Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/F5dl4oP24mV3xV_6K38NaAhmQEo.roa
File:                     F5dl4oP24mV3xV_6K38NaAhmQEo.roa (raw, json)
Hash identifier:          OCs6qzdvkY1P1pGUBGIR6KZzaUL5vopdbEz1bEVwI00=
Subject key identifier:   17:97:65:E2:83:F6:E2:65:77:C5:5F:FA:2B:7F:0D:68:08:66:40:4A
Certificate issuer:       /CN=cfcd73f82c260da87386dcf7be26d5c5445526fa
Certificate serial:       018CC9BBA33241F3EC8E0C430387AEC9E13C
Authority key identifier: CF:CD:73:F8:2C:26:0D:A8:73:86:DC:F7:BE:26:D5:C5:44:55:26:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/F5dl4oP24mV3xV_6K38NaAhmQEo.roa
Signing time:             Tue 02 Jan 2024 10:32:46 +0000
ROA not before:           Tue 02 Jan 2024 10:32:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49181
IP address blocks:        2.57.38.0/24 maxlen: 24
                          2.57.37.0/24 maxlen: 24
                          2a09:d2c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:02:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:a3:32:41:f3:ec:8e:0c:43:03:87:ae:c9:e1:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcd73f82c260da87386dcf7be26d5c5445526fa
        Validity
            Not Before: Jan  2 10:32:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=179765e283f6e26577c55ffa2b7f0d680866404a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:62:95:15:cc:24:98:0e:a5:c5:7d:a4:1a:d1:
                    a6:86:05:db:cc:a7:d2:63:ca:31:74:78:6a:45:9e:
                    34:ec:02:ba:f0:b0:a8:a0:be:06:21:4c:11:11:c8:
                    e2:41:53:b2:d4:82:e9:85:f8:b6:e0:f6:ae:64:29:
                    ed:d3:91:f2:2c:25:c5:27:63:94:3f:5a:4d:e3:92:
                    f4:04:ea:72:e0:0a:de:1f:85:9a:9e:ec:54:a4:af:
                    0c:57:11:d6:c5:dc:44:ae:80:df:e9:5e:24:1b:fb:
                    e5:ec:ae:14:f5:74:7f:4b:84:a9:80:21:b9:7b:f3:
                    8d:72:26:ad:61:cb:aa:63:02:c3:b6:f4:fa:86:01:
                    eb:83:cc:28:9b:c7:40:a1:89:87:b8:3d:52:f9:8e:
                    e7:71:c8:1e:2a:48:0b:e6:4b:0a:36:4d:fe:be:6e:
                    ca:c0:86:05:f9:4a:b5:a4:37:84:6a:aa:2a:39:9d:
                    80:8b:47:f2:d5:75:41:80:ec:88:76:4c:0e:66:f7:
                    b6:63:fd:1b:2b:e1:23:1c:f1:b4:7d:42:65:15:ff:
                    58:8f:ad:87:97:24:a4:f8:64:17:5f:a5:68:39:26:
                    49:59:e9:ee:75:38:9d:8c:db:49:af:29:ae:ef:07:
                    db:a5:61:65:bc:4a:5c:84:41:4f:8d:5b:90:b2:fd:
                    df:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:97:65:E2:83:F6:E2:65:77:C5:5F:FA:2B:7F:0D:68:08:66:40:4A
            X509v3 Authority Key Identifier:
                keyid:CF:CD:73:F8:2C:26:0D:A8:73:86:DC:F7:BE:26:D5:C5:44:55:26:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/F5dl4oP24mV3xV_6K38NaAhmQEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.37.0-2.57.38.255
                IPv6:
                  2a09:d2c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         43:f9:6b:2d:e7:53:62:9c:1b:fc:eb:59:7b:f7:f5:c3:a4:d3:
         7a:90:d7:42:09:7c:4a:71:f6:96:68:fe:4c:59:92:b3:fe:c7:
         07:05:05:40:80:31:fa:6a:69:ba:91:23:f2:1e:8a:96:e3:46:
         80:9d:97:40:fb:9a:01:dc:ff:3b:f5:a6:82:45:0e:36:ab:84:
         bf:2b:ac:9e:83:98:94:21:9e:6b:a9:8b:8f:dd:99:5e:88:3a:
         6c:38:e9:5d:95:c9:58:00:55:59:f8:16:20:00:44:06:3b:2b:
         a7:b9:fa:1d:f6:3f:77:c1:41:c9:cc:e5:42:f1:6b:ff:1d:13:
         ec:28:54:b7:a5:15:04:ba:15:39:84:f0:65:1f:ca:f2:e6:e4:
         34:f1:37:52:66:6f:7c:8f:53:2c:08:e9:ba:dc:0b:3c:4b:65:
         b1:3b:17:33:7f:97:d6:02:df:bc:11:20:df:55:c7:cf:92:55:
         7b:5c:72:f1:86:85:23:81:a7:66:01:43:0d:05:4d:ee:f3:8e:
         d5:8b:92:e9:e0:8d:c8:03:3b:9b:55:f2:c1:65:39:50:17:c0:
         bb:9c:a3:b5:26:20:26:70:81:9a:d5:58:e5:87:53:e6:e2:56:
         32:23:17:25:66:0d:58:18:6a:9a:5d:fa:b4:62:71:56:80:78:
         b0:36:f8:f3
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzJu6MyQfPsjgxDA4euyeE8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2Q3M2Y4MmMyNjBkYTg3Mzg2ZGNmN2JlMjZkNWM1NDQ1
NTI2ZmEwHhcNMjQwMTAyMTAzMjQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzk3NjVlMjgzZjZlMjY1NzdjNTVmZmEyYjdmMGQ2ODA4NjY0MDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmmKVFcwkmA6lxX2kGtGmhgXbzKfS
Y8oxdHhqRZ407AK68LCooL4GIUwREcjiQVOy1ILphfi24PauZCnt05HyLCXFJ2OU
P1pN45L0BOpy4AreH4WanuxUpK8MVxHWxdxEroDf6V4kG/vl7K4U9XR/S4SpgCG5
e/ONciatYcuqYwLDtvT6hgHrg8wom8dAoYmHuD1S+Y7nccgeKkgL5ksKNk3+vm7K
wIYF+Uq1pDeEaqoqOZ2Ai0fy1XVBgOyIdkwOZve2Y/0bK+EjHPG0fUJlFf9Yj62H
lySk+GQXX6VoOSZJWenudTidjNtJrymu7wfbpWFlvEpchEFPjVuQsv3fdwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFBeXZeKD9uJld8Vf+it/DWgIZkBKMB8GA1UdIwQY
MBaAFM/Nc/gsJg2oc4bc974m1cVEVSb6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejgxei1Dd21EYWh6aHR6M3ZpYlZ4VVJWSnZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy80MGFkZTAtOThkYS00YWE1LWI4MTct
NmVkYzFiMjI1NjI1LzEvRjVkbDRvUDI0bVYzeFZfNkszOE5hQWhtUUVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy80MGFkZTAtOThkYS00YWE1LWI4MTctNmVkYzFiMjI1NjI1
LzEvejgxei1Dd21EYWh6aHR6M3ZpYlZ4VVJWSnZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBAACOSUD
BAACOSYwDQQCAAIwBwMFACoJ0sAwDQYJKoZIhvcNAQELBQADggEBAEP5ay3nU2Kc
G/zrWXv39cOk03qQ10IJfEpx9pZo/kxZkrP+xwcFBUCAMfpqabqRI/IeipbjRoCd
l0D7mgHc/zv1poJFDjarhL8rrJ6DmJQhnmupi4/dmV6IOmw46V2VyVgAVVn4FiAA
RAY7K6e5+h32P3fBQcnM5ULxa/8dE+woVLelFQS6FTmE8GUfyvLm5DTxN1Jmb3yP
UywI6brcCzxLZbE7FzN/l9YC37wRIN9Vx8+SVXtccvGGhSOBp2YBQw0FTe7zjtWL
kungjcgDO5tV8sFlOVAXwLuco7UmICZwgZrVWOWHU+biVjIjFyVmDVgYappd+rRi
cVaAeLA2+PM=
-----END CERTIFICATE-----