Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Zk_fQegroyfFjyI2DKQrDmUFCtY.roa
File:                     Zk_fQegroyfFjyI2DKQrDmUFCtY.roa (raw, json)
Hash identifier:          Vrm4aN4HCfJCevtqOVhiBD4uQhfYICmQ16QXLRzo/5I=
Subject key identifier:   66:4F:DF:41:E8:2B:A3:27:C5:8F:22:36:0C:A4:2B:0E:65:05:0A:D6
Certificate issuer:       /CN=43d5ba0815c9f5193f80989ee893acacc4ba8849
Certificate serial:       018CC86F6FF9D3E7E874E2E47488DE67C0C9
Authority key identifier: 43:D5:BA:08:15:C9:F5:19:3F:80:98:9E:E8:93:AC:AC:C4:BA:88:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Zk_fQegroyfFjyI2DKQrDmUFCtY.roa
Signing time:             Tue 02 Jan 2024 04:29:55 +0000
ROA not before:           Tue 02 Jan 2024 04:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19545
IP address blocks:        57.250.192.0/19 maxlen: 24
                          57.250.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 09:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:6f:f9:d3:e7:e8:74:e2:e4:74:88:de:67:c0:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43d5ba0815c9f5193f80989ee893acacc4ba8849
        Validity
            Not Before: Jan  2 04:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=664fdf41e82ba327c58f22360ca42b0e65050ad6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:f8:b8:bc:43:6e:de:15:2d:df:ed:7f:74:65:
                    5d:8d:a8:8a:5f:94:db:d4:2d:d4:6a:64:40:38:5d:
                    83:f7:5b:97:f5:47:09:d8:00:80:bf:6f:3b:40:ae:
                    f0:b0:38:b3:0c:d6:46:6c:26:63:ce:98:9c:d7:7c:
                    5d:ce:71:fb:3a:4c:fe:4b:bd:0a:f8:71:c2:28:4a:
                    12:c1:b7:24:73:71:a9:ff:d4:fc:3e:6f:92:d4:30:
                    e0:b5:4f:c4:c8:6c:eb:09:b8:64:20:cf:a8:29:9e:
                    8c:dd:24:75:92:91:05:a4:38:14:a3:5c:3c:22:b3:
                    64:51:1e:90:25:93:86:07:1f:cc:a4:8b:e8:c2:20:
                    3c:fd:ce:e5:d3:de:fc:fe:b2:b8:3b:f3:f6:78:92:
                    dc:09:77:2f:d7:50:68:ea:23:18:6f:ba:4a:36:08:
                    77:bd:89:de:c9:d5:79:ea:21:d9:0a:83:c4:16:b4:
                    45:16:14:fd:1c:f9:56:33:ea:49:0a:02:ae:8a:4b:
                    49:ac:f2:10:2f:5e:94:6e:d5:c4:ad:f0:4b:9f:66:
                    f1:52:b3:82:25:b0:c1:bb:f8:f3:a9:f8:45:ae:41:
                    74:55:9d:d6:24:c3:68:7a:fe:e0:20:70:f1:16:13:
                    ce:ae:09:88:d3:32:54:b8:0a:28:c2:40:27:ab:70:
                    84:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:4F:DF:41:E8:2B:A3:27:C5:8F:22:36:0C:A4:2B:0E:65:05:0A:D6
            X509v3 Authority Key Identifier:
                keyid:43:D5:BA:08:15:C9:F5:19:3F:80:98:9E:E8:93:AC:AC:C4:BA:88:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Zk_fQegroyfFjyI2DKQrDmUFCtY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.250.192.0-57.250.224.255

    Signature Algorithm: sha256WithRSAEncryption
         70:25:34:38:22:1e:f6:87:96:d4:0e:10:51:f4:5e:8a:d5:7c:
         04:2b:42:bb:8d:36:58:7c:53:e2:ed:80:cf:b6:a5:60:f3:94:
         15:f5:6c:39:91:c3:26:df:41:ae:f2:43:79:7a:72:e6:0f:3f:
         b2:de:e7:43:27:fc:d1:55:7e:ac:03:16:57:26:08:dc:29:d5:
         4b:d0:f3:6e:f0:c1:30:40:71:ee:41:c8:e6:17:9f:3b:5c:32:
         e3:50:9b:51:8e:6d:ee:42:7e:91:14:49:18:79:60:ce:72:c1:
         27:60:f3:af:ed:13:48:44:2c:ec:a7:85:c6:e5:91:b6:af:4f:
         4e:3e:1c:5a:63:3a:9c:6b:9e:ae:18:16:65:21:51:52:17:5b:
         23:8b:9e:23:7b:82:80:94:e0:29:d8:4e:0a:d4:e6:f9:e1:dc:
         74:33:77:dd:ad:c9:95:a8:98:f6:ba:c1:98:a9:e2:0e:28:58:
         a6:8d:73:17:66:68:9b:5f:c5:42:59:c2:f6:52:69:ca:53:42:
         74:d5:02:09:f4:e7:09:7f:61:1a:89:af:0a:9d:4c:88:19:24:
         e2:2c:fc:34:64:42:e8:d7:14:06:f1:90:ec:ce:ce:35:48:f8:
         45:da:ac:e6:7f:c8:07:fe:d5:7b:54:19:78:39:ef:b8:1a:00:
         48:86:0b:80
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzIb2/50+fodOLkdIjeZ8DJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzZDViYTA4MTVjOWY1MTkzZjgwOTg5ZWU4OTNhY2FjYzRi
YTg4NDkwHhcNMjQwMTAyMDQyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjRmZGY0MWU4MmJhMzI3YzU4ZjIyMzYwY2E0MmIwZTY1MDUwYWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Pi4vENu3hUt3+1/dGVdjaiKX5Tb
1C3UamRAOF2D91uX9UcJ2ACAv287QK7wsDizDNZGbCZjzpic13xdznH7Okz+S70K
+HHCKEoSwbckc3Gp/9T8Pm+S1DDgtU/EyGzrCbhkIM+oKZ6M3SR1kpEFpDgUo1w8
IrNkUR6QJZOGBx/MpIvowiA8/c7l0978/rK4O/P2eJLcCXcv11Bo6iMYb7pKNgh3
vYneydV56iHZCoPEFrRFFhT9HPlWM+pJCgKuiktJrPIQL16UbtXErfBLn2bxUrOC
JbDBu/jzqfhFrkF0VZ3WJMNoev7gIHDxFhPOrgmI0zJUuAoowkAnq3CEJwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGZP30HoK6MnxY8iNgykKw5lBQrWMB8GA1UdIwQY
MBaAFEPVuggVyfUZP4CYnuiTrKzEuohJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTlXNkNCWEo5UmtfZ0ppZTZKT3NyTVM2aUVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi83MjgyYjQtN2YxMS00ZWUwLWFiZWEt
ZTEzZTU1NzljNWRjLzEvWmtfZlFlZ3JveWZGanlJMkRLUXJEbVVGQ3RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi83MjgyYjQtN2YxMS00ZWUwLWFiZWEtZTEzZTU1NzljNWRj
LzEvUTlXNkNCWEo5UmtfZ0ppZTZKT3NyTVM2aUVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAY5+sAD
BAA5+uAwDQYJKoZIhvcNAQELBQADggEBAHAlNDgiHvaHltQOEFH0XorVfAQrQruN
Nlh8U+LtgM+2pWDzlBX1bDmRwybfQa7yQ3l6cuYPP7Le50Mn/NFVfqwDFlcmCNwp
1UvQ827wwTBAce5ByOYXnztcMuNQm1GObe5CfpEUSRh5YM5ywSdg86/tE0hELOyn
hcblkbavT04+HFpjOpxrnq4YFmUhUVIXWyOLniN7goCU4CnYTgrU5vnh3HQzd92t
yZWomPa6wZip4g4oWKaNcxdmaJtfxUJZwvZSacpTQnTVAgn05wl/YRqJrwqdTIgZ
JOIs/DRkQujXFAbxkOzOzjVI+EXarOZ/yAf+1XtUGXg577gaAEiGC4A=
-----END CERTIFICATE-----