LTk3Yjgt
ZDI0ZjU2MmRlZGQyLzEvcFFtTWx3OFlfeDQxb3FsVmltLUYxanFKaVdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS80ODhmNjEtMmYwMC00NjM5LTk3YjgtZDI0ZjU2MmRlZGQy
LzEvNTJBU2JjNTR2QmJtYkM1dWRqV0Vpc1JvUnE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAkvdpAwQA
kvduAwQBkvd8MA0GCSqGSIb3DQEBCwUAA4IBAQALMXE/kbFP1BhMv0kMLKbVB68x
ANQZOOF/dAG6EX9IPOI/LFBc9Ak7eCLfaHPtFD+e5jEODNLz5RlLXbTOgxBmnwF+
SctV5GPRUeDLvLwapNrMNudL4THrMn+Q0v+J2jrxKy+26Um/I/k4z9O+XYDt8OVa
K9+pArHpwh6CzZGNp9sQd4k5NyQGiK8C9S+lHKXR395VPBjA1khyPdCUfcfPXM/V
wWVNDyisLVe6cKgjeS1YEIT+Df4nPJDEqTFrTfhdOEp2AtGub0erDGD5DPwBpC0q
0vyP4ThBt3sKMfkXxVYcWPuCrCH7yrAMDvqyRFQ5LdRQt3HAeJH+NS8r6Tx1
-----END CERTIFICATE-----