Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/VzaTH3tiExUxoFxCVXsmzCy44Iw.roa
File:                     VzaTH3tiExUxoFxCVXsmzCy44Iw.roa (raw, json)
Hash identifier:          pS08NyPJPz1DeqkoKF3dc+YcBmYQsKmD+MAmCqhsB7M=
Subject key identifier:   57:36:93:1F:7B:62:13:15:31:A0:5C:42:55:7B:26:CC:2C:B8:E0:8C
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       018CCA287488CBD8C79751EA49D4B34B05B9
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/VzaTH3tiExUxoFxCVXsmzCy44Iw.roa
Signing time:             Tue 02 Jan 2024 12:31:37 +0000
ROA not before:           Tue 02 Jan 2024 12:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200436
IP address blocks:        5.57.32.0/24 maxlen: 24
                          5.57.39.0/24 maxlen: 24
                          185.212.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:74:88:cb:d8:c7:97:51:ea:49:d4:b3:4b:05:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Jan  2 12:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5736931f7b62131531a05c42557b26cc2cb8e08c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:98:05:2f:61:35:09:52:4f:81:93:1c:89:6a:
                    91:f7:8a:30:44:1f:4e:91:25:18:30:5a:b3:f3:70:
                    14:a2:2c:35:d7:2c:54:fa:7c:32:1c:27:aa:53:96:
                    d3:f2:f1:ea:7e:4f:cf:4e:f9:02:7e:30:63:bf:17:
                    24:55:01:b9:64:f1:3e:19:17:3f:57:81:74:e2:9e:
                    5e:23:f7:11:43:c4:db:35:19:02:59:11:12:bd:5c:
                    45:2b:d3:8f:c1:a8:30:4d:7c:9d:cd:be:3b:90:04:
                    15:c2:15:1d:ad:ca:47:1c:75:24:64:7c:7a:53:28:
                    4c:55:08:da:ad:80:ea:02:81:24:d1:3e:bc:13:c2:
                    e2:f5:06:28:33:de:64:eb:1f:c0:3b:ef:9b:52:bb:
                    e2:cb:43:88:c9:d3:4a:58:86:f4:bf:b4:aa:26:cd:
                    54:ca:bc:03:05:37:42:c5:78:8c:3e:0d:1c:07:9a:
                    5e:ae:8f:2b:57:df:52:b6:e2:65:f2:b8:25:54:70:
                    ba:88:c2:ba:71:18:e6:21:a3:af:25:18:28:28:c7:
                    d3:bf:33:3d:65:9c:80:8b:06:df:58:21:99:0f:2a:
                    61:44:77:bf:05:86:45:8b:72:66:b8:a1:b7:36:ec:
                    1f:b8:ad:87:2e:fb:c2:d7:71:4f:8f:d2:16:b0:ad:
                    ea:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:36:93:1F:7B:62:13:15:31:A0:5C:42:55:7B:26:CC:2C:B8:E0:8C
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/VzaTH3tiExUxoFxCVXsmzCy44Iw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.57.32.0/24
                  5.57.39.0/24
                  185.212.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:f6:dd:62:b0:b4:c4:f2:cf:37:81:0c:91:4f:d8:cd:7b:7c:
         5c:95:5a:79:20:a7:6b:4d:c9:7f:fb:54:40:6e:3d:49:6e:a4:
         0f:d0:4b:33:50:3c:c3:0e:2c:7f:76:ca:99:69:7c:0b:e8:a3:
         ef:33:75:80:c0:f3:b0:3d:24:fe:05:04:41:e0:59:b7:ed:6b:
         5a:66:24:de:41:1e:11:13:55:8e:28:27:8a:3b:d4:78:25:7b:
         85:99:21:49:84:90:cf:98:c8:0b:f9:0b:ff:ff:fa:6b:e3:d6:
         92:d7:89:a8:9f:15:d1:a1:b4:60:0f:a6:28:6b:6d:e5:ca:37:
         e3:99:9b:82:f6:3e:1c:f6:ad:16:e4:8a:84:b4:c9:78:2a:47:
         0c:f8:df:5d:e3:5d:4f:b5:a5:5a:64:8b:31:c1:f3:44:48:fb:
         7f:37:5c:ef:03:3c:dd:6c:b9:db:05:91:4c:27:a9:42:69:ed:
         cf:dc:01:d4:9e:bc:98:71:38:40:e7:9f:25:43:2f:6d:b0:a6:
         39:b5:2c:82:6f:ad:62:95:b1:d7:b8:d2:0a:4e:9c:15:84:87:
         df:d6:34:73:6e:5c:a8:91:f6:2d:d3:53:b7:0f:c9:c3:bc:76:
         e2:f6:01:5d:5a:9a:db:7e:85:12:53:bb:69:9e:9b:6f:4f:d2:
         1c:59:0b:20
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzKKHSIy9jHl1HqSdSzSwW5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjQwMTAyMTIzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzM2OTMxZjdiNjIxMzE1MzFhMDVjNDI1NTdiMjZjYzJjYjhlMDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgpgFL2E1CVJPgZMciWqR94owRB9O
kSUYMFqz83AUoiw11yxU+nwyHCeqU5bT8vHqfk/PTvkCfjBjvxckVQG5ZPE+GRc/
V4F04p5eI/cRQ8TbNRkCWRESvVxFK9OPwagwTXydzb47kAQVwhUdrcpHHHUkZHx6
UyhMVQjarYDqAoEk0T68E8Li9QYoM95k6x/AO++bUrviy0OIydNKWIb0v7SqJs1U
yrwDBTdCxXiMPg0cB5pero8rV99StuJl8rglVHC6iMK6cRjmIaOvJRgoKMfTvzM9
ZZyAiwbfWCGZDyphRHe/BYZFi3JmuKG3NuwfuK2HLvvC13FPj9IWsK3qSwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFc2kx97YhMVMaBcQlV7JswsuOCMMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvVnphVEgzdGlFeFV4b0Z4Q1ZYc216Q3k0NEl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQABTkgAwQA
BTknAwQAudQxMA0GCSqGSIb3DQEBCwUAA4IBAQCG9t1isLTE8s83gQyRT9jNe3xc
lVp5IKdrTcl/+1RAbj1JbqQP0EszUDzDDix/dsqZaXwL6KPvM3WAwPOwPST+BQRB
4Fm37WtaZiTeQR4RE1WOKCeKO9R4JXuFmSFJhJDPmMgL+Qv///pr49aS14monxXR
obRgD6Yoa23lyjfjmZuC9j4c9q0W5IqEtMl4KkcM+N9d411PtaVaZIsxwfNESPt/
N1zvAzzdbLnbBZFMJ6lCae3P3AHUnryYcThA558lQy9tsKY5tSyCb61ilbHXuNIK
TpwVhIff1jRzblyokfYt01O3D8nDvHbi9gFdWprbfoUSU7tpnptvT9IcWQsg
-----END CERTIFICATE-----