Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/JUEnLjfjrEA56UJnxizkUX3ZPJI.roa
File:                     JUEnLjfjrEA56UJnxizkUX3ZPJI.roa (raw, json)
Hash identifier:          OLt01NDl0ileR61NdBtiLN/fhoYoAv8bbIsAXnjWf1g=
Subject key identifier:   25:41:27:2E:37:E3:AC:40:39:E9:42:67:C6:2C:E4:51:7D:D9:3C:92
Certificate issuer:       /CN=cfcd73f82c260da87386dcf7be26d5c5445526fa
Certificate serial:       0192755140AEA69F7510F868B75CC661EE8A
Authority key identifier: CF:CD:73:F8:2C:26:0D:A8:73:86:DC:F7:BE:26:D5:C5:44:55:26:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/JUEnLjfjrEA56UJnxizkUX3ZPJI.roa
Signing time:             Thu 10 Oct 2024 07:25:12 +0000
ROA not before:           Thu 10 Oct 2024 07:25:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35246
IP address blocks:        2.57.37.0/24 maxlen: 24
                          2.57.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:75:51:40:ae:a6:9f:75:10:f8:68:b7:5c:c6:61:ee:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcd73f82c260da87386dcf7be26d5c5445526fa
        Validity
            Not Before: Oct 10 07:25:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2541272e37e3ac4039e94267c62ce4517dd93c92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:ef:d7:da:d6:8f:87:fd:2b:49:32:96:bd:fb:
                    09:38:4d:8e:02:61:ff:d6:19:66:2b:ae:93:2e:ae:
                    00:3b:d3:fd:f7:5c:88:00:bb:d8:37:63:6f:95:71:
                    78:b8:83:d0:c2:b8:eb:b7:c3:8f:f1:03:84:17:c3:
                    c5:4c:6a:1a:3b:e6:e2:be:4d:4b:22:cb:d6:ce:b0:
                    63:88:e9:4b:00:9a:be:ac:50:37:2a:34:6b:30:06:
                    57:4c:ba:a5:49:6b:ca:31:f4:c4:1f:67:3f:cd:cc:
                    bc:9a:83:fd:b4:11:22:ea:fc:59:44:ba:96:7a:3d:
                    66:06:85:36:b1:87:70:2c:19:f2:87:18:43:56:1c:
                    63:35:6e:7e:1d:36:69:d2:0f:1e:98:54:81:9f:9c:
                    5a:01:59:db:53:59:02:67:76:a6:ee:08:cd:12:75:
                    e4:3c:65:03:fa:14:50:70:7a:d1:50:f4:59:64:38:
                    9d:99:ad:d3:56:db:b7:20:51:86:3e:db:98:e6:f1:
                    a4:ef:c4:b0:22:b7:f3:30:66:6d:fa:3f:42:21:02:
                    80:b2:b6:a7:41:1e:e0:d6:d4:70:27:55:32:7a:10:
                    7e:3e:a0:cf:18:d4:37:cb:e3:06:da:c5:84:60:b7:
                    ca:01:22:be:7b:03:2a:78:97:51:29:fa:83:0b:5e:
                    27:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:41:27:2E:37:E3:AC:40:39:E9:42:67:C6:2C:E4:51:7D:D9:3C:92
            X509v3 Authority Key Identifier:
                keyid:CF:CD:73:F8:2C:26:0D:A8:73:86:DC:F7:BE:26:D5:C5:44:55:26:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/JUEnLjfjrEA56UJnxizkUX3ZPJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.37.0-2.57.38.255

    Signature Algorithm: sha256WithRSAEncryption
         4b:ae:73:ba:12:e9:3c:47:93:90:e3:85:42:a8:67:1c:26:22:
         1f:2d:92:34:b0:bb:cd:d3:59:a9:f2:3f:e5:1b:d6:29:2a:58:
         b7:7e:87:2e:3d:7b:d5:ca:07:cb:76:28:85:1a:6e:31:9f:cd:
         51:50:a3:53:d4:13:88:46:ab:14:7d:47:ed:15:67:9d:81:64:
         f4:61:e9:bd:82:8a:be:61:97:a8:e3:32:8d:f9:9c:74:04:61:
         fd:b4:96:16:cc:b2:30:bc:b2:93:6a:24:e6:bb:2c:56:5b:c2:
         3e:8d:04:31:0e:78:34:b1:7e:69:34:4c:39:eb:a7:51:db:64:
         f1:6c:55:cd:53:d5:50:20:ff:e3:10:b6:42:91:52:bb:68:ac:
         ed:6b:b6:94:1c:fe:dd:e5:c2:4d:ec:37:f0:42:9b:b9:89:e9:
         fd:de:d8:fa:45:6f:9c:83:49:52:5d:22:3d:ad:7a:93:78:a4:
         0d:bf:ae:a2:82:b2:51:4d:ac:0e:c9:87:ac:53:96:d9:e4:4b:
         0f:fa:eb:7b:0d:a1:ca:05:a6:c7:20:ee:13:13:0f:15:c8:b5:
         e4:80:bb:a9:68:4d:b4:ca:fe:c5:19:71:91:00:c8:af:59:24:
         39:3a:81:1e:67:24:b0:a7:95:ad:12:71:07:f3:4a:52:03:a6:
         c3:bf:02:c4
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZJ1UUCupp91EPhot1zGYe6KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2Q3M2Y4MmMyNjBkYTg3Mzg2ZGNmN2JlMjZkNWM1NDQ1
NTI2ZmEwHhcNMjQxMDEwMDcyNTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTQxMjcyZTM3ZTNhYzQwMzllOTQyNjdjNjJjZTQ1MTdkZDkzYzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzu/X2taPh/0rSTKWvfsJOE2OAmH/
1hlmK66TLq4AO9P991yIALvYN2NvlXF4uIPQwrjrt8OP8QOEF8PFTGoaO+bivk1L
IsvWzrBjiOlLAJq+rFA3KjRrMAZXTLqlSWvKMfTEH2c/zcy8moP9tBEi6vxZRLqW
ej1mBoU2sYdwLBnyhxhDVhxjNW5+HTZp0g8emFSBn5xaAVnbU1kCZ3am7gjNEnXk
PGUD+hRQcHrRUPRZZDidma3TVtu3IFGGPtuY5vGk78SwIrfzMGZt+j9CIQKAsran
QR7g1tRwJ1UyehB+PqDPGNQ3y+MG2sWEYLfKASK+ewMqeJdRKfqDC14nBwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFCVBJy4346xAOelCZ8Ys5FF92TySMB8GA1UdIwQY
MBaAFM/Nc/gsJg2oc4bc974m1cVEVSb6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejgxei1Dd21EYWh6aHR6M3ZpYlZ4VVJWSnZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy80MGFkZTAtOThkYS00YWE1LWI4MTct
NmVkYzFiMjI1NjI1LzEvSlVFbkxqZmpyRUE1NlVKbnhpemtVWDNaUEpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy80MGFkZTAtOThkYS00YWE1LWI4MTctNmVkYzFiMjI1NjI1
LzEvejgxei1Dd21EYWh6aHR6M3ZpYlZ4VVJWSnZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAACOSUD
BAACOSYwDQYJKoZIhvcNAQELBQADggEBAEuuc7oS6TxHk5DjhUKoZxwmIh8tkjSw
u83TWanyP+Ub1ikqWLd+hy49e9XKB8t2KIUabjGfzVFQo1PUE4hGqxR9R+0VZ52B
ZPRh6b2Cir5hl6jjMo35nHQEYf20lhbMsjC8spNqJOa7LFZbwj6NBDEOeDSxfmk0
TDnrp1HbZPFsVc1T1VAg/+MQtkKRUrtorO1rtpQc/t3lwk3sN/BCm7mJ6f3e2PpF
b5yDSVJdIj2tepN4pA2/rqKCslFNrA7Jh6xTltnkSw/663sNocoFpscg7hMTDxXI
teSAu6loTbTK/sUZcZEAyK9ZJDk6gR5nJLCnla0ScQfzSlIDpsO/AsQ=
-----END CERTIFICATE-----