Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/3dae71-1acf-4196-9608-9531d24e0610/1/Ov57MM8T8KVvMao4CF-do6UM1C0.roa
File:                     Ov57MM8T8KVvMao4CF-do6UM1C0.roa (raw, json)
Hash identifier:          Jyj8nurCSO/XRCHe81fcm9O69FbSYyyReqb9kYs6qnk=
Subject key identifier:   3A:FE:7B:30:CF:13:F0:A5:6F:31:AA:38:08:5F:9D:A3:A5:0C:D4:2D
Certificate issuer:       /CN=ca3b86e65470f994dfa6d6fee8e264db62e24af9
Certificate serial:       018F61E7DEBE25AF896554D18F72C9CADD6D
Authority key identifier: CA:3B:86:E6:54:70:F9:94:DF:A6:D6:FE:E8:E2:64:DB:62:E2:4A:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yjuG5lRw-ZTfptb-6OJk22LiSvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/3dae71-1acf-4196-9608-9531d24e0610/1/Ov57MM8T8KVvMao4CF-do6UM1C0.roa
Signing time:             Fri 10 May 2024 09:48:56 +0000
ROA not before:           Fri 10 May 2024 09:48:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62077
IP address blocks:        2.57.212.0/24 maxlen: 24
                          185.33.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/3dae71-1acf-4196-9608-9531d24e0610/1/yjuG5lRw-ZTfptb-6OJk22LiSvk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/3dae71-1acf-4196-9608-9531d24e0610/1/yjuG5lRw-ZTfptb-6OJk22LiSvk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yjuG5lRw-ZTfptb-6OJk22LiSvk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:61:e7:de:be:25:af:89:65:54:d1:8f:72:c9:ca:dd:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca3b86e65470f994dfa6d6fee8e264db62e24af9
        Validity
            Not Before: May 10 09:48:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3afe7b30cf13f0a56f31aa38085f9da3a50cd42d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:80:15:17:74:8a:11:68:06:50:85:a1:a2:7a:
                    1b:fd:d3:c7:0b:d3:8f:35:58:22:c1:5b:22:bf:af:
                    8a:08:f1:bb:13:f6:7f:c8:57:0f:10:f2:08:25:cd:
                    fa:79:c5:4f:ea:08:70:bb:7f:f9:c9:36:34:74:3e:
                    0d:29:c4:56:04:98:e7:8b:7b:33:69:56:47:74:d4:
                    ac:86:fa:79:3c:0b:b3:1e:21:14:f9:d8:94:e6:83:
                    f6:b0:a6:fe:7a:bb:5e:9f:1b:d0:04:52:9a:56:05:
                    10:08:d3:97:10:64:0b:bf:43:34:b0:c2:63:6e:5f:
                    59:bc:af:1b:1d:d4:a6:80:67:17:f8:1e:87:a9:18:
                    ad:c5:f9:fd:37:0d:95:47:8a:6f:f3:a4:e1:98:f7:
                    69:94:06:0c:c4:79:cc:07:74:9e:bf:35:1d:63:5a:
                    23:2b:2b:d2:5f:d7:7b:c7:0c:78:66:8c:cf:02:f0:
                    02:7a:19:3e:9d:58:83:2b:43:ba:46:b3:18:8f:da:
                    58:9f:27:fa:a5:bf:47:02:10:54:5f:9f:c4:7f:b5:
                    ef:08:bd:03:3f:ab:aa:cb:3d:54:ae:cf:43:5b:7c:
                    07:68:bc:c3:75:f5:01:6e:ff:c6:5b:4d:1f:f2:4a:
                    af:ce:dd:a2:3e:24:10:d5:c7:36:75:37:b8:52:2b:
                    07:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:FE:7B:30:CF:13:F0:A5:6F:31:AA:38:08:5F:9D:A3:A5:0C:D4:2D
            X509v3 Authority Key Identifier:
                keyid:CA:3B:86:E6:54:70:F9:94:DF:A6:D6:FE:E8:E2:64:DB:62:E2:4A:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yjuG5lRw-ZTfptb-6OJk22LiSvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/3dae71-1acf-4196-9608-9531d24e0610/1/Ov57MM8T8KVvMao4CF-do6UM1C0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/3dae71-1acf-4196-9608-9531d24e0610/1/yjuG5lRw-ZTfptb-6OJk22LiSvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.212.0/24
                  185.33.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:d6:f1:57:af:5b:28:d6:dd:73:36:e1:dd:11:80:2c:e5:0d:
         10:54:98:09:2e:ff:e1:bd:99:97:26:e3:02:16:aa:45:23:4a:
         fc:19:70:72:47:7b:a8:5a:4f:8c:46:16:a2:b3:cb:78:0a:eb:
         e3:e2:a4:3d:53:f0:8c:4b:a5:ba:4e:9c:d9:45:4b:d0:18:d6:
         4e:ec:60:33:74:7b:75:68:65:78:62:d7:d2:07:63:93:16:00:
         8b:f4:c8:b1:48:b8:ef:6e:6a:77:5a:61:c5:58:a0:66:27:69:
         69:4a:01:ce:31:47:a8:d0:ec:80:de:1d:34:a7:3f:50:14:cc:
         0b:40:14:53:e8:ee:74:d0:12:5a:c8:01:e9:2a:ff:a5:3b:30:
         11:97:c6:b3:9f:19:f5:ac:7c:5c:4a:30:21:16:78:6e:23:75:
         f7:f2:d9:fb:3a:27:05:30:66:14:94:1a:ca:52:8e:79:c7:47:
         08:d9:be:68:df:2d:89:9d:a3:73:d0:97:04:4e:ee:18:56:b6:
         4a:65:fb:00:f5:8a:04:c7:2c:c2:74:cf:9a:d2:60:a9:7a:46:
         83:37:9e:9e:c5:6e:84:c9:43:a3:cd:e8:68:0a:58:11:3e:73:
         0f:a4:95:71:0a:79:90:cf:31:6e:ca:1a:2f:c0:9f:fb:54:ec:
         61:fa:cb:31
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY9h596+Ja+JZVTRj3LJyt1tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhM2I4NmU2NTQ3MGY5OTRkZmE2ZDZmZWU4ZTI2NGRiNjJl
MjRhZjkwHhcNMjQwNTEwMDk0ODU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWZlN2IzMGNmMTNmMGE1NmYzMWFhMzgwODVmOWRhM2E1MGNkNDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtoAVF3SKEWgGUIWhonob/dPHC9OP
NVgiwVsiv6+KCPG7E/Z/yFcPEPIIJc36ecVP6ghwu3/5yTY0dD4NKcRWBJjni3sz
aVZHdNSshvp5PAuzHiEU+diU5oP2sKb+ertenxvQBFKaVgUQCNOXEGQLv0M0sMJj
bl9ZvK8bHdSmgGcX+B6HqRitxfn9Nw2VR4pv86ThmPdplAYMxHnMB3SevzUdY1oj
KyvSX9d7xwx4ZozPAvACehk+nViDK0O6RrMYj9pYnyf6pb9HAhBUX5/Ef7XvCL0D
P6uqyz1Urs9DW3wHaLzDdfUBbv/GW00f8kqvzt2iPiQQ1cc2dTe4UisH2wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDr+ezDPE/ClbzGqOAhfnaOlDNQtMB8GA1UdIwQY
MBaAFMo7huZUcPmU36bW/ujiZNti4kr5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWp1RzVsUnctWlRmcHRiLTZPSmsyMkxpU3ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8zZGFlNzEtMWFjZi00MTk2LTk2MDgt
OTUzMWQyNGUwNjEwLzEvT3Y1N01NOFQ4S1Z2TWFvNENGLWRvNlVNMUMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8zZGFlNzEtMWFjZi00MTk2LTk2MDgtOTUzMWQyNGUwNjEw
LzEveWp1RzVsUnctWlRmcHRiLTZPSmsyMkxpU3ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAjnUAwQA
uSE8MA0GCSqGSIb3DQEBCwUAA4IBAQAq1vFXr1so1t1zNuHdEYAs5Q0QVJgJLv/h
vZmXJuMCFqpFI0r8GXByR3uoWk+MRhais8t4Cuvj4qQ9U/CMS6W6TpzZRUvQGNZO
7GAzdHt1aGV4YtfSB2OTFgCL9MixSLjvbmp3WmHFWKBmJ2lpSgHOMUeo0OyA3h00
pz9QFMwLQBRT6O500BJayAHpKv+lOzARl8aznxn1rHxcSjAhFnhuI3X38tn7OicF
MGYUlBrKUo55x0cI2b5o3y2JnaNz0JcETu4YVrZKZfsA9YoExyzCdM+a0mCpekaD
N56exW6EyUOjzehoClgRPnMPpJVxCnmQzzFuyhovwJ/7VOxh+ssx
-----END CERTIFICATE-----