Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/d910d1-94c6-4412-8506-9cb51e51ff77/1/t1lPzHM4t1s7DphbAsdPtxw2AJQ.roa
File:                     t1lPzHM4t1s7DphbAsdPtxw2AJQ.roa (raw, json)
Hash identifier:          /kavas+yfik0Pv65GBLCGUPKl+zvo6SNSKedy7VCafU=
Subject key identifier:   B7:59:4F:CC:73:38:B7:5B:3B:0E:98:5B:02:C7:4F:B7:1C:36:00:94
Certificate issuer:       /CN=40662733bc873d13e1f9f66e8dff75c820d5d2f7
Certificate serial:       018CC86F71AD48A55148590A39D364CF99B4
Authority key identifier: 40:66:27:33:BC:87:3D:13:E1:F9:F6:6E:8D:FF:75:C8:20:D5:D2:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QGYnM7yHPRPh-fZujf91yCDV0vc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/d910d1-94c6-4412-8506-9cb51e51ff77/1/t1lPzHM4t1s7DphbAsdPtxw2AJQ.roa
Signing time:             Tue 02 Jan 2024 04:29:55 +0000
ROA not before:           Tue 02 Jan 2024 04:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56488
IP address blocks:        217.28.136.0/24 maxlen: 24
                          2a12:2540::/32 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/d910d1-94c6-4412-8506-9cb51e51ff77/1/QGYnM7yHPRPh-fZujf91yCDV0vc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/d910d1-94c6-4412-8506-9cb51e51ff77/1/QGYnM7yHPRPh-fZujf91yCDV0vc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QGYnM7yHPRPh-fZujf91yCDV0vc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:71:ad:48:a5:51:48:59:0a:39:d3:64:cf:99:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40662733bc873d13e1f9f66e8dff75c820d5d2f7
        Validity
            Not Before: Jan  2 04:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7594fcc7338b75b3b0e985b02c74fb71c360094
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:d3:a1:40:66:b2:1d:85:64:f1:5d:96:72:15:
                    a4:23:71:13:d2:0e:32:60:06:02:4e:48:48:5c:c1:
                    c4:82:54:a9:6b:43:22:1f:cc:b6:cf:2d:c1:68:45:
                    c1:92:ae:21:1c:4c:c7:a9:63:9f:a3:29:96:73:56:
                    84:8f:42:46:67:28:06:3e:be:51:c5:ca:e5:84:d5:
                    9f:2d:d4:fd:ba:06:a9:26:52:cb:f3:4c:fa:77:3e:
                    1f:b3:e7:0f:a8:f8:08:f8:21:fa:63:96:5d:75:76:
                    30:4b:7a:66:db:b1:49:8f:37:00:c8:41:6c:7d:2e:
                    12:dd:4b:46:e8:e6:dd:3f:dc:3c:26:07:2a:9f:02:
                    ca:16:a3:43:ad:b9:8d:ee:be:ab:00:b8:f8:4a:be:
                    3e:64:33:45:10:29:74:fb:93:9d:3e:d2:70:3b:74:
                    8f:6a:96:90:4b:7a:a9:2e:6b:90:2d:08:c7:db:9a:
                    7c:35:0d:b6:24:73:32:bc:92:f0:63:53:20:b8:43:
                    cb:2d:c8:4d:92:66:9a:50:87:10:2a:8a:bd:34:60:
                    fb:03:0b:d6:1b:5b:35:b9:4e:11:20:80:d8:3e:98:
                    6d:8e:fe:6a:c6:b7:f9:29:d3:2e:6f:0a:f1:40:29:
                    d3:0e:a0:67:55:8c:b6:66:a6:97:ba:a5:10:a5:95:
                    72:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:59:4F:CC:73:38:B7:5B:3B:0E:98:5B:02:C7:4F:B7:1C:36:00:94
            X509v3 Authority Key Identifier:
                keyid:40:66:27:33:BC:87:3D:13:E1:F9:F6:6E:8D:FF:75:C8:20:D5:D2:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QGYnM7yHPRPh-fZujf91yCDV0vc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/d910d1-94c6-4412-8506-9cb51e51ff77/1/t1lPzHM4t1s7DphbAsdPtxw2AJQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/d910d1-94c6-4412-8506-9cb51e51ff77/1/QGYnM7yHPRPh-fZujf91yCDV0vc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.28.136.0/24
                IPv6:
                  2a12:2540::/32

    Signature Algorithm: sha256WithRSAEncryption
         48:8e:c1:9f:81:55:28:11:9e:31:b8:f6:92:cc:17:2d:8c:99:
         b5:25:a0:a3:03:81:ec:c0:cd:f7:80:42:f4:53:4f:10:1c:f8:
         38:11:c9:aa:a8:f4:9f:11:c4:4c:54:b6:6e:d6:ce:2e:df:8a:
         5a:3e:10:36:36:ac:9a:59:11:73:92:1d:1e:70:f9:5a:68:73:
         12:0b:62:6e:08:fd:57:a0:93:36:bb:48:fc:c5:29:c7:0a:05:
         be:4c:9e:d9:12:47:70:c1:96:c6:5f:dc:50:99:aa:56:a9:72:
         57:49:02:10:3f:7a:d9:12:43:c5:fe:11:c5:ce:ed:a9:4f:94:
         4a:b3:9f:93:02:53:0a:c0:41:13:5c:eb:ac:65:1e:52:5c:4e:
         10:1d:be:cc:8e:18:13:d5:17:fa:65:62:80:b7:f5:f8:bd:8b:
         fe:17:de:84:da:4a:81:78:58:41:cb:ac:2e:b7:48:df:38:2a:
         5f:a5:d5:fb:bd:82:e4:1f:50:34:35:9d:04:0f:e9:03:55:89:
         0e:2c:c7:a0:ea:e9:c8:a0:1b:e6:c7:bc:73:61:6e:44:af:a4:
         57:ee:9f:12:c8:b3:0f:da:af:7d:45:99:26:96:e4:00:fc:ff:
         b7:a7:1f:11:58:e0:49:13:4a:03:7a:c5:00:38:a7:6f:a9:86:
         0c:c1:f7:58
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIb3GtSKVRSFkKOdNkz5m0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwNjYyNzMzYmM4NzNkMTNlMWY5ZjY2ZThkZmY3NWM4MjBk
NWQyZjcwHhcNMjQwMTAyMDQyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzU5NGZjYzczMzhiNzViM2IwZTk4NWIwMmM3NGZiNzFjMzYwMDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjNOhQGayHYVk8V2WchWkI3ET0g4y
YAYCTkhIXMHEglSpa0MiH8y2zy3BaEXBkq4hHEzHqWOfoymWc1aEj0JGZygGPr5R
xcrlhNWfLdT9ugapJlLL80z6dz4fs+cPqPgI+CH6Y5ZddXYwS3pm27FJjzcAyEFs
fS4S3UtG6ObdP9w8JgcqnwLKFqNDrbmN7r6rALj4Sr4+ZDNFECl0+5OdPtJwO3SP
apaQS3qpLmuQLQjH25p8NQ22JHMyvJLwY1MguEPLLchNkmaaUIcQKoq9NGD7AwvW
G1s1uU4RIIDYPphtjv5qxrf5KdMubwrxQCnTDqBnVYy2ZqaXuqUQpZVyqQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLdZT8xzOLdbOw6YWwLHT7ccNgCUMB8GA1UdIwQY
MBaAFEBmJzO8hz0T4fn2bo3/dcgg1dL3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUdZbk03eUhQUlBoLWZadWpmOTF5Q0RWMHZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9kOTEwZDEtOTRjNi00NDEyLTg1MDYt
OWNiNTFlNTFmZjc3LzEvdDFsUHpITTR0MXM3RHBoYkFzZFB0eHcyQUpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9kOTEwZDEtOTRjNi00NDEyLTg1MDYtOWNiNTFlNTFmZjc3
LzEvUUdZbk03eUhQUlBoLWZadWpmOTF5Q0RWMHZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA2RyIMA0E
AgACMAcDBQAqEiVAMA0GCSqGSIb3DQEBCwUAA4IBAQBIjsGfgVUoEZ4xuPaSzBct
jJm1JaCjA4HswM33gEL0U08QHPg4EcmqqPSfEcRMVLZu1s4u34paPhA2NqyaWRFz
kh0ecPlaaHMSC2JuCP1XoJM2u0j8xSnHCgW+TJ7ZEkdwwZbGX9xQmapWqXJXSQIQ
P3rZEkPF/hHFzu2pT5RKs5+TAlMKwEETXOusZR5SXE4QHb7MjhgT1Rf6ZWKAt/X4
vYv+F96E2kqBeFhBy6wut0jfOCpfpdX7vYLkH1A0NZ0ED+kDVYkOLMeg6unIoBvm
x7xzYW5Er6RX7p8SyLMP2q99RZkmluQA/P+3px8RWOBJE0oDesUAOKdvqYYMwfdY
-----END CERTIFICATE-----