Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/efe0e0-34f7-429e-9f38-4ea7a1ae98de/1/irpX9F4M9qr2DkzfyhOPzpoXv_k.roa
File:                     irpX9F4M9qr2DkzfyhOPzpoXv_k.roa (raw, json)
Hash identifier:          OPC+8pzefijUpkB9ZP8BqnZTxH1TxU3/Dss4k8sB4M0=
Subject key identifier:   8A:BA:57:F4:5E:0C:F6:AA:F6:0E:4C:DF:CA:13:8F:CE:9A:17:BF:F9
Certificate issuer:       /CN=b057f544f53f35d8d2e73cb2965b4f4d7d022959
Certificate serial:       018CC6B82D6E7BAF5CEFF007DECEACDB3761
Authority key identifier: B0:57:F5:44:F5:3F:35:D8:D2:E7:3C:B2:96:5B:4F:4D:7D:02:29:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sFf1RPU_NdjS5zyylltPTX0CKVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/efe0e0-34f7-429e-9f38-4ea7a1ae98de/1/irpX9F4M9qr2DkzfyhOPzpoXv_k.roa
Signing time:             Mon 01 Jan 2024 20:30:08 +0000
ROA not before:           Mon 01 Jan 2024 20:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        149.222.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/efe0e0-34f7-429e-9f38-4ea7a1ae98de/1/sFf1RPU_NdjS5zyylltPTX0CKVk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/efe0e0-34f7-429e-9f38-4ea7a1ae98de/1/sFf1RPU_NdjS5zyylltPTX0CKVk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sFf1RPU_NdjS5zyylltPTX0CKVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:2d:6e:7b:af:5c:ef:f0:07:de:ce:ac:db:37:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b057f544f53f35d8d2e73cb2965b4f4d7d022959
        Validity
            Not Before: Jan  1 20:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8aba57f45e0cf6aaf60e4cdfca138fce9a17bff9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:34:db:26:02:09:83:d6:b5:6a:58:85:5f:3e:
                    30:b8:41:10:b8:87:0d:47:47:a9:94:7e:34:d6:31:
                    a4:de:f8:6f:84:c8:6b:90:0e:8a:cd:dd:9e:39:4a:
                    78:7a:9f:ae:1a:fe:9d:2a:c7:df:fe:aa:ab:ef:b6:
                    61:93:e5:b1:02:38:e1:cb:3b:5c:94:54:89:7e:88:
                    9b:d6:3b:15:f2:a8:a2:3f:13:32:aa:3e:0e:9a:06:
                    d0:1f:33:9e:d1:fb:dd:1c:9d:da:9e:5d:11:d7:a1:
                    2a:d3:cb:3f:1f:ac:78:15:fe:9f:ca:42:ce:76:7b:
                    de:b9:eb:cd:3e:e7:dc:88:21:d4:58:64:a8:3d:ef:
                    d2:d0:82:bf:29:33:6c:47:b6:2c:88:fd:98:2f:28:
                    4c:fa:79:62:17:3a:b2:82:9a:22:75:cf:1e:92:c7:
                    1b:1b:4a:a3:e9:70:1e:e8:56:2d:51:5f:c4:dd:8d:
                    4e:aa:fb:10:3c:d5:11:17:5e:22:b0:63:8c:72:a8:
                    f9:9b:89:e3:df:6c:e4:31:15:f3:89:f0:09:61:bb:
                    d3:16:4f:f7:64:08:ec:ec:7b:0f:3d:fb:61:45:77:
                    85:87:f3:1e:83:a8:8c:a0:bc:f9:a1:be:37:35:77:
                    58:c3:3b:77:8d:26:55:54:d7:e4:b4:01:56:fc:d7:
                    42:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:BA:57:F4:5E:0C:F6:AA:F6:0E:4C:DF:CA:13:8F:CE:9A:17:BF:F9
            X509v3 Authority Key Identifier:
                keyid:B0:57:F5:44:F5:3F:35:D8:D2:E7:3C:B2:96:5B:4F:4D:7D:02:29:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sFf1RPU_NdjS5zyylltPTX0CKVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/efe0e0-34f7-429e-9f38-4ea7a1ae98de/1/irpX9F4M9qr2DkzfyhOPzpoXv_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/efe0e0-34f7-429e-9f38-4ea7a1ae98de/1/sFf1RPU_NdjS5zyylltPTX0CKVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.222.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         46:ed:46:d9:c4:1e:5f:80:77:bf:19:d1:39:ed:cc:01:1a:52:
         b1:8a:cb:8e:b4:0a:f7:a1:a9:6c:7d:c4:f4:5b:d4:36:22:0d:
         fc:05:c1:72:2b:ca:82:fd:ee:05:b2:1a:02:49:3c:b3:53:31:
         25:9b:5c:a0:a3:78:d0:09:44:01:8c:da:c6:cd:48:64:62:a3:
         f2:d7:14:62:38:f8:7e:43:1c:d8:ca:aa:6d:eb:5c:9b:64:db:
         a0:cc:7a:68:a9:90:3b:96:94:8d:a0:da:60:24:99:1f:cc:95:
         6a:57:9f:70:da:8b:78:fd:a3:ba:93:67:b0:b2:2a:7d:c3:d6:
         57:ad:66:75:e3:44:a2:f5:5a:51:30:4a:84:30:d6:8a:e8:c3:
         0c:20:be:c4:f5:cd:de:8c:cb:2b:db:a3:db:8d:26:02:8c:b2:
         d2:7f:1a:61:6d:b6:cb:1c:a2:1c:c6:fc:9b:03:0f:95:53:a3:
         8d:23:91:9b:d1:59:53:1f:2f:b1:36:3a:02:09:dd:c9:63:72:
         38:2a:f2:f4:20:c6:5b:f7:9f:a1:0a:ba:b6:77:a2:0e:8f:fc:
         1b:cc:44:61:84:95:b1:7b:fe:3d:5a:45:b1:f7:58:fd:6b:87:
         c7:26:b3:cc:5f:d4:83:0c:b4:14:c7:1b:40:ac:61:5b:98:af:
         a9:43:c7:b0
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzGuC1ue69c7/AH3s6s2zdhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNTdmNTQ0ZjUzZjM1ZDhkMmU3M2NiMjk2NWI0ZjRkN2Qw
MjI5NTkwHhcNMjQwMTAxMjAzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWJhNTdmNDVlMGNmNmFhZjYwZTRjZGZjYTEzOGZjZTlhMTdiZmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiDTbJgIJg9a1aliFXz4wuEEQuIcN
R0eplH401jGk3vhvhMhrkA6Kzd2eOUp4ep+uGv6dKsff/qqr77Zhk+WxAjjhyztc
lFSJfoib1jsV8qiiPxMyqj4OmgbQHzOe0fvdHJ3anl0R16Eq08s/H6x4Ff6fykLO
dnveuevNPufciCHUWGSoPe/S0IK/KTNsR7YsiP2YLyhM+nliFzqygpoidc8ekscb
G0qj6XAe6FYtUV/E3Y1OqvsQPNURF14isGOMcqj5m4nj32zkMRXzifAJYbvTFk/3
ZAjs7HsPPfthRXeFh/Meg6iMoLz5ob43NXdYwzt3jSZVVNfktAFW/NdCNQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFIq6V/ReDPaq9g5M38oTj86aF7/5MB8GA1UdIwQY
MBaAFLBX9UT1PzXY0uc8spZbT019AilZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0ZmMVJQVV9OZGpTNXp5eWxsdFBUWDBDS1ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lZmUwZTAtMzRmNy00MjllLTlmMzgt
NGVhN2ExYWU5OGRlLzEvaXJwWDlGNE05cXIyRGt6ZnloT1B6cG9Ydl9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lZmUwZTAtMzRmNy00MjllLTlmMzgtNGVhN2ExYWU5OGRl
LzEvc0ZmMVJQVV9OZGpTNXp5eWxsdFBUWDBDS1ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAld4wDQYJ
KoZIhvcNAQELBQADggEBAEbtRtnEHl+Ad78Z0TntzAEaUrGKy460CvehqWx9xPRb
1DYiDfwFwXIryoL97gWyGgJJPLNTMSWbXKCjeNAJRAGM2sbNSGRio/LXFGI4+H5D
HNjKqm3rXJtk26DMemipkDuWlI2g2mAkmR/MlWpXn3Dai3j9o7qTZ7CyKn3D1let
ZnXjRKL1WlEwSoQw1orowwwgvsT1zd6Myyvbo9uNJgKMstJ/GmFttsscohzG/JsD
D5VTo40jkZvRWVMfL7E2OgIJ3cljcjgq8vQgxlv3n6EKurZ3og6P/BvMRGGElbF7
/j1aRbH3WP1rh8cms8xf1IMMtBTHG0CsYVuYr6lDx7A=
-----END CERTIFICATE-----