Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/1Xazyg_T5iXAeUqEU9Xubnq2hlg.roa
File:                     1Xazyg_T5iXAeUqEU9Xubnq2hlg.roa (raw, json)
Hash identifier:          GOyzCmTwPEU7yf68MSG1h/ob/b97+T+BjB3F1AqA8+Y=
Subject key identifier:   D5:76:B3:CA:0F:D3:E6:25:C0:79:4A:84:53:D5:EE:6E:7A:B6:86:58
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       018CC4934186C977657506612E4AFCAFBE07
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/1Xazyg_T5iXAeUqEU9Xubnq2hlg.roa
Signing time:             Mon 01 Jan 2024 10:30:34 +0000
ROA not before:           Mon 01 Jan 2024 10:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216013
IP address blocks:        2.57.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:41:86:c9:77:65:75:06:61:2e:4a:fc:af:be:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  1 10:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d576b3ca0fd3e625c0794a8453d5ee6e7ab68658
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:62:5e:5d:ee:d9:1a:8b:18:0a:a5:04:a2:99:
                    e3:2b:0f:46:2a:66:32:62:8f:5d:a8:9d:71:22:32:
                    0a:ed:78:3a:b7:df:59:0a:af:bc:07:9c:d6:2f:d0:
                    61:8a:fb:65:95:28:ee:53:5f:32:18:87:9c:a4:a4:
                    a9:5f:0e:5f:f6:e8:cb:15:78:59:9f:f1:b3:5c:e9:
                    c1:fa:8d:de:68:94:f5:d6:66:b0:a6:7a:8e:95:fb:
                    16:23:30:45:be:97:f2:58:26:4b:b8:75:0a:3f:3d:
                    7b:6c:26:ef:99:9e:1f:18:95:ed:41:54:26:0f:fd:
                    b1:ea:5f:81:4b:d3:74:76:8c:0a:ba:65:0a:76:7e:
                    c3:03:e2:e3:a1:72:14:3a:15:bd:b1:b7:a5:5e:5d:
                    9b:5d:ff:d6:37:e1:13:24:1b:c6:93:88:d5:44:e8:
                    56:90:b0:cc:96:b4:b2:fb:39:80:32:b0:5b:a9:dc:
                    87:48:0c:ab:d1:a5:d3:54:99:6d:9c:8d:23:11:8c:
                    82:c9:86:97:cb:95:ce:02:88:e6:83:8c:4b:a9:73:
                    16:07:9a:70:17:19:53:c1:0e:7d:f6:cc:11:30:8e:
                    85:3d:f7:8b:54:f4:2e:2d:8e:71:97:2a:e6:08:63:
                    08:48:ed:3f:00:c3:b9:7a:f9:c3:7e:77:31:0c:f4:
                    19:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:76:B3:CA:0F:D3:E6:25:C0:79:4A:84:53:D5:EE:6E:7A:B6:86:58
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/1Xazyg_T5iXAeUqEU9Xubnq2hlg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:16:6d:21:ad:27:49:38:70:d6:97:50:3c:7d:dd:8d:e1:e1:
         9c:a5:c4:37:e6:fd:53:bb:99:b5:1c:04:f3:c3:ce:4f:13:7a:
         62:4b:02:9e:32:94:53:90:e5:a2:e0:96:51:82:b9:7a:7a:60:
         3d:f6:8d:6c:7e:aa:bb:93:82:5a:d2:30:ef:79:40:3a:be:db:
         f8:73:84:bc:22:95:f6:c3:9d:d4:2d:17:a2:28:fd:63:3f:77:
         74:1b:9e:d3:aa:f3:41:ae:2c:44:24:d9:21:39:8c:37:7b:30:
         0c:5c:33:57:bf:f4:b0:be:c3:f2:6c:a6:a5:2e:b2:c0:88:dc:
         ab:16:6c:8c:b3:c2:09:6b:b1:c2:0b:52:d9:c7:38:49:c5:bc:
         10:70:ff:97:04:47:69:ca:21:50:4c:d0:6a:cc:d3:34:c0:b2:
         72:a5:26:55:20:93:97:73:4c:77:f1:05:1d:56:c6:19:99:b0:
         42:86:67:39:ec:29:52:18:8b:2c:f4:b8:23:81:64:94:54:1a:
         d9:d1:2c:cd:d4:3c:18:59:a3:c5:a1:39:8e:1a:d0:85:f5:83:
         54:6d:d6:35:c3:08:b1:61:0e:99:ca:ec:21:bd:c7:ab:c4:87:
         5c:38:f9:32:f7:57:7d:35:de:46:e0:01:22:99:bf:da:95:8b:
         0f:bf:74:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk0GGyXdldQZhLkr8r74HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQwMTAxMTAzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTc2YjNjYTBmZDNlNjI1YzA3OTRhODQ1M2Q1ZWU2ZTdhYjY4NjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA52JeXe7ZGosYCqUEopnjKw9GKmYy
Yo9dqJ1xIjIK7Xg6t99ZCq+8B5zWL9BhivtllSjuU18yGIecpKSpXw5f9ujLFXhZ
n/GzXOnB+o3eaJT11mawpnqOlfsWIzBFvpfyWCZLuHUKPz17bCbvmZ4fGJXtQVQm
D/2x6l+BS9N0dowKumUKdn7DA+LjoXIUOhW9sbelXl2bXf/WN+ETJBvGk4jVROhW
kLDMlrSy+zmAMrBbqdyHSAyr0aXTVJltnI0jEYyCyYaXy5XOAojmg4xLqXMWB5pw
FxlTwQ599swRMI6FPfeLVPQuLY5xlyrmCGMISO0/AMO5evnDfncxDPQZLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNV2s8oP0+YlwHlKhFPV7m56toZYMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvMVhhenlnX1Q1aVhBZVVxRVU5WHVibnEyaGxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjnwMA0G
CSqGSIb3DQEBCwUAA4IBAQArFm0hrSdJOHDWl1A8fd2N4eGcpcQ35v1Tu5m1HATz
w85PE3piSwKeMpRTkOWi4JZRgrl6emA99o1sfqq7k4Ja0jDveUA6vtv4c4S8IpX2
w53ULReiKP1jP3d0G57TqvNBrixEJNkhOYw3ezAMXDNXv/SwvsPybKalLrLAiNyr
FmyMs8IJa7HCC1LZxzhJxbwQcP+XBEdpyiFQTNBqzNM0wLJypSZVIJOXc0x38QUd
VsYZmbBChmc57ClSGIss9LgjgWSUVBrZ0SzN1DwYWaPFoTmOGtCF9YNUbdY1wwix
YQ6ZyuwhvcerxIdcOPky91d9Nd5G4AEimb/alYsPv3R2
-----END CERTIFICATE-----