Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/ce762b-dceb-4d5f-b1fb-77329a7e7dfe/1/4PY0RSRufu3piQyas7UV0NVxqNc.roa
File:                     4PY0RSRufu3piQyas7UV0NVxqNc.roa (raw, json)
Hash identifier:          /Np4O4Q38qq+lasSC7y5UH/F56qO0Glm45v3apT9Gxo=
Subject key identifier:   E0:F6:34:45:24:6E:7E:ED:E9:89:0C:9A:B3:B5:15:D0:D5:71:A8:D7
Certificate issuer:       /CN=3ed23945ff7561ee99d2e278e7388d045fadd314
Certificate serial:       018CC72592E4AE418D107DD0A22FF8047DD8
Authority key identifier: 3E:D2:39:45:FF:75:61:EE:99:D2:E2:78:E7:38:8D:04:5F:AD:D3:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PtI5Rf91Ye6Z0uJ45ziNBF-t0xQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/ce762b-dceb-4d5f-b1fb-77329a7e7dfe/1/4PY0RSRufu3piQyas7UV0NVxqNc.roa
Signing time:             Mon 01 Jan 2024 22:29:37 +0000
ROA not before:           Mon 01 Jan 2024 22:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1741
IP address blocks:        157.24.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/ce762b-dceb-4d5f-b1fb-77329a7e7dfe/1/PtI5Rf91Ye6Z0uJ45ziNBF-t0xQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/ce762b-dceb-4d5f-b1fb-77329a7e7dfe/1/PtI5Rf91Ye6Z0uJ45ziNBF-t0xQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PtI5Rf91Ye6Z0uJ45ziNBF-t0xQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:92:e4:ae:41:8d:10:7d:d0:a2:2f:f8:04:7d:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ed23945ff7561ee99d2e278e7388d045fadd314
        Validity
            Not Before: Jan  1 22:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0f63445246e7eede9890c9ab3b515d0d571a8d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:61:03:8e:05:8d:14:20:5a:09:a1:fa:27:4e:
                    6b:13:64:d3:0d:50:66:44:d8:e6:de:6e:68:1f:3d:
                    ad:9b:e2:61:a8:c2:cf:8c:61:fa:01:f7:9f:6c:c6:
                    47:93:1b:d5:a2:a2:d6:42:86:e4:6f:1d:b5:1c:c4:
                    8b:14:1c:57:63:6d:68:86:43:0e:9e:1c:eb:2b:ae:
                    71:5d:2d:a2:df:96:0f:bb:70:cb:2f:52:bd:ad:f4:
                    7e:98:73:8c:bb:c2:02:fc:28:b3:d9:b0:7d:e7:54:
                    d5:3d:15:be:70:65:fd:0c:8a:32:6f:b4:57:04:05:
                    f0:9e:57:de:9b:36:3a:b2:26:9a:e4:60:8c:91:3f:
                    55:e7:24:a7:d1:7a:65:49:5f:dc:6f:f3:53:bb:a6:
                    51:b3:50:ba:f6:5f:4c:5b:2f:61:a3:06:13:1d:11:
                    72:04:1a:c1:19:d9:17:0b:ea:6f:f1:1f:4b:9a:2e:
                    b1:e1:6a:be:38:49:e5:c0:5f:c4:f1:5b:30:9c:78:
                    1b:68:b6:09:6f:fe:5d:de:86:db:1f:6e:bf:9a:74:
                    54:4a:e8:33:89:c9:9d:d2:ae:09:36:b8:a0:e8:fa:
                    67:98:16:4b:8e:bf:aa:de:1d:8d:f0:4f:a7:d8:cd:
                    d2:b8:be:05:49:72:a0:48:58:88:48:d2:f1:79:e0:
                    27:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:F6:34:45:24:6E:7E:ED:E9:89:0C:9A:B3:B5:15:D0:D5:71:A8:D7
            X509v3 Authority Key Identifier:
                keyid:3E:D2:39:45:FF:75:61:EE:99:D2:E2:78:E7:38:8D:04:5F:AD:D3:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PtI5Rf91Ye6Z0uJ45ziNBF-t0xQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/ce762b-dceb-4d5f-b1fb-77329a7e7dfe/1/4PY0RSRufu3piQyas7UV0NVxqNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/ce762b-dceb-4d5f-b1fb-77329a7e7dfe/1/PtI5Rf91Ye6Z0uJ45ziNBF-t0xQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.24.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         53:6f:d3:2f:9e:cc:64:ab:96:d5:c0:d4:be:86:c1:4b:cc:1b:
         51:00:e0:a7:44:89:50:18:dc:31:d6:58:4f:2d:eb:94:21:ce:
         7f:54:9c:22:12:78:4e:ba:73:d2:09:b4:f2:68:97:fe:02:0b:
         6f:42:de:d1:d4:46:ba:66:e6:9a:05:fe:ac:21:23:5f:57:a3:
         af:94:a7:42:12:e6:69:23:d5:e7:ac:02:73:14:ff:02:91:7e:
         cb:44:d6:18:8e:a8:7e:61:9f:44:1f:53:9a:88:c2:8b:14:59:
         1d:0c:ad:cd:e8:ab:8c:1a:79:9c:64:54:ae:d7:2e:a6:87:6e:
         c8:17:22:70:73:72:8d:96:2b:e0:4c:f4:bb:11:73:96:dc:fa:
         21:ec:3a:c9:9d:d9:d4:78:82:35:f8:1c:42:d5:a0:a9:66:95:
         76:88:ee:a3:4b:97:96:61:68:4b:16:ed:e8:70:07:a2:e7:77:
         09:7e:86:d2:fa:5b:5b:51:f5:11:bf:fe:85:7a:f6:19:b0:f6:
         d1:8d:1b:01:bc:9c:58:b6:6b:7d:2a:db:a3:f8:55:8c:3e:3d:
         a2:6c:99:4c:21:ec:3d:40:99:8e:e5:8d:53:4c:ff:60:ad:80:
         39:a1:4c:ae:0c:43:39:16:7a:32:5f:44:61:93:9f:67:cb:6f:
         26:24:b2:b4
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzHJZLkrkGNEH3Qoi/4BH3YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlZDIzOTQ1ZmY3NTYxZWU5OWQyZTI3OGU3Mzg4ZDA0NWZh
ZGQzMTQwHhcNMjQwMTAxMjIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGY2MzQ0NTI0NmU3ZWVkZTk4OTBjOWFiM2I1MTVkMGQ1NzFhOGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnWEDjgWNFCBaCaH6J05rE2TTDVBm
RNjm3m5oHz2tm+JhqMLPjGH6AfefbMZHkxvVoqLWQobkbx21HMSLFBxXY21ohkMO
nhzrK65xXS2i35YPu3DLL1K9rfR+mHOMu8IC/Ciz2bB951TVPRW+cGX9DIoyb7RX
BAXwnlfemzY6siaa5GCMkT9V5ySn0XplSV/cb/NTu6ZRs1C69l9MWy9howYTHRFy
BBrBGdkXC+pv8R9Lmi6x4Wq+OEnlwF/E8VswnHgbaLYJb/5d3obbH26/mnRUSugz
icmd0q4JNrig6PpnmBZLjr+q3h2N8E+n2M3SuL4FSXKgSFiISNLxeeAneQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFOD2NEUkbn7t6YkMmrO1FdDVcajXMB8GA1UdIwQY
MBaAFD7SOUX/dWHumdLieOc4jQRfrdMUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHRJNVJmOTFZZTZaMHVKNDV6aU5CRi10MHhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9jZTc2MmItZGNlYi00ZDVmLWIxZmIt
NzczMjlhN2U3ZGZlLzEvNFBZMFJTUnVmdTNwaVF5YXM3VVYwTlZ4cU5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9jZTc2MmItZGNlYi00ZDVmLWIxZmItNzczMjlhN2U3ZGZl
LzEvUHRJNVJmOTFZZTZaMHVKNDV6aU5CRi10MHhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAnRgwDQYJ
KoZIhvcNAQELBQADggEBAFNv0y+ezGSrltXA1L6GwUvMG1EA4KdEiVAY3DHWWE8t
65Qhzn9UnCISeE66c9IJtPJol/4CC29C3tHURrpm5poF/qwhI19Xo6+Up0IS5mkj
1eesAnMU/wKRfstE1hiOqH5hn0QfU5qIwosUWR0Mrc3oq4waeZxkVK7XLqaHbsgX
InBzco2WK+BM9LsRc5bc+iHsOsmd2dR4gjX4HELVoKlmlXaI7qNLl5ZhaEsW7ehw
B6Lndwl+htL6W1tR9RG//oV69hmw9tGNGwG8nFi2a30q26P4VYw+PaJsmUwh7D1A
mY7ljVNM/2CtgDmhTK4MQzkWejJfRGGTn2fLbyYksrQ=
-----END CERTIFICATE-----