Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/iX79BvpLXjPp1zRHv-56Jb28iUo.roa
File:                     iX79BvpLXjPp1zRHv-56Jb28iUo.roa (raw, json)
Hash identifier:          5izyKa6j1NS60f2KCWMjeYm2w4JWGdeNSlmJ4IkN45o=
Subject key identifier:   89:7E:FD:06:FA:4B:5E:33:E9:D7:34:47:BF:EE:7A:25:BD:BC:89:4A
Certificate issuer:       /CN=cfcd73f82c260da87386dcf7be26d5c5445526fa
Certificate serial:       0194258F72E79CBC1C41B961D32B714D6DBC
Authority key identifier: CF:CD:73:F8:2C:26:0D:A8:73:86:DC:F7:BE:26:D5:C5:44:55:26:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/iX79BvpLXjPp1zRHv-56Jb28iUo.roa
Signing time:             Thu 02 Jan 2025 05:49:05 +0000
ROA not before:           Thu 02 Jan 2025 05:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209117
IP address blocks:        2.57.36.0/24 maxlen: 24
                          2.57.39.0/24 maxlen: 24
                          2a09:d2c1:6::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:72:e7:9c:bc:1c:41:b9:61:d3:2b:71:4d:6d:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcd73f82c260da87386dcf7be26d5c5445526fa
        Validity
            Not Before: Jan  2 05:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=897efd06fa4b5e33e9d73447bfee7a25bdbc894a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a9:42:de:51:fa:9a:56:65:8f:ad:d3:0a:63:
                    00:8e:89:23:e9:16:d7:88:29:d2:12:0a:be:aa:b8:
                    d6:39:d1:44:fd:f2:4f:d8:84:08:05:cf:2e:04:09:
                    f3:36:72:32:ff:32:cd:0f:f8:a6:1c:20:6f:7c:84:
                    4b:f1:a2:d0:55:f5:53:81:36:63:08:73:2a:45:83:
                    44:e0:61:41:ad:69:d5:7d:d7:3a:f1:c7:97:19:06:
                    c4:f6:41:60:d2:16:54:f4:13:eb:ba:af:ad:09:49:
                    cc:09:35:aa:b6:cf:e4:ab:99:ed:5a:fe:12:29:fd:
                    ac:a0:2e:d6:a3:49:d2:49:64:36:7e:e1:e1:2d:9d:
                    16:5a:8e:cd:c1:34:b3:41:f0:ba:f0:ed:8b:18:af:
                    bb:48:b6:0b:23:0b:b3:bc:5c:57:d1:0f:4b:86:41:
                    5b:99:bd:35:b3:ac:e6:03:6d:b3:a3:ea:bc:b4:da:
                    3f:51:2b:78:92:ad:b9:fe:eb:24:0a:87:75:db:99:
                    a4:d6:2f:af:1e:32:0b:84:82:97:46:a2:45:19:ac:
                    e0:ac:72:51:02:df:54:51:65:16:af:51:5d:fa:9e:
                    bd:53:cd:c3:f7:5c:3b:2b:91:8b:5a:2a:d5:b6:5f:
                    e0:b5:f3:aa:0c:ea:85:38:15:44:33:83:6a:0b:0c:
                    55:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:7E:FD:06:FA:4B:5E:33:E9:D7:34:47:BF:EE:7A:25:BD:BC:89:4A
            X509v3 Authority Key Identifier:
                keyid:CF:CD:73:F8:2C:26:0D:A8:73:86:DC:F7:BE:26:D5:C5:44:55:26:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/iX79BvpLXjPp1zRHv-56Jb28iUo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.36.0/24
                  2.57.39.0/24
                IPv6:
                  2a09:d2c1:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         b2:2e:c4:85:e5:4b:74:50:d9:55:05:b4:61:79:1c:21:a5:e9:
         36:1f:2c:ae:6b:67:a1:4b:a6:87:6d:88:77:29:dc:ef:24:f5:
         42:15:10:3e:27:72:bc:95:bd:1d:0b:6f:72:eb:49:0a:b6:7e:
         af:25:1d:b8:29:a4:a8:cb:dc:18:d9:f8:7f:2a:7e:37:63:76:
         01:38:97:0a:e8:82:31:28:c8:45:f0:a5:c8:60:31:97:2e:61:
         50:9a:11:37:fa:5b:f4:1c:a9:b9:7b:cb:78:e6:74:ac:84:a3:
         86:6c:0c:54:af:de:1b:b4:38:92:cf:fa:72:49:05:5e:f1:ba:
         99:2f:5c:2e:28:a3:20:d4:7c:6f:b2:59:48:ef:bc:58:8a:47:
         89:5d:40:08:cf:52:4f:55:f1:77:23:5a:19:b9:6e:10:a4:ed:
         c4:0e:8c:c2:8d:b2:37:7f:21:52:14:92:ea:71:32:c5:4d:a0:
         c1:99:4f:5d:59:fc:90:d6:cb:16:ed:55:94:b1:12:a3:0e:03:
         99:ec:c4:71:67:95:b9:87:08:d4:95:7e:16:d9:5d:23:5a:69:
         89:e4:55:c8:de:ae:8b:44:16:dd:ce:87:8f:64:7e:d4:c9:6a:
         94:a7:ed:82:2e:8a:ed:4a:59:ac:33:24:4c:63:ab:b2:94:91:
         c2:ee:a0:54
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZQlj3LnnLwcQblh0ytxTW28MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2Q3M2Y4MmMyNjBkYTg3Mzg2ZGNmN2JlMjZkNWM1NDQ1
NTI2ZmEwHhcNMjUwMTAyMDU0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTdlZmQwNmZhNGI1ZTMzZTlkNzM0NDdiZmVlN2EyNWJkYmM4OTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAualC3lH6mlZlj63TCmMAjokj6RbX
iCnSEgq+qrjWOdFE/fJP2IQIBc8uBAnzNnIy/zLND/imHCBvfIRL8aLQVfVTgTZj
CHMqRYNE4GFBrWnVfdc68ceXGQbE9kFg0hZU9BPruq+tCUnMCTWqts/kq5ntWv4S
Kf2soC7Wo0nSSWQ2fuHhLZ0WWo7NwTSzQfC68O2LGK+7SLYLIwuzvFxX0Q9LhkFb
mb01s6zmA22zo+q8tNo/USt4kq25/uskCod125mk1i+vHjILhIKXRqJFGazgrHJR
At9UUWUWr1Fd+p69U83D91w7K5GLWirVtl/gtfOqDOqFOBVEM4NqCwxVgQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFIl+/Qb6S14z6dc0R7/ueiW9vIlKMB8GA1UdIwQY
MBaAFM/Nc/gsJg2oc4bc974m1cVEVSb6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejgxei1Dd21EYWh6aHR6M3ZpYlZ4VVJWSnZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy80MGFkZTAtOThkYS00YWE1LWI4MTct
NmVkYzFiMjI1NjI1LzEvaVg3OUJ2cExYalBwMXpSSHYtNTZKYjI4aVVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy80MGFkZTAtOThkYS00YWE1LWI4MTctNmVkYzFiMjI1NjI1
LzEvejgxei1Dd21EYWh6aHR6M3ZpYlZ4VVJWSnZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAAjkkAwQA
AjknMA8EAgACMAkDBwAqCdLBAAYwDQYJKoZIhvcNAQELBQADggEBALIuxIXlS3RQ
2VUFtGF5HCGl6TYfLK5rZ6FLpodtiHcp3O8k9UIVED4ncryVvR0Lb3LrSQq2fq8l
HbgppKjL3BjZ+H8qfjdjdgE4lwrogjEoyEXwpchgMZcuYVCaETf6W/Qcqbl7y3jm
dKyEo4ZsDFSv3hu0OJLP+nJJBV7xupkvXC4ooyDUfG+yWUjvvFiKR4ldQAjPUk9V
8XcjWhm5bhCk7cQOjMKNsjd/IVIUkupxMsVNoMGZT11Z/JDWyxbtVZSxEqMOA5ns
xHFnlbmHCNSVfhbZXSNaaYnkVcjerotEFt3Oh49kftTJapSn7YIuiu1KWawzJExj
q7KUkcLuoFQ=
-----END CERTIFICATE-----