Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/gRwH2kAEt-Mh6fCpqVMLHXfql2Y.roa
File:                     gRwH2kAEt-Mh6fCpqVMLHXfql2Y.roa (raw, json)
Hash identifier:          NQBYIoR6qOGuGBg0pIYvhdlZtWE8A9c4ewxOl94fcwU=
Subject key identifier:   81:1C:07:DA:40:04:B7:E3:21:E9:F0:A9:A9:53:0B:1D:77:EA:97:66
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B6939DD0197E40D8DA56929184AAC
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/gRwH2kAEt-Mh6fCpqVMLHXfql2Y.roa
Signing time:             Tue 02 Jan 2024 12:34:51 +0000
ROA not before:           Tue 02 Jan 2024 12:34:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213279
IP address blocks:        2.57.252.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:69:39:dd:01:97:e4:0d:8d:a5:69:29:18:4a:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=811c07da4004b7e321e9f0a9a9530b1d77ea9766
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:78:a9:5d:20:93:88:cf:d0:d9:14:90:12:8e:
                    e1:5f:94:1c:07:01:1a:95:98:cc:6c:36:65:8d:51:
                    f7:9f:40:9e:ff:9f:b0:0b:9b:3b:24:e3:b5:25:3e:
                    54:da:52:ee:28:c1:4f:0c:4b:7c:db:69:d3:6b:32:
                    e8:1f:6f:e8:cc:ff:95:99:c7:8d:72:4c:af:81:f9:
                    09:59:ff:f7:e8:cb:48:a8:1a:2a:ce:cf:73:b9:87:
                    66:09:26:eb:78:f4:5a:51:ce:33:80:cb:4c:ef:7e:
                    a3:af:ae:62:27:fc:5e:16:17:77:d7:01:91:bc:bb:
                    00:f2:c2:36:58:f9:95:6f:61:0c:0d:58:70:96:69:
                    ff:4c:fc:31:cb:fd:b1:36:25:88:85:a0:20:3c:00:
                    6c:37:64:fd:ac:47:24:a8:8f:0e:d5:35:29:43:4a:
                    f0:c2:0a:e8:86:0a:79:3b:f8:fc:8d:be:87:3e:a4:
                    85:38:8d:8e:32:54:89:9e:f4:bf:6b:39:58:09:51:
                    d6:61:61:30:7c:cb:1e:ef:65:63:42:26:ac:cb:19:
                    38:8d:f5:b7:c1:79:24:16:60:1f:93:80:dd:2f:9c:
                    27:7c:6e:6f:dd:eb:f4:c1:07:06:8a:12:5d:ee:af:
                    7a:2b:8c:b7:96:36:b2:f0:ed:75:78:eb:b6:c8:87:
                    82:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:1C:07:DA:40:04:B7:E3:21:E9:F0:A9:A9:53:0B:1D:77:EA:97:66
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/gRwH2kAEt-Mh6fCpqVMLHXfql2Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:2c:38:0b:77:94:ed:49:68:e8:59:a6:71:59:18:57:91:aa:
         17:0b:ab:85:d7:68:95:ac:74:a3:7a:66:95:4f:5e:1f:95:ca:
         9f:93:67:c1:5f:de:7d:74:8c:61:b8:84:0e:25:0b:fc:dc:c1:
         2e:01:2a:39:43:db:d5:33:fc:59:e4:40:59:c5:84:10:cc:b7:
         d5:67:50:10:bd:89:8b:b2:92:73:3a:30:5d:97:31:dd:5b:28:
         d2:cd:d9:2f:68:cc:e9:38:48:fa:6c:57:41:6d:53:c1:56:f6:
         aa:28:d5:f3:37:4c:64:c7:67:cf:2c:85:d4:ed:33:65:67:21:
         3e:13:ee:e8:a3:eb:6b:e7:12:86:33:b6:2a:6d:50:6c:1d:e5:
         ef:a0:6f:e4:ab:3a:fe:23:95:da:fa:57:1f:26:81:fa:e8:e7:
         f2:8f:b6:e9:4c:ab:47:5f:4d:46:3d:4f:52:74:fe:fd:db:b2:
         dd:a2:36:a9:4c:bc:2d:8d:e7:c6:c1:ec:62:5a:7d:35:a4:7f:
         44:e5:75:34:a5:ee:37:88:8b:fd:c1:8b:6c:58:ec:b1:93:0c:
         bf:76:54:62:c6:a9:1c:a1:78:e2:b4:d0:3b:a2:0e:a9:09:ca:
         7f:c9:6d:78:32:53:58:70:a9:5b:05:48:26:6c:87:b0:21:9c:
         6f:ab:58:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK2k53QGX5A2NpWkpGEqsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTFjMDdkYTQwMDRiN2UzMjFlOWYwYTlhOTUzMGIxZDc3ZWE5NzY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA33ipXSCTiM/Q2RSQEo7hX5QcBwEa
lZjMbDZljVH3n0Ce/5+wC5s7JOO1JT5U2lLuKMFPDEt822nTazLoH2/ozP+VmceN
ckyvgfkJWf/36MtIqBoqzs9zuYdmCSbrePRaUc4zgMtM736jr65iJ/xeFhd31wGR
vLsA8sI2WPmVb2EMDVhwlmn/TPwxy/2xNiWIhaAgPABsN2T9rEckqI8O1TUpQ0rw
wgrohgp5O/j8jb6HPqSFOI2OMlSJnvS/azlYCVHWYWEwfMse72VjQiasyxk4jfW3
wXkkFmAfk4DdL5wnfG5v3ev0wQcGihJd7q96K4y3ljay8O11eOu2yIeChQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIEcB9pABLfjIenwqalTCx136pdmMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvZ1J3SDJrQUV0LU1oNmZDcHFWTUxIWGZxbDJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjn8MA0G
CSqGSIb3DQEBCwUAA4IBAQBELDgLd5TtSWjoWaZxWRhXkaoXC6uF12iVrHSjemaV
T14flcqfk2fBX959dIxhuIQOJQv83MEuASo5Q9vVM/xZ5EBZxYQQzLfVZ1AQvYmL
spJzOjBdlzHdWyjSzdkvaMzpOEj6bFdBbVPBVvaqKNXzN0xkx2fPLIXU7TNlZyE+
E+7oo+tr5xKGM7YqbVBsHeXvoG/kqzr+I5Xa+lcfJoH66Ofyj7bpTKtHX01GPU9S
dP7927LdojapTLwtjefGwexiWn01pH9E5XU0pe43iIv9wYtsWOyxkwy/dlRixqkc
oXjitNA7og6pCcp/yW14MlNYcKlbBUgmbIewIZxvq1jv
-----END CERTIFICATE-----