Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/QH9nmeILZz0WphQntLfkY01GAsA.roa
File:                     QH9nmeILZz0WphQntLfkY01GAsA.roa (raw, json)
Hash identifier:          0qYWMIQFkxnJvwnpyDkejL7I2g4KW7EQmbqqtX7gK8w=
Subject key identifier:   40:7F:67:99:E2:0B:67:3D:16:A6:14:27:B4:B7:E4:63:4D:46:02:C0
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       01942827591EB0FBFCC72D1C748A2DF63407
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/QH9nmeILZz0WphQntLfkY01GAsA.roa
Signing time:             Thu 02 Jan 2025 17:54:14 +0000
ROA not before:           Thu 02 Jan 2025 17:54:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43180
IP address blocks:        2.57.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:59:1e:b0:fb:fc:c7:2d:1c:74:8a:2d:f6:34:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  2 17:54:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=407f6799e20b673d16a61427b4b7e4634d4602c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:a7:fd:b8:0f:b6:49:6b:16:2a:84:c6:cf:11:
                    e0:6c:9f:49:27:d2:26:b1:e1:ed:da:ab:23:04:cf:
                    20:cc:5e:ef:fd:19:3a:d4:e5:3f:2d:c4:b7:61:df:
                    8c:53:6d:a1:b0:0b:e5:b4:85:0e:93:00:d0:36:f3:
                    22:45:1e:1d:34:9f:36:a7:8e:54:58:9a:fa:2c:8a:
                    1f:a0:03:0b:56:8c:e3:1a:c1:e0:e7:2c:50:9f:10:
                    34:c0:49:33:b1:4b:98:7b:63:01:06:fa:34:57:33:
                    34:e9:1d:b6:c7:d6:bf:d5:06:c6:f3:e2:f2:fd:15:
                    f9:1f:2e:0b:da:84:e5:6c:b4:ed:55:ff:7f:89:67:
                    12:cf:38:f2:f6:47:81:d8:85:f2:68:c6:30:f9:db:
                    e7:37:b2:20:db:0b:ef:c6:46:50:0f:22:67:84:e5:
                    52:50:e5:e0:ad:c2:8a:c1:32:ef:d5:10:bb:db:60:
                    69:03:95:28:76:fe:88:a1:2a:e3:8e:bd:5d:ab:81:
                    df:91:18:e5:20:e3:24:6f:5e:32:be:99:b4:b6:f7:
                    54:77:f1:c4:22:73:53:8a:28:5e:d3:d2:67:fa:75:
                    9d:75:80:67:41:fb:4b:7f:7c:f5:32:26:bd:88:4a:
                    cb:e7:35:be:2f:2b:3e:d6:12:5b:60:10:9d:81:91:
                    c5:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:7F:67:99:E2:0B:67:3D:16:A6:14:27:B4:B7:E4:63:4D:46:02:C0
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/QH9nmeILZz0WphQntLfkY01GAsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:c1:e2:7b:61:b1:91:3a:3b:27:99:00:98:36:04:66:2d:fb:
         3f:7c:65:54:ea:6b:2c:84:25:7c:9b:6e:d2:12:a2:3e:ad:68:
         dd:42:8c:29:78:d2:12:45:db:08:b9:eb:7e:d8:88:dd:32:fe:
         87:25:72:96:7c:18:ac:31:4b:8f:79:be:b3:bc:8c:88:fc:23:
         49:4c:cf:d1:76:4e:ef:e7:18:bc:31:19:c0:7c:00:64:4b:c2:
         ce:2f:af:61:db:6c:2b:11:87:36:b5:49:cb:71:3c:96:bd:ef:
         d3:94:87:f2:ed:cb:71:27:b4:5d:5c:f3:59:e9:df:c0:d2:39:
         8e:3d:c1:48:b2:79:6b:0f:96:f8:da:77:0e:ba:30:f9:20:5e:
         83:d1:5c:16:63:b8:93:f9:9f:a6:c3:df:ea:c9:5c:ae:a5:35:
         5d:d2:96:b7:1b:d0:a4:65:11:15:0e:16:d0:6a:78:f0:93:79:
         4b:d1:5e:e6:a7:6d:72:1b:9d:a9:93:db:fe:ae:fd:7d:f7:aa:
         21:9e:db:bc:b5:6e:bd:9a:fa:26:f6:93:ae:bc:53:b3:f2:fa:
         86:6d:b5:c2:fa:4b:8f:d6:13:72:c1:39:85:02:a3:d1:5c:de:
         6c:04:6c:71:68:0c:88:6c:d3:eb:b9:60:37:8c:52:09:92:26:
         f3:bc:0a:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ1kesPv8xy0cdIot9jQHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTAyMTc1NDE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDdmNjc5OWUyMGI2NzNkMTZhNjE0MjdiNGI3ZTQ2MzRkNDYwMmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA06f9uA+2SWsWKoTGzxHgbJ9JJ9Im
seHt2qsjBM8gzF7v/Rk61OU/LcS3Yd+MU22hsAvltIUOkwDQNvMiRR4dNJ82p45U
WJr6LIofoAMLVozjGsHg5yxQnxA0wEkzsUuYe2MBBvo0VzM06R22x9a/1QbG8+Ly
/RX5Hy4L2oTlbLTtVf9/iWcSzzjy9keB2IXyaMYw+dvnN7Ig2wvvxkZQDyJnhOVS
UOXgrcKKwTLv1RC722BpA5Uodv6IoSrjjr1dq4HfkRjlIOMkb14yvpm0tvdUd/HE
InNTiihe09Jn+nWddYBnQftLf3z1Mia9iErL5zW+Lys+1hJbYBCdgZHFjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEB/Z5niC2c9FqYUJ7S35GNNRgLAMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvUUg5bm1lSUxaejBXcGhRbnRMZmtZMDFHQXNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjnxMA0G
CSqGSIb3DQEBCwUAA4IBAQAfweJ7YbGROjsnmQCYNgRmLfs/fGVU6msshCV8m27S
EqI+rWjdQowpeNISRdsIuet+2IjdMv6HJXKWfBisMUuPeb6zvIyI/CNJTM/Rdk7v
5xi8MRnAfABkS8LOL69h22wrEYc2tUnLcTyWve/TlIfy7ctxJ7RdXPNZ6d/A0jmO
PcFIsnlrD5b42ncOujD5IF6D0VwWY7iT+Z+mw9/qyVyupTVd0pa3G9CkZREVDhbQ
anjwk3lL0V7mp21yG52pk9v+rv1996ohntu8tW69mvom9pOuvFOz8vqGbbXC+kuP
1hNywTmFAqPRXN5sBGxxaAyIbNPruWA3jFIJkibzvAqP
-----END CERTIFICATE-----