Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/1ZQgNfPCI3VE6bmC6F5-UlZBkbU.roa
File:                     1ZQgNfPCI3VE6bmC6F5-UlZBkbU.roa (raw, json)
Hash identifier:          bRCkQNEMbQgIeIDgYRlkiIF6UB+2tTVCL9JysaCgsac=
Subject key identifier:   D5:94:20:35:F3:C2:23:75:44:E9:B9:82:E8:5E:7E:52:56:41:91:B5
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018CC6B7A7355C56B7B47F466FE168BEAB57
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/1ZQgNfPCI3VE6bmC6F5-UlZBkbU.roa
Signing time:             Mon 01 Jan 2024 20:29:33 +0000
ROA not before:           Mon 01 Jan 2024 20:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200181
IP address blocks:        176.57.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 14:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:a7:35:5c:56:b7:b4:7f:46:6f:e1:68:be:ab:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  1 20:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5942035f3c2237544e9b982e85e7e52564191b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:ef:18:2f:93:49:3f:36:f5:ba:85:18:66:b7:
                    e2:d5:a0:aa:19:cc:5f:d9:e0:9b:7d:96:44:07:11:
                    92:db:5a:bc:08:dc:89:9b:cc:f7:6b:54:7c:03:6d:
                    88:39:b9:d1:97:d8:88:1a:0a:8c:49:de:75:d8:cb:
                    3f:c2:26:d4:86:7d:18:63:26:65:92:7a:b6:dd:ed:
                    7a:b7:e0:65:6c:a0:d8:44:f4:9a:12:da:15:ab:f2:
                    ba:e4:57:f2:45:5d:e7:01:75:25:2e:bf:75:6e:2a:
                    3a:a2:4d:69:d6:f1:27:21:5a:10:9f:14:1b:07:9f:
                    91:29:50:c3:79:ec:50:10:df:2a:6a:ee:f7:29:39:
                    31:ae:70:a0:90:71:4c:9d:ae:d6:2d:7e:16:2d:3a:
                    35:93:ae:29:5b:ca:d9:cd:ab:cc:a0:b5:42:f7:03:
                    66:4c:07:48:a6:8e:83:48:d2:d3:e8:99:16:1b:93:
                    b7:14:1f:c7:6e:99:5a:02:a4:2d:70:b5:ff:ca:6c:
                    0b:fe:3e:07:4c:93:78:11:bd:b2:46:d5:01:9e:f7:
                    ae:e7:9e:7b:0f:77:cb:9c:51:60:93:1f:99:01:8f:
                    4a:53:d3:96:90:34:7a:d1:57:c7:1e:cc:c1:53:ac:
                    51:18:79:11:dd:34:a0:cc:b8:e4:65:73:a3:e1:37:
                    3c:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:94:20:35:F3:C2:23:75:44:E9:B9:82:E8:5E:7E:52:56:41:91:B5
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/1ZQgNfPCI3VE6bmC6F5-UlZBkbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.57.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:57:fd:5c:d6:2a:31:a2:96:d9:0a:c2:cd:03:92:fc:4f:8a:
         7e:a9:0a:b4:50:bf:8c:ff:77:14:e3:43:82:73:d9:59:3d:4a:
         79:b4:2f:9b:5a:15:8f:8d:8a:7d:f8:eb:46:81:11:cb:93:84:
         84:6d:24:3c:1f:a2:20:b6:a2:61:dc:c8:96:18:2b:88:34:d7:
         49:20:8c:9a:67:d8:de:a3:d5:b0:44:c7:7f:fa:d8:c7:9c:a8:
         23:9d:50:1c:cf:e0:c1:c6:19:c2:4e:a6:c4:00:3a:76:20:61:
         ec:10:f9:f5:d5:65:de:d8:90:38:2d:f0:ac:a9:93:ec:41:cf:
         7d:25:6c:65:5a:ed:3b:b6:73:9e:4b:01:81:eb:bb:c4:2b:a5:
         6e:3a:47:2f:86:75:dd:47:86:a0:8c:3f:59:01:3f:80:8a:70:
         73:e2:13:d3:76:bc:d8:f9:e3:6b:c8:30:08:6d:d4:b9:11:02:
         70:36:54:41:ee:bb:8c:51:56:32:c9:12:3d:51:5b:3d:65:b7:
         cf:1d:d9:cc:ce:ab:86:2d:1f:cb:81:c3:ba:4a:dc:81:f9:4d:
         56:a4:8d:0a:96:b6:12:8f:77:e1:2c:3f:aa:5e:24:12:ee:62:
         f8:67:2e:55:75:df:01:04:cd:88:73:68:37:85:4d:03:83:5e:
         26:a8:3e:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt6c1XFa3tH9Gb+FovqtXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwMTAxMjAyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTk0MjAzNWYzYzIyMzc1NDRlOWI5ODJlODVlN2U1MjU2NDE5MWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgu8YL5NJPzb1uoUYZrfi1aCqGcxf
2eCbfZZEBxGS21q8CNyJm8z3a1R8A22IObnRl9iIGgqMSd512Ms/wibUhn0YYyZl
knq23e16t+BlbKDYRPSaEtoVq/K65FfyRV3nAXUlLr91bio6ok1p1vEnIVoQnxQb
B5+RKVDDeexQEN8qau73KTkxrnCgkHFMna7WLX4WLTo1k64pW8rZzavMoLVC9wNm
TAdIpo6DSNLT6JkWG5O3FB/HbplaAqQtcLX/ymwL/j4HTJN4Eb2yRtUBnveu5557
D3fLnFFgkx+ZAY9KU9OWkDR60VfHHszBU6xRGHkR3TSgzLjkZXOj4Tc8OwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNWUIDXzwiN1ROm5guheflJWQZG1MB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvMVpRZ05mUENJM1ZFNmJtQzZGNS1VbFpCa2JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsDkyMA0G
CSqGSIb3DQEBCwUAA4IBAQCoV/1c1ioxopbZCsLNA5L8T4p+qQq0UL+M/3cU40OC
c9lZPUp5tC+bWhWPjYp9+OtGgRHLk4SEbSQ8H6IgtqJh3MiWGCuINNdJIIyaZ9je
o9WwRMd/+tjHnKgjnVAcz+DBxhnCTqbEADp2IGHsEPn11WXe2JA4LfCsqZPsQc99
JWxlWu07tnOeSwGB67vEK6VuOkcvhnXdR4agjD9ZAT+AinBz4hPTdrzY+eNryDAI
bdS5EQJwNlRB7ruMUVYyyRI9UVs9ZbfPHdnMzquGLR/LgcO6StyB+U1WpI0KlrYS
j3fhLD+qXiQS7mL4Zy5Vdd8BBM2Ic2g3hU0Dg14mqD7W
-----END CERTIFICATE-----