Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/_BlSsQBVFSgZYy3Btv4tx6WvA-I.roa
File:                     _BlSsQBVFSgZYy3Btv4tx6WvA-I.roa (raw, json)
Hash identifier:          9u4K0VZSMQzHMJ/XE2OlhU8ZzmUImcnfgxMYAGTa+FE=
Subject key identifier:   FC:19:52:B1:00:55:15:28:19:63:2D:C1:B6:FE:2D:C7:A5:AF:03:E2
Certificate issuer:       /CN=43d5ba0815c9f5193f80989ee893acacc4ba8849
Certificate serial:       018CC86F6D60BF1D7ABC68B657DEBC72C41F
Authority key identifier: 43:D5:BA:08:15:C9:F5:19:3F:80:98:9E:E8:93:AC:AC:C4:BA:88:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/_BlSsQBVFSgZYy3Btv4tx6WvA-I.roa
Signing time:             Tue 02 Jan 2024 04:29:54 +0000
ROA not before:           Tue 02 Jan 2024 04:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9989
IP address blocks:        57.250.48.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:6d:60:bf:1d:7a:bc:68:b6:57:de:bc:72:c4:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43d5ba0815c9f5193f80989ee893acacc4ba8849
        Validity
            Not Before: Jan  2 04:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc1952b10055152819632dc1b6fe2dc7a5af03e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:42:50:d0:bd:09:17:be:ad:1a:da:36:2e:5e:
                    3d:8e:94:ba:b5:76:cc:97:cc:73:5c:07:db:24:61:
                    22:fe:92:34:4b:c1:3c:c3:43:d5:42:f2:96:92:33:
                    8b:4c:30:0b:ed:c5:1d:3d:cd:85:bf:cf:cd:04:ac:
                    24:2f:49:f6:ad:9a:8a:db:6d:f4:20:5a:03:33:9b:
                    a5:12:9f:b9:9d:f2:f6:f0:0e:ea:87:e5:1d:26:9d:
                    07:fd:c5:1e:ff:e9:9e:57:8a:48:d2:3e:3e:12:cb:
                    0d:16:7a:d1:0d:1f:8d:ce:8f:99:e1:a4:d4:fe:29:
                    be:d6:5c:64:a7:65:89:be:30:18:64:a2:a9:bc:ab:
                    c0:2a:ba:11:c9:ac:bb:ad:49:41:74:d6:3f:ab:35:
                    83:73:b2:88:56:09:29:bb:a7:c5:44:da:96:2f:8a:
                    f1:60:66:cb:9a:22:30:bf:35:00:d9:69:7b:4c:9a:
                    7f:33:4c:ce:aa:a7:fd:3e:7c:41:eb:b0:83:f6:eb:
                    5c:79:fe:69:f9:fa:97:cf:3c:3f:59:4e:91:9e:80:
                    81:62:3b:b0:36:e7:5c:68:c0:a4:6b:f9:cb:a2:77:
                    50:da:8e:51:c0:1e:61:8a:c9:50:d8:75:f6:df:6f:
                    cf:98:26:c9:ec:f9:56:af:e2:7f:0e:23:52:1c:2b:
                    01:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:19:52:B1:00:55:15:28:19:63:2D:C1:B6:FE:2D:C7:A5:AF:03:E2
            X509v3 Authority Key Identifier:
                keyid:43:D5:BA:08:15:C9:F5:19:3F:80:98:9E:E8:93:AC:AC:C4:BA:88:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/_BlSsQBVFSgZYy3Btv4tx6WvA-I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.250.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c9:3a:e3:91:05:97:8b:05:01:51:9d:0e:2e:9e:56:87:1d:ab:
         7c:70:b2:0b:9f:ba:a3:7e:1a:f8:a3:14:cf:1c:95:63:6b:27:
         eb:e3:b8:30:85:02:21:41:4e:69:74:bc:5c:ba:13:f1:ce:5d:
         ca:22:4f:7e:e2:c9:69:d1:f0:e1:c4:70:28:16:fa:c4:d5:56:
         f3:a2:f5:75:9d:9c:e0:18:45:1e:06:6e:40:7a:26:7f:fd:a7:
         71:62:a3:96:66:10:aa:26:5b:03:ad:89:7b:6f:a6:f1:b3:b1:
         bc:01:5b:d2:15:fb:f7:6b:b2:a2:7a:23:ed:5f:08:ef:a1:7d:
         76:b7:ca:88:8a:9f:17:ee:d5:72:5c:55:d2:c3:93:d0:4c:72:
         5b:b4:85:cd:16:f7:0c:dd:eb:21:0e:56:1d:00:a8:21:79:de:
         b3:1e:a4:d5:0d:77:43:eb:d3:ba:e0:31:57:41:aa:e6:d3:8b:
         53:4d:d6:39:0a:00:28:e3:f7:5e:50:f0:12:64:f6:1a:8a:7e:
         0a:96:36:01:2a:04:a8:ca:39:37:48:56:14:44:d4:52:be:11:
         49:07:22:bf:f0:c6:9b:0f:f4:ae:b2:78:27:e1:db:a0:f2:5b:
         69:c6:b5:8f:16:fa:d5:41:8b:0e:4f:67:14:c2:72:6d:76:b9:
         ab:66:23:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb21gvx16vGi2V968csQfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzZDViYTA4MTVjOWY1MTkzZjgwOTg5ZWU4OTNhY2FjYzRi
YTg4NDkwHhcNMjQwMTAyMDQyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzE5NTJiMTAwNTUxNTI4MTk2MzJkYzFiNmZlMmRjN2E1YWYwM2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUJQ0L0JF76tGto2Ll49jpS6tXbM
l8xzXAfbJGEi/pI0S8E8w0PVQvKWkjOLTDAL7cUdPc2Fv8/NBKwkL0n2rZqK2230
IFoDM5ulEp+5nfL28A7qh+UdJp0H/cUe/+meV4pI0j4+EssNFnrRDR+Nzo+Z4aTU
/im+1lxkp2WJvjAYZKKpvKvAKroRyay7rUlBdNY/qzWDc7KIVgkpu6fFRNqWL4rx
YGbLmiIwvzUA2Wl7TJp/M0zOqqf9PnxB67CD9utcef5p+fqXzzw/WU6RnoCBYjuw
NudcaMCka/nLondQ2o5RwB5hislQ2HX232/PmCbJ7PlWr+J/DiNSHCsBrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPwZUrEAVRUoGWMtwbb+LcelrwPiMB8GA1UdIwQY
MBaAFEPVuggVyfUZP4CYnuiTrKzEuohJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTlXNkNCWEo5UmtfZ0ppZTZKT3NyTVM2aUVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi83MjgyYjQtN2YxMS00ZWUwLWFiZWEt
ZTEzZTU1NzljNWRjLzEvX0JsU3NRQlZGU2daWXkzQnR2NHR4Nld2QS1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi83MjgyYjQtN2YxMS00ZWUwLWFiZWEtZTEzZTU1NzljNWRj
LzEvUTlXNkNCWEo5UmtfZ0ppZTZKT3NyTVM2aUVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAOfowMA0G
CSqGSIb3DQEBCwUAA4IBAQDJOuORBZeLBQFRnQ4unlaHHat8cLILn7qjfhr4oxTP
HJVjayfr47gwhQIhQU5pdLxcuhPxzl3KIk9+4slp0fDhxHAoFvrE1VbzovV1nZzg
GEUeBm5AeiZ//adxYqOWZhCqJlsDrYl7b6bxs7G8AVvSFfv3a7KieiPtXwjvoX12
t8qIip8X7tVyXFXSw5PQTHJbtIXNFvcM3eshDlYdAKghed6zHqTVDXdD69O64DFX
Qarm04tTTdY5CgAo4/deUPASZPYain4KljYBKgSoyjk3SFYURNRSvhFJByK/8Mab
D/Susngn4dug8ltpxrWPFvrVQYsOT2cUwnJtdrmrZiP7
-----END CERTIFICATE-----