Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/totEAJbwgqrbxhgDKUXp2mBz-CM.roa
File:                     totEAJbwgqrbxhgDKUXp2mBz-CM.roa (raw, json)
Hash identifier:          NlDd0SbheBjrsiHdl/v3fEusRqr4u/br7d/d0DHvJCo=
Subject key identifier:   B6:8B:44:00:96:F0:82:AA:DB:C6:18:03:29:45:E9:DA:60:73:F8:23
Certificate issuer:       /CN=cdb83cfe5489835f294d0af4dd4db6e3dc25f1f3
Certificate serial:       018CC8015442FEAE735055AD686A47A6BA21
Authority key identifier: CD:B8:3C:FE:54:89:83:5F:29:4D:0A:F4:DD:4D:B6:E3:DC:25:F1:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/totEAJbwgqrbxhgDKUXp2mBz-CM.roa
Signing time:             Tue 02 Jan 2024 02:29:39 +0000
ROA not before:           Tue 02 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     17558
IP address blocks:        57.197.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:54:42:fe:ae:73:50:55:ad:68:6a:47:a6:ba:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdb83cfe5489835f294d0af4dd4db6e3dc25f1f3
        Validity
            Not Before: Jan  2 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b68b440096f082aadbc618032945e9da6073f823
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:6d:78:6f:ff:de:16:cb:22:c7:1b:0e:db:05:
                    76:c7:3f:e7:05:42:88:1f:ed:35:db:cb:ce:b9:da:
                    21:5f:86:8b:1f:f1:a3:21:5e:f3:52:39:4a:0d:f4:
                    7d:05:51:90:f2:06:07:45:55:80:a5:13:a8:91:6d:
                    24:3b:aa:87:1f:cb:7b:3e:75:33:eb:fc:3b:08:be:
                    65:26:ec:fc:24:76:e4:76:03:f2:5d:ce:a3:ee:4a:
                    40:c0:f8:68:29:74:7f:87:89:dc:c9:16:50:60:98:
                    7a:c8:d3:65:76:84:63:5b:58:e9:dc:50:67:eb:63:
                    3f:8e:a4:df:00:05:f9:c4:9e:e3:e1:9a:c1:ae:3b:
                    f7:0a:8b:c1:1e:3e:67:e1:6a:fe:76:51:bb:89:83:
                    f2:45:f0:a4:a6:3f:5a:0f:09:8c:16:80:b6:15:3e:
                    4f:cb:3d:d3:77:df:93:64:b6:ab:8b:92:d6:ae:4f:
                    42:54:a8:b0:80:6e:3b:58:53:70:b1:8a:bf:08:f7:
                    ca:67:2c:74:3b:b3:2f:1e:50:75:79:d7:ca:3a:b6:
                    75:ad:d0:12:de:65:62:3c:ee:fa:c8:07:6b:b9:0c:
                    2f:ee:1c:ee:c8:80:87:f6:1e:18:e8:bf:c4:02:fa:
                    76:fa:97:b3:e7:04:9b:86:37:03:09:87:3a:67:00:
                    ac:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:8B:44:00:96:F0:82:AA:DB:C6:18:03:29:45:E9:DA:60:73:F8:23
            X509v3 Authority Key Identifier:
                keyid:CD:B8:3C:FE:54:89:83:5F:29:4D:0A:F4:DD:4D:B6:E3:DC:25:F1:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/totEAJbwgqrbxhgDKUXp2mBz-CM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.197.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a1:9e:19:4c:28:03:95:3e:e4:e7:dc:60:4c:2c:c7:8c:4d:02:
         6a:c4:a9:41:cc:9d:29:8e:09:96:a7:89:c1:5e:c1:2f:12:2e:
         5f:72:e0:7d:00:b5:47:3e:8f:26:8b:6d:11:56:0d:97:1b:62:
         1f:91:49:ef:ff:e9:9b:ff:3d:99:60:85:4a:5f:50:e3:26:63:
         42:d2:7e:a5:46:ba:24:ee:81:15:ac:bf:61:b7:51:a9:9b:55:
         4a:48:4c:5a:05:b0:49:2f:4b:8d:3d:a4:cd:a5:c4:81:54:90:
         e3:b0:27:a0:cc:7e:42:15:ed:14:e1:0a:22:ba:48:09:14:72:
         85:1a:9d:03:3d:02:7d:fe:f1:4f:15:ab:a6:fe:43:54:bb:3a:
         60:09:4d:9a:32:67:db:76:5f:8a:d0:55:a4:9f:68:92:92:d1:
         ab:f3:2a:17:d3:b3:b7:d4:2f:aa:10:57:15:34:5c:ef:99:6d:
         14:f7:76:ef:d1:f5:88:14:74:69:bc:6e:cb:d3:1b:d7:41:aa:
         3a:e1:ac:1d:3c:59:18:25:94:46:5e:e1:5d:d3:02:12:02:e1:
         2d:3e:db:f4:5f:a7:e1:75:e3:2e:d6:33:93:7f:53:36:44:a0:
         5a:bf:4b:2e:e3:8a:5b:57:49:4c:e6:66:d5:0b:11:2e:38:8c:
         8a:e1:67:33
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzIAVRC/q5zUFWtaGpHprohMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYjgzY2ZlNTQ4OTgzNWYyOTRkMGFmNGRkNGRiNmUzZGMy
NWYxZjMwHhcNMjQwMTAyMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjhiNDQwMDk2ZjA4MmFhZGJjNjE4MDMyOTQ1ZTlkYTYwNzNmODIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhm14b//eFssixxsO2wV2xz/nBUKI
H+0128vOudohX4aLH/GjIV7zUjlKDfR9BVGQ8gYHRVWApROokW0kO6qHH8t7PnUz
6/w7CL5lJuz8JHbkdgPyXc6j7kpAwPhoKXR/h4ncyRZQYJh6yNNldoRjW1jp3FBn
62M/jqTfAAX5xJ7j4ZrBrjv3CovBHj5n4Wr+dlG7iYPyRfCkpj9aDwmMFoC2FT5P
yz3Td9+TZLari5LWrk9CVKiwgG47WFNwsYq/CPfKZyx0O7MvHlB1edfKOrZ1rdAS
3mViPO76yAdruQwv7hzuyICH9h4Y6L/EAvp2+pez5wSbhjcDCYc6ZwCsOQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFLaLRACW8IKq28YYAylF6dpgc/gjMB8GA1UdIwQY
MBaAFM24PP5UiYNfKU0K9N1NtuPcJfHzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemJnOF9sU0pnMThwVFFyMDNVMjI0OXdsOGZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS83Mzk3MTYtOWFmMi00N2Y1LWE2ZjEt
YTNiNzRmOTY0MWFjLzEvdG90RUFKYndncXJieGhnREtVWHAybUJ6LUNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS83Mzk3MTYtOWFmMi00N2Y1LWE2ZjEtYTNiNzRmOTY0MWFj
LzEvemJnOF9sU0pnMThwVFFyMDNVMjI0OXdsOGZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAOcUwDQYJ
KoZIhvcNAQELBQADggEBAKGeGUwoA5U+5OfcYEwsx4xNAmrEqUHMnSmOCZanicFe
wS8SLl9y4H0AtUc+jyaLbRFWDZcbYh+RSe//6Zv/PZlghUpfUOMmY0LSfqVGuiTu
gRWsv2G3UambVUpITFoFsEkvS409pM2lxIFUkOOwJ6DMfkIV7RThCiK6SAkUcoUa
nQM9An3+8U8Vq6b+Q1S7OmAJTZoyZ9t2X4rQVaSfaJKS0avzKhfTs7fUL6oQVxU0
XO+ZbRT3du/R9YgUdGm8bsvTG9dBqjrhrB08WRgllEZe4V3TAhIC4S0+2/Rfp+F1
4y7WM5N/UzZEoFq/Sy7jiltXSUzmZtULES44jIrhZzM=
-----END CERTIFICATE-----