Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/f6be03-4f44-4354-b9eb-ba4d06df0be5/1/hyi6JuY73xPZcokcebBm_FmZyyY.roa
File:                     hyi6JuY73xPZcokcebBm_FmZyyY.roa (raw, json)
Hash identifier:          zQKPsA0T4NOWqz2srC42ViSa9ImtjDOANA0Zc4jjvFk=
Subject key identifier:   87:28:BA:26:E6:3B:DF:13:D9:72:89:1C:79:B0:66:FC:59:99:CB:26
Certificate issuer:       /CN=e2e4ac6224fe1944420dc3a98dd63abae4af7e00
Certificate serial:       018CC34925D5949C437A4B0873BCE2B58496
Authority key identifier: E2:E4:AC:62:24:FE:19:44:42:0D:C3:A9:8D:D6:3A:BA:E4:AF:7E:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4uSsYiT-GURCDcOpjdY6uuSvfgA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/f6be03-4f44-4354-b9eb-ba4d06df0be5/1/hyi6JuY73xPZcokcebBm_FmZyyY.roa
Signing time:             Mon 01 Jan 2024 04:30:00 +0000
ROA not before:           Mon 01 Jan 2024 04:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60056
IP address blocks:        185.57.245.0/24 maxlen: 24
                          185.57.244.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/f6be03-4f44-4354-b9eb-ba4d06df0be5/1/4uSsYiT-GURCDcOpjdY6uuSvfgA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/f6be03-4f44-4354-b9eb-ba4d06df0be5/1/4uSsYiT-GURCDcOpjdY6uuSvfgA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4uSsYiT-GURCDcOpjdY6uuSvfgA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:25:d5:94:9c:43:7a:4b:08:73:bc:e2:b5:84:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2e4ac6224fe1944420dc3a98dd63abae4af7e00
        Validity
            Not Before: Jan  1 04:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8728ba26e63bdf13d972891c79b066fc5999cb26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:12:27:b3:ef:0a:89:2d:df:96:5a:ad:db:15:
                    78:c0:10:a1:cd:1f:de:31:83:db:d5:92:94:6b:19:
                    da:88:13:18:42:cd:c6:d6:6c:76:ba:57:33:02:5b:
                    e0:1a:28:18:12:a1:78:f2:1e:c2:23:7e:35:24:d0:
                    e7:51:e0:69:5a:62:d1:dd:56:de:17:89:29:ed:d7:
                    de:5a:b4:13:b7:75:c4:14:a3:90:08:86:f5:6b:0f:
                    ca:aa:65:d5:7d:d0:c7:2b:19:25:fe:39:70:d5:0a:
                    35:fc:db:a0:27:8f:01:bb:5f:2c:4a:43:5d:f3:6e:
                    3c:af:2c:25:a1:a3:7e:63:58:25:69:c3:78:01:3e:
                    3f:38:f3:9a:5d:1c:34:77:c3:2c:f5:39:ab:a5:39:
                    64:10:0c:38:ff:62:b7:3a:ca:c0:52:49:65:c1:91:
                    ee:62:f2:17:69:ad:6d:72:7d:83:d0:08:76:db:b8:
                    53:8a:9b:4e:8d:8d:13:cc:66:cd:d2:34:8a:90:f9:
                    a5:cf:ef:c1:42:78:33:d8:05:a5:e1:75:94:15:97:
                    59:11:12:74:8d:d1:06:91:1b:e4:24:34:e1:55:fd:
                    aa:a4:65:4a:7e:7c:bf:d5:fb:7b:88:f9:0a:0e:de:
                    b4:19:0b:35:86:b2:1a:d2:38:d6:0e:40:f8:1c:fe:
                    fb:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:28:BA:26:E6:3B:DF:13:D9:72:89:1C:79:B0:66:FC:59:99:CB:26
            X509v3 Authority Key Identifier:
                keyid:E2:E4:AC:62:24:FE:19:44:42:0D:C3:A9:8D:D6:3A:BA:E4:AF:7E:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4uSsYiT-GURCDcOpjdY6uuSvfgA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/f6be03-4f44-4354-b9eb-ba4d06df0be5/1/hyi6JuY73xPZcokcebBm_FmZyyY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/f6be03-4f44-4354-b9eb-ba4d06df0be5/1/4uSsYiT-GURCDcOpjdY6uuSvfgA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.57.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         57:24:8d:7c:ea:b8:16:21:9e:6f:a2:d3:11:ab:6c:b0:33:8c:
         71:91:ce:ec:a1:55:f3:be:5c:e8:37:be:df:0b:a2:f7:a1:89:
         5e:67:72:f9:70:89:ed:75:43:35:40:a2:35:4c:60:67:c8:fa:
         c8:85:39:a9:ff:c3:88:f3:34:be:37:09:73:3f:dd:bd:fb:cb:
         41:81:d0:f3:0d:16:d0:ba:d5:12:ef:61:b8:6c:6e:c3:a5:dc:
         2d:3b:5d:02:45:53:d3:ef:4d:69:4b:5e:cd:33:59:c1:0f:3e:
         07:8c:82:ff:fc:92:c5:8b:91:14:be:f5:8d:e3:31:a6:c5:47:
         f3:8d:60:62:1f:e4:73:c1:01:0e:77:a9:69:3b:9c:c7:84:82:
         b8:ea:73:08:45:15:17:90:b6:e8:d9:3f:5a:0f:8d:5f:a6:ff:
         6b:a2:d7:30:46:eb:94:3d:a0:ed:53:97:ef:a7:df:c1:7e:79:
         22:72:96:6c:33:56:14:c2:46:74:d0:4b:8a:dd:76:ca:74:d1:
         83:39:1c:7c:47:f9:71:03:7f:cd:fa:cc:fd:bd:ae:60:ec:4b:
         a6:72:63:41:f6:b2:24:24:cc:4f:bb:8b:80:11:3d:dc:1c:9e:
         09:eb:29:ac:0a:2b:e4:65:ae:c7:cb:32:67:51:66:3b:54:95:
         96:79:c6:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSSXVlJxDeksIc7zitYSWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZTRhYzYyMjRmZTE5NDQ0MjBkYzNhOThkZDYzYWJhZTRh
ZjdlMDAwHhcNMjQwMTAxMDQzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzI4YmEyNmU2M2JkZjEzZDk3Mjg5MWM3OWIwNjZmYzU5OTljYjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhIns+8KiS3fllqt2xV4wBChzR/e
MYPb1ZKUaxnaiBMYQs3G1mx2ulczAlvgGigYEqF48h7CI341JNDnUeBpWmLR3Vbe
F4kp7dfeWrQTt3XEFKOQCIb1aw/KqmXVfdDHKxkl/jlw1Qo1/NugJ48Bu18sSkNd
8248rywloaN+Y1glacN4AT4/OPOaXRw0d8Ms9TmrpTlkEAw4/2K3OsrAUkllwZHu
YvIXaa1tcn2D0Ah227hTiptOjY0TzGbN0jSKkPmlz+/BQngz2AWl4XWUFZdZERJ0
jdEGkRvkJDThVf2qpGVKfny/1ft7iPkKDt60GQs1hrIa0jjWDkD4HP77+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIcouibmO98T2XKJHHmwZvxZmcsmMB8GA1UdIwQY
MBaAFOLkrGIk/hlEQg3DqY3WOrrkr34AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHVTc1lpVC1HVVJDRGNPcGpkWTZ1dVN2ZmdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9mNmJlMDMtNGY0NC00MzU0LWI5ZWIt
YmE0ZDA2ZGYwYmU1LzEvaHlpNkp1WTczeFBaY29rY2ViQm1fRm1aeXlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9mNmJlMDMtNGY0NC00MzU0LWI5ZWItYmE0ZDA2ZGYwYmU1
LzEvNHVTc1lpVC1HVVJDRGNPcGpkWTZ1dVN2ZmdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuTn0MA0G
CSqGSIb3DQEBCwUAA4IBAQBXJI186rgWIZ5votMRq2ywM4xxkc7soVXzvlzoN77f
C6L3oYleZ3L5cIntdUM1QKI1TGBnyPrIhTmp/8OI8zS+NwlzP929+8tBgdDzDRbQ
utUS72G4bG7DpdwtO10CRVPT701pS17NM1nBDz4HjIL//JLFi5EUvvWN4zGmxUfz
jWBiH+RzwQEOd6lpO5zHhIK46nMIRRUXkLbo2T9aD41fpv9rotcwRuuUPaDtU5fv
p9/BfnkicpZsM1YUwkZ00EuK3XbKdNGDORx8R/lxA3/N+sz9va5g7EumcmNB9rIk
JMxPu4uAET3cHJ4J6ymsCivkZa7HyzJnUWY7VJWWecZX
-----END CERTIFICATE-----