Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/G-tJbQNhYWi2bxA3l-1ypOyN93U.roa
File:                     G-tJbQNhYWi2bxA3l-1ypOyN93U.roa (raw, json)
Hash identifier:          mk2EDR8kJOQ2u8TvlylIA/NlXKa28TNZvc6ll9JkDF8=
Subject key identifier:   1B:EB:49:6D:03:61:61:68:B6:6F:10:37:97:ED:72:A4:EC:8D:F7:75
Certificate issuer:       /CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
Certificate serial:       018CC26D2CF8274F7B8BE64027C39858D0F3
Authority key identifier: 8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/G-tJbQNhYWi2bxA3l-1ypOyN93U.roa
Signing time:             Mon 01 Jan 2024 00:29:43 +0000
ROA not before:           Mon 01 Jan 2024 00:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62240
IP address blocks:        2.57.168.0/24 maxlen: 24
                          45.8.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2c:f8:27:4f:7b:8b:e6:40:27:c3:98:58:d0:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
        Validity
            Not Before: Jan  1 00:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1beb496d03616168b66f103797ed72a4ec8df775
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:12:e0:a6:07:89:17:c0:76:8b:24:ec:8f:34:
                    2d:ee:27:b3:a1:a7:ba:15:e4:78:7a:2d:d9:cd:6d:
                    fe:e0:84:7d:cb:22:20:0c:c9:21:28:cd:d1:a5:78:
                    3d:01:13:f8:3c:72:ea:70:62:9b:2c:71:75:80:09:
                    2d:09:33:d0:38:ed:a7:9e:cd:af:d1:6c:b2:8b:cf:
                    3f:15:73:53:15:d6:36:d3:8f:4a:47:ac:93:1a:7b:
                    ff:f7:9c:7b:84:67:91:65:ea:e6:a7:99:3e:78:1f:
                    2b:5d:71:0e:20:a4:7c:0f:c0:19:91:fc:cd:e8:1a:
                    8d:8f:35:7b:1f:32:24:d1:b7:4e:97:2f:5e:67:3c:
                    e9:7b:b5:15:fd:83:2a:bc:82:33:8b:79:a3:94:15:
                    66:17:9d:90:8b:57:cf:26:00:c1:a5:f9:33:5a:76:
                    57:13:6c:c4:6c:ec:57:bb:9c:12:9a:f7:20:8d:bc:
                    ee:d9:2e:44:29:61:1c:14:c3:42:c0:f1:1a:58:bf:
                    78:46:a6:81:56:8c:d5:d7:99:9b:82:3f:d0:e4:ce:
                    6e:54:cb:92:d2:09:41:ee:3b:91:b1:9b:38:9d:70:
                    74:e3:bb:a1:05:3c:4b:24:ac:73:ec:ee:f4:51:66:
                    e4:08:7b:2a:20:b1:e1:ce:37:03:b5:b6:e6:af:d9:
                    92:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:EB:49:6D:03:61:61:68:B6:6F:10:37:97:ED:72:A4:EC:8D:F7:75
            X509v3 Authority Key Identifier:
                keyid:8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/G-tJbQNhYWi2bxA3l-1ypOyN93U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.168.0/24
                  45.8.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:7e:c1:2b:92:55:54:57:37:11:5f:ae:6c:07:f6:33:0b:c0:
         f7:90:17:a0:26:6d:86:22:90:ed:e3:a9:05:ff:8b:e1:28:57:
         7e:65:e6:ba:0d:aa:68:3d:d1:90:17:42:7e:6e:53:9a:5d:76:
         62:33:c9:65:9a:bc:92:55:bf:b7:42:6f:51:da:b1:ed:1f:40:
         e0:ea:84:ef:ff:06:f5:4f:8c:37:71:54:41:93:f8:49:de:1a:
         7d:3f:b3:85:0e:b4:b2:4d:3f:d0:02:73:7a:14:b1:74:d3:12:
         e5:2f:e0:83:a7:ce:af:e2:e3:d3:21:6d:73:3b:8d:c5:e3:56:
         30:9d:5b:93:c5:20:eb:fe:e3:b2:49:1c:25:6e:75:27:84:48:
         f4:a3:fa:b8:47:a6:b2:75:13:b0:6e:03:58:c2:f8:6b:d9:a1:
         d0:f0:20:6b:b0:77:8c:33:4e:96:c1:d8:d1:48:9e:d6:1e:a4:
         60:3e:5c:9d:fe:fd:86:59:27:48:ed:50:44:f4:94:b4:8b:ba:
         d3:84:ba:8b:9e:72:4f:3c:93:32:2b:a8:43:87:fa:3d:15:81:
         65:9d:01:81:bb:4d:7a:9d:98:43:df:14:0d:95:bc:0d:24:d1:
         4d:49:ae:11:16:55:d1:74:b2:94:6b:db:40:89:bc:58:29:ae:
         67:93:f0:42
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbSz4J097i+ZAJ8OYWNDzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmYzY5NjQ2NDU3YThiZjhlZjk1NjliOWI0MjdlOWYyYzQ2
MmU1NmUwHhcNMjQwMTAxMDAyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmViNDk2ZDAzNjE2MTY4YjY2ZjEwMzc5N2VkNzJhNGVjOGRmNzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjhLgpgeJF8B2iyTsjzQt7iezoae6
FeR4ei3ZzW3+4IR9yyIgDMkhKM3RpXg9ARP4PHLqcGKbLHF1gAktCTPQOO2nns2v
0Wyyi88/FXNTFdY2049KR6yTGnv/95x7hGeRZermp5k+eB8rXXEOIKR8D8AZkfzN
6BqNjzV7HzIk0bdOly9eZzzpe7UV/YMqvIIzi3mjlBVmF52Qi1fPJgDBpfkzWnZX
E2zEbOxXu5wSmvcgjbzu2S5EKWEcFMNCwPEaWL94RqaBVozV15mbgj/Q5M5uVMuS
0glB7juRsZs4nXB047uhBTxLJKxz7O70UWbkCHsqILHhzjcDtbbmr9mSGQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBvrSW0DYWFotm8QN5ftcqTsjfd1MB8GA1UdIwQY
MBaAFI/GlkZFeov475VpubQn6fLEYuVuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTkt
YjBiMzVhMzRlMzg4LzEvRy10SmJRTmhZV2kyYnhBM2wtMXlwT3lOOTNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTktYjBiMzVhMzRlMzg4
LzEvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAjmoAwQA
LQgRMA0GCSqGSIb3DQEBCwUAA4IBAQAZfsErklVUVzcRX65sB/YzC8D3kBegJm2G
IpDt46kF/4vhKFd+Zea6DapoPdGQF0J+blOaXXZiM8llmrySVb+3Qm9R2rHtH0Dg
6oTv/wb1T4w3cVRBk/hJ3hp9P7OFDrSyTT/QAnN6FLF00xLlL+CDp86v4uPTIW1z
O43F41YwnVuTxSDr/uOySRwlbnUnhEj0o/q4R6aydROwbgNYwvhr2aHQ8CBrsHeM
M06WwdjRSJ7WHqRgPlyd/v2GWSdI7VBE9JS0i7rThLqLnnJPPJMyK6hDh/o9FYFl
nQGBu016nZhD3xQNlbwNJNFNSa4RFlXRdLKUa9tAibxYKa5nk/BC
-----END CERTIFICATE-----