Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/72d48b-865a-4e6e-96f3-5768d37f7bb5/1/FodEnnOoVzy0vd61kGNgjFNBHdg.roa
File:                     FodEnnOoVzy0vd61kGNgjFNBHdg.roa (raw, json)
Hash identifier:          3WEfwm1M3YUOqWKCwi0jeppOb8WaIuF/FTiAFgHAbLQ=
Subject key identifier:   16:87:44:9E:73:A8:57:3C:B4:BD:DE:B5:90:63:60:8C:53:41:1D:D8
Certificate issuer:       /CN=f356cdd5a49ce6c42a9a35fa77b9727819688896
Certificate serial:       018F28E4ED4E0A1CA695D893871F372A573E
Authority key identifier: F3:56:CD:D5:A4:9C:E6:C4:2A:9A:35:FA:77:B9:72:78:19:68:88:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/81bN1aSc5sQqmjX6d7lyeBloiJY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/72d48b-865a-4e6e-96f3-5768d37f7bb5/1/FodEnnOoVzy0vd61kGNgjFNBHdg.roa
Signing time:             Mon 29 Apr 2024 08:07:22 +0000
ROA not before:           Mon 29 Apr 2024 08:07:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        2.57.1.0/24 maxlen: 24
                          134.99.0.0/16 maxlen: 16
                          134.99.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/72d48b-865a-4e6e-96f3-5768d37f7bb5/1/81bN1aSc5sQqmjX6d7lyeBloiJY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/72d48b-865a-4e6e-96f3-5768d37f7bb5/1/81bN1aSc5sQqmjX6d7lyeBloiJY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/81bN1aSc5sQqmjX6d7lyeBloiJY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:28:e4:ed:4e:0a:1c:a6:95:d8:93:87:1f:37:2a:57:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f356cdd5a49ce6c42a9a35fa77b9727819688896
        Validity
            Not Before: Apr 29 08:07:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1687449e73a8573cb4bddeb59063608c53411dd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:de:b5:e7:1d:4f:38:1c:36:7c:2d:4c:f4:88:
                    6c:c7:b0:1d:4d:ad:a8:be:ff:a2:80:8b:ff:61:1a:
                    22:fe:90:95:c2:b7:7f:55:dd:24:c3:55:3c:bd:60:
                    3b:5e:c8:21:d2:7d:9a:7a:7b:01:96:ba:ef:e6:1c:
                    2f:b6:55:09:e9:db:a1:eb:ae:5f:75:2c:6b:12:9c:
                    63:a3:50:2b:7c:f2:27:3c:c5:6d:58:9c:f2:97:65:
                    35:89:5b:ee:cf:76:1a:ae:0b:6d:ab:37:51:26:58:
                    76:6f:ed:fc:7a:af:8c:93:90:62:b6:74:b0:9f:20:
                    07:18:cc:44:ad:07:18:92:61:e5:51:be:56:6f:83:
                    2a:fe:30:8e:6c:d2:8c:0d:95:b4:77:7c:6c:3a:e8:
                    9d:df:cb:dc:a7:cc:83:7c:a8:47:2b:16:4c:59:7e:
                    40:c0:72:a9:15:52:ed:85:03:24:87:ef:5c:17:c9:
                    1e:a7:11:06:f6:77:81:9b:dc:29:b2:0d:dd:14:48:
                    d1:64:fc:dd:21:63:8c:c5:9d:63:b8:0b:6f:c9:6f:
                    b8:c6:45:38:95:8d:dc:56:8b:35:36:0c:86:ec:b7:
                    c5:4e:db:b0:d0:06:27:12:f6:f0:bb:5a:ba:42:26:
                    bb:8e:86:0f:78:72:55:8a:3c:93:d3:1a:bc:58:e9:
                    17:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:87:44:9E:73:A8:57:3C:B4:BD:DE:B5:90:63:60:8C:53:41:1D:D8
            X509v3 Authority Key Identifier:
                keyid:F3:56:CD:D5:A4:9C:E6:C4:2A:9A:35:FA:77:B9:72:78:19:68:88:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/81bN1aSc5sQqmjX6d7lyeBloiJY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/72d48b-865a-4e6e-96f3-5768d37f7bb5/1/FodEnnOoVzy0vd61kGNgjFNBHdg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/72d48b-865a-4e6e-96f3-5768d37f7bb5/1/81bN1aSc5sQqmjX6d7lyeBloiJY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.1.0/24
                  134.99.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         54:aa:30:28:7e:d8:bd:9e:d3:90:4a:0b:31:0d:b9:8b:29:16:
         6b:23:ae:1b:f8:6a:15:cc:73:55:da:6b:7a:bb:dd:64:56:2a:
         dd:37:46:98:1c:47:dd:f4:fe:e6:19:07:48:a8:b9:1b:13:3e:
         5a:80:8a:68:4e:7c:79:50:0f:5f:68:59:86:41:e0:e0:b0:62:
         e4:f8:aa:ea:a4:f7:00:5d:eb:da:fc:de:e5:af:c1:06:f9:04:
         4f:43:fb:a8:32:13:e6:ea:16:79:35:8e:4b:90:f4:23:67:5b:
         6a:9f:67:c1:1e:86:cc:f2:5e:fe:35:ac:17:95:12:a1:fd:ea:
         1c:92:a6:77:02:76:3a:04:1c:27:22:d0:1b:30:1b:21:da:3c:
         a3:9d:53:9e:fc:2d:ed:19:ad:8e:96:7c:41:88:96:a2:69:01:
         d5:36:a9:a3:e9:0d:61:ae:c3:56:97:9f:09:99:99:82:08:5f:
         df:4e:80:a3:58:72:c7:96:e6:5e:49:a7:6f:2d:49:0d:e2:b9:
         7a:89:d4:a9:b3:5d:82:fc:f7:d1:38:7e:8d:cb:63:72:4a:f0:
         79:2f:a9:37:1a:7e:f9:64:1b:be:d2:fc:86:c6:ae:b3:ac:70:
         4c:75:a3:24:bb:96:f9:fd:3e:fa:51:b2:aa:09:f2:df:e1:58:
         c6:3a:7d:cc
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAY8o5O1OChymldiThx83Klc+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzNTZjZGQ1YTQ5Y2U2YzQyYTlhMzVmYTc3Yjk3Mjc4MTk2
ODg4OTYwHhcNMjQwNDI5MDgwNzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjg3NDQ5ZTczYTg1NzNjYjRiZGRlYjU5MDYzNjA4YzUzNDExZGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1t615x1POBw2fC1M9Ihsx7AdTa2o
vv+igIv/YRoi/pCVwrd/Vd0kw1U8vWA7Xsgh0n2aensBlrrv5hwvtlUJ6duh665f
dSxrEpxjo1ArfPInPMVtWJzyl2U1iVvuz3YargttqzdRJlh2b+38eq+Mk5BitnSw
nyAHGMxErQcYkmHlUb5Wb4Mq/jCObNKMDZW0d3xsOuid38vcp8yDfKhHKxZMWX5A
wHKpFVLthQMkh+9cF8kepxEG9neBm9wpsg3dFEjRZPzdIWOMxZ1juAtvyW+4xkU4
lY3cVos1NgyG7LfFTtuw0AYnEvbwu1q6Qia7joYPeHJVijyT0xq8WOkXqQIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFBaHRJ5zqFc8tL3etZBjYIxTQR3YMB8GA1UdIwQY
MBaAFPNWzdWknObEKpo1+ne5cngZaIiWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODFiTjFhU2M1c1FxbWpYNmQ3bHllQmxvaUpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni83MmQ0OGItODY1YS00ZTZlLTk2ZjMt
NTc2OGQzN2Y3YmI1LzEvRm9kRW5uT29WenkwdmQ2MWtHTmdqRk5CSGRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni83MmQ0OGItODY1YS00ZTZlLTk2ZjMtNTc2OGQzN2Y3YmI1
LzEvODFiTjFhU2M1c1FxbWpYNmQ3bHllQmxvaUpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwQAAjkBAwMA
hmMwDQYJKoZIhvcNAQELBQADggEBAFSqMCh+2L2e05BKCzENuYspFmsjrhv4ahXM
c1Xaa3q73WRWKt03RpgcR930/uYZB0iouRsTPlqAimhOfHlQD19oWYZB4OCwYuT4
quqk9wBd69r83uWvwQb5BE9D+6gyE+bqFnk1jkuQ9CNnW2qfZ8EehszyXv41rBeV
EqH96hySpncCdjoEHCci0BswGyHaPKOdU578Le0ZrY6WfEGIlqJpAdU2qaPpDWGu
w1aXnwmZmYIIX99OgKNYcseW5l5Jp28tSQ3iuXqJ1KmzXYL899E4fo3LY3JK8Hkv
qTcafvlkG77S/IbGrrOscEx1oyS7lvn9PvpRsqoJ8t/hWMY6fcw=
-----END CERTIFICATE-----