Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/P_BQ4JJDsNl6oQFsWXSCy3FOt74.roa
File:                     P_BQ4JJDsNl6oQFsWXSCy3FOt74.roa (raw, json)
Hash identifier:          NEAHgUVyMcekhTqndR7MrYBhjq5316rOLe8x0GtXkng=
Subject key identifier:   3F:F0:50:E0:92:43:B0:D9:7A:A1:01:6C:59:74:82:CB:71:4E:B7:BE
Certificate issuer:       /CN=26a5aa918cbfeb3e12997f33890feb258907b343
Certificate serial:       019203E986EBD09CE01D8E285422AF5818E8
Authority key identifier: 26:A5:AA:91:8C:BF:EB:3E:12:99:7F:33:89:0F:EB:25:89:07:B3:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/P_BQ4JJDsNl6oQFsWXSCy3FOt74.roa
Signing time:             Wed 18 Sep 2024 06:54:48 +0000
ROA not before:           Wed 18 Sep 2024 06:54:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31229
IP address blocks:        2.57.136.0/22 maxlen: 22
                          2a14:4bc0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:03:e9:86:eb:d0:9c:e0:1d:8e:28:54:22:af:58:18:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26a5aa918cbfeb3e12997f33890feb258907b343
        Validity
            Not Before: Sep 18 06:54:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ff050e09243b0d97aa1016c597482cb714eb7be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:16:dd:27:ce:1e:e3:57:d1:b3:19:78:11:fc:
                    64:64:ec:cd:fd:1d:36:32:70:3b:a8:fa:d9:3b:4c:
                    0e:a3:74:c8:d2:32:2e:78:9b:3f:44:64:2d:45:89:
                    64:97:01:20:a0:5f:ee:a7:d9:ba:8c:e5:08:ee:66:
                    32:e2:9b:a5:ec:f3:5a:07:66:92:77:e3:9b:30:4d:
                    98:40:75:aa:08:bd:40:71:0d:b9:97:ba:38:39:cd:
                    26:55:b6:56:6d:a5:36:ac:11:22:01:9d:9b:4d:6c:
                    23:85:4d:1e:e2:5f:5f:55:cc:1c:29:fd:5b:dd:57:
                    f4:43:79:10:a7:e5:4e:7b:79:c5:7b:5f:c6:fc:fd:
                    1c:b5:70:67:f3:4c:0a:32:07:94:f1:64:40:07:58:
                    2e:00:e3:8b:2e:be:1c:c0:53:ea:03:21:48:7e:30:
                    47:f4:1a:31:69:6b:2e:1b:2f:a7:95:fa:17:ce:d9:
                    29:bd:1a:a5:ca:eb:0e:b2:d5:e0:58:35:46:eb:c3:
                    2d:62:1d:92:3d:c1:f5:71:00:8c:73:c3:fb:12:f7:
                    2d:d7:ba:ce:14:08:f6:ac:51:83:5f:d9:6b:de:38:
                    62:75:87:1f:cd:7e:d7:e9:b1:a5:cf:eb:87:06:11:
                    63:3e:85:09:d5:76:3c:7e:64:ee:40:e6:2d:16:fe:
                    50:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:F0:50:E0:92:43:B0:D9:7A:A1:01:6C:59:74:82:CB:71:4E:B7:BE
            X509v3 Authority Key Identifier:
                keyid:26:A5:AA:91:8C:BF:EB:3E:12:99:7F:33:89:0F:EB:25:89:07:B3:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/P_BQ4JJDsNl6oQFsWXSCy3FOt74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.136.0/22
                IPv6:
                  2a14:4bc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         64:0d:23:5c:09:69:6a:58:2f:00:31:1b:25:db:de:fd:76:fa:
         d1:37:0f:41:48:0d:47:86:5a:de:36:f8:1b:70:be:ed:47:45:
         c1:cc:a7:73:72:a0:3b:9f:6a:1c:6c:55:b2:93:16:cd:9f:39:
         6c:45:f1:06:51:a5:9f:4b:b5:a4:84:c7:2f:51:39:9e:78:b0:
         e2:59:aa:96:c3:84:bc:73:e2:ac:f4:50:7e:95:d2:c2:54:cc:
         cd:72:6a:e6:02:e8:ab:3b:90:58:93:b9:ca:35:7d:c1:72:98:
         bb:d6:98:d8:58:f6:5f:8c:96:61:d5:44:58:8d:be:c4:9d:3d:
         4b:4e:dd:6f:b4:96:4f:4f:24:b1:78:09:4e:73:99:0d:a6:4e:
         93:9f:24:f7:25:1b:47:20:60:00:9c:1d:ab:c4:1f:87:1d:80:
         bd:fa:66:fd:1f:3a:81:90:e0:5f:8b:1d:70:57:dc:77:98:fb:
         73:f6:8d:ce:05:df:72:fc:ff:46:20:55:40:dc:8a:2e:c5:36:
         31:6c:89:70:0e:18:ec:a1:62:76:0d:ca:6d:cd:21:b5:80:4c:
         f7:91:db:a6:64:6a:f4:03:2e:a9:6a:6f:14:2b:fb:16:f4:ac:
         9c:bb:9d:76:56:fd:8c:bf:4d:c8:3f:49:0c:cb:8f:f8:a3:7d:
         a5:75:35:61
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZID6Ybr0JzgHY4oVCKvWBjoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2YTVhYTkxOGNiZmViM2UxMjk5N2YzMzg5MGZlYjI1ODkw
N2IzNDMwHhcNMjQwOTE4MDY1NDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmYwNTBlMDkyNDNiMGQ5N2FhMTAxNmM1OTc0ODJjYjcxNGViN2JlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmRbdJ84e41fRsxl4EfxkZOzN/R02
MnA7qPrZO0wOo3TI0jIueJs/RGQtRYlklwEgoF/up9m6jOUI7mYy4pul7PNaB2aS
d+ObME2YQHWqCL1AcQ25l7o4Oc0mVbZWbaU2rBEiAZ2bTWwjhU0e4l9fVcwcKf1b
3Vf0Q3kQp+VOe3nFe1/G/P0ctXBn80wKMgeU8WRAB1guAOOLLr4cwFPqAyFIfjBH
9BoxaWsuGy+nlfoXztkpvRqlyusOstXgWDVG68MtYh2SPcH1cQCMc8P7Evct17rO
FAj2rFGDX9lr3jhidYcfzX7X6bGlz+uHBhFjPoUJ1XY8fmTuQOYtFv5QQwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFD/wUOCSQ7DZeqEBbFl0gstxTre+MB8GA1UdIwQY
MBaAFCalqpGMv+s+Epl/M4kP6yWJB7NDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnFXcWtZeV82ejRTbVg4emlRX3JKWWtIczBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC8xNDMzZWEtMTA4MC00NmU1LWI2MTIt
Mjk3ZTI4MmQ2NmE4LzEvUF9CUTRKSkRzTmw2b1FGc1dYU0N5M0ZPdDc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC8xNDMzZWEtMTA4MC00NmU1LWI2MTItMjk3ZTI4MmQ2NmE4
LzEvSnFXcWtZeV82ejRTbVg4emlRX3JKWWtIczBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCAjmIMA0E
AgACMAcDBQAqFEvAMA0GCSqGSIb3DQEBCwUAA4IBAQBkDSNcCWlqWC8AMRsl2979
dvrRNw9BSA1HhlreNvgbcL7tR0XBzKdzcqA7n2ocbFWykxbNnzlsRfEGUaWfS7Wk
hMcvUTmeeLDiWaqWw4S8c+Ks9FB+ldLCVMzNcmrmAuirO5BYk7nKNX3Bcpi71pjY
WPZfjJZh1URYjb7EnT1LTt1vtJZPTySxeAlOc5kNpk6TnyT3JRtHIGAAnB2rxB+H
HYC9+mb9HzqBkOBfix1wV9x3mPtz9o3OBd9y/P9GIFVA3IouxTYxbIlwDhjsoWJ2
DcptzSG1gEz3kdumZGr0Ay6pam8UK/sW9Kycu512Vv2Mv03IP0kMy4/4o32ldTVh
-----END CERTIFICATE-----