Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Xo8yQKafdeSC5Tw2_3L8XC0DGYM.roa
File:                     Xo8yQKafdeSC5Tw2_3L8XC0DGYM.roa (raw, json)
Hash identifier:          s05mP7z8edhZXz+Y4NC7pxyNuI9paTqfo73/o4ORik8=
Subject key identifier:   5E:8F:32:40:A6:9F:75:E4:82:E5:3C:36:FF:72:FC:5C:2D:03:19:83
Certificate issuer:       /CN=43d5ba0815c9f5193f80989ee893acacc4ba8849
Certificate serial:       018CC86F71DD3F27C49DD95D769F1BCBC420
Authority key identifier: 43:D5:BA:08:15:C9:F5:19:3F:80:98:9E:E8:93:AC:AC:C4:BA:88:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Xo8yQKafdeSC5Tw2_3L8XC0DGYM.roa
Signing time:             Tue 02 Jan 2024 04:29:55 +0000
ROA not before:           Tue 02 Jan 2024 04:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206433
IP address blocks:        57.190.0.0/20 maxlen: 20
                          57.190.0.0/19 maxlen: 19
                          57.190.16.0/24 maxlen: 24
                          57.190.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 00:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:71:dd:3f:27:c4:9d:d9:5d:76:9f:1b:cb:c4:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43d5ba0815c9f5193f80989ee893acacc4ba8849
        Validity
            Not Before: Jan  2 04:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e8f3240a69f75e482e53c36ff72fc5c2d031983
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:ad:1b:4e:2e:0c:79:44:51:4d:d8:e3:b5:22:
                    8f:95:b3:64:c2:7f:61:8c:0f:c5:fe:ee:3d:25:31:
                    8f:0e:dd:93:41:3d:9d:dc:8b:ff:ef:1d:0d:f1:83:
                    87:d4:f4:3c:96:63:21:62:61:70:ed:9f:72:2e:aa:
                    2c:95:f7:68:67:ed:49:a0:1c:98:9d:37:f3:e7:40:
                    88:ea:24:48:f6:90:6a:60:46:d4:60:1d:14:bc:f2:
                    d9:ce:cb:48:06:a0:23:fc:bf:1b:81:2a:a6:2b:ee:
                    a7:e5:4c:bb:d3:fc:bd:3d:0b:5c:01:98:80:51:67:
                    4c:40:e9:12:6c:a8:d5:aa:6e:c0:cb:e1:43:0c:d2:
                    da:d6:e2:11:88:d1:f8:5d:a5:17:63:cb:f2:31:7e:
                    44:30:6f:b5:1e:95:d1:c2:03:33:4c:f5:2c:06:bf:
                    69:f3:9c:28:7c:8a:58:1d:17:98:88:18:6a:79:2d:
                    bc:77:0f:f7:2c:8f:e0:b6:47:8f:f1:08:3d:b8:c6:
                    e7:31:73:08:90:20:0e:f2:ea:50:54:aa:66:2f:6c:
                    c4:f1:67:45:9f:71:a0:76:e6:9c:8a:92:90:36:de:
                    fe:56:f6:0a:ce:af:71:06:e2:65:f6:5d:15:83:37:
                    86:a3:72:40:2a:db:ea:d0:15:46:9e:e5:10:01:1f:
                    ea:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:8F:32:40:A6:9F:75:E4:82:E5:3C:36:FF:72:FC:5C:2D:03:19:83
            X509v3 Authority Key Identifier:
                keyid:43:D5:BA:08:15:C9:F5:19:3F:80:98:9E:E8:93:AC:AC:C4:BA:88:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Xo8yQKafdeSC5Tw2_3L8XC0DGYM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.190.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         98:28:99:9c:14:7b:4a:2d:96:80:09:39:8d:43:bc:a9:d4:d1:
         9d:6b:a8:df:4f:8b:86:24:34:19:c9:6c:69:f2:12:f7:90:6c:
         ab:cc:56:f2:02:73:3a:35:ae:72:24:00:3b:12:48:f5:41:c8:
         13:7f:e2:08:84:98:53:34:02:1b:5f:1f:b2:fb:f0:a4:9a:18:
         b0:74:56:03:ea:1c:e9:57:b7:55:35:d3:2a:60:16:d5:e0:87:
         92:2f:9d:3e:d4:7c:57:ce:97:b4:28:7b:35:47:95:8c:be:75:
         e3:5a:91:9d:5e:9b:4f:9d:8d:a1:2b:06:67:ae:b3:e7:a5:f3:
         ca:4f:29:ca:0b:32:0e:c0:38:70:9b:e5:23:ed:8d:51:41:1a:
         89:10:05:9b:26:d2:ad:e4:6c:c9:ab:ec:e5:d1:e4:dc:57:de:
         2b:55:4e:5b:8e:30:d8:88:99:e3:52:04:1a:8d:1b:08:fa:56:
         d8:cf:6a:aa:49:10:5a:0d:8a:85:cd:cd:38:56:49:77:0a:4f:
         0f:58:f2:2d:30:2f:de:16:66:de:54:5e:53:51:78:14:2c:5a:
         17:c7:1f:27:54:c4:00:33:10:56:a4:c4:4e:ba:91:4a:24:e4:
         92:0a:60:75:18:6c:05:be:9c:ca:47:76:07:72:51:93:db:53:
         60:5e:fb:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb3HdPyfEndlddp8by8QgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzZDViYTA4MTVjOWY1MTkzZjgwOTg5ZWU4OTNhY2FjYzRi
YTg4NDkwHhcNMjQwMTAyMDQyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZThmMzI0MGE2OWY3NWU0ODJlNTNjMzZmZjcyZmM1YzJkMDMxOTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiq0bTi4MeURRTdjjtSKPlbNkwn9h
jA/F/u49JTGPDt2TQT2d3Iv/7x0N8YOH1PQ8lmMhYmFw7Z9yLqoslfdoZ+1JoByY
nTfz50CI6iRI9pBqYEbUYB0UvPLZzstIBqAj/L8bgSqmK+6n5Uy70/y9PQtcAZiA
UWdMQOkSbKjVqm7Ay+FDDNLa1uIRiNH4XaUXY8vyMX5EMG+1HpXRwgMzTPUsBr9p
85wofIpYHReYiBhqeS28dw/3LI/gtkeP8Qg9uMbnMXMIkCAO8upQVKpmL2zE8WdF
n3GgduacipKQNt7+VvYKzq9xBuJl9l0VgzeGo3JAKtvq0BVGnuUQAR/qhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF6PMkCmn3XkguU8Nv9y/FwtAxmDMB8GA1UdIwQY
MBaAFEPVuggVyfUZP4CYnuiTrKzEuohJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTlXNkNCWEo5UmtfZ0ppZTZKT3NyTVM2aUVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi83MjgyYjQtN2YxMS00ZWUwLWFiZWEt
ZTEzZTU1NzljNWRjLzEvWG84eVFLYWZkZVNDNVR3Ml8zTDhYQzBER1lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi83MjgyYjQtN2YxMS00ZWUwLWFiZWEtZTEzZTU1NzljNWRj
LzEvUTlXNkNCWEo5UmtfZ0ppZTZKT3NyTVM2aUVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFOb4AMA0G
CSqGSIb3DQEBCwUAA4IBAQCYKJmcFHtKLZaACTmNQ7yp1NGda6jfT4uGJDQZyWxp
8hL3kGyrzFbyAnM6Na5yJAA7Ekj1QcgTf+IIhJhTNAIbXx+y+/CkmhiwdFYD6hzp
V7dVNdMqYBbV4IeSL50+1HxXzpe0KHs1R5WMvnXjWpGdXptPnY2hKwZnrrPnpfPK
TynKCzIOwDhwm+Uj7Y1RQRqJEAWbJtKt5GzJq+zl0eTcV94rVU5bjjDYiJnjUgQa
jRsI+lbYz2qqSRBaDYqFzc04Vkl3Ck8PWPItMC/eFmbeVF5TUXgULFoXxx8nVMQA
MxBWpMROupFKJOSSCmB1GGwFvpzKR3YHclGT21NgXvv/
-----END CERTIFICATE-----