Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/zElyXVkaUDhTaEIcmfcsZoqBDjo.roa
File:                     zElyXVkaUDhTaEIcmfcsZoqBDjo.roa (raw, json)
Hash identifier:          dXoNwAHTolpfSeJKnVz7tdk8PPnI889vUICT6jyT5Zg=
Subject key identifier:   CC:49:72:5D:59:1A:50:38:53:68:42:1C:99:F7:2C:66:8A:81:0E:3A
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       018CC6B79C65901EC12A5F0F66035E90A024
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/zElyXVkaUDhTaEIcmfcsZoqBDjo.roa
Signing time:             Mon 01 Jan 2024 20:29:31 +0000
ROA not before:           Mon 01 Jan 2024 20:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19437
IP address blocks:        176.57.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:9c:65:90:1e:c1:2a:5f:0f:66:03:5e:90:a0:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  1 20:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc49725d591a50385368421c99f72c668a810e3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:4f:ab:30:26:c8:da:77:f1:68:c7:f1:96:8d:
                    79:ca:09:d0:c8:38:f8:db:7f:fb:99:84:de:ff:c6:
                    d4:fa:22:23:72:0b:7e:fe:02:46:d0:bf:c1:90:b3:
                    38:56:99:10:4b:88:36:29:84:65:33:7b:62:b9:a2:
                    43:99:d0:38:d1:b6:99:e4:db:09:80:cb:72:e0:6a:
                    b6:97:6c:4b:fa:7b:bd:32:a5:f0:fa:78:01:09:49:
                    61:a7:35:a9:5e:92:d4:ac:d5:5c:a9:9f:99:dd:ee:
                    b9:35:3d:c0:ae:cb:39:cb:c4:65:96:76:28:e6:a2:
                    ac:78:6e:5d:5d:0b:6e:19:2e:3b:df:11:68:2e:9a:
                    82:4b:5b:c7:d0:da:b4:4e:87:5f:5e:76:8a:0c:01:
                    7f:dd:30:3a:b3:c6:97:e6:41:a6:91:53:55:f5:86:
                    86:6b:40:48:e6:8f:69:c9:8b:7d:18:3e:db:29:ae:
                    20:0e:7c:57:fb:c2:dd:b9:d7:68:bd:1a:bd:63:11:
                    69:9b:ca:8d:74:6f:8e:63:f5:f0:bb:6a:35:1f:9a:
                    61:be:ab:98:b9:b7:5c:2c:23:99:9f:af:54:ec:98:
                    26:70:fe:e6:04:b5:2b:8f:14:44:4d:04:e5:48:5d:
                    7a:97:ee:a1:c8:99:d1:3c:4f:5a:fa:4a:fe:32:6d:
                    54:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:49:72:5D:59:1A:50:38:53:68:42:1C:99:F7:2C:66:8A:81:0E:3A
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/zElyXVkaUDhTaEIcmfcsZoqBDjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.57.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:37:a5:fc:ec:36:2c:59:4d:ad:3f:43:1e:3e:14:08:85:d8:
         ce:19:cb:c5:c0:3c:bc:48:27:dd:b0:6e:e9:d7:d9:5c:59:47:
         9e:8f:17:7a:b4:55:d0:e2:6f:1c:a3:63:80:6b:6a:44:02:66:
         0c:86:d6:9c:fc:f6:cc:a0:28:e3:c1:4a:9a:9f:c1:45:cd:80:
         ae:c3:c1:97:28:1f:24:a9:24:5e:42:43:40:ee:71:e3:79:b5:
         e5:af:09:60:fc:c6:d9:aa:d8:92:36:6a:fa:ed:1b:d2:02:d9:
         58:4b:6f:cd:d3:fe:bd:f6:e0:c3:43:17:fa:a6:b8:1f:aa:ee:
         c3:c5:b1:ec:62:70:2f:7b:60:9d:77:81:70:50:9c:39:7d:d8:
         db:bb:da:fe:5b:68:da:ca:9b:74:d2:14:2f:76:02:f7:0b:dc:
         70:1c:2a:5d:c9:b1:0b:72:0f:72:67:63:09:d6:aa:49:10:4d:
         cf:ca:53:15:3e:b7:f6:6e:39:72:ab:54:09:2d:4c:3f:da:44:
         4f:3d:48:fa:ad:9a:8b:2d:4c:41:5f:b7:67:9d:2f:e8:a7:7b:
         30:d6:6e:18:2c:ea:b9:ff:a1:54:63:cd:02:26:29:65:30:79:
         d9:24:86:10:1e:8b:5c:c1:85:12:8d:57:13:d4:4f:06:a2:5e:
         21:e9:e0:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt5xlkB7BKl8PZgNekKAkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjQwMTAxMjAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzQ5NzI1ZDU5MWE1MDM4NTM2ODQyMWM5OWY3MmM2NjhhODEwZTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuE+rMCbI2nfxaMfxlo15ygnQyDj4
23/7mYTe/8bU+iIjcgt+/gJG0L/BkLM4VpkQS4g2KYRlM3tiuaJDmdA40baZ5NsJ
gMty4Gq2l2xL+nu9MqXw+ngBCUlhpzWpXpLUrNVcqZ+Z3e65NT3Arss5y8RllnYo
5qKseG5dXQtuGS473xFoLpqCS1vH0Nq0TodfXnaKDAF/3TA6s8aX5kGmkVNV9YaG
a0BI5o9pyYt9GD7bKa4gDnxX+8LduddovRq9YxFpm8qNdG+OY/Xwu2o1H5phvquY
ubdcLCOZn69U7JgmcP7mBLUrjxRETQTlSF16l+6hyJnRPE9a+kr+Mm1UXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMxJcl1ZGlA4U2hCHJn3LGaKgQ46MB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvekVseVhWa2FVRGhUYUVJY21mY3Nab3FCRGpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsDk9MA0G
CSqGSIb3DQEBCwUAA4IBAQAsN6X87DYsWU2tP0MePhQIhdjOGcvFwDy8SCfdsG7p
19lcWUeejxd6tFXQ4m8co2OAa2pEAmYMhtac/PbMoCjjwUqan8FFzYCuw8GXKB8k
qSReQkNA7nHjebXlrwlg/MbZqtiSNmr67RvSAtlYS2/N0/699uDDQxf6prgfqu7D
xbHsYnAve2Cdd4FwUJw5fdjbu9r+W2jaypt00hQvdgL3C9xwHCpdybELcg9yZ2MJ
1qpJEE3PylMVPrf2bjlyq1QJLUw/2kRPPUj6rZqLLUxBX7dnnS/op3sw1m4YLOq5
/6FUY80CJillMHnZJIYQHotcwYUSjVcT1E8Gol4h6eCF
-----END CERTIFICATE-----