Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/208c59-e45c-42c6-9e37-94cac18bb916/1/1-b57h1_ErhmJk9hAaVCwMRyP-RU.roa
File:                     1-b57h1_ErhmJk9hAaVCwMRyP-RU.roa (raw, json)
Hash identifier:          9jGPIVkm1R9JpdptgwAXdt90FKSXTTHXT7/zC1EeCYw=
Subject key identifier:   F9:BE:7B:87:5F:C4:AE:19:89:93:D8:40:69:50:B0:31:1C:8F:F9:15
Certificate issuer:       /CN=df4818bd0ab3bdff3b13ffa0a0b49699fe0d65d8
Certificate serial:       018CC4250D385C7A7D7E68EB0F48ACFAD83C
Authority key identifier: DF:48:18:BD:0A:B3:BD:FF:3B:13:FF:A0:A0:B4:96:99:FE:0D:65:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/30gYvQqzvf87E_-goLSWmf4NZdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/208c59-e45c-42c6-9e37-94cac18bb916/1/1-b57h1_ErhmJk9hAaVCwMRyP-RU.roa
Signing time:             Mon 01 Jan 2024 08:30:11 +0000
ROA not before:           Mon 01 Jan 2024 08:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51462
IP address blocks:        193.105.106.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/208c59-e45c-42c6-9e37-94cac18bb916/1/30gYvQqzvf87E_-goLSWmf4NZdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/208c59-e45c-42c6-9e37-94cac18bb916/1/30gYvQqzvf87E_-goLSWmf4NZdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/30gYvQqzvf87E_-goLSWmf4NZdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:0d:38:5c:7a:7d:7e:68:eb:0f:48:ac:fa:d8:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df4818bd0ab3bdff3b13ffa0a0b49699fe0d65d8
        Validity
            Not Before: Jan  1 08:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9be7b875fc4ae198993d8406950b0311c8ff915
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:d6:95:0e:d3:20:8f:a4:42:5d:93:d8:6b:46:
                    5e:82:ee:a0:18:71:1a:41:e0:f5:06:e9:eb:21:d7:
                    6b:ca:6b:95:68:24:49:45:26:ce:32:10:2f:ba:b4:
                    0e:ee:af:b3:4a:01:6e:a8:5d:15:00:e1:17:e7:6f:
                    f5:0b:37:b8:d7:67:96:f6:4d:01:e7:81:42:bc:66:
                    4b:cf:29:7d:d5:b4:35:b6:89:e7:69:aa:4d:ef:98:
                    10:e3:e7:3d:a3:44:50:8c:2b:99:f3:95:aa:9f:c1:
                    aa:0d:0a:2c:8d:b4:ab:f4:e3:0c:0b:22:7b:a3:d1:
                    d7:e3:db:8e:00:27:4a:31:3d:a8:9e:d2:b1:33:a1:
                    4c:eb:7b:8a:af:89:b6:24:74:8f:a0:94:51:64:f9:
                    b0:27:8d:06:64:c2:72:c6:02:5c:10:c4:4c:e2:09:
                    93:e1:79:6a:ff:12:bf:d7:28:2b:69:d1:8a:b8:43:
                    ca:15:f0:27:b7:a5:25:4e:f1:b7:14:69:54:64:1b:
                    0d:ea:79:04:c9:78:65:05:88:10:25:3a:e4:b4:c7:
                    b8:20:6f:de:43:1f:7b:7c:55:ff:e6:62:6a:b1:36:
                    2b:b2:c7:7e:62:04:3c:71:2e:ad:db:f8:35:d5:19:
                    f5:0f:74:c1:e4:5a:b4:c3:16:6c:3b:fa:f1:5e:29:
                    8f:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:BE:7B:87:5F:C4:AE:19:89:93:D8:40:69:50:B0:31:1C:8F:F9:15
            X509v3 Authority Key Identifier:
                keyid:DF:48:18:BD:0A:B3:BD:FF:3B:13:FF:A0:A0:B4:96:99:FE:0D:65:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/30gYvQqzvf87E_-goLSWmf4NZdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/208c59-e45c-42c6-9e37-94cac18bb916/1/1-b57h1_ErhmJk9hAaVCwMRyP-RU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/208c59-e45c-42c6-9e37-94cac18bb916/1/30gYvQqzvf87E_-goLSWmf4NZdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:5f:25:43:76:5c:31:ef:fa:c3:34:3e:69:93:94:b0:58:5f:
         36:3d:4b:26:fd:c1:3f:e5:de:d1:4f:4a:9a:1f:52:67:c9:2a:
         b7:22:52:2d:d2:6f:fa:74:ff:c4:30:42:2e:73:bd:ec:8f:da:
         5d:c0:5c:c5:16:78:ec:a4:41:31:8a:d3:74:06:d0:b6:0e:c5:
         b1:65:53:7f:06:f8:e0:65:c4:6c:a0:ae:24:dc:cb:11:90:21:
         ff:69:de:a5:be:81:ab:c0:96:39:6c:4e:48:9b:3c:9b:08:54:
         6b:d3:6b:e1:77:00:12:85:85:30:f2:18:c0:2a:a9:15:b7:78:
         6f:92:db:a8:9b:1a:9a:e9:cf:2d:43:70:30:1b:44:ae:54:3d:
         b5:10:4b:b8:58:24:fd:a0:88:1e:28:4d:d4:b7:c5:f8:7e:00:
         86:9f:85:df:65:14:e3:ee:f1:98:b4:a2:12:ac:ee:85:81:df:
         6b:a0:44:b2:7b:33:f5:b5:bd:ac:e7:03:77:e2:cd:4c:57:73:
         43:43:c1:06:28:25:88:12:ae:50:4b:4a:70:e1:43:1a:4a:bf:
         31:54:e4:c7:86:fe:ad:6e:f5:dd:ef:58:3d:20:e1:81:23:a6:
         8e:9f:90:89:8c:4c:68:5b:33:7d:eb:84:b9:5a:05:76:e0:7e:
         68:25:ee:08
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEJQ04XHp9fmjrD0is+tg8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmNDgxOGJkMGFiM2JkZmYzYjEzZmZhMGEwYjQ5Njk5ZmUw
ZDY1ZDgwHhcNMjQwMTAxMDgzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWJlN2I4NzVmYzRhZTE5ODk5M2Q4NDA2OTUwYjAzMTFjOGZmOTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAidaVDtMgj6RCXZPYa0Zegu6gGHEa
QeD1BunrIddrymuVaCRJRSbOMhAvurQO7q+zSgFuqF0VAOEX52/1Cze412eW9k0B
54FCvGZLzyl91bQ1tonnaapN75gQ4+c9o0RQjCuZ85Wqn8GqDQosjbSr9OMMCyJ7
o9HX49uOACdKMT2ontKxM6FM63uKr4m2JHSPoJRRZPmwJ40GZMJyxgJcEMRM4gmT
4Xlq/xK/1ygradGKuEPKFfAnt6UlTvG3FGlUZBsN6nkEyXhlBYgQJTrktMe4IG/e
Qx97fFX/5mJqsTYrssd+YgQ8cS6t2/g11Rn1D3TB5Fq0wxZsO/rxXimP1wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPm+e4dfxK4ZiZPYQGlQsDEcj/kVMB8GA1UdIwQY
MBaAFN9IGL0Ks73/OxP/oKC0lpn+DWXYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzBnWXZRcXp2Zjg3RV8tZ29MU1dtZjROWmRnLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8yMDhjNTktZTQ1Yy00MmM2LTllMzct
OTRjYWMxOGJiOTE2LzEvMS1iNTdoMV9FcmhtSms5aEFhVkN3TVJ5UC1SVS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOGIvMjA4YzU5LWU0NWMtNDJjNi05ZTM3LTk0Y2FjMThiYjkx
Ni8xLzMwZ1l2UXF6dmY4N0VfLWdvTFNXbWY0TlpkZy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMFpajAN
BgkqhkiG9w0BAQsFAAOCAQEAYl8lQ3ZcMe/6wzQ+aZOUsFhfNj1LJv3BP+Xe0U9K
mh9SZ8kqtyJSLdJv+nT/xDBCLnO97I/aXcBcxRZ47KRBMYrTdAbQtg7FsWVTfwb4
4GXEbKCuJNzLEZAh/2nepb6Bq8CWOWxOSJs8mwhUa9Nr4XcAEoWFMPIYwCqpFbd4
b5LbqJsamunPLUNwMBtErlQ9tRBLuFgk/aCIHihN1LfF+H4Ahp+F32UU4+7xmLSi
EqzuhYHfa6BEsnsz9bW9rOcDd+LNTFdzQ0PBBigliBKuUEtKcOFDGkq/MVTkx4b+
rW713e9YPSDhgSOmjp+QiYxMaFszfeuEuVoFduB+aCXuCA==
-----END CERTIFICATE-----