Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/clRn2ZiFbkASBVaJu1CvhM53AzQ.roa
File:                     clRn2ZiFbkASBVaJu1CvhM53AzQ.roa (raw, json)
Hash identifier:          bogqyeDHq3ZuTJocmKwmOJe+6G28HVd+bm8jmbqtTW4=
Subject key identifier:   72:54:67:D9:98:85:6E:40:12:05:56:89:BB:50:AF:84:CE:77:03:34
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0192F15DFCDBF0F463FBFFE62947B4EBB9E4
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/clRn2ZiFbkASBVaJu1CvhM53AzQ.roa
Signing time:             Sun 03 Nov 2024 09:32:01 +0000
ROA not before:           Sun 03 Nov 2024 09:32:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        2.57.242.0/24 maxlen: 24
                          89.39.120.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:f1:5d:fc:db:f0:f4:63:fb:ff:e6:29:47:b4:eb:b9:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Nov  3 09:32:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=725467d998856e4012055689bb50af84ce770334
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:40:10:03:e9:df:97:2b:8a:dd:3e:9e:c4:54:
                    13:e7:3c:d9:8c:da:24:f6:d6:d1:e0:02:8f:f4:f2:
                    6c:9a:ee:38:14:04:08:8c:71:bd:f3:91:a9:17:7f:
                    fc:68:26:ad:51:c8:8b:db:bd:c7:f7:91:8e:84:e7:
                    97:cc:02:9d:91:65:30:d6:62:86:bf:05:a2:f2:0f:
                    b6:7a:66:67:da:8e:93:2d:31:77:c2:bc:89:03:3b:
                    01:20:15:24:ee:36:27:b4:12:2f:02:9b:69:3f:e7:
                    8b:3b:c2:ba:1c:ef:65:e6:08:04:66:ff:4b:79:d9:
                    08:a9:e4:ac:f4:69:6b:da:51:58:34:f1:20:7a:1e:
                    07:13:06:0c:34:fc:ab:e3:a2:86:99:24:d2:c4:99:
                    99:29:ab:e9:51:f6:88:e4:41:aa:5f:57:87:2b:fa:
                    ec:23:9b:b1:74:54:84:8f:c5:e8:15:1a:f2:3f:06:
                    75:ee:65:83:c5:ca:2a:73:52:77:90:45:59:ab:bb:
                    41:3c:c5:41:5f:0c:d3:c6:03:b1:34:ca:f1:30:0d:
                    01:61:03:d6:56:ff:91:18:4d:ff:15:d6:53:90:f2:
                    fb:e5:9e:5b:28:23:fa:58:69:a8:ec:d1:da:b0:a1:
                    72:63:29:d9:56:57:d1:e6:69:9c:09:3a:47:c6:e9:
                    9d:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:54:67:D9:98:85:6E:40:12:05:56:89:BB:50:AF:84:CE:77:03:34
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/clRn2ZiFbkASBVaJu1CvhM53AzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.242.0/24
                  89.39.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:3e:d4:12:9a:e8:db:b5:7d:e4:b4:40:38:e9:30:3c:8b:c0:
         3d:79:63:a1:59:47:52:a8:6f:5d:58:8b:18:e8:92:d6:d4:42:
         b6:2c:62:c1:25:73:7a:60:7f:e4:ab:15:50:a1:bb:88:7d:89:
         d2:c1:39:b4:56:4a:0b:4f:f8:61:d3:2a:17:b5:83:40:97:19:
         54:17:cf:eb:b0:00:c1:14:39:d7:be:16:87:13:11:49:5a:12:
         8e:7b:c3:d1:16:cb:5e:1f:a0:47:bc:eb:4c:73:03:bf:cb:66:
         b4:b5:37:d3:45:ea:dc:a6:ec:94:0c:04:42:26:25:10:30:10:
         ae:c7:6f:06:a5:9b:e6:c0:0a:56:2d:de:f2:4a:9e:39:54:81:
         21:8d:3a:ea:93:78:ef:44:fc:66:87:c1:6b:d3:2c:62:5c:5d:
         a5:3a:07:3b:51:5f:9c:83:0e:97:18:21:ea:16:26:85:c1:ae:
         11:c6:bd:a4:ca:43:5b:a9:63:ef:ee:54:05:d5:b7:7e:c0:14:
         01:82:cf:25:c6:c4:d4:0f:09:f9:7c:47:03:bb:f4:11:15:d1:
         4b:76:18:db:bd:aa:5e:b3:20:c5:01:a1:04:32:38:92:30:ce:
         ee:21:5e:ce:ce:3f:d9:5c:0e:7f:17:f7:79:75:2f:82:fb:a9:
         e6:ad:91:fd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZLxXfzb8PRj+//mKUe067nkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQxMTAzMDkzMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjU0NjdkOTk4ODU2ZTQwMTIwNTU2ODliYjUwYWY4NGNlNzcwMzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA00AQA+nflyuK3T6exFQT5zzZjNok
9tbR4AKP9PJsmu44FAQIjHG985GpF3/8aCatUciL273H95GOhOeXzAKdkWUw1mKG
vwWi8g+2emZn2o6TLTF3wryJAzsBIBUk7jYntBIvAptpP+eLO8K6HO9l5ggEZv9L
edkIqeSs9Glr2lFYNPEgeh4HEwYMNPyr46KGmSTSxJmZKavpUfaI5EGqX1eHK/rs
I5uxdFSEj8XoFRryPwZ17mWDxcoqc1J3kEVZq7tBPMVBXwzTxgOxNMrxMA0BYQPW
Vv+RGE3/FdZTkPL75Z5bKCP6WGmo7NHasKFyYynZVlfR5mmcCTpHxumd2wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHJUZ9mYhW5AEgVWibtQr4TOdwM0MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvY2xSbjJaaUZia0FTQlZhSnUxQ3ZoTTUzQXpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAjnyAwQA
WSd4MA0GCSqGSIb3DQEBCwUAA4IBAQBFPtQSmujbtX3ktEA46TA8i8A9eWOhWUdS
qG9dWIsY6JLW1EK2LGLBJXN6YH/kqxVQobuIfYnSwTm0VkoLT/hh0yoXtYNAlxlU
F8/rsADBFDnXvhaHExFJWhKOe8PRFsteH6BHvOtMcwO/y2a0tTfTRercpuyUDARC
JiUQMBCux28GpZvmwApWLd7ySp45VIEhjTrqk3jvRPxmh8Fr0yxiXF2lOgc7UV+c
gw6XGCHqFiaFwa4Rxr2kykNbqWPv7lQF1bd+wBQBgs8lxsTUDwn5fEcDu/QRFdFL
dhjbvapesyDFAaEEMjiSMM7uIV7Ozj/ZXA5/F/d5dS+C+6nmrZH9
-----END CERTIFICATE-----