Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/db912f-bf6d-4f24-96ae-cc7b28990b81/1/Qo4XMJGymnYnxjJ_nPoBqA6kqaA.roa
File:                     Qo4XMJGymnYnxjJ_nPoBqA6kqaA.roa (raw, json)
Hash identifier:          yqqTRUlVVhG+MMjWlcrbVnEwvBm34b51ba4xUrDQ4Vg=
Subject key identifier:   42:8E:17:30:91:B2:9A:76:27:C6:32:7F:9C:FA:01:A8:0E:A4:A9:A0
Certificate issuer:       /CN=fc195bd682a8e9a124d5853dc5e908aae7339bae
Certificate serial:       018CC2DB42CD8ABF70F69F2FAD1BD1326FD9
Authority key identifier: FC:19:5B:D6:82:A8:E9:A1:24:D5:85:3D:C5:E9:08:AA:E7:33:9B:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_Blb1oKo6aEk1YU9xekIquczm64.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/db912f-bf6d-4f24-96ae-cc7b28990b81/1/Qo4XMJGymnYnxjJ_nPoBqA6kqaA.roa
Signing time:             Mon 01 Jan 2024 02:29:58 +0000
ROA not before:           Mon 01 Jan 2024 02:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     262287
IP address blocks:        2.57.28.0/23 maxlen: 23
                          2.57.30.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/db912f-bf6d-4f24-96ae-cc7b28990b81/1/_Blb1oKo6aEk1YU9xekIquczm64.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/db912f-bf6d-4f24-96ae-cc7b28990b81/1/_Blb1oKo6aEk1YU9xekIquczm64.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_Blb1oKo6aEk1YU9xekIquczm64.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:42:cd:8a:bf:70:f6:9f:2f:ad:1b:d1:32:6f:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc195bd682a8e9a124d5853dc5e908aae7339bae
        Validity
            Not Before: Jan  1 02:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=428e173091b29a7627c6327f9cfa01a80ea4a9a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:ba:c9:e8:a4:bc:3e:db:80:d6:18:ae:5f:85:
                    0d:20:54:2b:cb:86:7c:7d:aa:47:e5:61:f3:70:e2:
                    d8:07:d8:ec:3f:4d:15:84:4e:d2:17:70:9c:78:ba:
                    4e:1f:eb:51:ba:46:55:9d:08:a5:8e:8b:44:aa:80:
                    92:7c:40:48:1e:75:24:42:37:9a:da:03:29:1b:41:
                    49:ec:43:a8:c6:6d:70:62:21:05:b2:06:75:f8:f4:
                    e2:ac:49:43:a8:16:f2:42:ce:c7:3b:a3:97:0f:85:
                    2c:76:bd:85:39:bf:d2:5b:f4:20:ec:e1:08:e9:63:
                    3f:79:d8:42:fe:e2:05:e0:3b:6d:32:a3:62:37:b2:
                    3b:39:ae:bd:72:7c:ed:c3:a2:bc:5f:c8:10:46:e9:
                    67:a1:e5:a3:d5:5c:27:5b:5c:cc:c1:0c:eb:a7:32:
                    c8:25:bd:5d:20:29:d9:e9:61:a6:39:0c:5f:2b:b4:
                    c1:ca:ce:a5:c5:06:f6:d0:a0:3c:d2:4e:83:d3:4a:
                    4d:06:46:d0:33:72:fe:c5:73:92:89:e0:ea:10:d7:
                    7f:b4:02:55:1e:e3:ab:84:dd:54:15:87:85:9d:60:
                    8c:35:7f:c1:52:bc:1d:93:4f:a2:76:f1:8a:c0:36:
                    5b:d2:4b:89:0f:17:97:ff:88:7f:db:38:eb:ca:51:
                    83:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:8E:17:30:91:B2:9A:76:27:C6:32:7F:9C:FA:01:A8:0E:A4:A9:A0
            X509v3 Authority Key Identifier:
                keyid:FC:19:5B:D6:82:A8:E9:A1:24:D5:85:3D:C5:E9:08:AA:E7:33:9B:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_Blb1oKo6aEk1YU9xekIquczm64.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/db912f-bf6d-4f24-96ae-cc7b28990b81/1/Qo4XMJGymnYnxjJ_nPoBqA6kqaA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/db912f-bf6d-4f24-96ae-cc7b28990b81/1/_Blb1oKo6aEk1YU9xekIquczm64.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         28:c9:e5:54:ac:c7:c2:39:38:e7:b9:67:82:86:ac:8c:b7:67:
         66:b1:b1:32:6c:56:39:56:fd:88:f7:3a:1d:2b:7a:36:e0:33:
         94:ec:5d:c6:7c:87:62:67:1e:61:96:a7:df:7c:7a:d9:07:57:
         3a:6b:85:52:09:80:99:35:92:1e:8b:3f:be:1e:76:d7:f6:f1:
         d9:0f:6f:b8:f5:97:c9:49:92:6c:85:6e:45:7d:6d:5f:73:0a:
         91:f6:5b:a3:80:06:e5:a4:02:52:e1:1a:68:4c:bd:7a:a2:30:
         1e:23:9c:99:8a:84:29:1f:69:22:96:4b:7c:2f:64:8c:4c:09:
         78:02:a1:6b:b0:bf:8c:26:0b:84:2e:d0:03:63:07:37:41:ea:
         30:84:7b:27:55:49:eb:b3:1a:93:77:db:c4:1c:e9:7a:03:d7:
         b2:78:49:c8:8a:93:24:77:2d:dc:dd:24:4c:07:1e:a9:90:c0:
         d9:90:7a:9b:ca:e5:a9:36:95:8c:8d:5b:3e:8c:db:17:29:3b:
         29:67:88:7e:52:95:c7:bc:05:c8:a9:b1:ab:11:44:53:88:7b:
         86:8b:dd:45:d1:4e:39:cc:dd:13:8f:60:a1:e0:f2:c0:3c:1a:
         6e:6f:ee:50:4a:f2:bd:fc:00:13:4c:57:3d:9a:27:e9:33:c6:
         d3:2c:b0:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC20LNir9w9p8vrRvRMm/ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjMTk1YmQ2ODJhOGU5YTEyNGQ1ODUzZGM1ZTkwOGFhZTcz
MzliYWUwHhcNMjQwMTAxMDIyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjhlMTczMDkxYjI5YTc2MjdjNjMyN2Y5Y2ZhMDFhODBlYTRhOWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjrrJ6KS8PtuA1hiuX4UNIFQry4Z8
fapH5WHzcOLYB9jsP00VhE7SF3CceLpOH+tRukZVnQiljotEqoCSfEBIHnUkQjea
2gMpG0FJ7EOoxm1wYiEFsgZ1+PTirElDqBbyQs7HO6OXD4Usdr2FOb/SW/Qg7OEI
6WM/edhC/uIF4DttMqNiN7I7Oa69cnztw6K8X8gQRulnoeWj1VwnW1zMwQzrpzLI
Jb1dICnZ6WGmOQxfK7TBys6lxQb20KA80k6D00pNBkbQM3L+xXOSieDqENd/tAJV
HuOrhN1UFYeFnWCMNX/BUrwdk0+idvGKwDZb0kuJDxeX/4h/2zjrylGDjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEKOFzCRspp2J8Yyf5z6AagOpKmgMB8GA1UdIwQY
MBaAFPwZW9aCqOmhJNWFPcXpCKrnM5uuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0JsYjFvS282YUVrMVlVOXhla0lxdWN6bTY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9kYjkxMmYtYmY2ZC00ZjI0LTk2YWUt
Y2M3YjI4OTkwYjgxLzEvUW80WE1KR3ltbllueGpKX25Qb0JxQTZrcWFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9kYjkxMmYtYmY2ZC00ZjI0LTk2YWUtY2M3YjI4OTkwYjgx
LzEvX0JsYjFvS282YUVrMVlVOXhla0lxdWN6bTY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCAjkcMA0G
CSqGSIb3DQEBCwUAA4IBAQAoyeVUrMfCOTjnuWeChqyMt2dmsbEybFY5Vv2I9zod
K3o24DOU7F3GfIdiZx5hlqfffHrZB1c6a4VSCYCZNZIeiz++HnbX9vHZD2+49ZfJ
SZJshW5FfW1fcwqR9lujgAblpAJS4RpoTL16ojAeI5yZioQpH2kilkt8L2SMTAl4
AqFrsL+MJguELtADYwc3QeowhHsnVUnrsxqTd9vEHOl6A9eyeEnIipMkdy3c3SRM
Bx6pkMDZkHqbyuWpNpWMjVs+jNsXKTspZ4h+UpXHvAXIqbGrEURTiHuGi91F0U45
zN0Tj2Ch4PLAPBpub+5QSvK9/AATTFc9mifpM8bTLLAY
-----END CERTIFICATE-----