Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/SmiyYuDPEfhUoND8Oie7OrdcQJM.roa
File:                     SmiyYuDPEfhUoND8Oie7OrdcQJM.roa (raw, json)
Hash identifier:          pzftG54xEhb7GFvWg8J0S0flgWBJzqearEv1gClx+mg=
Subject key identifier:   4A:68:B2:62:E0:CF:11:F8:54:A0:D0:FC:3A:27:BB:3A:B7:5C:40:93
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018E3156A28C58BA94B7E53FC012BE5D1ED4
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/SmiyYuDPEfhUoND8Oie7OrdcQJM.roa
Signing time:             Tue 12 Mar 2024 06:25:45 +0000
ROA not before:           Tue 12 Mar 2024 06:25:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201670
IP address blocks:        176.57.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:31:56:a2:8c:58:ba:94:b7:e5:3f:c0:12:be:5d:1e:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Mar 12 06:25:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a68b262e0cf11f854a0d0fc3a27bb3ab75c4093
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:7b:86:2f:24:54:a8:e6:68:4a:2f:b8:5d:28:
                    a1:48:b7:38:9d:c4:77:07:af:ed:ec:a7:aa:26:1d:
                    19:b1:17:60:5d:58:c4:0e:22:8c:9d:cc:e1:92:70:
                    14:90:39:4c:81:85:7a:05:3f:aa:d3:f5:58:c0:db:
                    c5:b0:db:0d:32:0a:d3:cd:14:98:2f:ef:4f:66:ff:
                    e8:5c:96:d0:52:ab:1f:f0:ed:3b:bf:34:92:6e:63:
                    b3:52:9e:ba:65:04:05:91:65:06:3e:3d:b8:94:4a:
                    e3:05:fc:ca:2d:80:22:5d:26:74:e9:1a:89:b8:a6:
                    b8:67:f2:41:e5:e4:22:bc:4d:de:17:f2:1f:62:19:
                    9d:af:22:8b:d0:76:3c:dc:da:99:4a:a6:18:5a:56:
                    20:03:4d:5f:09:eb:19:5a:f3:79:1c:59:e6:57:37:
                    ea:ce:86:60:50:53:98:73:b0:a6:4d:9f:b4:35:65:
                    e2:14:07:dd:97:36:10:1a:32:49:50:92:ed:a0:52:
                    ed:07:b6:7d:cc:1f:55:ef:f6:6b:0a:d4:5a:e4:09:
                    da:e8:dc:86:30:6b:cd:6e:b2:32:23:46:9d:37:0c:
                    44:eb:f6:aa:b9:88:71:e8:06:44:92:d7:35:c5:6c:
                    a5:c8:ca:55:47:47:70:38:4c:ee:0e:06:9c:94:4f:
                    08:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:68:B2:62:E0:CF:11:F8:54:A0:D0:FC:3A:27:BB:3A:B7:5C:40:93
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/SmiyYuDPEfhUoND8Oie7OrdcQJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.57.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:47:cd:aa:c5:9b:70:e3:3f:9e:08:f7:85:b8:f5:6f:8a:95:
         d7:dc:57:6a:ba:0a:ab:53:2a:06:10:87:7f:83:3c:4f:a6:88:
         9f:b0:7a:1f:65:f8:12:1f:80:70:87:3e:59:2e:28:33:d0:a1:
         1b:0a:ab:ee:53:17:9b:35:0b:52:3e:33:c1:ef:b3:88:f8:64:
         93:3d:a5:02:02:3b:62:86:1c:11:fc:03:fa:d2:55:e4:2c:67:
         4c:ee:51:8a:cf:7b:dd:fc:2e:08:2f:c9:49:19:2e:8e:17:cb:
         10:be:8d:11:64:75:f3:f9:88:db:4d:21:66:6e:69:1c:e9:f4:
         10:6f:b3:28:10:59:9f:f5:6f:7d:ba:13:26:d2:d8:66:a4:e8:
         0b:aa:48:e9:32:3f:53:d9:99:b0:48:b8:1d:db:b3:13:0e:61:
         67:10:be:98:1b:77:e7:c8:8a:58:f5:80:fb:ad:6e:9c:e3:84:
         9b:c1:f1:a1:db:f9:ab:41:49:36:9e:30:12:a0:48:44:d6:d8:
         72:e3:42:04:fa:1b:a6:2a:6f:0d:2f:b3:41:a1:74:8b:d0:f2:
         3b:cd:db:b0:1a:af:97:17:6f:74:da:f1:a5:df:b1:fb:ed:fa:
         ed:a9:d4:79:f6:0b:3b:47:3a:5a:b4:ab:50:5b:0a:0f:a5:7c:
         d7:b0:13:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4xVqKMWLqUt+U/wBK+XR7UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwMzEyMDYyNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTY4YjI2MmUwY2YxMWY4NTRhMGQwZmMzYTI3YmIzYWI3NWM0MDkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlHuGLyRUqOZoSi+4XSihSLc4ncR3
B6/t7KeqJh0ZsRdgXVjEDiKMnczhknAUkDlMgYV6BT+q0/VYwNvFsNsNMgrTzRSY
L+9PZv/oXJbQUqsf8O07vzSSbmOzUp66ZQQFkWUGPj24lErjBfzKLYAiXSZ06RqJ
uKa4Z/JB5eQivE3eF/IfYhmdryKL0HY83NqZSqYYWlYgA01fCesZWvN5HFnmVzfq
zoZgUFOYc7CmTZ+0NWXiFAfdlzYQGjJJUJLtoFLtB7Z9zB9V7/ZrCtRa5Ana6NyG
MGvNbrIyI0adNwxE6/aquYhx6AZEktc1xWylyMpVR0dwOEzuDgaclE8IbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEposmLgzxH4VKDQ/Donuzq3XECTMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvU21peVl1RFBFZmhVb05EOE9pZTdPcmRjUUpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsDk7MA0G
CSqGSIb3DQEBCwUAA4IBAQAXR82qxZtw4z+eCPeFuPVvipXX3FdqugqrUyoGEId/
gzxPpoifsHofZfgSH4Bwhz5ZLigz0KEbCqvuUxebNQtSPjPB77OI+GSTPaUCAjti
hhwR/AP60lXkLGdM7lGKz3vd/C4IL8lJGS6OF8sQvo0RZHXz+YjbTSFmbmkc6fQQ
b7MoEFmf9W99uhMm0thmpOgLqkjpMj9T2ZmwSLgd27MTDmFnEL6YG3fnyIpY9YD7
rW6c44SbwfGh2/mrQUk2njASoEhE1thy40IE+humKm8NL7NBoXSL0PI7zduwGq+X
F2902vGl37H77frtqdR59gs7RzpatKtQWwoPpXzXsBMp
-----END CERTIFICATE-----