Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/c6a4fe-a760-4c4c-81b0-53ab88c5f2c7/1/Ka3HejSq4qvX4KqNVhrAUuPQojs.roa
File:                     Ka3HejSq4qvX4KqNVhrAUuPQojs.roa (raw, json)
Hash identifier:          HHksO87XDx+EWnzXkG0QJphT7lPQ/e3IuQzCYujPgFU=
Subject key identifier:   29:AD:C7:7A:34:AA:E2:AB:D7:E0:AA:8D:56:1A:C0:52:E3:D0:A2:3B
Certificate issuer:       /CN=f7f4902d240b25d7eb77f4f02e24f233f44a9a13
Certificate serial:       018CC94D7EBE48CBF1721E058F2ECD7F19FF
Authority key identifier: F7:F4:90:2D:24:0B:25:D7:EB:77:F4:F0:2E:24:F2:33:F4:4A:9A:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9_SQLSQLJdfrd_TwLiTyM_RKmhM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/c6a4fe-a760-4c4c-81b0-53ab88c5f2c7/1/Ka3HejSq4qvX4KqNVhrAUuPQojs.roa
Signing time:             Tue 02 Jan 2024 08:32:28 +0000
ROA not before:           Tue 02 Jan 2024 08:32:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201985
IP address blocks:        185.57.16.0/24 maxlen: 24
                          185.57.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/c6a4fe-a760-4c4c-81b0-53ab88c5f2c7/1/9_SQLSQLJdfrd_TwLiTyM_RKmhM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/c6a4fe-a760-4c4c-81b0-53ab88c5f2c7/1/9_SQLSQLJdfrd_TwLiTyM_RKmhM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9_SQLSQLJdfrd_TwLiTyM_RKmhM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 11:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:7e:be:48:cb:f1:72:1e:05:8f:2e:cd:7f:19:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7f4902d240b25d7eb77f4f02e24f233f44a9a13
        Validity
            Not Before: Jan  2 08:32:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29adc77a34aae2abd7e0aa8d561ac052e3d0a23b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:d6:2f:9f:75:0e:17:5b:39:89:36:48:72:bf:
                    04:06:4b:22:8c:3d:a2:81:49:cd:b2:eb:05:1d:7d:
                    24:0d:57:9a:00:b7:1a:30:20:d9:5d:ab:1b:f2:52:
                    f6:68:c5:ea:8b:c2:9d:dc:c2:96:59:ac:f9:89:56:
                    2e:22:56:7c:64:81:0d:65:a6:c6:e2:7a:7c:9f:5f:
                    e7:75:0d:01:1a:4d:be:59:b8:e2:f1:33:1a:ea:79:
                    46:00:4d:61:63:5a:c8:75:3f:39:23:f1:99:1b:fd:
                    da:07:a9:1d:28:ee:14:db:4f:05:f0:c8:c2:46:85:
                    da:ce:ab:ce:cb:df:3b:de:c4:82:53:d7:d6:f3:a3:
                    ff:57:fb:4b:cf:ae:8e:c6:c2:2d:58:34:52:1a:b1:
                    51:ae:b0:12:5b:2f:ee:2b:f4:00:5c:2c:a8:b2:00:
                    9a:7e:b6:54:2a:76:2d:b5:ac:42:76:f5:c2:7c:a4:
                    10:26:07:01:d2:a0:d4:5c:6c:49:d8:58:3c:fb:9a:
                    8f:66:59:13:c7:c4:57:d9:84:4b:ec:f3:89:1f:58:
                    7b:b5:61:24:b5:84:5b:0d:ff:5b:05:00:40:01:b6:
                    85:f9:2c:62:f5:6b:8c:9d:e9:2a:6e:d2:ad:6e:a5:
                    fb:34:3e:2c:82:ef:68:e4:03:66:33:40:87:70:1d:
                    c5:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:AD:C7:7A:34:AA:E2:AB:D7:E0:AA:8D:56:1A:C0:52:E3:D0:A2:3B
            X509v3 Authority Key Identifier:
                keyid:F7:F4:90:2D:24:0B:25:D7:EB:77:F4:F0:2E:24:F2:33:F4:4A:9A:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9_SQLSQLJdfrd_TwLiTyM_RKmhM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/c6a4fe-a760-4c4c-81b0-53ab88c5f2c7/1/Ka3HejSq4qvX4KqNVhrAUuPQojs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/c6a4fe-a760-4c4c-81b0-53ab88c5f2c7/1/9_SQLSQLJdfrd_TwLiTyM_RKmhM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.57.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         38:1d:b6:1a:95:6c:6d:8c:71:5a:aa:98:b1:27:97:5a:f3:5a:
         9d:cf:85:f2:32:49:3e:58:44:e6:27:17:26:6e:e3:ba:55:68:
         c2:e2:41:a9:cf:1d:ea:35:a9:df:89:09:f5:19:13:09:6d:79:
         44:6f:bb:53:0c:f2:5d:f4:4c:2a:7f:d8:c0:f4:e6:c0:33:68:
         ed:75:66:d8:b0:52:05:f9:52:08:8e:dc:6a:cf:7b:02:18:ed:
         a9:67:da:c3:b7:f0:f9:0c:15:c5:c8:ca:12:48:c1:a0:ca:a9:
         ac:5a:56:6b:fd:1d:e9:a5:fa:8c:1c:33:d8:90:61:06:1d:ad:
         38:94:3b:51:75:e6:4f:b6:99:22:3c:4c:4d:9e:3d:3e:e9:3a:
         6c:9b:a7:bf:4d:86:5e:a0:b9:0e:b8:6a:4a:e1:b2:b0:8b:f1:
         38:cf:c0:e5:b8:5e:0a:b5:2f:00:18:cb:6a:ed:c6:f5:0b:2e:
         46:2b:8d:cd:12:53:c8:4c:ef:60:d5:d7:72:84:e6:ef:98:07:
         ab:fd:12:9f:47:17:ef:62:ae:1e:e5:9f:de:6d:f9:0f:f3:dc:
         78:d4:29:6e:dc:8e:01:ed:5d:d5:b1:a7:26:13:72:bd:5d:8f:
         63:d6:3b:0e:08:3b:c6:6a:c4:e6:bf:dd:9f:18:55:1e:22:ec:
         bc:27:f5:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTX6+SMvxch4Fjy7Nfxn/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3ZjQ5MDJkMjQwYjI1ZDdlYjc3ZjRmMDJlMjRmMjMzZjQ0
YTlhMTMwHhcNMjQwMTAyMDgzMjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWFkYzc3YTM0YWFlMmFiZDdlMGFhOGQ1NjFhYzA1MmUzZDBhMjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9Yvn3UOF1s5iTZIcr8EBksijD2i
gUnNsusFHX0kDVeaALcaMCDZXasb8lL2aMXqi8Kd3MKWWaz5iVYuIlZ8ZIENZabG
4np8n1/ndQ0BGk2+Wbji8TMa6nlGAE1hY1rIdT85I/GZG/3aB6kdKO4U208F8MjC
RoXazqvOy9873sSCU9fW86P/V/tLz66OxsItWDRSGrFRrrASWy/uK/QAXCyosgCa
frZUKnYttaxCdvXCfKQQJgcB0qDUXGxJ2Fg8+5qPZlkTx8RX2YRL7POJH1h7tWEk
tYRbDf9bBQBAAbaF+Sxi9WuMnekqbtKtbqX7ND4sgu9o5ANmM0CHcB3FAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCmtx3o0quKr1+CqjVYawFLj0KI7MB8GA1UdIwQY
MBaAFPf0kC0kCyXX63f08C4k8jP0SpoTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOV9TUUxTUUxKZGZyZF9Ud0xpVHlNX1JLbWhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9jNmE0ZmUtYTc2MC00YzRjLTgxYjAt
NTNhYjg4YzVmMmM3LzEvS2EzSGVqU3E0cXZYNEtxTlZockFVdVBRb2pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9jNmE0ZmUtYTc2MC00YzRjLTgxYjAtNTNhYjg4YzVmMmM3
LzEvOV9TUUxTUUxKZGZyZF9Ud0xpVHlNX1JLbWhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuTkQMA0G
CSqGSIb3DQEBCwUAA4IBAQA4HbYalWxtjHFaqpixJ5da81qdz4XyMkk+WETmJxcm
buO6VWjC4kGpzx3qNanfiQn1GRMJbXlEb7tTDPJd9Ewqf9jA9ObAM2jtdWbYsFIF
+VIIjtxqz3sCGO2pZ9rDt/D5DBXFyMoSSMGgyqmsWlZr/R3ppfqMHDPYkGEGHa04
lDtRdeZPtpkiPExNnj0+6Tpsm6e/TYZeoLkOuGpK4bKwi/E4z8DluF4KtS8AGMtq
7cb1Cy5GK43NElPITO9g1ddyhObvmAer/RKfRxfvYq4e5Z/ebfkP89x41Clu3I4B
7V3VsacmE3K9XY9j1jsOCDvGasTmv92fGFUeIuy8J/US
-----END CERTIFICATE-----