Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/4f0ec5-54d2-40fb-9498-742f8691beaa/1/G57LHrHvMbdM_H5EBFwROmWy7oo.roa
File:                     G57LHrHvMbdM_H5EBFwROmWy7oo.roa (raw, json)
Hash identifier:          A6TfLlRClA13tXnyNFSSmjWJXM20qsQ0eIm/BgmEj0Y=
Subject key identifier:   1B:9E:CB:1E:B1:EF:31:B7:4C:FC:7E:44:04:5C:11:3A:65:B2:EE:8A
Certificate issuer:       /CN=608011ea51a9fbcf8bae0df1ed499a3407d63053
Certificate serial:       018CC50116BDCAB1D16CE256B7F9FD45B061
Authority key identifier: 60:80:11:EA:51:A9:FB:CF:8B:AE:0D:F1:ED:49:9A:34:07:D6:30:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YIAR6lGp-8-Lrg3x7UmaNAfWMFM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/4f0ec5-54d2-40fb-9498-742f8691beaa/1/G57LHrHvMbdM_H5EBFwROmWy7oo.roa
Signing time:             Mon 01 Jan 2024 12:30:32 +0000
ROA not before:           Mon 01 Jan 2024 12:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24953
IP address blocks:        193.47.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/4f0ec5-54d2-40fb-9498-742f8691beaa/1/YIAR6lGp-8-Lrg3x7UmaNAfWMFM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/4f0ec5-54d2-40fb-9498-742f8691beaa/1/YIAR6lGp-8-Lrg3x7UmaNAfWMFM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YIAR6lGp-8-Lrg3x7UmaNAfWMFM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:16:bd:ca:b1:d1:6c:e2:56:b7:f9:fd:45:b0:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=608011ea51a9fbcf8bae0df1ed499a3407d63053
        Validity
            Not Before: Jan  1 12:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b9ecb1eb1ef31b74cfc7e44045c113a65b2ee8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:81:ba:9b:40:b3:5b:f4:e6:bf:22:28:49:40:
                    11:9d:99:8b:70:82:38:7c:7d:96:2f:07:eb:2e:a4:
                    57:e6:1c:d0:4c:07:a4:8f:04:70:37:92:1d:af:9c:
                    59:d9:6e:fe:49:15:da:1a:d6:c7:5d:8b:44:33:42:
                    51:e9:d0:54:15:61:e5:f7:d6:33:9c:04:91:df:24:
                    4c:7b:15:f9:ff:14:0f:52:c4:bd:dd:c4:93:33:52:
                    28:dd:fe:61:07:df:df:1b:11:2a:7d:1f:39:67:30:
                    d8:de:c2:84:b3:a9:ce:26:b3:93:07:96:44:7e:07:
                    a6:87:31:20:8b:91:07:bc:46:45:7d:4e:48:52:53:
                    9f:a0:c4:e4:f7:5b:86:62:dd:8e:ba:59:75:e7:bd:
                    61:39:c1:e4:3c:9f:bc:fc:82:ec:c0:67:5a:57:9f:
                    49:1d:1f:2c:ff:83:1a:11:c3:17:37:46:3f:45:bd:
                    66:56:6a:d0:26:33:60:2d:70:7b:c2:a1:3e:c2:20:
                    93:e7:b4:fb:0e:2c:4a:ea:c1:92:da:4e:b7:7b:b3:
                    d6:bd:6e:fb:4f:39:5c:03:eb:cc:6c:c9:ab:ac:4f:
                    89:fc:98:4a:9e:75:9a:30:63:ff:01:ff:07:91:ca:
                    1f:4d:31:3f:7f:d1:d4:42:43:ec:b5:d3:a7:fb:75:
                    6d:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:9E:CB:1E:B1:EF:31:B7:4C:FC:7E:44:04:5C:11:3A:65:B2:EE:8A
            X509v3 Authority Key Identifier:
                keyid:60:80:11:EA:51:A9:FB:CF:8B:AE:0D:F1:ED:49:9A:34:07:D6:30:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YIAR6lGp-8-Lrg3x7UmaNAfWMFM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/4f0ec5-54d2-40fb-9498-742f8691beaa/1/G57LHrHvMbdM_H5EBFwROmWy7oo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/4f0ec5-54d2-40fb-9498-742f8691beaa/1/YIAR6lGp-8-Lrg3x7UmaNAfWMFM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.47.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:6e:9f:df:35:47:72:87:b3:32:40:0c:29:d7:db:91:48:46:
         80:a0:d7:59:18:9e:2e:36:f7:da:87:4a:7f:bf:48:fe:5f:d4:
         53:46:07:2b:c7:7d:ae:d3:b4:fa:4b:20:1e:08:3c:f0:b5:08:
         d4:fd:1e:ea:1c:00:2a:20:d5:22:c9:79:36:b2:4b:6a:45:45:
         e2:9a:99:21:99:30:8e:af:37:f5:65:87:d8:ec:34:0d:ee:41:
         25:c0:68:0c:1b:2d:ca:ae:0c:d6:77:00:b1:0b:16:d3:43:8f:
         21:6f:a8:d3:78:50:b3:b1:4f:49:b4:86:6b:dc:24:d9:4d:1d:
         f4:89:a3:34:f2:d3:92:86:7d:69:5c:69:50:be:8d:8a:ec:66:
         d9:31:23:20:06:cd:ae:9d:cf:a0:7c:5a:d4:46:ff:9f:98:96:
         60:24:76:2f:c1:19:84:2f:0f:8f:d8:99:ab:f6:86:3f:e9:ef:
         54:ba:de:8c:b7:69:4f:65:ec:ed:ad:7b:8c:5f:c9:ca:bc:51:
         f6:d3:e5:5a:39:44:c2:a4:2d:83:d4:04:72:7f:d8:5d:6d:bb:
         e2:65:7b:3f:dc:f7:5e:d3:fa:1a:b4:33:03:d2:90:02:44:2f:
         c2:6c:27:b3:11:77:bb:1e:81:d9:02:ba:2f:85:2a:a8:69:8b:
         db:d3:f3:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFARa9yrHRbOJWt/n9RbBhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwODAxMWVhNTFhOWZiY2Y4YmFlMGRmMWVkNDk5YTM0MDdk
NjMwNTMwHhcNMjQwMTAxMTIzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjllY2IxZWIxZWYzMWI3NGNmYzdlNDQwNDVjMTEzYTY1YjJlZThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7IG6m0CzW/TmvyIoSUARnZmLcII4
fH2WLwfrLqRX5hzQTAekjwRwN5Idr5xZ2W7+SRXaGtbHXYtEM0JR6dBUFWHl99Yz
nASR3yRMexX5/xQPUsS93cSTM1Io3f5hB9/fGxEqfR85ZzDY3sKEs6nOJrOTB5ZE
fgemhzEgi5EHvEZFfU5IUlOfoMTk91uGYt2Oull1571hOcHkPJ+8/ILswGdaV59J
HR8s/4MaEcMXN0Y/Rb1mVmrQJjNgLXB7wqE+wiCT57T7DixK6sGS2k63e7PWvW77
TzlcA+vMbMmrrE+J/JhKnnWaMGP/Af8HkcofTTE/f9HUQkPstdOn+3VtQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBueyx6x7zG3TPx+RARcETplsu6KMB8GA1UdIwQY
MBaAFGCAEepRqfvPi64N8e1JmjQH1jBTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUlBUjZsR3AtOC1McmczeDdVbWFOQWZXTUZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80ZjBlYzUtNTRkMi00MGZiLTk0OTgt
NzQyZjg2OTFiZWFhLzEvRzU3TEhySHZNYmRNX0g1RUJGd1JPbVd5N29vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80ZjBlYzUtNTRkMi00MGZiLTk0OTgtNzQyZjg2OTFiZWFh
LzEvWUlBUjZsR3AtOC1McmczeDdVbWFOQWZXTUZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwS9PMA0G
CSqGSIb3DQEBCwUAA4IBAQC7bp/fNUdyh7MyQAwp19uRSEaAoNdZGJ4uNvfah0p/
v0j+X9RTRgcrx32u07T6SyAeCDzwtQjU/R7qHAAqINUiyXk2sktqRUXimpkhmTCO
rzf1ZYfY7DQN7kElwGgMGy3KrgzWdwCxCxbTQ48hb6jTeFCzsU9JtIZr3CTZTR30
iaM08tOShn1pXGlQvo2K7GbZMSMgBs2unc+gfFrURv+fmJZgJHYvwRmELw+P2Jmr
9oY/6e9Uut6Mt2lPZeztrXuMX8nKvFH20+VaOUTCpC2D1ARyf9hdbbviZXs/3Pde
0/oatDMD0pACRC/CbCezEXe7HoHZArovhSqoaYvb0/Ny
-----END CERTIFICATE-----