Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/k-3G9NpV3nECMGbmHT7NAf3BQbk.roa
File:                     k-3G9NpV3nECMGbmHT7NAf3BQbk.roa (raw, json)
Hash identifier:          NQvLASGXF6GMI5TYXCnDsPjcaTxKFJHcAabDEzWLYsk=
Subject key identifier:   93:ED:C6:F4:DA:55:DE:71:02:30:66:E6:1D:3E:CD:01:FD:C1:41:B9
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018CC6B7A3CF77A953F6381945A26C3E2EC6
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/k-3G9NpV3nECMGbmHT7NAf3BQbk.roa
Signing time:             Mon 01 Jan 2024 20:29:32 +0000
ROA not before:           Mon 01 Jan 2024 20:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     142561
IP address blocks:        176.57.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:a3:cf:77:a9:53:f6:38:19:45:a2:6c:3e:2e:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  1 20:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93edc6f4da55de71023066e61d3ecd01fdc141b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:45:52:6c:63:47:8a:d9:98:52:0a:de:1d:2b:
                    00:98:ad:15:4f:e8:2b:59:75:b9:d1:0b:9d:e1:cc:
                    cc:98:cb:89:53:3a:20:61:9c:c5:db:df:17:41:d6:
                    70:1b:48:dd:52:33:57:67:a0:7a:27:0d:b1:f2:81:
                    72:61:a0:af:83:c0:60:2a:c6:37:da:00:96:90:b8:
                    d2:31:86:05:75:32:df:46:a6:22:7f:ec:1e:de:bc:
                    08:d3:8b:ad:8a:0c:e4:b5:3a:3f:8c:95:36:2b:57:
                    25:9f:10:e0:f6:da:68:75:34:b0:bc:0b:e0:96:24:
                    c3:84:db:3c:48:70:74:db:5e:22:f9:3f:6f:8b:85:
                    f5:dd:41:2e:3a:b8:85:9f:5e:87:35:36:fc:a1:c7:
                    be:5b:19:8b:d2:8f:8f:f2:6f:b6:e8:fe:1a:68:61:
                    57:fd:00:07:dc:6d:f4:cc:03:1d:f8:76:49:c7:0a:
                    40:97:16:7a:1b:dd:f5:d1:fe:3f:5f:9a:a2:05:93:
                    5f:49:b5:60:a0:e9:39:14:f1:98:d0:72:c4:d4:ee:
                    af:f5:fd:b2:6a:5b:a2:0f:91:e3:b3:8d:a6:28:97:
                    48:a8:76:72:05:d5:d7:37:05:17:16:15:f4:23:b5:
                    f2:ac:db:c9:30:89:22:d5:8b:19:49:a1:ea:ef:20:
                    2a:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:ED:C6:F4:DA:55:DE:71:02:30:66:E6:1D:3E:CD:01:FD:C1:41:B9
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/k-3G9NpV3nECMGbmHT7NAf3BQbk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.57.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:1a:92:58:29:4b:96:f5:35:12:a8:30:13:78:ef:dd:46:09:
         37:ab:ed:74:21:5b:47:21:b0:59:13:e8:37:ca:b2:d3:9a:b3:
         d8:5f:df:a0:68:0a:28:11:48:c9:f2:d5:87:31:b6:0b:9c:f7:
         5c:ac:0b:de:3e:14:79:68:3a:2f:1b:a3:f6:dd:ea:87:2f:0c:
         6d:59:e6:7f:56:62:25:9e:ed:3e:ef:ce:63:66:7e:8a:aa:53:
         0d:2d:0d:4a:b2:dc:d7:a3:46:92:33:75:1e:e6:9f:6f:18:5e:
         6e:aa:11:89:6b:8d:71:b5:21:d1:03:b1:76:b8:f2:a0:45:38:
         23:7b:85:41:64:74:c5:53:35:f0:e8:f7:67:9a:c4:d4:2e:56:
         72:cf:59:25:7d:ce:50:cf:d6:83:1f:68:ca:9d:85:0f:4b:80:
         fa:8f:0c:24:9f:6f:56:96:f6:f3:42:5f:69:fa:b8:e0:9d:15:
         23:a2:73:7b:b3:91:49:48:45:77:c3:ac:5f:6d:72:a5:b1:92:
         36:10:8c:37:02:08:af:d6:57:cd:2b:c5:04:20:9a:dc:04:8a:
         5e:c8:19:f1:3a:80:c5:1f:67:c7:f9:3e:2e:c8:6b:40:54:dc:
         d8:ff:57:3d:e4:96:12:b8:c0:07:bd:1e:1a:fd:62:ff:0d:44:
         56:47:b2:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt6PPd6lT9jgZRaJsPi7GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwMTAxMjAyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2VkYzZmNGRhNTVkZTcxMDIzMDY2ZTYxZDNlY2QwMWZkYzE0MWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiEVSbGNHitmYUgreHSsAmK0VT+gr
WXW50Qud4czMmMuJUzogYZzF298XQdZwG0jdUjNXZ6B6Jw2x8oFyYaCvg8BgKsY3
2gCWkLjSMYYFdTLfRqYif+we3rwI04utigzktTo/jJU2K1clnxDg9tpodTSwvAvg
liTDhNs8SHB0214i+T9vi4X13UEuOriFn16HNTb8oce+WxmL0o+P8m+26P4aaGFX
/QAH3G30zAMd+HZJxwpAlxZ6G9310f4/X5qiBZNfSbVgoOk5FPGY0HLE1O6v9f2y
aluiD5Hjs42mKJdIqHZyBdXXNwUXFhX0I7XyrNvJMIki1YsZSaHq7yAq6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJPtxvTaVd5xAjBm5h0+zQH9wUG5MB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvay0zRzlOcFYzbkVDTUdibUhUN05BZjNCUWJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsDkzMA0G
CSqGSIb3DQEBCwUAA4IBAQA7GpJYKUuW9TUSqDATeO/dRgk3q+10IVtHIbBZE+g3
yrLTmrPYX9+gaAooEUjJ8tWHMbYLnPdcrAvePhR5aDovG6P23eqHLwxtWeZ/VmIl
nu0+785jZn6KqlMNLQ1KstzXo0aSM3Ue5p9vGF5uqhGJa41xtSHRA7F2uPKgRTgj
e4VBZHTFUzXw6PdnmsTULlZyz1klfc5Qz9aDH2jKnYUPS4D6jwwkn29WlvbzQl9p
+rjgnRUjonN7s5FJSEV3w6xfbXKlsZI2EIw3Agiv1lfNK8UEIJrcBIpeyBnxOoDF
H2fH+T4uyGtAVNzY/1c95JYSuMAHvR4a/WL/DURWR7LC
-----END CERTIFICATE-----