Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/aJTDEusA7Y-Tr7IYz5-Goj-3sCs.roa
File:                     aJTDEusA7Y-Tr7IYz5-Goj-3sCs.roa (raw, json)
Hash identifier:          0nPPrRRaX70OHu/tcI8Zrdx4GadWqIyLPD1GadbiaOE=
Subject key identifier:   68:94:C3:12:EB:00:ED:8F:93:AF:B2:18:CF:9F:86:A2:3F:B7:B0:2B
Certificate issuer:       /CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
Certificate serial:       0190DE4F54161E12E302C907B7470A1CC1BC
Authority key identifier: 57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/aJTDEusA7Y-Tr7IYz5-Goj-3sCs.roa
Signing time:             Tue 23 Jul 2024 06:37:39 +0000
ROA not before:           Tue 23 Jul 2024 06:37:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     32159
IP address blocks:        194.4.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 07:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:de:4f:54:16:1e:12:e3:02:c9:07:b7:47:0a:1c:c1:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
        Validity
            Not Before: Jul 23 06:37:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6894c312eb00ed8f93afb218cf9f86a23fb7b02b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:fb:57:67:b4:d7:e7:e0:90:10:9a:5d:77:19:
                    15:bf:74:7f:a8:ae:55:5b:48:85:8c:c6:2d:c6:38:
                    15:ad:f9:82:04:cb:6e:f2:f2:2f:a1:f9:47:d0:fc:
                    29:c7:2c:2a:34:83:34:46:0c:a0:58:00:5e:91:8e:
                    ab:d1:d7:df:f2:61:95:39:af:23:fc:5c:ad:cb:00:
                    89:64:e7:0f:ea:6c:62:7a:0e:e8:5e:9b:aa:70:39:
                    76:94:81:d0:c9:51:7c:bb:bd:f6:08:6e:60:7b:2a:
                    bf:0d:6c:b3:6f:fe:9e:ae:ff:cf:d5:f8:5a:c1:fb:
                    fa:7a:32:ba:97:e5:64:e5:17:3d:77:4d:8e:14:96:
                    d0:92:59:6b:20:6e:32:22:54:75:a1:65:b9:84:37:
                    42:b7:00:bc:38:ab:d7:f3:44:a9:06:ef:f0:06:bd:
                    58:34:79:39:98:f9:82:c9:10:de:da:de:33:47:b2:
                    eb:ba:15:f9:09:50:63:f3:f7:c8:95:ee:c9:43:a5:
                    f8:d6:6b:7d:dc:a7:10:16:09:63:c6:3c:c8:a0:2a:
                    58:bc:b9:46:9f:43:09:3a:60:a2:0b:22:97:79:d6:
                    cd:7e:d3:bd:ce:7c:68:5b:e3:36:00:6a:e5:69:87:
                    8b:9e:d1:bc:1f:d2:28:2a:06:1c:cc:2b:de:c1:5b:
                    43:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:94:C3:12:EB:00:ED:8F:93:AF:B2:18:CF:9F:86:A2:3F:B7:B0:2B
            X509v3 Authority Key Identifier:
                keyid:57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/aJTDEusA7Y-Tr7IYz5-Goj-3sCs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.4.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:0d:82:a5:5e:f9:98:b9:fd:a8:8b:29:d6:dc:81:2d:30:ea:
         80:95:46:1e:54:e8:82:c8:e4:37:e2:18:15:93:37:5f:eb:70:
         74:a8:60:e4:c6:bc:d7:c7:d7:da:53:c4:09:65:e2:4f:ca:a6:
         7b:53:17:df:b7:ef:51:ec:55:15:71:be:ea:80:bc:46:72:5f:
         48:73:da:1f:fb:fe:b6:1c:72:20:4e:f6:57:27:06:b9:5a:c6:
         e6:7f:5f:d2:9b:58:b1:c9:ad:3d:61:5a:c7:4b:e9:b3:7e:53:
         66:ca:52:6e:8d:f5:18:60:8f:c2:62:28:a4:5a:81:30:f9:5f:
         c8:55:7d:53:ae:df:72:9a:c9:1f:2a:68:5b:a0:9f:c9:2f:42:
         9e:17:7c:41:17:4e:6b:94:68:f0:97:e0:8f:e5:39:0e:90:5f:
         8a:f1:0a:53:6f:50:2a:fd:34:ad:ed:b7:32:23:ca:38:4d:03:
         bd:cb:77:2a:a3:ea:ee:13:95:c7:b1:3d:f9:1b:e7:97:ae:f2:
         39:58:21:a6:05:b8:8d:b1:00:7e:58:b6:24:30:78:e4:1d:22:
         aa:7f:52:03:09:31:a9:5a:15:2a:61:79:5b:7e:82:a7:7c:22:
         40:2c:9f:a2:b1:25:b3:e8:a6:0c:da:bb:76:ab:92:3a:9d:7c:
         5f:5c:3d:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDeT1QWHhLjAskHt0cKHMG8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MGZiMGYxZDhiOGMxOThiMGRjODYxNThhZmJjYmM1Mjlj
ZjE2YmUwHhcNMjQwNzIzMDYzNzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODk0YzMxMmViMDBlZDhmOTNhZmIyMThjZjlmODZhMjNmYjdiMDJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvtXZ7TX5+CQEJpddxkVv3R/qK5V
W0iFjMYtxjgVrfmCBMtu8vIvoflH0PwpxywqNIM0RgygWABekY6r0dff8mGVOa8j
/FytywCJZOcP6mxieg7oXpuqcDl2lIHQyVF8u732CG5geyq/DWyzb/6erv/P1fha
wfv6ejK6l+Vk5Rc9d02OFJbQkllrIG4yIlR1oWW5hDdCtwC8OKvX80SpBu/wBr1Y
NHk5mPmCyRDe2t4zR7LruhX5CVBj8/fIle7JQ6X41mt93KcQFgljxjzIoCpYvLlG
n0MJOmCiCyKXedbNftO9znxoW+M2AGrlaYeLntG8H9IoKgYczCvewVtD6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGiUwxLrAO2Pk6+yGM+fhqI/t7ArMB8GA1UdIwQY
MBaAFFcPsPHYuMGYsNyGFYr7y8Upzxa+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2Qt
OTcyNDNlMzE2MjcyLzEvYUpUREV1c0E3WS1UcjdJWXo1LUdvai0zc0NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2QtOTcyNDNlMzE2Mjcy
LzEvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgQ3MA0G
CSqGSIb3DQEBCwUAA4IBAQCiDYKlXvmYuf2oiynW3IEtMOqAlUYeVOiCyOQ34hgV
kzdf63B0qGDkxrzXx9faU8QJZeJPyqZ7Uxfft+9R7FUVcb7qgLxGcl9Ic9of+/62
HHIgTvZXJwa5Wsbmf1/Sm1ixya09YVrHS+mzflNmylJujfUYYI/CYiikWoEw+V/I
VX1Trt9ymskfKmhboJ/JL0KeF3xBF05rlGjwl+CP5TkOkF+K8QpTb1Aq/TSt7bcy
I8o4TQO9y3cqo+ruE5XHsT35G+eXrvI5WCGmBbiNsQB+WLYkMHjkHSKqf1IDCTGp
WhUqYXlbfoKnfCJALJ+isSWz6KYM2rt2q5I6nXxfXD2Q
-----END CERTIFICATE-----