Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/Q9pVZOUrhJxmgKGoZNDWDN9JVd0.roa
File:                     Q9pVZOUrhJxmgKGoZNDWDN9JVd0.roa (raw, json)
Hash identifier:          95QWTY84nA08IYGVEI5guE0hOawCm7o+T8w92ZZhAaI=
Subject key identifier:   43:DA:55:64:E5:2B:84:9C:66:80:A1:A8:64:D0:D6:0C:DF:49:55:DD
Certificate issuer:       /CN=d82cb43ca3c0c57816cee360478d0cf882207fd2
Certificate serial:       018F4C5AE8F5E3D2A45CCD3E3C2673F52A26
Authority key identifier: D8:2C:B4:3C:A3:C0:C5:78:16:CE:E3:60:47:8D:0C:F8:82:20:7F:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2Cy0PKPAxXgWzuNgR40M-IIgf9I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/Q9pVZOUrhJxmgKGoZNDWDN9JVd0.roa
Signing time:             Mon 06 May 2024 05:22:57 +0000
ROA not before:           Mon 06 May 2024 05:22:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49515
IP address blocks:        5.157.30.0/24 maxlen: 24
                          5.157.31.0/24 maxlen: 24
                          104.160.12.0/24 maxlen: 24
                          104.160.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/2Cy0PKPAxXgWzuNgR40M-IIgf9I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/2Cy0PKPAxXgWzuNgR40M-IIgf9I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2Cy0PKPAxXgWzuNgR40M-IIgf9I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:4c:5a:e8:f5:e3:d2:a4:5c:cd:3e:3c:26:73:f5:2a:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d82cb43ca3c0c57816cee360478d0cf882207fd2
        Validity
            Not Before: May  6 05:22:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43da5564e52b849c6680a1a864d0d60cdf4955dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:5f:ec:b1:2a:65:1c:4e:2b:c5:09:f5:37:76:
                    fc:65:94:76:f1:d0:a8:3c:b0:55:23:40:64:4c:52:
                    45:c3:17:4a:ec:b8:11:c1:86:cc:58:7f:f6:70:4d:
                    3c:c0:17:69:0e:51:dc:a8:62:d8:6b:a1:9f:0a:0f:
                    00:74:d9:d6:f0:86:74:e7:35:01:ca:71:90:86:62:
                    71:67:3f:0f:1f:b2:5c:aa:0e:f1:9b:1d:2a:80:88:
                    13:23:40:3a:59:f8:57:c5:05:79:26:ec:00:86:c8:
                    a5:96:42:b2:c8:b6:ec:c5:8b:8c:3a:a1:16:ee:90:
                    1e:74:cb:06:f5:da:34:80:a0:62:62:e2:79:87:7b:
                    33:2a:29:f8:80:39:64:14:7a:af:60:d2:00:39:6e:
                    01:2e:b8:60:97:83:69:95:16:8b:1a:6d:23:7a:d9:
                    70:f1:6d:ed:73:2a:08:85:d9:59:95:0d:cf:eb:fc:
                    fc:9d:95:b5:e8:28:2a:bd:87:f9:d2:62:13:ba:0f:
                    8b:9b:a7:26:2c:af:78:67:5b:01:60:77:7d:c9:f7:
                    71:4f:88:2d:77:42:c9:99:17:20:61:f4:49:66:df:
                    9c:d4:de:48:34:12:7e:d8:46:f7:2a:56:e5:03:b1:
                    dc:9a:85:23:c4:da:08:fe:10:b5:df:36:c8:2d:1c:
                    f9:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:DA:55:64:E5:2B:84:9C:66:80:A1:A8:64:D0:D6:0C:DF:49:55:DD
            X509v3 Authority Key Identifier:
                keyid:D8:2C:B4:3C:A3:C0:C5:78:16:CE:E3:60:47:8D:0C:F8:82:20:7F:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2Cy0PKPAxXgWzuNgR40M-IIgf9I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/Q9pVZOUrhJxmgKGoZNDWDN9JVd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/3b51b8-10c6-438b-a120-15f13e3f7d85/1/2Cy0PKPAxXgWzuNgR40M-IIgf9I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.157.30.0/23
                  104.160.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         41:01:0e:9f:f6:4d:b6:28:5d:1c:c9:9d:50:64:b5:f6:7d:85:
         50:f6:83:0d:15:58:05:ef:c1:ba:a5:61:f0:74:24:46:50:00:
         19:41:9c:41:64:b7:55:ad:12:c2:b1:2f:b7:a3:cc:f9:bf:94:
         bb:11:6f:ed:ab:31:9b:67:f7:f1:0a:b4:87:50:47:5b:bc:e9:
         17:54:47:4c:10:6a:14:c2:f6:ad:ad:54:f9:43:83:23:48:8d:
         c6:1e:2b:ef:b1:a8:68:a8:5e:e8:ed:e8:7e:94:7b:f4:98:39:
         72:e5:ce:fc:44:69:b9:70:69:26:b7:7a:d3:01:07:08:c5:19:
         c4:e1:c2:54:39:b2:05:87:1e:7f:79:79:fd:60:b1:07:b6:ca:
         b2:e4:a5:5c:42:ad:e5:7b:92:80:ab:d6:96:b3:74:92:1f:01:
         25:1d:2f:2e:7f:bd:a0:ce:2c:33:d4:a0:21:a5:55:10:54:18:
         22:3d:d4:de:3c:e1:14:a8:73:77:02:e5:6b:30:47:ec:11:bc:
         1d:9a:c0:77:d4:0c:db:b2:88:8f:92:f5:f1:f0:56:62:2b:66:
         fc:b1:02:e3:d7:5f:6c:96:ea:8a:95:c1:75:c4:0f:8e:7c:0a:
         9f:ff:ea:69:53:92:53:e4:45:37:ff:e3:40:53:b5:ed:cd:a0:
         ba:4b:0e:b1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY9MWuj149KkXM0+PCZz9SomMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4MmNiNDNjYTNjMGM1NzgxNmNlZTM2MDQ3OGQwY2Y4ODIy
MDdmZDIwHhcNMjQwNTA2MDUyMjU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2RhNTU2NGU1MmI4NDljNjY4MGExYTg2NGQwZDYwY2RmNDk1NWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2l/ssSplHE4rxQn1N3b8ZZR28dCo
PLBVI0BkTFJFwxdK7LgRwYbMWH/2cE08wBdpDlHcqGLYa6GfCg8AdNnW8IZ05zUB
ynGQhmJxZz8PH7Jcqg7xmx0qgIgTI0A6WfhXxQV5JuwAhsillkKyyLbsxYuMOqEW
7pAedMsG9do0gKBiYuJ5h3szKin4gDlkFHqvYNIAOW4BLrhgl4NplRaLGm0jetlw
8W3tcyoIhdlZlQ3P6/z8nZW16CgqvYf50mITug+Lm6cmLK94Z1sBYHd9yfdxT4gt
d0LJmRcgYfRJZt+c1N5INBJ+2Eb3KlblA7HcmoUjxNoI/hC13zbILRz56QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEPaVWTlK4ScZoChqGTQ1gzfSVXdMB8GA1UdIwQY
MBaAFNgstDyjwMV4Fs7jYEeNDPiCIH/SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkN5MFBLUEF4WGdXenVOZ1I0ME0tSUlnZjlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8zYjUxYjgtMTBjNi00MzhiLWExMjAt
MTVmMTNlM2Y3ZDg1LzEvUTlwVlpPVXJoSnhtZ0tHb1pORFdETjlKVmQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8zYjUxYjgtMTBjNi00MzhiLWExMjAtMTVmMTNlM2Y3ZDg1
LzEvMkN5MFBLUEF4WGdXenVOZ1I0ME0tSUlnZjlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBBZ0eAwQB
aKAMMA0GCSqGSIb3DQEBCwUAA4IBAQBBAQ6f9k22KF0cyZ1QZLX2fYVQ9oMNFVgF
78G6pWHwdCRGUAAZQZxBZLdVrRLCsS+3o8z5v5S7EW/tqzGbZ/fxCrSHUEdbvOkX
VEdMEGoUwvatrVT5Q4MjSI3GHivvsahoqF7o7eh+lHv0mDly5c78RGm5cGkmt3rT
AQcIxRnE4cJUObIFhx5/eXn9YLEHtsqy5KVcQq3le5KAq9aWs3SSHwElHS8uf72g
ziwz1KAhpVUQVBgiPdTePOEUqHN3AuVrMEfsEbwdmsB31AzbsoiPkvXx8FZiK2b8
sQLj119sluqKlcF1xA+OfAqf/+ppU5JT5EU3/+NAU7XtzaC6Sw6x
-----END CERTIFICATE-----