Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/a_gWGAH_HkQq48s4xebSJs8e9SM.roa
File:                     a_gWGAH_HkQq48s4xebSJs8e9SM.roa (raw, json)
Hash identifier:          /PN+oDh7g+uIG4/Jaj9EAzn6xGtetecKxsI53eVsu+k=
Subject key identifier:   6B:F8:16:18:01:FF:1E:44:2A:E3:CB:38:C5:E6:D2:26:CF:1E:F5:23
Certificate issuer:       /CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
Certificate serial:       019472D9033C53AD4D65DE01A2D9DADAF735
Authority key identifier: 8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/a_gWGAH_HkQq48s4xebSJs8e9SM.roa
Signing time:             Fri 17 Jan 2025 06:00:12 +0000
ROA not before:           Fri 17 Jan 2025 06:00:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396356
IP address blocks:        2.57.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 21:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:72:d9:03:3c:53:ad:4d:65:de:01:a2:d9:da:da:f7:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
        Validity
            Not Before: Jan 17 06:00:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6bf8161801ff1e442ae3cb38c5e6d226cf1ef523
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:1d:1b:1d:d7:1e:a3:26:b6:da:5a:d1:a7:6a:
                    71:45:4e:b2:09:b8:36:99:5e:4d:74:06:e5:d7:09:
                    cf:d2:31:ad:0d:51:43:01:ac:c3:e8:01:87:26:83:
                    76:65:02:7b:b9:d3:65:e2:19:8b:88:17:82:41:d6:
                    2d:1c:f9:62:cf:af:fe:65:34:38:c2:6f:f9:fc:9b:
                    04:4d:c3:5f:81:3b:7d:60:72:61:41:24:55:fa:88:
                    c1:dc:7d:9c:47:16:e0:15:0c:87:27:2d:7b:8f:de:
                    5a:fe:33:b7:89:e0:9d:ad:37:b9:d6:3f:58:77:89:
                    24:3a:ff:37:ae:19:d0:b3:f8:be:de:ca:bf:a5:bc:
                    ba:b0:f6:c2:ed:ba:a4:f3:ef:e9:39:49:42:3e:14:
                    26:62:8a:e0:5c:2e:41:20:e6:e1:13:83:ad:4f:c7:
                    8a:68:20:ed:42:8a:0f:95:91:4b:2c:b3:33:07:c4:
                    8a:54:c9:d7:d9:75:dc:49:77:59:e2:88:a3:f1:c3:
                    31:6e:37:aa:df:69:72:7e:94:bd:4f:78:c5:dd:19:
                    e8:e1:9c:b6:9d:6d:9e:12:cd:f5:2d:1a:75:a5:11:
                    ed:2d:2e:fb:fd:61:32:2a:66:96:82:6c:ab:fd:56:
                    dd:ef:10:c1:37:fb:5d:6e:09:2b:00:57:7a:7d:4b:
                    96:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:F8:16:18:01:FF:1E:44:2A:E3:CB:38:C5:E6:D2:26:CF:1E:F5:23
            X509v3 Authority Key Identifier:
                keyid:8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/a_gWGAH_HkQq48s4xebSJs8e9SM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:b0:44:62:d4:82:1a:cb:9b:b7:41:86:fe:fb:60:09:cc:1f:
         66:c3:78:97:1d:56:a1:91:65:31:5d:09:d6:b6:ae:bc:19:01:
         7e:07:06:df:a4:fb:8c:4a:a9:f4:b8:8d:6b:de:eb:50:6d:ac:
         2f:f5:47:7d:55:0c:56:19:59:fc:c9:fd:92:77:2a:22:9e:42:
         07:47:28:f9:e9:87:9a:62:d5:a2:b3:03:64:55:73:17:d7:bf:
         57:86:43:79:eb:03:cf:ee:20:1a:65:e8:59:c0:5c:8d:88:67:
         72:9d:dd:12:d8:7c:a4:5e:26:f7:ad:ff:23:4e:d8:b6:ab:3f:
         6c:12:af:b6:80:fb:00:22:df:35:27:2e:00:cc:a7:00:5a:4c:
         fe:f7:e3:82:b9:b0:fe:89:da:1c:39:ca:a4:3e:31:ee:b8:e7:
         44:26:09:30:9c:e2:c8:08:e4:00:61:64:a9:db:0f:10:78:fb:
         5c:d0:b5:5a:a0:9f:21:b9:a6:29:8d:68:29:b6:bd:50:3e:9f:
         4d:91:3f:76:d0:7b:c5:68:e8:a8:ba:98:31:7c:7c:9b:96:19:
         df:c9:a6:c8:fc:f1:3c:3a:55:b0:70:80:29:00:4a:d7:ce:69:
         2c:86:d2:b1:65:87:5e:3f:6f:c0:88:c1:6a:72:79:1d:32:25:
         6b:3e:aa:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRy2QM8U61NZd4Botna2vc1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmYzY5NjQ2NDU3YThiZjhlZjk1NjliOWI0MjdlOWYyYzQ2
MmU1NmUwHhcNMjUwMTE3MDYwMDEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmY4MTYxODAxZmYxZTQ0MmFlM2NiMzhjNWU2ZDIyNmNmMWVmNTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqx0bHdceoya22lrRp2pxRU6yCbg2
mV5NdAbl1wnP0jGtDVFDAazD6AGHJoN2ZQJ7udNl4hmLiBeCQdYtHPliz6/+ZTQ4
wm/5/JsETcNfgTt9YHJhQSRV+ojB3H2cRxbgFQyHJy17j95a/jO3ieCdrTe51j9Y
d4kkOv83rhnQs/i+3sq/pby6sPbC7bqk8+/pOUlCPhQmYorgXC5BIObhE4OtT8eK
aCDtQooPlZFLLLMzB8SKVMnX2XXcSXdZ4oij8cMxbjeq32lyfpS9T3jF3Rno4Zy2
nW2eEs31LRp1pRHtLS77/WEyKmaWgmyr/Vbd7xDBN/tdbgkrAFd6fUuW5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGv4FhgB/x5EKuPLOMXm0ibPHvUjMB8GA1UdIwQY
MBaAFI/GlkZFeov475VpubQn6fLEYuVuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTkt
YjBiMzVhMzRlMzg4LzEvYV9nV0dBSF9Ia1FxNDhzNHhlYlNKczhlOVNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTktYjBiMzVhMzRlMzg4
LzEvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjmoMA0G
CSqGSIb3DQEBCwUAA4IBAQAvsERi1IIay5u3QYb++2AJzB9mw3iXHVahkWUxXQnW
tq68GQF+BwbfpPuMSqn0uI1r3utQbawv9Ud9VQxWGVn8yf2SdyoinkIHRyj56Yea
YtWiswNkVXMX179XhkN56wPP7iAaZehZwFyNiGdynd0S2HykXib3rf8jTti2qz9s
Eq+2gPsAIt81Jy4AzKcAWkz+9+OCubD+idocOcqkPjHuuOdEJgkwnOLICOQAYWSp
2w8QePtc0LVaoJ8huaYpjWgptr1QPp9NkT920HvFaOioupgxfHyblhnfyabI/PE8
OlWwcIApAErXzmkshtKxZYdeP2/AiMFqcnkdMiVrPqqD
-----END CERTIFICATE-----