Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/80b481-6535-40a3-81a8-313a4c163b10/1/oMqr6hj41hHipc0nHO-7Q-eVxdE.roa
File:                     oMqr6hj41hHipc0nHO-7Q-eVxdE.roa (raw, json)
Hash identifier:          6D1H0a3j1MdxZmnD1eYJvKhtOM7w83FGSCH9QShOIC8=
Subject key identifier:   A0:CA:AB:EA:18:F8:D6:11:E2:A5:CD:27:1C:EF:BB:43:E7:95:C5:D1
Certificate issuer:       /CN=c4ddfe0f4bfb6982f1960ab2a3fae7a2fb457a93
Certificate serial:       018CC4255D19766AC74893B67C36D1D51650
Authority key identifier: C4:DD:FE:0F:4B:FB:69:82:F1:96:0A:B2:A3:FA:E7:A2:FB:45:7A:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xN3-D0v7aYLxlgqyo_rnovtFepM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/80b481-6535-40a3-81a8-313a4c163b10/1/oMqr6hj41hHipc0nHO-7Q-eVxdE.roa
Signing time:             Mon 01 Jan 2024 08:30:32 +0000
ROA not before:           Mon 01 Jan 2024 08:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60134
IP address blocks:        2.57.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/80b481-6535-40a3-81a8-313a4c163b10/1/xN3-D0v7aYLxlgqyo_rnovtFepM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/80b481-6535-40a3-81a8-313a4c163b10/1/xN3-D0v7aYLxlgqyo_rnovtFepM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xN3-D0v7aYLxlgqyo_rnovtFepM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5d:19:76:6a:c7:48:93:b6:7c:36:d1:d5:16:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ddfe0f4bfb6982f1960ab2a3fae7a2fb457a93
        Validity
            Not Before: Jan  1 08:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a0caabea18f8d611e2a5cd271cefbb43e795c5d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a5:f8:44:77:cd:9c:ec:ae:68:47:37:16:50:
                    63:be:5d:80:df:5d:57:96:9d:90:56:d4:8d:96:88:
                    24:0d:18:15:b9:6e:90:cb:b6:d8:c7:28:2b:5e:e9:
                    67:e8:9c:ae:9a:b0:ee:12:84:77:4c:05:d6:7e:25:
                    46:78:9b:e7:06:b5:4a:24:46:8d:54:9a:19:76:8d:
                    06:62:80:27:72:cb:d0:86:e1:5a:f8:01:0e:d7:4f:
                    e5:2a:ca:c4:2b:d6:35:20:02:d3:52:71:f7:b3:64:
                    ba:ab:3a:e0:65:1d:e0:dc:ea:1d:89:f7:61:8a:da:
                    37:7d:7d:6c:5e:7a:1c:57:70:af:b6:91:f5:be:09:
                    ca:a9:e0:5d:f3:e7:2c:31:e6:18:ae:d6:53:72:42:
                    d1:36:45:36:31:c2:bb:18:f5:64:af:93:3a:92:91:
                    35:90:f6:2e:28:ed:e9:d0:ce:a4:02:59:db:27:dd:
                    4a:0f:04:91:6b:0b:ed:ba:40:ef:26:7e:46:b6:c2:
                    4b:ab:51:a4:8d:0a:2e:17:59:0f:d6:f1:bb:47:4a:
                    4f:da:f7:1b:40:68:b0:18:c4:13:3e:cb:fd:25:b6:
                    0e:c9:90:b9:d1:59:95:37:92:c3:ce:50:47:a9:ef:
                    f1:f2:c0:e9:62:9b:db:1e:15:01:2e:fc:6f:e2:39:
                    d7:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:CA:AB:EA:18:F8:D6:11:E2:A5:CD:27:1C:EF:BB:43:E7:95:C5:D1
            X509v3 Authority Key Identifier:
                keyid:C4:DD:FE:0F:4B:FB:69:82:F1:96:0A:B2:A3:FA:E7:A2:FB:45:7A:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xN3-D0v7aYLxlgqyo_rnovtFepM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/80b481-6535-40a3-81a8-313a4c163b10/1/oMqr6hj41hHipc0nHO-7Q-eVxdE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/80b481-6535-40a3-81a8-313a4c163b10/1/xN3-D0v7aYLxlgqyo_rnovtFepM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:1e:00:19:b8:40:dd:ba:62:bc:22:d9:29:ba:5b:21:73:1e:
         76:48:a8:be:56:60:35:c2:82:5f:b8:f3:be:60:fa:d7:74:e2:
         c6:1f:75:a9:14:52:a2:49:29:fe:98:8c:cd:4f:16:10:cd:48:
         a2:fe:35:71:ed:14:cf:bf:8e:df:88:08:fa:89:8f:5e:b0:44:
         5d:65:45:84:3f:07:d8:94:86:e5:0b:49:6f:c2:32:78:38:a2:
         58:fd:d3:a3:6c:1d:a5:d3:7b:22:f7:b2:3f:1f:6f:e5:8b:30:
         34:cf:6b:26:d2:24:f0:07:01:39:eb:3f:78:0c:2c:45:3c:e6:
         ef:55:85:e7:e3:27:72:84:11:b7:d7:39:f2:4a:67:5e:c3:ef:
         49:d9:45:03:c4:00:ae:dc:3f:78:3d:d0:a2:ae:17:fe:c9:ef:
         a8:4c:2d:98:af:2b:46:c3:7c:d7:f6:99:1a:27:5d:ec:18:db:
         18:f7:4c:68:6d:c7:53:76:5f:31:09:79:ff:16:f8:03:2b:ad:
         56:5c:20:4b:5e:a0:c5:6e:9e:a6:c6:c0:5f:7e:0d:b2:98:43:
         e5:d4:25:28:68:07:5b:96:51:cf:60:39:72:fa:d2:3b:82:be:
         2f:ef:99:4c:73:c1:36:81:9b:86:43:f0:a1:b6:68:b2:f3:5c:
         44:cb:8e:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJV0ZdmrHSJO2fDbR1RZQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0ZGRmZTBmNGJmYjY5ODJmMTk2MGFiMmEzZmFlN2EyZmI0
NTdhOTMwHhcNMjQwMTAxMDgzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGNhYWJlYTE4ZjhkNjExZTJhNWNkMjcxY2VmYmI0M2U3OTVjNWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuaX4RHfNnOyuaEc3FlBjvl2A311X
lp2QVtSNlogkDRgVuW6Qy7bYxygrXuln6JyumrDuEoR3TAXWfiVGeJvnBrVKJEaN
VJoZdo0GYoAncsvQhuFa+AEO10/lKsrEK9Y1IALTUnH3s2S6qzrgZR3g3Oodifdh
ito3fX1sXnocV3CvtpH1vgnKqeBd8+csMeYYrtZTckLRNkU2McK7GPVkr5M6kpE1
kPYuKO3p0M6kAlnbJ91KDwSRawvtukDvJn5GtsJLq1GkjQouF1kP1vG7R0pP2vcb
QGiwGMQTPsv9JbYOyZC50VmVN5LDzlBHqe/x8sDpYpvbHhUBLvxv4jnXswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKDKq+oY+NYR4qXNJxzvu0PnlcXRMB8GA1UdIwQY
MBaAFMTd/g9L+2mC8ZYKsqP656L7RXqTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveE4zLUQwdjdhWUx4bGdxeW9fcm5vdnRGZXBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84MGI0ODEtNjUzNS00MGEzLTgxYTgt
MzEzYTRjMTYzYjEwLzEvb01xcjZoajQxaEhpcGMwbkhPLTdRLWVWeGRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84MGI0ODEtNjUzNS00MGEzLTgxYTgtMzEzYTRjMTYzYjEw
LzEveE4zLUQwdjdhWUx4bGdxeW9fcm5vdnRGZXBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjkCMA0G
CSqGSIb3DQEBCwUAA4IBAQBkHgAZuEDdumK8Itkpulshcx52SKi+VmA1woJfuPO+
YPrXdOLGH3WpFFKiSSn+mIzNTxYQzUii/jVx7RTPv47fiAj6iY9esERdZUWEPwfY
lIblC0lvwjJ4OKJY/dOjbB2l03si97I/H2/lizA0z2sm0iTwBwE56z94DCxFPObv
VYXn4ydyhBG31znySmdew+9J2UUDxACu3D94PdCirhf+ye+oTC2YrytGw3zX9pka
J13sGNsY90xobcdTdl8xCXn/FvgDK61WXCBLXqDFbp6mxsBffg2ymEPl1CUoaAdb
llHPYDly+tI7gr4v75lMc8E2gZuGQ/Chtmiy81xEy44u
-----END CERTIFICATE-----