Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/s1OxjYX2hxCWYb7WtuF7tceXHHs.roa
File:                     s1OxjYX2hxCWYb7WtuF7tceXHHs.roa (raw, json)
Hash identifier:          iyUD7UCH9BWjpGKyFgk/jfT1keSpzwyvjNrwr7u0Zlo=
Subject key identifier:   B3:53:B1:8D:85:F6:87:10:96:61:BE:D6:B6:E1:7B:B5:C7:97:1C:7B
Certificate issuer:       /CN=cfcd73f82c260da87386dcf7be26d5c5445526fa
Certificate serial:       018CC9BBA41B346063FFFD05CA795242E065
Authority key identifier: CF:CD:73:F8:2C:26:0D:A8:73:86:DC:F7:BE:26:D5:C5:44:55:26:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/s1OxjYX2hxCWYb7WtuF7tceXHHs.roa
Signing time:             Tue 02 Jan 2024 10:32:46 +0000
ROA not before:           Tue 02 Jan 2024 10:32:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209117
IP address blocks:        2.57.36.0/24 maxlen: 24
                          2.57.39.0/24 maxlen: 24
                          2a09:d2c1:6::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:a4:1b:34:60:63:ff:fd:05:ca:79:52:42:e0:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcd73f82c260da87386dcf7be26d5c5445526fa
        Validity
            Not Before: Jan  2 10:32:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b353b18d85f687109661bed6b6e17bb5c7971c7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:3f:57:e3:d5:2c:c0:2c:91:77:88:55:c2:60:
                    6c:10:f3:a8:43:0a:61:df:7f:8d:26:eb:c8:43:8d:
                    30:2e:31:29:0a:92:e0:9f:be:ef:17:5a:79:11:91:
                    c0:e9:a1:b6:02:10:47:d0:13:6f:20:f7:5f:69:76:
                    52:07:10:e4:11:ed:7b:4b:31:70:aa:9b:34:f8:8b:
                    e3:50:60:70:46:53:0a:52:75:f1:40:f6:aa:36:9b:
                    4e:cb:14:5d:a6:72:7b:08:40:db:8f:c5:b5:99:05:
                    5d:f1:e2:1f:de:fd:62:35:cb:32:c3:4a:70:0b:eb:
                    00:11:22:6c:9b:f2:bb:31:c3:28:bd:99:cb:98:2d:
                    97:86:92:66:9a:42:50:b4:c2:57:18:63:cf:28:7b:
                    48:2c:61:ab:a3:a2:8b:65:24:76:4e:38:6b:c4:07:
                    30:11:64:72:53:7a:f0:1e:72:e3:91:6a:e2:c8:e6:
                    81:1d:58:42:d0:e8:22:37:a7:19:80:ca:e5:fd:b6:
                    2c:88:8c:4a:05:06:fe:2a:63:1b:d6:a1:8f:55:5b:
                    e6:ba:07:e9:88:85:eb:3c:86:b2:4d:aa:99:20:1f:
                    00:9e:c1:78:63:b2:2b:2d:56:97:79:eb:0f:10:cf:
                    15:33:d5:46:86:b6:80:72:77:9f:6f:85:63:02:f8:
                    2a:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:53:B1:8D:85:F6:87:10:96:61:BE:D6:B6:E1:7B:B5:C7:97:1C:7B
            X509v3 Authority Key Identifier:
                keyid:CF:CD:73:F8:2C:26:0D:A8:73:86:DC:F7:BE:26:D5:C5:44:55:26:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/s1OxjYX2hxCWYb7WtuF7tceXHHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.36.0/24
                  2.57.39.0/24
                IPv6:
                  2a09:d2c1:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         90:5a:c0:10:5d:2a:6b:8c:ba:ed:61:28:26:20:15:8c:b0:79:
         65:23:da:a5:ff:51:8b:51:c0:9e:17:09:9f:ad:6b:59:e0:c2:
         0c:74:14:51:82:41:78:fb:71:56:0d:f6:bc:64:12:06:a1:ae:
         4e:09:2a:e8:07:19:b2:60:95:35:be:8e:5b:22:8d:a7:e3:ec:
         d7:78:6e:58:27:91:36:67:6e:0c:f7:e7:c8:9f:7f:81:36:83:
         44:82:e5:f7:6f:3c:16:37:09:72:b7:c4:f7:82:ce:f7:2a:91:
         bf:28:d6:30:d9:f5:ee:bf:01:62:d4:44:a2:00:57:70:e1:67:
         6e:63:52:d5:b2:33:8a:8a:cf:0f:be:c1:f8:e1:a8:88:54:31:
         04:5e:d5:e1:3b:97:d5:95:2f:05:87:22:d8:92:df:f8:f6:b9:
         e7:4a:4e:37:b7:c4:d7:ad:e6:94:15:98:3e:9a:ca:e1:68:1d:
         6c:cf:fe:97:3c:e0:91:29:c4:e3:cd:05:0c:e2:af:7f:de:87:
         a0:94:f1:fd:22:0c:d0:56:56:8b:cc:db:1f:7e:4a:7f:78:45:
         d0:da:5d:f4:43:00:b5:e0:b0:25:8e:3a:8d:7f:9a:dd:f3:09:
         d4:83:cd:b4:49:0c:81:31:7e:3e:7e:86:ab:19:7d:38:cd:4e:
         30:24:3b:53
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzJu6QbNGBj//0FynlSQuBlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2Q3M2Y4MmMyNjBkYTg3Mzg2ZGNmN2JlMjZkNWM1NDQ1
NTI2ZmEwHhcNMjQwMTAyMTAzMjQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzUzYjE4ZDg1ZjY4NzEwOTY2MWJlZDZiNmUxN2JiNWM3OTcxYzdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxz9X49UswCyRd4hVwmBsEPOoQwph
33+NJuvIQ40wLjEpCpLgn77vF1p5EZHA6aG2AhBH0BNvIPdfaXZSBxDkEe17SzFw
qps0+IvjUGBwRlMKUnXxQPaqNptOyxRdpnJ7CEDbj8W1mQVd8eIf3v1iNcsyw0pw
C+sAESJsm/K7McMovZnLmC2XhpJmmkJQtMJXGGPPKHtILGGro6KLZSR2TjhrxAcw
EWRyU3rwHnLjkWriyOaBHVhC0OgiN6cZgMrl/bYsiIxKBQb+KmMb1qGPVVvmugfp
iIXrPIayTaqZIB8AnsF4Y7IrLVaXeesPEM8VM9VGhraAcnefb4VjAvgqdwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFLNTsY2F9ocQlmG+1rbhe7XHlxx7MB8GA1UdIwQY
MBaAFM/Nc/gsJg2oc4bc974m1cVEVSb6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejgxei1Dd21EYWh6aHR6M3ZpYlZ4VVJWSnZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy80MGFkZTAtOThkYS00YWE1LWI4MTct
NmVkYzFiMjI1NjI1LzEvczFPeGpZWDJoeENXWWI3V3R1Rjd0Y2VYSEhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy80MGFkZTAtOThkYS00YWE1LWI4MTctNmVkYzFiMjI1NjI1
LzEvejgxei1Dd21EYWh6aHR6M3ZpYlZ4VVJWSnZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAAjkkAwQA
AjknMA8EAgACMAkDBwAqCdLBAAYwDQYJKoZIhvcNAQELBQADggEBAJBawBBdKmuM
uu1hKCYgFYyweWUj2qX/UYtRwJ4XCZ+ta1ngwgx0FFGCQXj7cVYN9rxkEgahrk4J
KugHGbJglTW+jlsijafj7Nd4blgnkTZnbgz358iff4E2g0SC5fdvPBY3CXK3xPeC
zvcqkb8o1jDZ9e6/AWLURKIAV3DhZ25jUtWyM4qKzw++wfjhqIhUMQRe1eE7l9WV
LwWHItiS3/j2uedKTje3xNet5pQVmD6ayuFoHWzP/pc84JEpxOPNBQzir3/eh6CU
8f0iDNBWVovM2x9+Sn94RdDaXfRDALXgsCWOOo1/mt3zCdSDzbRJDIExfj5+hqsZ
fTjNTjAkO1M=
-----END CERTIFICATE-----