Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/94cdb2-9399-450b-a82e-7c590bcf981a/1/Hj8lCfhk8UlyDRy2SdzKYU1HO-8.roa
File:                     Hj8lCfhk8UlyDRy2SdzKYU1HO-8.roa (raw, json)
Hash identifier:          rJwL29Y+L0t0Qjmu5lP5g2foQXjICP0ESpFOud75b1c=
Subject key identifier:   1E:3F:25:09:F8:64:F1:49:72:0D:1C:B6:49:DC:CA:61:4D:47:3B:EF
Certificate issuer:       /CN=1a5caaf3a0993b76ae13e119136dbf0069698911
Certificate serial:       018CC86FC7D4AD7D1B153E61811C5157481D
Authority key identifier: 1A:5C:AA:F3:A0:99:3B:76:AE:13:E1:19:13:6D:BF:00:69:69:89:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Glyq86CZO3auE-EZE22_AGlpiRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/94cdb2-9399-450b-a82e-7c590bcf981a/1/Hj8lCfhk8UlyDRy2SdzKYU1HO-8.roa
Signing time:             Tue 02 Jan 2024 04:30:18 +0000
ROA not before:           Tue 02 Jan 2024 04:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39052
IP address blocks:        144.57.128.0/17 maxlen: 17
                          144.57.64.0/18 maxlen: 18
                          144.57.0.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/94cdb2-9399-450b-a82e-7c590bcf981a/1/Glyq86CZO3auE-EZE22_AGlpiRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/94cdb2-9399-450b-a82e-7c590bcf981a/1/Glyq86CZO3auE-EZE22_AGlpiRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Glyq86CZO3auE-EZE22_AGlpiRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:02:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:c7:d4:ad:7d:1b:15:3e:61:81:1c:51:57:48:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a5caaf3a0993b76ae13e119136dbf0069698911
        Validity
            Not Before: Jan  2 04:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e3f2509f864f149720d1cb649dcca614d473bef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:9d:11:fd:c6:0e:19:f0:6f:57:fa:72:63:1f:
                    bb:71:45:5e:e9:03:82:11:f4:ab:1f:99:9d:51:3e:
                    f0:89:84:e7:d6:ba:1e:2f:e0:c2:c1:6b:fa:88:30:
                    70:02:4b:9f:87:cf:c8:fb:44:92:ac:a8:d5:35:2c:
                    6a:09:2e:35:5b:d4:cd:ad:f8:89:f6:e9:2f:56:bc:
                    9f:d6:2c:d8:58:43:c5:be:be:f1:73:1f:a2:19:a3:
                    e2:b5:54:8e:6e:9f:ae:34:bb:06:20:bc:f1:b7:93:
                    d8:cf:d3:1f:66:8a:e4:ea:4d:26:e2:a8:5e:2d:aa:
                    55:0e:73:f2:cd:1e:8a:05:1a:8c:40:1b:5a:5c:28:
                    ed:ab:d5:b9:f6:e3:55:ff:6a:6b:73:93:62:eb:b8:
                    bc:d4:b0:06:71:b9:49:8e:63:ee:42:ae:2f:58:59:
                    24:73:63:00:cf:b3:10:b5:2f:0e:d3:90:da:ac:a7:
                    63:e6:26:97:fc:4b:13:2a:c1:47:0e:0f:53:c4:2e:
                    69:80:26:d7:88:4f:f6:d3:43:ca:3b:e4:1d:14:52:
                    4b:8c:12:39:1e:41:e1:c7:87:86:46:05:1f:5c:62:
                    0f:22:f0:b7:58:84:22:c2:8e:85:12:77:1d:eb:ce:
                    1a:c5:d4:6c:50:9b:2a:3e:04:c1:33:98:65:fc:9f:
                    ce:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:3F:25:09:F8:64:F1:49:72:0D:1C:B6:49:DC:CA:61:4D:47:3B:EF
            X509v3 Authority Key Identifier:
                keyid:1A:5C:AA:F3:A0:99:3B:76:AE:13:E1:19:13:6D:BF:00:69:69:89:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Glyq86CZO3auE-EZE22_AGlpiRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/94cdb2-9399-450b-a82e-7c590bcf981a/1/Hj8lCfhk8UlyDRy2SdzKYU1HO-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/94cdb2-9399-450b-a82e-7c590bcf981a/1/Glyq86CZO3auE-EZE22_AGlpiRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.57.0.0/19
                  144.57.64.0-144.57.255.255

    Signature Algorithm: sha256WithRSAEncryption
         05:55:75:d2:9e:5f:e9:3b:8b:4f:23:b0:12:eb:6d:69:bb:fc:
         c0:37:4e:a0:56:92:6d:01:d2:05:6c:de:f7:71:a2:a5:7f:76:
         5c:5e:22:62:7d:ac:14:84:f8:91:3a:ab:a5:bc:1a:60:35:a3:
         ef:3d:98:f5:64:80:fe:f3:84:0f:5f:d7:1b:b8:f7:6b:e6:fe:
         17:d5:b7:da:e7:6c:ad:b7:52:cc:a0:a7:c1:9b:13:d9:e1:1d:
         28:e0:ec:ee:31:67:28:4c:0e:78:64:21:26:93:54:6a:6d:15:
         e4:aa:a3:8d:ec:58:ee:d3:31:bb:ff:47:0d:29:39:e3:cd:6b:
         3b:7d:33:53:1b:7b:af:e0:bb:7b:07:36:ab:4e:52:aa:36:b2:
         12:34:6c:fe:3d:60:63:73:57:4a:17:e1:68:f8:6a:67:26:5d:
         78:5c:4f:bf:a0:3c:a1:3c:76:7a:dd:d7:54:0b:9b:6b:42:1b:
         4f:3b:b5:fd:ed:05:eb:4c:42:4a:f5:91:80:71:66:85:1d:fa:
         38:44:98:f3:bd:e8:0b:9f:d0:f7:d7:b0:a1:8c:be:e3:ff:af:
         42:9f:ea:d6:a5:07:4c:3d:8d:14:7a:91:55:1f:f2:e0:b4:dc:
         66:42:12:d4:b3:37:43:d1:20:6e:9e:67:55:18:d1:57:fb:bb:
         09:bd:ea:56
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAYzIb8fUrX0bFT5hgRxRV0gdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNWNhYWYzYTA5OTNiNzZhZTEzZTExOTEzNmRiZjAwNjk2
OTg5MTEwHhcNMjQwMTAyMDQzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTNmMjUwOWY4NjRmMTQ5NzIwZDFjYjY0OWRjY2E2MTRkNDczYmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJ0R/cYOGfBvV/pyYx+7cUVe6QOC
EfSrH5mdUT7wiYTn1roeL+DCwWv6iDBwAkufh8/I+0SSrKjVNSxqCS41W9TNrfiJ
9ukvVryf1izYWEPFvr7xcx+iGaPitVSObp+uNLsGILzxt5PYz9MfZork6k0m4qhe
LapVDnPyzR6KBRqMQBtaXCjtq9W59uNV/2prc5Ni67i81LAGcblJjmPuQq4vWFkk
c2MAz7MQtS8O05DarKdj5iaX/EsTKsFHDg9TxC5pgCbXiE/200PKO+QdFFJLjBI5
HkHhx4eGRgUfXGIPIvC3WIQiwo6FEncd684axdRsUJsqPgTBM5hl/J/OJwIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFB4/JQn4ZPFJcg0ctkncymFNRzvvMB8GA1UdIwQY
MBaAFBpcqvOgmTt2rhPhGRNtvwBpaYkRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2x5cTg2Q1pPM2F1RS1FWkUyMl9BR2xwaVJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny85NGNkYjItOTM5OS00NTBiLWE4MmUt
N2M1OTBiY2Y5ODFhLzEvSGo4bENmaGs4VWx5RFJ5MlNkektZVTFITy04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny85NGNkYjItOTM5OS00NTBiLWE4MmUtN2M1OTBiY2Y5ODFh
LzEvR2x5cTg2Q1pPM2F1RS1FWkUyMl9BR2xwaVJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCwGCCsGAQUFBwEHAQH/BB0wGzAZBAIAATATAwQFkDkAMAsD
BAaQOUADAwGQODANBgkqhkiG9w0BAQsFAAOCAQEABVV10p5f6TuLTyOwEuttabv8
wDdOoFaSbQHSBWze93GipX92XF4iYn2sFIT4kTqrpbwaYDWj7z2Y9WSA/vOED1/X
G7j3a+b+F9W32udsrbdSzKCnwZsT2eEdKODs7jFnKEwOeGQhJpNUam0V5KqjjexY
7tMxu/9HDSk5481rO30zUxt7r+C7ewc2q05SqjayEjRs/j1gY3NXShfhaPhqZyZd
eFxPv6A8oTx2et3XVAuba0IbTzu1/e0F60xCSvWRgHFmhR36OESY873oC5/Q99ew
oYy+4/+vQp/q1qUHTD2NFHqRVR/y4LTcZkIS1LM3Q9Egbp5nVRjRV/u7Cb3qVg==
-----END CERTIFICATE-----