Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/7fSKE-lZMWP26GyEnNVEb3-0Fww.roa
File:                     7fSKE-lZMWP26GyEnNVEb3-0Fww.roa (raw, json)
Hash identifier:          sYEIDE0jVZ+tg+KC9JuVXM+c8CYzQg0VPGbOo+FU0yY=
Subject key identifier:   ED:F4:8A:13:E9:59:31:63:F6:E8:6C:84:9C:D5:44:6F:7F:B4:17:0C
Certificate issuer:       /CN=cdb83cfe5489835f294d0af4dd4db6e3dc25f1f3
Certificate serial:       018CC801541B23F6D822049A98A013185A13
Authority key identifier: CD:B8:3C:FE:54:89:83:5F:29:4D:0A:F4:DD:4D:B6:E3:DC:25:F1:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/7fSKE-lZMWP26GyEnNVEb3-0Fww.roa
Signing time:             Tue 02 Jan 2024 02:29:39 +0000
ROA not before:           Tue 02 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13879
IP address blocks:        57.197.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:54:1b:23:f6:d8:22:04:9a:98:a0:13:18:5a:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdb83cfe5489835f294d0af4dd4db6e3dc25f1f3
        Validity
            Not Before: Jan  2 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=edf48a13e9593163f6e86c849cd5446f7fb4170c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:b1:bf:30:6c:45:08:4e:59:83:56:94:ed:fe:
                    cc:9b:f3:d4:d2:46:65:38:06:2f:da:0a:a1:85:5b:
                    fd:db:91:6f:45:56:48:6e:32:ed:d8:9e:4d:0c:58:
                    5e:7b:2c:27:f9:de:cf:33:42:e9:90:32:69:bd:41:
                    74:f9:db:1b:6b:ff:0a:c2:ff:a1:2d:ea:e5:a7:e0:
                    9c:b8:a3:d6:3a:c3:8d:c4:b5:b5:09:a6:a0:f4:1d:
                    1b:e3:85:01:f4:4e:73:61:3f:4c:2a:57:dd:0b:70:
                    91:9a:ac:3d:28:45:31:13:d8:a4:5e:ea:9c:fb:0c:
                    8b:52:28:86:e0:d6:c9:06:7b:c5:04:78:a0:de:51:
                    1a:46:22:9b:f9:df:fa:ef:64:80:c7:6d:2a:e6:29:
                    3f:16:aa:80:4b:e0:2c:07:57:13:a9:e4:da:cd:8b:
                    65:66:42:97:43:5a:62:c2:82:98:35:88:8f:a8:c9:
                    a1:ca:5c:3b:33:35:fa:f1:a9:a3:6f:01:96:b4:26:
                    17:c2:22:5b:b4:7d:12:04:85:37:19:91:a0:f6:8f:
                    fa:10:58:f7:bf:f1:ac:37:cc:88:04:19:f7:e5:e6:
                    38:8b:7c:6f:a3:48:87:9c:9e:0e:23:23:ea:25:92:
                    bc:0f:ed:bc:71:70:d8:71:c9:1b:7d:63:2b:2d:bb:
                    59:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:F4:8A:13:E9:59:31:63:F6:E8:6C:84:9C:D5:44:6F:7F:B4:17:0C
            X509v3 Authority Key Identifier:
                keyid:CD:B8:3C:FE:54:89:83:5F:29:4D:0A:F4:DD:4D:B6:E3:DC:25:F1:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/7fSKE-lZMWP26GyEnNVEb3-0Fww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.197.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         62:7f:5b:a6:34:d8:5f:9f:9f:36:71:10:f9:49:2b:80:c2:e6:
         e7:04:d7:34:49:52:07:5f:88:66:a4:47:81:0f:4a:30:09:c7:
         c1:16:e3:fd:43:33:52:da:51:98:42:b3:50:6d:31:fb:7a:ab:
         7c:f3:bc:4a:50:be:15:09:d8:7d:b0:d1:f5:df:9c:ba:9b:74:
         30:5f:d7:48:9e:e0:78:b6:84:cd:08:43:4d:b9:52:1a:96:a5:
         f6:f1:55:d8:73:a2:5e:aa:67:48:ac:25:27:cf:42:7b:d2:46:
         d8:9e:06:5d:55:84:1e:88:33:fe:0f:08:eb:de:42:46:70:f2:
         b2:21:db:b5:84:fd:4f:1f:87:00:a5:4e:a8:3d:ed:a3:dd:bb:
         79:54:2b:76:4b:ee:9e:69:cc:36:3b:7d:42:9e:88:25:08:83:
         1b:ab:41:65:cb:39:df:1a:b0:b1:d2:75:44:96:84:8a:48:cd:
         c0:72:5f:53:05:5a:8f:69:94:05:0e:6d:d5:e2:51:b3:bb:6d:
         ad:f6:63:12:6f:fb:20:19:9d:50:37:57:b2:55:21:77:e2:bf:
         40:92:0b:f5:80:dd:bc:08:1a:49:2f:df:25:15:21:b4:46:9e:
         57:42:f9:78:d9:25:a5:dd:5f:2a:1d:f7:6f:44:e4:74:31:f6:
         0a:f7:8b:35
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzIAVQbI/bYIgSamKATGFoTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYjgzY2ZlNTQ4OTgzNWYyOTRkMGFmNGRkNGRiNmUzZGMy
NWYxZjMwHhcNMjQwMTAyMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGY0OGExM2U5NTkzMTYzZjZlODZjODQ5Y2Q1NDQ2ZjdmYjQxNzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAibG/MGxFCE5Zg1aU7f7Mm/PU0kZl
OAYv2gqhhVv925FvRVZIbjLt2J5NDFheeywn+d7PM0LpkDJpvUF0+dsba/8Kwv+h
Lerlp+CcuKPWOsONxLW1Caag9B0b44UB9E5zYT9MKlfdC3CRmqw9KEUxE9ikXuqc
+wyLUiiG4NbJBnvFBHig3lEaRiKb+d/672SAx20q5ik/FqqAS+AsB1cTqeTazYtl
ZkKXQ1piwoKYNYiPqMmhylw7MzX68amjbwGWtCYXwiJbtH0SBIU3GZGg9o/6EFj3
v/GsN8yIBBn35eY4i3xvo0iHnJ4OIyPqJZK8D+28cXDYcckbfWMrLbtZDwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFO30ihPpWTFj9uhshJzVRG9/tBcMMB8GA1UdIwQY
MBaAFM24PP5UiYNfKU0K9N1NtuPcJfHzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemJnOF9sU0pnMThwVFFyMDNVMjI0OXdsOGZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS83Mzk3MTYtOWFmMi00N2Y1LWE2ZjEt
YTNiNzRmOTY0MWFjLzEvN2ZTS0UtbFpNV1AyNkd5RW5OVkViMy0wRnd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS83Mzk3MTYtOWFmMi00N2Y1LWE2ZjEtYTNiNzRmOTY0MWFj
LzEvemJnOF9sU0pnMThwVFFyMDNVMjI0OXdsOGZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAOcUwDQYJ
KoZIhvcNAQELBQADggEBAGJ/W6Y02F+fnzZxEPlJK4DC5ucE1zRJUgdfiGakR4EP
SjAJx8EW4/1DM1LaUZhCs1BtMft6q3zzvEpQvhUJ2H2w0fXfnLqbdDBf10ie4Hi2
hM0IQ025UhqWpfbxVdhzol6qZ0isJSfPQnvSRtieBl1VhB6IM/4PCOveQkZw8rIh
27WE/U8fhwClTqg97aPdu3lUK3ZL7p5pzDY7fUKeiCUIgxurQWXLOd8asLHSdUSW
hIpIzcByX1MFWo9plAUObdXiUbO7ba32YxJv+yAZnVA3V7JVIXfiv0CSC/WA3bwI
Gkkv3yUVIbRGnldC+XjZJaXdXyod929E5HQx9gr3izU=
-----END CERTIFICATE-----