Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/Q4zuhYGG3L1WBcFO48ljA8rNBKA.roa
File:                     Q4zuhYGG3L1WBcFO48ljA8rNBKA.roa (raw, json)
Hash identifier:          wCgcnvjGlJ6QOzoOZEf9C5WB57PdxuAUQh1p+3p6DI8=
Subject key identifier:   43:8C:EE:85:81:86:DC:BD:56:05:C1:4E:E3:C9:63:03:CA:CD:04:A0
Certificate issuer:       /CN=cdb83cfe5489835f294d0af4dd4db6e3dc25f1f3
Certificate serial:       018D78F62C31962DD091D8CD0273DFB12366
Authority key identifier: CD:B8:3C:FE:54:89:83:5F:29:4D:0A:F4:DD:4D:B6:E3:DC:25:F1:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/Q4zuhYGG3L1WBcFO48ljA8rNBKA.roa
Signing time:             Mon 05 Feb 2024 11:10:15 +0000
ROA not before:           Mon 05 Feb 2024 11:10:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25186
IP address blocks:        57.197.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 20:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:78:f6:2c:31:96:2d:d0:91:d8:cd:02:73:df:b1:23:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdb83cfe5489835f294d0af4dd4db6e3dc25f1f3
        Validity
            Not Before: Feb  5 11:10:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=438cee858186dcbd5605c14ee3c96303cacd04a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:f2:49:8c:c6:73:ef:e3:1b:4c:db:8e:ec:d0:
                    06:da:68:cf:61:21:ef:15:ca:b8:09:01:99:64:7f:
                    06:af:eb:b1:0c:83:fe:6e:1c:1a:1a:9a:6f:d6:86:
                    18:5c:db:02:88:94:2a:87:9e:b0:a2:05:c2:c5:7f:
                    af:2d:66:8b:9c:68:23:d7:ff:e2:b2:ee:ec:c8:2f:
                    9d:05:bc:09:3b:21:64:21:8e:be:9d:56:9a:74:a2:
                    e2:d9:bc:cf:39:bf:44:e3:5d:49:a6:4f:b3:e4:45:
                    3b:1c:2f:11:f1:67:9d:52:5c:6e:d8:2d:9b:0b:a0:
                    1f:fa:03:e0:7d:23:b3:97:a9:8e:78:1f:7a:27:56:
                    6a:32:12:76:65:b7:06:e6:c1:06:e4:2b:e4:a2:cb:
                    fc:c6:f9:32:8a:16:54:ed:7e:9f:1c:ff:04:bf:2e:
                    79:b6:8f:bc:26:ad:b1:1a:31:a6:5d:1c:79:66:78:
                    37:21:63:f7:65:5a:2b:13:47:1e:a7:01:01:e7:0e:
                    ef:02:ac:21:fd:bd:aa:21:ef:b6:b6:4f:f5:c8:7f:
                    9f:e2:c3:c3:d0:c0:aa:81:fc:3d:77:3f:92:24:fc:
                    7b:e8:a0:88:f4:ed:10:a8:17:59:f7:a6:08:8d:38:
                    ce:d3:c9:b0:03:3b:0a:d2:21:6f:71:a4:36:37:da:
                    ad:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:8C:EE:85:81:86:DC:BD:56:05:C1:4E:E3:C9:63:03:CA:CD:04:A0
            X509v3 Authority Key Identifier:
                keyid:CD:B8:3C:FE:54:89:83:5F:29:4D:0A:F4:DD:4D:B6:E3:DC:25:F1:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/Q4zuhYGG3L1WBcFO48ljA8rNBKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.197.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         ac:16:73:44:23:ef:92:8a:86:43:4d:9a:90:3c:71:20:05:8a:
         7f:26:b8:34:a8:d6:63:b4:f7:29:01:2b:9e:00:14:32:7f:2e:
         a1:b3:70:06:09:d9:d9:e2:db:bb:e7:46:c8:6f:59:ea:85:3a:
         72:6f:e9:89:80:1d:38:93:00:f5:03:27:70:81:5d:42:6a:9e:
         23:c0:ab:80:18:dc:0f:b0:78:46:9d:18:a7:3a:d3:f8:92:aa:
         9c:c8:a6:6c:5e:54:f5:f2:12:69:cf:46:36:ff:67:be:fb:de:
         5f:2b:54:55:f6:80:4c:4a:ec:78:e4:28:9c:da:f2:d0:79:27:
         8f:8f:ba:54:5a:fd:e3:11:d9:e2:38:36:91:2e:f0:1b:3a:61:
         43:af:65:e3:4e:53:0a:2e:b6:b7:41:38:3b:cb:ce:a3:8e:7e:
         32:56:6c:94:2f:73:7c:00:01:0f:c1:e4:92:a3:68:e7:09:aa:
         69:9f:89:99:40:29:f9:5d:df:74:44:40:79:15:25:ee:29:a7:
         e8:fc:08:58:c9:5d:86:80:f1:5f:5d:a9:e4:b9:94:4f:ae:de:
         b1:c9:a6:ee:da:39:59:bf:5a:86:ec:f6:69:15:52:75:e3:f4:
         fd:95:fb:9f:69:fd:f2:6f:5c:6f:b1:fa:8d:7e:2e:6b:75:eb:
         c8:45:96:07
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAY149iwxli3QkdjNAnPfsSNmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYjgzY2ZlNTQ4OTgzNWYyOTRkMGFmNGRkNGRiNmUzZGMy
NWYxZjMwHhcNMjQwMjA1MTExMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzhjZWU4NTgxODZkY2JkNTYwNWMxNGVlM2M5NjMwM2NhY2QwNGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlPJJjMZz7+MbTNuO7NAG2mjPYSHv
Fcq4CQGZZH8Gr+uxDIP+bhwaGppv1oYYXNsCiJQqh56wogXCxX+vLWaLnGgj1//i
su7syC+dBbwJOyFkIY6+nVaadKLi2bzPOb9E411Jpk+z5EU7HC8R8WedUlxu2C2b
C6Af+gPgfSOzl6mOeB96J1ZqMhJ2ZbcG5sEG5Cvkosv8xvkyihZU7X6fHP8Evy55
to+8Jq2xGjGmXRx5Zng3IWP3ZVorE0cepwEB5w7vAqwh/b2qIe+2tk/1yH+f4sPD
0MCqgfw9dz+SJPx76KCI9O0QqBdZ96YIjTjO08mwAzsK0iFvcaQ2N9qtjwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFEOM7oWBhty9VgXBTuPJYwPKzQSgMB8GA1UdIwQY
MBaAFM24PP5UiYNfKU0K9N1NtuPcJfHzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemJnOF9sU0pnMThwVFFyMDNVMjI0OXdsOGZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS83Mzk3MTYtOWFmMi00N2Y1LWE2ZjEt
YTNiNzRmOTY0MWFjLzEvUTR6dWhZR0czTDFXQmNGTzQ4bGpBOHJOQktBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS83Mzk3MTYtOWFmMi00N2Y1LWE2ZjEtYTNiNzRmOTY0MWFj
LzEvemJnOF9sU0pnMThwVFFyMDNVMjI0OXdsOGZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAOcUwDQYJ
KoZIhvcNAQELBQADggEBAKwWc0Qj75KKhkNNmpA8cSAFin8muDSo1mO09ykBK54A
FDJ/LqGzcAYJ2dni27vnRshvWeqFOnJv6YmAHTiTAPUDJ3CBXUJqniPAq4AY3A+w
eEadGKc60/iSqpzIpmxeVPXyEmnPRjb/Z7773l8rVFX2gExK7HjkKJza8tB5J4+P
ulRa/eMR2eI4NpEu8Bs6YUOvZeNOUwoutrdBODvLzqOOfjJWbJQvc3wAAQ/B5JKj
aOcJqmmfiZlAKfld33REQHkVJe4pp+j8CFjJXYaA8V9dqeS5lE+u3rHJpu7aOVm/
Wobs9mkVUnXj9P2V+59p/fJvXG+x+o1+Lmt168hFlgc=
-----END CERTIFICATE-----