Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/erTepp_xxbLV7Hda4yzdl930Vq0.roa
File:                     erTepp_xxbLV7Hda4yzdl930Vq0.roa (raw, json)
Hash identifier:          oKJ85kpgtsJ9+RjDLhvKqXKKWicnESjTr44GZERK8aU=
Subject key identifier:   7A:B4:DE:A6:9F:F1:C5:B2:D5:EC:77:5A:E3:2C:DD:97:DD:F4:56:AD
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       019345BA7EF1B3BBB778FA5A79D97EE5CF48
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/erTepp_xxbLV7Hda4yzdl930Vq0.roa
Signing time:             Tue 19 Nov 2024 18:41:10 +0000
ROA not before:           Tue 19 Nov 2024 18:41:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214088
IP address blocks:        5.57.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:45:ba:7e:f1:b3:bb:b7:78:fa:5a:79:d9:7e:e5:cf:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Nov 19 18:41:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ab4dea69ff1c5b2d5ec775ae32cdd97ddf456ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:0a:aa:8e:13:82:f6:92:c7:51:0a:34:1c:a3:
                    48:62:bf:86:cb:60:e2:f3:25:fe:51:93:88:fe:be:
                    09:a6:85:29:3f:ea:71:26:14:27:17:01:7d:fd:91:
                    e3:1d:72:47:c4:26:03:a7:c4:a3:e6:59:f6:b4:e8:
                    a2:3f:50:e9:97:3e:df:06:2c:4f:3a:05:de:f2:0a:
                    01:e0:ff:16:d6:f4:7f:4b:5e:c9:6d:2b:6c:03:f0:
                    65:d2:a3:19:21:c4:00:c9:7e:ab:12:24:a5:fd:e3:
                    ca:13:8c:f0:bb:9a:60:9b:fa:2e:2f:8e:c0:eb:e3:
                    48:4d:e3:7a:64:46:17:34:ce:f1:dd:c2:ca:18:98:
                    42:33:24:6a:62:fe:d6:f7:06:0b:23:f4:74:cd:39:
                    94:23:e5:27:4b:31:c4:d9:e2:62:c9:4d:3a:d6:8c:
                    cf:2d:e0:1a:29:23:92:66:be:5a:23:77:11:67:11:
                    36:24:79:4f:b0:97:19:f2:6d:9f:10:f1:c4:b8:a2:
                    3e:cf:5a:b9:6d:92:5c:92:de:69:a4:72:48:12:4b:
                    9d:8c:21:13:88:9c:b1:25:a8:51:cb:1c:c9:2e:0c:
                    45:7b:84:fa:5e:56:02:4b:8a:c4:9b:ea:b6:f3:67:
                    6d:0d:7e:6c:f1:5b:27:4f:b8:cc:6c:a2:65:45:ab:
                    86:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:B4:DE:A6:9F:F1:C5:B2:D5:EC:77:5A:E3:2C:DD:97:DD:F4:56:AD
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/erTepp_xxbLV7Hda4yzdl930Vq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.57.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:3c:af:38:e8:ee:d2:48:f6:ba:50:e2:74:79:3c:44:a5:3d:
         dc:b4:a9:70:34:1e:6b:19:fc:3a:d4:90:ad:70:98:5e:40:79:
         dd:8e:eb:52:e4:c4:f8:9f:5d:de:4b:df:35:e8:d2:02:d0:ee:
         81:23:ec:88:41:ca:67:37:04:14:2f:ef:9c:52:de:08:e5:71:
         ed:72:db:69:90:73:52:63:13:38:87:d0:1d:c3:94:a8:ea:6b:
         7c:c6:b0:01:ce:b1:ae:ed:06:ac:14:ef:71:67:d8:a2:2c:fb:
         13:da:d7:cf:8a:12:90:5f:27:68:ac:61:e4:25:1b:67:9f:e2:
         91:dd:f2:81:d2:d3:3b:4a:bd:ba:c2:19:87:d8:e3:56:f7:8c:
         9d:c3:f8:0b:96:75:f0:84:0f:39:da:23:d5:32:06:86:32:7a:
         e8:66:ac:dc:db:7c:bd:04:b6:c0:d2:0c:5c:23:cf:43:68:78:
         94:bb:78:f9:18:17:f1:9b:8a:04:5a:de:0a:12:dc:51:b2:f8:
         85:50:6f:59:ac:f8:9d:6a:01:c7:b4:2c:c3:9c:95:88:b1:57:
         8d:b0:98:c5:34:aa:ca:d8:51:2a:8e:04:15:e4:ff:c6:f8:e2:
         79:c3:bb:06:9c:7e:68:03:ba:23:e4:95:74:3a:e6:65:19:83:
         2f:af:d4:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNFun7xs7u3ePpaedl+5c9IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjQxMTE5MTg0MTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWI0ZGVhNjlmZjFjNWIyZDVlYzc3NWFlMzJjZGQ5N2RkZjQ1NmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3AqqjhOC9pLHUQo0HKNIYr+Gy2Di
8yX+UZOI/r4JpoUpP+pxJhQnFwF9/ZHjHXJHxCYDp8Sj5ln2tOiiP1Dplz7fBixP
OgXe8goB4P8W1vR/S17JbStsA/Bl0qMZIcQAyX6rEiSl/ePKE4zwu5pgm/ouL47A
6+NITeN6ZEYXNM7x3cLKGJhCMyRqYv7W9wYLI/R0zTmUI+UnSzHE2eJiyU061ozP
LeAaKSOSZr5aI3cRZxE2JHlPsJcZ8m2fEPHEuKI+z1q5bZJckt5ppHJIEkudjCET
iJyxJahRyxzJLgxFe4T6XlYCS4rEm+q282dtDX5s8VsnT7jMbKJlRauGqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHq03qaf8cWy1ex3WuMs3Zfd9FatMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvZXJUZXBwX3h4YkxWN0hkYTR5emRsOTMwVnEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABTkmMA0G
CSqGSIb3DQEBCwUAA4IBAQAnPK846O7SSPa6UOJ0eTxEpT3ctKlwNB5rGfw61JCt
cJheQHndjutS5MT4n13eS9816NIC0O6BI+yIQcpnNwQUL++cUt4I5XHtcttpkHNS
YxM4h9Adw5So6mt8xrABzrGu7QasFO9xZ9iiLPsT2tfPihKQXydorGHkJRtnn+KR
3fKB0tM7Sr26whmH2ONW94ydw/gLlnXwhA852iPVMgaGMnroZqzc23y9BLbA0gxc
I89DaHiUu3j5GBfxm4oEWt4KEtxRsviFUG9ZrPidagHHtCzDnJWIsVeNsJjFNKrK
2FEqjgQV5P/G+OJ5w7sGnH5oA7oj5JV0OuZlGYMvr9QK
-----END CERTIFICATE-----