Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/boqnAyftTJxYkrklggQuSaE7RzI.roa
File:                     boqnAyftTJxYkrklggQuSaE7RzI.roa (raw, json)
Hash identifier:          72hznPwDwrXx1Z8EBDRnMrqo1g3yNxuei7ijr4gtpsY=
Subject key identifier:   6E:8A:A7:03:27:ED:4C:9C:58:92:B9:25:82:04:2E:49:A1:3B:47:32
Certificate issuer:       /CN=43d5ba0815c9f5193f80989ee893acacc4ba8849
Certificate serial:       018CC86F6EB827E4021A9E6DA00E6A15BFD7
Authority key identifier: 43:D5:BA:08:15:C9:F5:19:3F:80:98:9E:E8:93:AC:AC:C4:BA:88:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/boqnAyftTJxYkrklggQuSaE7RzI.roa
Signing time:             Tue 02 Jan 2024 04:29:55 +0000
ROA not before:           Tue 02 Jan 2024 04:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15830
IP address blocks:        57.250.40.0/24 maxlen: 24
                          57.250.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 12:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:6e:b8:27:e4:02:1a:9e:6d:a0:0e:6a:15:bf:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43d5ba0815c9f5193f80989ee893acacc4ba8849
        Validity
            Not Before: Jan  2 04:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e8aa70327ed4c9c5892b92582042e49a13b4732
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:25:11:5b:58:f5:6a:53:63:a1:78:7a:4d:38:
                    35:49:d3:6a:58:83:bc:2d:0d:30:48:8d:2e:22:30:
                    99:94:aa:13:47:9e:f6:b6:8d:cc:10:77:26:7f:f4:
                    cd:03:14:4c:37:cd:74:e4:52:81:14:3e:f3:91:dc:
                    eb:14:b0:57:ad:cc:45:93:41:31:1d:ed:83:ad:8e:
                    e3:cd:95:a3:91:5a:73:e7:27:f6:a6:2d:c6:ab:63:
                    39:bd:9e:12:da:5f:c6:ff:1f:69:fe:2b:5a:11:43:
                    d0:e9:9e:ed:2b:c3:32:0d:7d:01:af:f2:47:2c:8d:
                    23:88:e1:11:28:f8:2c:47:b6:d1:e4:ce:95:c1:8d:
                    24:d0:5c:f6:64:7e:48:46:42:29:af:0f:cc:fc:f7:
                    86:d7:6d:e2:a0:79:70:c1:14:c2:e2:58:90:3a:ed:
                    bc:b6:68:50:03:23:b3:81:c6:f8:ee:bc:83:5e:c4:
                    06:da:a3:2b:ec:96:e9:f7:5b:bc:44:68:3e:ab:f0:
                    73:6e:6a:ae:2d:22:23:63:0e:f5:3c:e9:56:97:9a:
                    b7:dd:ee:68:c6:27:93:6d:d8:5d:4f:c2:22:05:4c:
                    9b:11:83:c8:4e:83:23:e0:b6:e6:e4:c8:68:62:9a:
                    18:51:bc:c4:da:04:8b:d5:52:39:63:00:5b:36:e1:
                    1d:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:8A:A7:03:27:ED:4C:9C:58:92:B9:25:82:04:2E:49:A1:3B:47:32
            X509v3 Authority Key Identifier:
                keyid:43:D5:BA:08:15:C9:F5:19:3F:80:98:9E:E8:93:AC:AC:C4:BA:88:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/boqnAyftTJxYkrklggQuSaE7RzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.250.40.0/24
                  57.250.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:8a:79:a4:22:41:eb:a6:64:58:57:16:f8:f7:7f:ff:7e:5b:
         42:b8:a8:a5:74:b9:91:3b:60:65:29:f7:5e:99:9d:83:b4:22:
         84:e0:1a:df:6d:43:de:02:2e:6c:bc:ee:1f:81:bd:21:d5:87:
         15:17:33:c4:7e:7c:93:a8:5f:c1:46:03:68:a5:16:76:22:11:
         72:b8:7e:f7:9d:05:75:ea:40:e4:90:c3:85:1d:62:34:a8:d4:
         2c:71:9c:c2:0d:c6:fc:0c:70:ae:d6:f4:fc:54:65:02:9b:76:
         e1:7c:ef:d9:d5:85:5b:3f:15:73:4a:41:ba:d3:2a:96:a1:ef:
         28:f6:80:e3:98:31:11:99:41:4d:cf:f9:a2:e7:12:87:d9:e3:
         4e:cf:fa:a4:d3:78:1d:9e:e8:93:e0:c5:3f:09:e4:94:f8:27:
         49:c6:30:6b:f6:86:c6:e4:20:b1:d8:41:42:72:88:19:7a:77:
         35:e2:89:14:e3:9d:42:0e:9a:48:7c:90:77:bd:a2:12:86:d4:
         01:03:2b:25:67:08:b7:5a:06:e0:99:f1:31:76:ed:c7:38:d2:
         fe:66:3e:08:25:89:2d:aa:59:7a:9b:4a:c1:28:5b:b7:ee:29:
         d7:e0:3c:f1:12:84:d4:b5:96:72:99:1f:30:bb:36:d4:d4:da:
         0c:78:df:e1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIb264J+QCGp5toA5qFb/XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzZDViYTA4MTVjOWY1MTkzZjgwOTg5ZWU4OTNhY2FjYzRi
YTg4NDkwHhcNMjQwMTAyMDQyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZThhYTcwMzI3ZWQ0YzljNTg5MmI5MjU4MjA0MmU0OWExM2I0NzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsiURW1j1alNjoXh6TTg1SdNqWIO8
LQ0wSI0uIjCZlKoTR572to3MEHcmf/TNAxRMN8105FKBFD7zkdzrFLBXrcxFk0Ex
He2DrY7jzZWjkVpz5yf2pi3Gq2M5vZ4S2l/G/x9p/itaEUPQ6Z7tK8MyDX0Br/JH
LI0jiOERKPgsR7bR5M6VwY0k0Fz2ZH5IRkIprw/M/PeG123ioHlwwRTC4liQOu28
tmhQAyOzgcb47ryDXsQG2qMr7Jbp91u8RGg+q/BzbmquLSIjYw71POlWl5q33e5o
xieTbdhdT8IiBUybEYPIToMj4Lbm5MhoYpoYUbzE2gSL1VI5YwBbNuEd5QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG6KpwMn7UycWJK5JYIELkmhO0cyMB8GA1UdIwQY
MBaAFEPVuggVyfUZP4CYnuiTrKzEuohJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTlXNkNCWEo5UmtfZ0ppZTZKT3NyTVM2aUVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi83MjgyYjQtN2YxMS00ZWUwLWFiZWEt
ZTEzZTU1NzljNWRjLzEvYm9xbkF5ZnRUSnhZa3JrbGdnUXVTYUU3UnpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi83MjgyYjQtN2YxMS00ZWUwLWFiZWEtZTEzZTU1NzljNWRj
LzEvUTlXNkNCWEo5UmtfZ0ppZTZKT3NyTVM2aUVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAOfooAwQA
OfoqMA0GCSqGSIb3DQEBCwUAA4IBAQCminmkIkHrpmRYVxb493//fltCuKildLmR
O2BlKfdemZ2DtCKE4BrfbUPeAi5svO4fgb0h1YcVFzPEfnyTqF/BRgNopRZ2IhFy
uH73nQV16kDkkMOFHWI0qNQscZzCDcb8DHCu1vT8VGUCm3bhfO/Z1YVbPxVzSkG6
0yqWoe8o9oDjmDERmUFNz/mi5xKH2eNOz/qk03gdnuiT4MU/CeSU+CdJxjBr9obG
5CCx2EFCcogZenc14okU451CDppIfJB3vaIShtQBAyslZwi3WgbgmfExdu3HONL+
Zj4IJYktqll6m0rBKFu37inX4DzxEoTUtZZymR8wuzbU1NoMeN/h
-----END CERTIFICATE-----