Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/2abea2-30d0-4654-a834-745bce3060c9/1/ipnzCkj55ZVcL6dJjwu-M9I8gPk.roa
File:                     ipnzCkj55ZVcL6dJjwu-M9I8gPk.roa (raw, json)
Hash identifier:          t4z6bmBE8vRcT3pBjiYl3cty1lj5Rqxa49Zi6v3iUXI=
Subject key identifier:   8A:99:F3:0A:48:F9:E5:95:5C:2F:A7:49:8F:0B:BE:33:D2:3C:80:F9
Certificate issuer:       /CN=c0e8e56b18d45c646f03cb6f9069da0c8b3c74ad
Certificate serial:       018CCA297B2E92D839E73BD0C862585F370D
Authority key identifier: C0:E8:E5:6B:18:D4:5C:64:6F:03:CB:6F:90:69:DA:0C:8B:3C:74:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wOjlaxjUXGRvA8tvkGnaDIs8dK0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/2abea2-30d0-4654-a834-745bce3060c9/1/ipnzCkj55ZVcL6dJjwu-M9I8gPk.roa
Signing time:             Tue 02 Jan 2024 12:32:45 +0000
ROA not before:           Tue 02 Jan 2024 12:32:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209202
IP address blocks:        2.57.128.0/22 maxlen: 22
                          2a09:d940::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/2abea2-30d0-4654-a834-745bce3060c9/1/wOjlaxjUXGRvA8tvkGnaDIs8dK0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/2abea2-30d0-4654-a834-745bce3060c9/1/wOjlaxjUXGRvA8tvkGnaDIs8dK0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wOjlaxjUXGRvA8tvkGnaDIs8dK0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:7b:2e:92:d8:39:e7:3b:d0:c8:62:58:5f:37:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0e8e56b18d45c646f03cb6f9069da0c8b3c74ad
        Validity
            Not Before: Jan  2 12:32:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a99f30a48f9e5955c2fa7498f0bbe33d23c80f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:0e:93:8f:eb:79:37:0b:bd:49:a0:6f:d1:f1:
                    29:89:8f:cd:2a:3d:c9:bd:f6:12:69:4a:5c:ca:78:
                    a7:1b:12:6e:c2:18:5f:dc:15:63:11:6c:52:c2:b0:
                    56:21:c5:5e:9a:38:10:e7:3b:8e:83:aa:fa:6f:7c:
                    7a:cb:fe:bd:3c:59:84:f3:9a:4c:3a:53:e2:ab:69:
                    5b:b1:51:33:30:21:d8:10:86:e5:2f:09:82:bd:e8:
                    df:92:21:da:76:d7:8f:be:54:7e:c0:59:e4:4c:f2:
                    66:ec:89:f8:be:11:4f:71:3b:e8:6a:c1:76:1e:97:
                    63:70:2d:44:08:d3:91:14:cf:b0:55:71:cf:35:86:
                    53:4b:3e:cc:25:5a:fd:91:5a:fc:85:36:94:d6:d2:
                    be:0e:71:45:b3:6e:81:58:48:be:51:13:55:8c:87:
                    3d:93:54:53:62:1e:47:35:61:55:43:04:f9:20:32:
                    f8:b6:84:d5:67:6a:4d:cf:64:46:36:7b:cb:18:e5:
                    cb:05:35:26:3c:1d:98:4e:03:45:d5:b3:84:56:6c:
                    16:46:95:f8:63:0b:de:98:cd:71:46:4d:b6:c9:a5:
                    84:c8:75:0e:d5:93:b2:e4:18:8a:64:6c:01:b3:52:
                    57:fe:e9:2c:6b:7e:2c:d0:1c:f6:46:8d:f2:7e:a9:
                    ff:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:99:F3:0A:48:F9:E5:95:5C:2F:A7:49:8F:0B:BE:33:D2:3C:80:F9
            X509v3 Authority Key Identifier:
                keyid:C0:E8:E5:6B:18:D4:5C:64:6F:03:CB:6F:90:69:DA:0C:8B:3C:74:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wOjlaxjUXGRvA8tvkGnaDIs8dK0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/2abea2-30d0-4654-a834-745bce3060c9/1/ipnzCkj55ZVcL6dJjwu-M9I8gPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/2abea2-30d0-4654-a834-745bce3060c9/1/wOjlaxjUXGRvA8tvkGnaDIs8dK0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.128.0/22
                IPv6:
                  2a09:d940::/29

    Signature Algorithm: sha256WithRSAEncryption
         3a:d5:6e:8d:04:7c:34:7b:a6:ce:62:04:39:4d:6f:b4:ea:63:
         61:c4:19:76:60:cf:d4:7f:0d:20:02:56:52:35:e6:33:fb:56:
         2d:f7:51:e8:54:fb:98:78:b8:69:e1:be:aa:9b:ac:34:8c:bd:
         6f:99:37:a1:85:85:25:68:3a:24:b4:96:d1:84:00:11:5c:f1:
         da:c3:5a:15:a6:d5:71:0b:8d:c6:0f:c2:92:28:0f:48:ba:8d:
         b6:0f:cd:45:f3:f9:67:61:e3:08:d0:98:b6:64:ee:b9:71:db:
         22:dc:68:e6:eb:9e:e1:f2:6c:e0:80:e4:ec:d3:f2:23:fb:d8:
         17:33:ce:1b:a1:8f:9f:88:de:bc:4b:3f:bd:d6:aa:aa:20:12:
         3b:5b:88:ca:91:8e:f7:fb:72:7a:96:89:92:c4:0e:3d:6d:4c:
         58:63:f9:fa:43:7e:c1:c0:c4:9f:d7:0a:8f:25:20:04:bd:03:
         83:00:37:c1:be:5a:53:c2:d4:b5:b4:ad:7e:6a:ab:2c:9a:a0:
         12:5c:7d:a9:2d:04:06:9e:8b:e8:86:22:67:24:e6:67:49:63:
         d8:62:cd:25:26:68:9d:00:8c:7a:29:fa:3d:84:b9:4e:e2:20:
         53:a2:47:d1:32:ab:2c:d1:70:5b:8a:51:0b:7b:91:8c:2b:c5:
         60:f4:51:71
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKKXsuktg55zvQyGJYXzcNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwZThlNTZiMThkNDVjNjQ2ZjAzY2I2ZjkwNjlkYTBjOGIz
Yzc0YWQwHhcNMjQwMTAyMTIzMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTk5ZjMwYTQ4ZjllNTk1NWMyZmE3NDk4ZjBiYmUzM2QyM2M4MGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkA6Tj+t5Nwu9SaBv0fEpiY/NKj3J
vfYSaUpcyninGxJuwhhf3BVjEWxSwrBWIcVemjgQ5zuOg6r6b3x6y/69PFmE85pM
OlPiq2lbsVEzMCHYEIblLwmCvejfkiHadtePvlR+wFnkTPJm7In4vhFPcTvoasF2
HpdjcC1ECNORFM+wVXHPNYZTSz7MJVr9kVr8hTaU1tK+DnFFs26BWEi+URNVjIc9
k1RTYh5HNWFVQwT5IDL4toTVZ2pNz2RGNnvLGOXLBTUmPB2YTgNF1bOEVmwWRpX4
YwvemM1xRk22yaWEyHUO1ZOy5BiKZGwBs1JX/uksa34s0Bz2Ro3yfqn/AQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIqZ8wpI+eWVXC+nSY8LvjPSPID5MB8GA1UdIwQY
MBaAFMDo5WsY1FxkbwPLb5Bp2gyLPHStMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd09qbGF4alVYR1J2QTh0dmtHbmFESXM4ZEswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8yYWJlYTItMzBkMC00NjU0LWE4MzQt
NzQ1YmNlMzA2MGM5LzEvaXBuekNrajU1WlZjTDZkSmp3dS1NOUk4Z1BrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8yYWJlYTItMzBkMC00NjU0LWE4MzQtNzQ1YmNlMzA2MGM5
LzEvd09qbGF4alVYR1J2QTh0dmtHbmFESXM4ZEswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCAjmAMA0E
AgACMAcDBQMqCdlAMA0GCSqGSIb3DQEBCwUAA4IBAQA61W6NBHw0e6bOYgQ5TW+0
6mNhxBl2YM/Ufw0gAlZSNeYz+1Yt91HoVPuYeLhp4b6qm6w0jL1vmTehhYUlaDok
tJbRhAARXPHaw1oVptVxC43GD8KSKA9Iuo22D81F8/lnYeMI0Ji2ZO65cdsi3Gjm
657h8mzggOTs0/Ij+9gXM84boY+fiN68Sz+91qqqIBI7W4jKkY73+3J6lomSxA49
bUxYY/n6Q37BwMSf1wqPJSAEvQODADfBvlpTwtS1tK1+aqssmqASXH2pLQQGnovo
hiJnJOZnSWPYYs0lJmidAIx6Kfo9hLlO4iBTokfRMqss0XBbilELe5GMK8Vg9FFx
-----END CERTIFICATE-----