Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/34v70e-AuL53x6XeHVfYUbbbFF0.roa
File:                     34v70e-AuL53x6XeHVfYUbbbFF0.roa (raw, json)
Hash identifier:          NNmZSE1+eD+eECq8uaXsw/X0n6p3Qe7qeIsePK/4Fig=
Subject key identifier:   DF:8B:FB:D1:EF:80:B8:BE:77:C7:A5:DE:1D:57:D8:51:B6:DB:14:5D
Certificate issuer:       /CN=57c670c8db32dd748df797c5c93013d8c91fa839
Certificate serial:       0194228DBF4394AB9D2B8FF3235DE4FB83F8
Authority key identifier: 57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/34v70e-AuL53x6XeHVfYUbbbFF0.roa
Signing time:             Wed 01 Jan 2025 15:48:22 +0000
ROA not before:           Wed 01 Jan 2025 15:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56630
IP address blocks:        46.243.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:bf:43:94:ab:9d:2b:8f:f3:23:5d:e4:fb:83:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57c670c8db32dd748df797c5c93013d8c91fa839
        Validity
            Not Before: Jan  1 15:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=df8bfbd1ef80b8be77c7a5de1d57d851b6db145d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:19:4e:07:7c:26:5d:ae:b4:58:08:c1:79:bc:
                    a9:e8:3d:b8:f4:1f:7a:c6:9f:03:e4:ec:78:94:0f:
                    a4:7a:34:37:91:6e:a1:e8:64:10:57:4e:71:77:03:
                    80:4c:2e:a9:49:1a:b6:c6:91:fb:1d:ae:24:22:b7:
                    4e:c5:7c:41:9a:fa:71:de:34:30:a7:11:df:29:a9:
                    8c:fd:db:07:1e:34:53:4d:9b:1e:aa:bc:e2:36:84:
                    89:e7:9d:e5:d8:e3:b8:42:cb:c5:17:f8:17:55:00:
                    ba:62:51:1f:91:be:5a:7a:e3:dc:c0:cf:b1:15:46:
                    d0:74:22:81:49:a8:6c:bd:67:f4:71:02:80:be:86:
                    85:32:83:bf:29:47:72:59:f3:4b:bd:a3:99:38:f5:
                    27:6b:98:92:f5:4d:51:06:78:c7:fb:91:c4:af:44:
                    06:7e:81:0b:26:b4:ed:ac:2a:3f:5c:07:09:8e:53:
                    aa:fb:82:e8:96:04:30:94:2c:d5:6f:2d:e9:a5:99:
                    cb:42:7b:60:cf:68:fb:f7:08:c0:ea:3c:e8:08:f4:
                    5e:1a:72:f2:fa:eb:dc:15:89:7e:cf:4d:8f:b9:6e:
                    3d:a3:61:7b:30:de:ee:fb:04:bd:d1:e2:38:4b:60:
                    aa:34:99:91:37:b3:85:56:70:f7:37:8b:5f:b8:42:
                    cf:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:8B:FB:D1:EF:80:B8:BE:77:C7:A5:DE:1D:57:D8:51:B6:DB:14:5D
            X509v3 Authority Key Identifier:
                keyid:57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/34v70e-AuL53x6XeHVfYUbbbFF0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.243.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:8d:3e:da:ce:23:ee:32:4a:a2:63:d9:7a:3a:8b:e2:e3:b0:
         df:89:e6:49:a4:14:1c:8c:53:2e:40:2e:c8:57:a0:7c:71:7c:
         4b:af:ed:81:00:79:7a:69:0f:22:01:0c:78:95:fb:a7:81:f4:
         69:86:32:c3:26:ff:58:a5:9b:48:6e:f0:ad:5e:81:f4:f3:b1:
         e9:1f:0e:d8:df:64:21:03:14:b9:94:dd:c6:a3:5a:5a:19:61:
         6a:b0:fa:30:cf:13:b9:7f:31:e3:49:a4:a2:8b:f9:8c:be:c2:
         d4:bc:22:51:eb:e6:0e:de:f2:d7:18:08:71:7e:d4:cd:9e:80:
         04:d5:93:2c:29:b9:56:ea:25:eb:08:6f:d9:93:3e:77:de:56:
         71:27:72:d3:e4:03:91:64:e9:ea:37:4f:c9:54:87:c3:fc:9a:
         7b:02:70:46:8d:28:8f:57:a2:d4:e4:fd:e0:8b:ef:47:91:98:
         b1:3a:77:57:5d:b5:5c:42:af:96:9d:a3:26:9c:46:26:57:77:
         0b:c6:71:f0:68:ba:fe:fe:83:01:85:a8:3e:95:98:50:64:61:
         b8:b6:6d:6e:d3:6a:8d:e0:bb:52:31:38:30:8c:1e:31:9c:b3:
         53:45:60:3b:ea:a7:e8:88:9a:c7:4f:42:ad:cf:15:11:9d:f6:
         5d:34:23:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijb9DlKudK4/zI13k+4P4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzY3MGM4ZGIzMmRkNzQ4ZGY3OTdjNWM5MzAxM2Q4Yzkx
ZmE4MzkwHhcNMjUwMTAxMTU0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjhiZmJkMWVmODBiOGJlNzdjN2E1ZGUxZDU3ZDg1MWI2ZGIxNDVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApRlOB3wmXa60WAjBebyp6D249B96
xp8D5Ox4lA+kejQ3kW6h6GQQV05xdwOATC6pSRq2xpH7Ha4kIrdOxXxBmvpx3jQw
pxHfKamM/dsHHjRTTZseqrziNoSJ553l2OO4QsvFF/gXVQC6YlEfkb5aeuPcwM+x
FUbQdCKBSahsvWf0cQKAvoaFMoO/KUdyWfNLvaOZOPUna5iS9U1RBnjH+5HEr0QG
foELJrTtrCo/XAcJjlOq+4LolgQwlCzVby3ppZnLQntgz2j79wjA6jzoCPReGnLy
+uvcFYl+z02PuW49o2F7MN7u+wS90eI4S2CqNJmRN7OFVnD3N4tfuELPrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN+L+9HvgLi+d8el3h1X2FG22xRdMB8GA1UdIwQY
MBaAFFfGcMjbMt10jfeXxckwE9jJH6g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQt
MzA0OTVmNDAzNzg0LzEvMzR2NzBlLUF1TDUzeDZYZUhWZllVYmJiRkYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQtMzA0OTVmNDAzNzg0
LzEvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALvMAMA0G
CSqGSIb3DQEBCwUAA4IBAQCljT7aziPuMkqiY9l6Oovi47DfieZJpBQcjFMuQC7I
V6B8cXxLr+2BAHl6aQ8iAQx4lfungfRphjLDJv9YpZtIbvCtXoH087HpHw7Y32Qh
AxS5lN3Go1paGWFqsPowzxO5fzHjSaSii/mMvsLUvCJR6+YO3vLXGAhxftTNnoAE
1ZMsKblW6iXrCG/Zkz533lZxJ3LT5AORZOnqN0/JVIfD/Jp7AnBGjSiPV6LU5P3g
i+9HkZixOndXXbVcQq+WnaMmnEYmV3cLxnHwaLr+/oMBhag+lZhQZGG4tm1u02qN
4LtSMTgwjB4xnLNTRWA76qfoiJrHT0KtzxURnfZdNCNl
-----END CERTIFICATE-----