Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/be8064-9e11-461a-936d-fa70bd90e894/1/Ru57e4KJGmCNDXrPayGNrM1Z2dE.roa
File:                     Ru57e4KJGmCNDXrPayGNrM1Z2dE.roa (raw, json)
Hash identifier:          PjkMG0o3XCBX2V0z1wG5kUtXFYLyKVu1bhkUTY6FzyU=
Subject key identifier:   46:EE:7B:7B:82:89:1A:60:8D:0D:7A:CF:6B:21:8D:AC:CD:59:D9:D1
Certificate issuer:       /CN=f5346d3edbec6da72780722c0a41abeea63661d8
Certificate serial:       0194214422C9BA1D945DD6288B85A5A64CDC
Authority key identifier: F5:34:6D:3E:DB:EC:6D:A7:27:80:72:2C:0A:41:AB:EE:A6:36:61:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9TRtPtvsbacngHIsCkGr7qY2Ydg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/be8064-9e11-461a-936d-fa70bd90e894/1/Ru57e4KJGmCNDXrPayGNrM1Z2dE.roa
Signing time:             Wed 01 Jan 2025 09:48:20 +0000
ROA not before:           Wed 01 Jan 2025 09:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        185.57.216.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/be8064-9e11-461a-936d-fa70bd90e894/1/9TRtPtvsbacngHIsCkGr7qY2Ydg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/be8064-9e11-461a-936d-fa70bd90e894/1/9TRtPtvsbacngHIsCkGr7qY2Ydg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9TRtPtvsbacngHIsCkGr7qY2Ydg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 18:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:22:c9:ba:1d:94:5d:d6:28:8b:85:a5:a6:4c:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5346d3edbec6da72780722c0a41abeea63661d8
        Validity
            Not Before: Jan  1 09:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=46ee7b7b82891a608d0d7acf6b218daccd59d9d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:a7:81:b7:9f:21:29:d1:49:d7:7d:2d:b4:d9:
                    2f:d9:22:7d:29:f9:bf:95:b1:e5:a9:51:af:44:cb:
                    63:4f:b6:df:e1:da:92:33:b1:e6:91:5f:e1:89:55:
                    d2:a4:d8:55:25:c7:78:13:21:49:d9:7a:64:05:55:
                    46:69:c4:88:f7:77:cf:82:f6:1d:9d:e3:a1:59:e0:
                    13:bc:db:4f:8e:d1:87:17:d4:cb:7f:a7:13:27:85:
                    77:88:e9:47:ab:c0:11:50:35:52:39:85:25:3c:b5:
                    63:29:b2:33:aa:6f:8a:2c:4c:ce:6a:44:39:c6:cd:
                    61:1a:54:87:76:5a:8e:87:49:7f:81:38:10:d3:60:
                    b6:22:50:db:7f:b1:42:50:5b:db:55:45:e7:ff:18:
                    6e:e2:ef:7d:89:90:1b:0c:0b:58:67:e3:cc:f9:b1:
                    90:88:eb:58:b8:f5:43:d1:c7:de:76:5d:b3:b5:1a:
                    f9:83:a7:77:b2:93:e2:ca:f9:98:82:ec:d3:26:06:
                    80:29:38:ca:2b:ee:7f:4f:7a:71:f0:1e:de:cf:20:
                    88:a6:a4:78:66:68:ff:e7:d1:02:5d:f6:39:c5:27:
                    22:71:c8:3b:4c:e6:1c:4b:1d:3c:fb:29:2f:9e:c2:
                    f0:25:34:6d:1a:92:f0:16:cb:8c:f4:9c:97:3d:f7:
                    1a:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:EE:7B:7B:82:89:1A:60:8D:0D:7A:CF:6B:21:8D:AC:CD:59:D9:D1
            X509v3 Authority Key Identifier:
                keyid:F5:34:6D:3E:DB:EC:6D:A7:27:80:72:2C:0A:41:AB:EE:A6:36:61:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9TRtPtvsbacngHIsCkGr7qY2Ydg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/be8064-9e11-461a-936d-fa70bd90e894/1/Ru57e4KJGmCNDXrPayGNrM1Z2dE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/be8064-9e11-461a-936d-fa70bd90e894/1/9TRtPtvsbacngHIsCkGr7qY2Ydg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.57.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:09:2e:f9:73:ff:04:c0:90:84:19:4f:2c:af:c3:f9:ee:c8:
         38:c1:d5:88:12:d7:67:72:ad:78:bb:18:cd:d3:cf:c3:3d:bb:
         43:9a:61:be:21:c1:c5:6b:56:d1:58:76:7e:91:ed:87:62:15:
         4c:c7:a4:76:65:f4:c6:a1:68:60:a3:f4:29:b4:c8:1e:7e:1d:
         c7:b6:c5:97:72:ca:d5:37:13:ea:33:81:1d:ef:82:62:4d:04:
         52:69:f7:98:00:1d:b1:58:0c:b3:a4:7e:3c:f1:b7:20:38:e3:
         23:2a:3e:07:dc:fe:4b:2e:55:00:0f:27:48:4c:dc:6b:04:a6:
         3a:dc:3c:65:45:95:a4:b9:2a:64:50:4b:d9:d2:2f:f6:43:a9:
         e3:32:30:72:7c:25:e5:b4:bf:1b:2f:28:39:2e:8e:b1:7b:d9:
         fc:de:65:6d:d1:dc:43:27:50:0e:23:ef:29:da:32:a9:2f:e1:
         4f:0a:e6:a3:9c:c3:56:77:a6:7e:71:90:a2:0b:02:c1:3a:e6:
         60:aa:2d:05:9c:93:50:1b:71:eb:47:1d:2d:c0:e2:9e:54:51:
         1b:f6:b1:98:65:30:97:1f:66:cb:1a:75:15:71:46:94:55:82:
         82:b0:6b:5a:95:22:1b:b0:30:6a:68:01:e8:e3:f7:f7:a8:ba:
         2b:0f:d2:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRCLJuh2UXdYoi4WlpkzcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MzQ2ZDNlZGJlYzZkYTcyNzgwNzIyYzBhNDFhYmVlYTYz
NjYxZDgwHhcNMjUwMTAxMDk0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmVlN2I3YjgyODkxYTYwOGQwZDdhY2Y2YjIxOGRhY2NkNTlkOWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqeBt58hKdFJ130ttNkv2SJ9Kfm/
lbHlqVGvRMtjT7bf4dqSM7HmkV/hiVXSpNhVJcd4EyFJ2XpkBVVGacSI93fPgvYd
neOhWeATvNtPjtGHF9TLf6cTJ4V3iOlHq8ARUDVSOYUlPLVjKbIzqm+KLEzOakQ5
xs1hGlSHdlqOh0l/gTgQ02C2IlDbf7FCUFvbVUXn/xhu4u99iZAbDAtYZ+PM+bGQ
iOtYuPVD0cfedl2ztRr5g6d3spPiyvmYguzTJgaAKTjKK+5/T3px8B7ezyCIpqR4
Zmj/59ECXfY5xSciccg7TOYcSx08+ykvnsLwJTRtGpLwFsuM9JyXPfcaqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEbue3uCiRpgjQ16z2shjazNWdnRMB8GA1UdIwQY
MBaAFPU0bT7b7G2nJ4ByLApBq+6mNmHYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVRSdFB0dnNiYWNuZ0hJc0NrR3I3cVkyWWRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9iZTgwNjQtOWUxMS00NjFhLTkzNmQt
ZmE3MGJkOTBlODk0LzEvUnU1N2U0S0pHbUNORFhyUGF5R05yTTFaMmRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9iZTgwNjQtOWUxMS00NjFhLTkzNmQtZmE3MGJkOTBlODk0
LzEvOVRSdFB0dnNiYWNuZ0hJc0NrR3I3cVkyWWRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTnYMA0G
CSqGSIb3DQEBCwUAA4IBAQASCS75c/8EwJCEGU8sr8P57sg4wdWIEtdncq14uxjN
08/DPbtDmmG+IcHFa1bRWHZ+ke2HYhVMx6R2ZfTGoWhgo/QptMgefh3HtsWXcsrV
NxPqM4Ed74JiTQRSafeYAB2xWAyzpH488bcgOOMjKj4H3P5LLlUADydITNxrBKY6
3DxlRZWkuSpkUEvZ0i/2Q6njMjByfCXltL8bLyg5Lo6xe9n83mVt0dxDJ1AOI+8p
2jKpL+FPCuajnMNWd6Z+cZCiCwLBOuZgqi0FnJNQG3HrRx0twOKeVFEb9rGYZTCX
H2bLGnUVcUaUVYKCsGtalSIbsDBqaAHo4/f3qLorD9Jv
-----END CERTIFICATE-----