Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/57bf89-fe3b-4c21-8ffb-e8754d005ebe/1/qf4hHMxe_Lqg7m2ZY9SIWePCnDQ.roa
File:                     qf4hHMxe_Lqg7m2ZY9SIWePCnDQ.roa (raw, json)
Hash identifier:          pD8aim2EM4QkQ4GXpVX5M7/iISGkfRl6XfmDyNyXPLc=
Subject key identifier:   A9:FE:21:1C:CC:5E:FC:BA:A0:EE:6D:99:63:D4:88:59:E3:C2:9C:34
Certificate issuer:       /CN=cb645bc0fdb8626bce2c0425c4087b54e150d386
Certificate serial:       018CC9BC066AB77B93287DFD91F924700F1C
Authority key identifier: CB:64:5B:C0:FD:B8:62:6B:CE:2C:04:25:C4:08:7B:54:E1:50:D3:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y2RbwP24YmvOLAQlxAh7VOFQ04Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/57bf89-fe3b-4c21-8ffb-e8754d005ebe/1/qf4hHMxe_Lqg7m2ZY9SIWePCnDQ.roa
Signing time:             Tue 02 Jan 2024 10:33:11 +0000
ROA not before:           Tue 02 Jan 2024 10:33:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42689
IP address blocks:        185.210.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/57bf89-fe3b-4c21-8ffb-e8754d005ebe/1/y2RbwP24YmvOLAQlxAh7VOFQ04Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/57bf89-fe3b-4c21-8ffb-e8754d005ebe/1/y2RbwP24YmvOLAQlxAh7VOFQ04Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y2RbwP24YmvOLAQlxAh7VOFQ04Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:06:6a:b7:7b:93:28:7d:fd:91:f9:24:70:0f:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb645bc0fdb8626bce2c0425c4087b54e150d386
        Validity
            Not Before: Jan  2 10:33:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9fe211ccc5efcbaa0ee6d9963d48859e3c29c34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:29:7e:2a:92:72:d2:85:87:8d:cc:83:fb:fd:
                    d3:32:f6:e9:a2:0e:16:cf:21:52:f8:44:a3:d9:db:
                    37:a8:c0:4c:a5:4c:74:d1:e6:84:3e:a4:22:76:55:
                    4d:23:5d:48:11:13:16:5a:6d:e8:72:30:ca:22:aa:
                    dd:32:b2:fb:d8:03:a6:07:22:b3:a1:e8:25:e5:ca:
                    c2:03:64:b5:a3:b7:85:20:2e:5b:05:b9:e5:23:15:
                    24:38:3b:57:68:b1:54:59:d0:d7:89:7f:b7:c6:c6:
                    56:ed:30:fe:43:4e:6d:25:2e:2d:99:27:c1:5f:77:
                    7d:0c:80:c0:3a:21:13:7d:67:7a:9d:95:a0:42:81:
                    a9:cf:fa:51:00:27:bb:22:8e:77:d7:da:89:ca:8f:
                    0f:2f:39:89:f8:c2:be:f5:fe:f6:b4:5d:e3:bf:52:
                    04:27:bd:9c:76:c2:85:76:f8:25:4c:52:da:bd:9c:
                    52:b1:7e:2c:e2:64:15:f0:38:4d:3e:17:35:27:bc:
                    a0:c5:0b:2a:4d:0d:17:d2:a0:88:36:bf:07:34:61:
                    e0:6b:cd:c5:93:79:85:a0:ca:89:42:9c:f6:1e:d4:
                    2e:e4:f8:05:15:33:93:7d:61:c3:03:3a:1c:6c:77:
                    7b:47:a2:d9:5b:fa:60:62:60:a9:cb:c6:5d:b1:92:
                    1f:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:FE:21:1C:CC:5E:FC:BA:A0:EE:6D:99:63:D4:88:59:E3:C2:9C:34
            X509v3 Authority Key Identifier:
                keyid:CB:64:5B:C0:FD:B8:62:6B:CE:2C:04:25:C4:08:7B:54:E1:50:D3:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y2RbwP24YmvOLAQlxAh7VOFQ04Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/57bf89-fe3b-4c21-8ffb-e8754d005ebe/1/qf4hHMxe_Lqg7m2ZY9SIWePCnDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/57bf89-fe3b-4c21-8ffb-e8754d005ebe/1/y2RbwP24YmvOLAQlxAh7VOFQ04Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:87:c1:70:55:85:21:eb:04:d6:69:7a:94:29:73:0a:fc:31:
         c6:64:b2:eb:93:a3:c2:0e:0a:96:a7:0f:11:54:d4:bc:42:2b:
         e6:ae:00:cc:c3:29:75:75:09:7b:58:7c:08:49:a3:4c:0a:71:
         eb:18:d9:2c:b5:70:49:25:da:02:a4:a4:25:9b:ea:08:85:bf:
         62:e6:2b:ff:a7:54:d7:5c:c8:b4:59:28:66:57:90:2d:a4:9b:
         3b:77:36:33:a4:31:b4:36:6e:c1:1b:31:39:5a:93:64:9f:9a:
         c6:37:b2:b6:dc:19:db:19:6b:2d:c5:cd:6e:91:a9:d7:a8:67:
         10:91:8d:37:aa:83:02:fd:e9:e7:56:f0:cd:af:28:46:37:1c:
         47:d0:bd:9a:fa:56:4c:30:1e:60:45:e2:6b:b9:e1:28:35:56:
         a4:24:ea:25:2a:3a:93:9a:c4:87:87:c2:cb:dc:5b:8a:04:d0:
         8d:47:18:25:ab:3b:b5:94:1b:5f:dc:d5:73:6b:d5:17:de:2a:
         8c:97:3e:f3:1d:d9:f4:25:66:ed:e6:d2:cc:db:5e:fd:6b:b0:
         83:f3:49:ce:0c:3f:69:3d:33:37:be:ea:d8:dd:50:08:a4:f4:
         f7:3c:0e:c6:56:a1:70:df:44:11:74:cd:06:9d:a9:da:6f:04:
         c2:a3:33:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvAZqt3uTKH39kfkkcA8cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiNjQ1YmMwZmRiODYyNmJjZTJjMDQyNWM0MDg3YjU0ZTE1
MGQzODYwHhcNMjQwMTAyMTAzMzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWZlMjExY2NjNWVmY2JhYTBlZTZkOTk2M2Q0ODg1OWUzYzI5YzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCl+KpJy0oWHjcyD+/3TMvbpog4W
zyFS+ESj2ds3qMBMpUx00eaEPqQidlVNI11IERMWWm3ocjDKIqrdMrL72AOmByKz
oegl5crCA2S1o7eFIC5bBbnlIxUkODtXaLFUWdDXiX+3xsZW7TD+Q05tJS4tmSfB
X3d9DIDAOiETfWd6nZWgQoGpz/pRACe7Io5319qJyo8PLzmJ+MK+9f72tF3jv1IE
J72cdsKFdvglTFLavZxSsX4s4mQV8DhNPhc1J7ygxQsqTQ0X0qCINr8HNGHga83F
k3mFoMqJQpz2HtQu5PgFFTOTfWHDAzocbHd7R6LZW/pgYmCpy8ZdsZIfEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKn+IRzMXvy6oO5tmWPUiFnjwpw0MB8GA1UdIwQY
MBaAFMtkW8D9uGJrziwEJcQIe1ThUNOGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTJSYndQMjRZbXZPTEFRbHhBaDdWT0ZRMDRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC81N2JmODktZmUzYi00YzIxLThmZmIt
ZTg3NTRkMDA1ZWJlLzEvcWY0aEhNeGVfTHFnN20yWlk5U0lXZVBDbkRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC81N2JmODktZmUzYi00YzIxLThmZmItZTg3NTRkMDA1ZWJl
LzEveTJSYndQMjRZbXZPTEFRbHhBaDdWT0ZRMDRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudKdMA0G
CSqGSIb3DQEBCwUAA4IBAQBwh8FwVYUh6wTWaXqUKXMK/DHGZLLrk6PCDgqWpw8R
VNS8QivmrgDMwyl1dQl7WHwISaNMCnHrGNkstXBJJdoCpKQlm+oIhb9i5iv/p1TX
XMi0WShmV5AtpJs7dzYzpDG0Nm7BGzE5WpNkn5rGN7K23BnbGWstxc1ukanXqGcQ
kY03qoMC/ennVvDNryhGNxxH0L2a+lZMMB5gReJrueEoNVakJOolKjqTmsSHh8LL
3FuKBNCNRxglqzu1lBtf3NVza9UX3iqMlz7zHdn0JWbt5tLM2179a7CD80nODD9p
PTM3vurY3VAIpPT3PA7GVqFw30QRdM0GnanabwTCozO9
-----END CERTIFICATE-----