Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/yl05YBiRTm0zCaHrrmmZnoZb6As.roa
File:                     yl05YBiRTm0zCaHrrmmZnoZb6As.roa (raw, json)
Hash identifier:          yU8/o/Nh7NIRLTZYOdS/PIdJvzEeQG0oHssxoBKNURU=
Subject key identifier:   CA:5D:39:60:18:91:4E:6D:33:09:A1:EB:AE:69:99:9E:86:5B:E8:0B
Certificate issuer:       /CN=43d5ba0815c9f5193f80989ee893acacc4ba8849
Certificate serial:       018CC86F7186342C44CC45365EA159B058E8
Authority key identifier: 43:D5:BA:08:15:C9:F5:19:3F:80:98:9E:E8:93:AC:AC:C4:BA:88:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/yl05YBiRTm0zCaHrrmmZnoZb6As.roa
Signing time:             Tue 02 Jan 2024 04:29:55 +0000
ROA not before:           Tue 02 Jan 2024 04:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205080
IP address blocks:        57.188.0.0/18 maxlen: 24
                          2a0a:90c0:1000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 09:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:71:86:34:2c:44:cc:45:36:5e:a1:59:b0:58:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43d5ba0815c9f5193f80989ee893acacc4ba8849
        Validity
            Not Before: Jan  2 04:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca5d396018914e6d3309a1ebae69999e865be80b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:4f:83:b6:1c:71:1c:a8:f0:e9:94:37:15:a6:
                    a2:84:94:12:c1:e6:ee:3f:65:9c:68:11:db:d0:40:
                    3f:cd:4d:08:0d:f6:59:3b:44:6c:b0:65:63:53:5d:
                    6c:18:26:e4:46:a8:11:39:08:bc:14:90:ff:ef:d6:
                    2f:f4:bf:59:b0:42:b0:d1:f0:0f:a0:59:a2:ec:18:
                    86:c6:ed:5c:04:03:ee:27:24:de:8a:a5:b5:1b:22:
                    ed:b9:51:56:53:05:b5:a8:19:7c:09:6d:50:ae:25:
                    7c:e6:c8:65:49:4e:53:96:c1:b9:78:82:85:32:8c:
                    24:ff:88:8f:c2:50:54:a8:ab:ac:eb:fe:86:85:25:
                    85:9b:b5:e9:50:64:4a:d3:b8:7d:a6:61:3c:c8:6d:
                    b6:92:88:7f:af:b4:97:4e:35:0a:b7:47:32:a5:ed:
                    2c:9b:e2:68:0d:7a:04:02:a2:0f:f6:6b:d8:dd:5a:
                    e4:a1:47:28:cf:c7:3b:e5:41:3e:03:5c:2c:bc:9e:
                    f4:20:7f:61:04:04:b5:8b:d0:d1:12:2a:9f:44:43:
                    bf:f0:89:d5:05:fa:5d:f0:56:d8:ce:e7:8b:1e:16:
                    68:61:34:5a:cb:d8:b8:dd:e0:5a:17:94:a1:d3:3a:
                    ba:cf:c8:44:4d:eb:1e:30:69:26:ed:ad:a1:30:ee:
                    67:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:5D:39:60:18:91:4E:6D:33:09:A1:EB:AE:69:99:9E:86:5B:E8:0B
            X509v3 Authority Key Identifier:
                keyid:43:D5:BA:08:15:C9:F5:19:3F:80:98:9E:E8:93:AC:AC:C4:BA:88:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/yl05YBiRTm0zCaHrrmmZnoZb6As.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.188.0.0/18
                IPv6:
                  2a0a:90c0:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         3c:14:8e:8d:17:08:17:0a:da:5c:0b:82:b8:f6:0c:d1:a3:52:
         5b:aa:b9:bf:67:25:33:c5:cb:70:73:e0:fc:c4:c4:f8:ca:43:
         8f:c1:1a:32:34:c1:fc:3e:49:b1:ae:2e:5b:e5:2b:3f:d1:2d:
         ad:4d:2f:25:a0:dd:78:40:f0:52:75:5d:ba:66:f6:6f:be:c8:
         bc:fd:9a:d9:19:b2:52:f2:95:e7:41:b8:e4:4c:53:84:a7:ce:
         4d:70:ff:a3:55:2e:96:8d:be:05:a1:0b:3c:32:77:bb:94:d5:
         92:6c:86:f3:00:1c:95:c7:30:f8:6d:b8:b7:4f:06:e1:2a:85:
         2f:63:c3:ba:e7:9a:13:67:23:87:27:14:db:c3:97:29:da:6c:
         36:3a:e8:2a:6f:7e:22:f6:82:d6:40:6e:68:2b:bf:aa:ff:58:
         fb:0e:7b:9a:0a:20:ab:55:74:63:bd:be:e4:fb:74:47:0a:96:
         9b:a3:fa:83:a7:ef:ca:8d:61:b4:f3:b7:69:86:7f:4d:bc:40:
         af:99:1d:98:e7:7d:84:61:6c:21:44:16:18:4e:04:e1:d0:20:
         6d:ad:3f:06:b0:1a:47:d6:35:5f:3a:65:ef:ae:4c:74:e3:59:
         34:82:43:92:fc:ef:17:5e:b3:89:c0:1b:ef:23:c3:42:44:1b:
         d5:38:78:af
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzIb3GGNCxEzEU2XqFZsFjoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzZDViYTA4MTVjOWY1MTkzZjgwOTg5ZWU4OTNhY2FjYzRi
YTg4NDkwHhcNMjQwMTAyMDQyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTVkMzk2MDE4OTE0ZTZkMzMwOWExZWJhZTY5OTk5ZTg2NWJlODBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjk+DthxxHKjw6ZQ3FaaihJQSwebu
P2WcaBHb0EA/zU0IDfZZO0RssGVjU11sGCbkRqgROQi8FJD/79Yv9L9ZsEKw0fAP
oFmi7BiGxu1cBAPuJyTeiqW1GyLtuVFWUwW1qBl8CW1QriV85shlSU5TlsG5eIKF
Mowk/4iPwlBUqKus6/6GhSWFm7XpUGRK07h9pmE8yG22koh/r7SXTjUKt0cype0s
m+JoDXoEAqIP9mvY3VrkoUcoz8c75UE+A1wsvJ70IH9hBAS1i9DREiqfREO/8InV
Bfpd8FbYzueLHhZoYTRay9i43eBaF5Sh0zq6z8hETeseMGkm7a2hMO5nYwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFMpdOWAYkU5tMwmh665pmZ6GW+gLMB8GA1UdIwQY
MBaAFEPVuggVyfUZP4CYnuiTrKzEuohJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTlXNkNCWEo5UmtfZ0ppZTZKT3NyTVM2aUVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi83MjgyYjQtN2YxMS00ZWUwLWFiZWEt
ZTEzZTU1NzljNWRjLzEveWwwNVlCaVJUbTB6Q2FIcnJtbVpub1piNkFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi83MjgyYjQtN2YxMS00ZWUwLWFiZWEtZTEzZTU1NzljNWRj
LzEvUTlXNkNCWEo5UmtfZ0ppZTZKT3NyTVM2aUVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQGObwAMA4E
AgACMAgDBgAqCpDAEDANBgkqhkiG9w0BAQsFAAOCAQEAPBSOjRcIFwraXAuCuPYM
0aNSW6q5v2clM8XLcHPg/MTE+MpDj8EaMjTB/D5Jsa4uW+UrP9EtrU0vJaDdeEDw
UnVdumb2b77IvP2a2RmyUvKV50G45ExThKfOTXD/o1Uulo2+BaELPDJ3u5TVkmyG
8wAclccw+G24t08G4SqFL2PDuueaE2cjhycU28OXKdpsNjroKm9+IvaC1kBuaCu/
qv9Y+w57mgogq1V0Y72+5Pt0RwqWm6P6g6fvyo1htPO3aYZ/TbxAr5kdmOd9hGFs
IUQWGE4E4dAgba0/BrAaR9Y1Xzpl765MdONZNIJDkvzvF16zicAb7yPDQkQb1Th4
rw==
-----END CERTIFICATE-----