Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/vQlf-FazA9RyZ9ZB2iZ5Sk8rR_g.roa
File:                     vQlf-FazA9RyZ9ZB2iZ5Sk8rR_g.roa (raw, json)
Hash identifier:          EXHL4VtzobaJlrbhbq9VmaxG3Wr2bCnM/7A9RMdDj98=
Subject key identifier:   BD:09:5F:F8:56:B3:03:D4:72:67:D6:41:DA:26:79:4A:4F:2B:47:F8
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       01915B1400E25AB51D97A40A45F44B5AFAAE
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/vQlf-FazA9RyZ9ZB2iZ5Sk8rR_g.roa
Signing time:             Fri 16 Aug 2024 12:05:23 +0000
ROA not before:           Fri 16 Aug 2024 12:05:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137235
IP address blocks:        176.57.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 Nov 2024 04:00:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:5b:14:00:e2:5a:b5:1d:97:a4:0a:45:f4:4b:5a:fa:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Aug 16 12:05:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd095ff856b303d47267d641da26794a4f2b47f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:a7:52:7e:1c:34:1d:23:5c:ce:d7:5f:48:31:
                    01:26:72:55:2a:a4:a3:e3:ab:c9:18:18:cf:c3:8b:
                    7b:4b:82:2d:f0:b1:3c:8e:a7:1d:ea:46:e5:b5:38:
                    1b:93:73:5d:02:48:5c:6a:db:d6:21:3c:ae:eb:70:
                    59:5d:e8:b8:77:90:09:a9:1a:9d:c2:63:63:0f:35:
                    e1:a0:0c:8f:b2:53:d3:c6:ed:9e:24:0c:8a:97:4c:
                    fa:06:fd:3c:fb:fd:a6:bd:13:fa:a8:62:38:78:cc:
                    8b:82:19:79:b3:20:84:e5:15:5a:a8:a8:72:b4:ed:
                    c9:5b:45:5e:46:e7:f7:ff:9c:9a:62:bf:9e:e2:a6:
                    25:92:3b:2e:86:bb:41:1d:dc:05:44:0d:77:5a:93:
                    06:88:07:e5:bc:75:de:48:6a:f0:3d:86:c0:46:49:
                    c2:44:71:5f:5b:da:da:16:1d:33:b6:f9:5c:8d:53:
                    9b:ef:96:8b:f1:3e:5e:84:08:56:07:b8:9e:c0:6d:
                    34:99:c3:c3:8e:23:b4:33:38:7d:28:2a:18:fb:0d:
                    cb:3d:e4:e0:11:bf:b0:67:3f:36:d6:5b:69:a2:dc:
                    4e:b9:e3:d1:50:94:66:3d:cb:96:ba:8c:34:05:7a:
                    3d:bb:f2:6e:ff:19:7c:52:d7:4c:6c:b1:33:fe:09:
                    87:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:09:5F:F8:56:B3:03:D4:72:67:D6:41:DA:26:79:4A:4F:2B:47:F8
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/vQlf-FazA9RyZ9ZB2iZ5Sk8rR_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.57.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:e9:4f:49:6e:13:fa:01:a3:a7:54:35:d3:ac:5d:d6:d5:3d:
         93:59:36:ef:47:36:22:2a:4f:1e:fb:ab:75:32:0c:4d:1c:29:
         7a:c7:ef:19:33:d7:68:5a:73:ae:bb:28:a9:30:fa:4e:20:bf:
         53:5d:2d:c6:a6:b1:3f:26:94:4c:09:a2:64:72:81:72:87:b6:
         65:10:7a:b6:d0:d9:8d:01:c1:d8:80:c1:bb:36:ca:74:38:93:
         69:54:12:55:a9:35:b2:bf:73:09:ea:e6:5f:ab:ac:69:00:96:
         5c:36:7b:dc:18:b2:f0:75:34:1a:b1:c2:da:e5:6e:86:35:14:
         7c:28:8c:f6:4d:b1:12:8f:8e:ab:a9:6e:ad:64:a9:29:b2:fc:
         8e:c3:51:1c:e0:59:ea:b9:73:2d:75:de:a8:89:85:9c:17:a0:
         92:9e:99:31:76:c6:4b:09:58:39:98:e3:3f:bf:b9:35:bf:4a:
         35:d5:2a:5f:c6:83:00:40:75:82:ec:a4:25:eb:18:9e:eb:07:
         96:e0:4b:8c:ad:32:4f:b4:be:f9:51:4d:d3:09:f7:50:20:03:
         d3:5c:4b:2d:5d:f7:ad:bc:e4:8b:2d:fe:94:ad:94:9b:3d:9c:
         cd:7b:ea:56:e6:34:43:38:65:2e:51:48:3b:22:93:d7:ca:13:
         30:80:25:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFbFADiWrUdl6QKRfRLWvquMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwODE2MTIwNTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDA5NWZmODU2YjMwM2Q0NzI2N2Q2NDFkYTI2Nzk0YTRmMmI0N2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5KdSfhw0HSNcztdfSDEBJnJVKqSj
46vJGBjPw4t7S4It8LE8jqcd6kbltTgbk3NdAkhcatvWITyu63BZXei4d5AJqRqd
wmNjDzXhoAyPslPTxu2eJAyKl0z6Bv08+/2mvRP6qGI4eMyLghl5syCE5RVaqKhy
tO3JW0VeRuf3/5yaYr+e4qYlkjsuhrtBHdwFRA13WpMGiAflvHXeSGrwPYbARknC
RHFfW9raFh0ztvlcjVOb75aL8T5ehAhWB7iewG00mcPDjiO0Mzh9KCoY+w3LPeTg
Eb+wZz821ltpotxOuePRUJRmPcuWuow0BXo9u/Ju/xl8UtdMbLEz/gmHJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL0JX/hWswPUcmfWQdomeUpPK0f4MB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvdlFsZi1GYXpBOVJ5WjlaQjJpWjVTazhyUl9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsDk5MA0G
CSqGSIb3DQEBCwUAA4IBAQC16U9JbhP6AaOnVDXTrF3W1T2TWTbvRzYiKk8e+6t1
MgxNHCl6x+8ZM9doWnOuuyipMPpOIL9TXS3GprE/JpRMCaJkcoFyh7ZlEHq20NmN
AcHYgMG7Nsp0OJNpVBJVqTWyv3MJ6uZfq6xpAJZcNnvcGLLwdTQascLa5W6GNRR8
KIz2TbESj46rqW6tZKkpsvyOw1Ec4FnquXMtdd6oiYWcF6CSnpkxdsZLCVg5mOM/
v7k1v0o11SpfxoMAQHWC7KQl6xie6weW4EuMrTJPtL75UU3TCfdQIAPTXEstXfet
vOSLLf6UrZSbPZzNe+pW5jRDOGUuUUg7IpPXyhMwgCUI
-----END CERTIFICATE-----