Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/pyIY-_E3i41yZBb_hgnDSnBlxIs.roa
File:                     pyIY-_E3i41yZBb_hgnDSnBlxIs.roa (raw, json)
Hash identifier:          WQl6ZdDv9IxTIqY3Tg6sZT11JhgPVOlg7No0015dKHc=
Subject key identifier:   A7:22:18:FB:F1:37:8B:8D:72:64:16:FF:86:09:C3:4A:70:65:C4:8B
Certificate issuer:       /CN=43d5ba0815c9f5193f80989ee893acacc4ba8849
Certificate serial:       018CC86F6D30D0B79424EBEAE3B5E147949A
Authority key identifier: 43:D5:BA:08:15:C9:F5:19:3F:80:98:9E:E8:93:AC:AC:C4:BA:88:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/pyIY-_E3i41yZBb_hgnDSnBlxIs.roa
Signing time:             Tue 02 Jan 2024 04:29:54 +0000
ROA not before:           Tue 02 Jan 2024 04:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9583
IP address blocks:        57.250.64.0/24 maxlen: 24
                          57.250.66.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 04:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:6d:30:d0:b7:94:24:eb:ea:e3:b5:e1:47:94:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43d5ba0815c9f5193f80989ee893acacc4ba8849
        Validity
            Not Before: Jan  2 04:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a72218fbf1378b8d726416ff8609c34a7065c48b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:34:2c:28:ca:c7:e4:aa:fa:7f:f9:2b:15:47:
                    00:ec:78:fd:96:3a:9d:6f:8b:bc:dc:83:82:14:fb:
                    25:7b:a6:3a:a0:af:29:20:60:bb:8f:92:b1:da:05:
                    58:59:fe:cd:4c:93:e0:45:75:7a:d5:e2:91:f1:a8:
                    3c:54:c5:b3:eb:08:7c:b1:cf:78:2b:7a:26:63:76:
                    20:35:b6:1f:ca:e8:e7:9e:c4:c6:0b:f8:43:31:a1:
                    54:cb:c6:6a:3a:78:3a:0e:d4:79:fb:f3:b6:4a:45:
                    9d:49:fa:87:2b:d6:a2:31:5e:ca:e9:00:76:30:5a:
                    3c:cb:71:b6:1e:56:f6:55:d7:ad:d5:28:17:0b:c4:
                    a2:47:32:55:5b:0e:7f:a4:3c:a6:93:2b:85:1a:10:
                    34:e8:79:2c:ad:01:c0:33:34:09:16:57:e1:cf:83:
                    17:62:45:af:61:54:ff:46:44:11:4f:c3:2a:72:4d:
                    a3:e8:cf:45:48:a7:ab:5a:3b:2a:a1:62:83:34:78:
                    af:44:04:74:ea:61:76:64:28:42:20:5c:1a:17:2b:
                    6c:1c:a8:1c:3d:be:89:f7:87:98:a5:12:2b:d0:f1:
                    ac:03:13:89:9f:3e:c9:58:08:a9:8b:28:98:b5:d3:
                    33:ef:44:de:b7:55:c7:30:4e:b7:31:6b:3a:b0:e9:
                    2c:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:22:18:FB:F1:37:8B:8D:72:64:16:FF:86:09:C3:4A:70:65:C4:8B
            X509v3 Authority Key Identifier:
                keyid:43:D5:BA:08:15:C9:F5:19:3F:80:98:9E:E8:93:AC:AC:C4:BA:88:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/pyIY-_E3i41yZBb_hgnDSnBlxIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.250.64.0/24
                  57.250.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:7f:aa:ba:e4:d1:c8:bb:e5:b8:ca:c5:72:16:91:44:ad:da:
         32:0d:02:2f:3b:39:23:6f:26:c0:bc:50:80:c0:63:22:3c:54:
         da:d4:0b:8e:ab:d0:06:f0:db:6f:f2:e4:50:ed:5d:4b:ec:6d:
         9f:64:33:a4:a9:67:f5:49:32:8c:84:79:c0:d6:42:cb:47:9d:
         de:be:f6:17:cb:ef:24:dd:89:e5:bc:a1:24:28:27:7e:cf:11:
         96:d4:cb:ef:1b:72:3e:50:35:4c:87:cd:da:10:42:4f:86:bd:
         08:26:d4:7c:ac:0c:47:28:13:73:1c:f4:bc:85:43:57:d4:d9:
         c3:0b:b3:ab:68:da:ab:19:15:b5:69:25:2f:d7:78:1b:a9:20:
         b3:76:60:3a:3e:0e:ac:b6:80:2e:45:be:5a:6a:79:72:e7:6e:
         43:43:ee:35:85:a3:57:1d:03:17:79:dd:5d:61:11:78:a4:b9:
         10:56:4d:fb:57:bc:04:d9:8a:ff:ca:e5:d6:b6:4b:ad:71:ec:
         93:0f:b0:fc:ee:18:26:e8:2b:48:39:9c:cb:9b:98:eb:31:b0:
         06:97:31:5a:b7:fd:d0:7d:54:7c:f1:5a:39:34:c3:f6:7e:e2:
         d6:80:67:09:55:ff:a2:ba:d2:ee:e7:ba:c6:e5:97:ba:f3:fe:
         66:0c:12:61
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIb20w0LeUJOvq47XhR5SaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzZDViYTA4MTVjOWY1MTkzZjgwOTg5ZWU4OTNhY2FjYzRi
YTg4NDkwHhcNMjQwMTAyMDQyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzIyMThmYmYxMzc4YjhkNzI2NDE2ZmY4NjA5YzM0YTcwNjVjNDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnjQsKMrH5Kr6f/krFUcA7Hj9ljqd
b4u83IOCFPsle6Y6oK8pIGC7j5Kx2gVYWf7NTJPgRXV61eKR8ag8VMWz6wh8sc94
K3omY3YgNbYfyujnnsTGC/hDMaFUy8ZqOng6DtR5+/O2SkWdSfqHK9aiMV7K6QB2
MFo8y3G2Hlb2Vdet1SgXC8SiRzJVWw5/pDymkyuFGhA06HksrQHAMzQJFlfhz4MX
YkWvYVT/RkQRT8Mqck2j6M9FSKerWjsqoWKDNHivRAR06mF2ZChCIFwaFytsHKgc
Pb6J94eYpRIr0PGsAxOJnz7JWAipiyiYtdMz70Tet1XHME63MWs6sOksDQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKciGPvxN4uNcmQW/4YJw0pwZcSLMB8GA1UdIwQY
MBaAFEPVuggVyfUZP4CYnuiTrKzEuohJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTlXNkNCWEo5UmtfZ0ppZTZKT3NyTVM2aUVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi83MjgyYjQtN2YxMS00ZWUwLWFiZWEt
ZTEzZTU1NzljNWRjLzEvcHlJWS1fRTNpNDF5WkJiX2hnbkRTbkJseElzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi83MjgyYjQtN2YxMS00ZWUwLWFiZWEtZTEzZTU1NzljNWRj
LzEvUTlXNkNCWEo5UmtfZ0ppZTZKT3NyTVM2aUVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAOfpAAwQA
OfpCMA0GCSqGSIb3DQEBCwUAA4IBAQAjf6q65NHIu+W4ysVyFpFErdoyDQIvOzkj
bybAvFCAwGMiPFTa1AuOq9AG8Ntv8uRQ7V1L7G2fZDOkqWf1STKMhHnA1kLLR53e
vvYXy+8k3YnlvKEkKCd+zxGW1MvvG3I+UDVMh83aEEJPhr0IJtR8rAxHKBNzHPS8
hUNX1NnDC7OraNqrGRW1aSUv13gbqSCzdmA6Pg6stoAuRb5aanly525DQ+41haNX
HQMXed1dYRF4pLkQVk37V7wE2Yr/yuXWtkutceyTD7D87hgm6CtIOZzLm5jrMbAG
lzFat/3QfVR88Vo5NMP2fuLWgGcJVf+iutLu57rG5Ze68/5mDBJh
-----END CERTIFICATE-----