Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/5324bd-7926-4513-bd1f-68ef3238a72e/1/8_VDYxYfQ3xVlWP15Ma3Tw9vIZY.roa
File:                     8_VDYxYfQ3xVlWP15Ma3Tw9vIZY.roa (raw, json)
Hash identifier:          p9ujQLih3FUP7R7lN/a7zNvyvlVnBJRzQXMR2O0trWo=
Subject key identifier:   F3:F5:43:63:16:1F:43:7C:55:95:63:F5:E4:C6:B7:4F:0F:6F:21:96
Certificate issuer:       /CN=36fed2d5eb5b3c5266abaa617c960703c55d0785
Certificate serial:       019420684E714557BE87E60449AAA533A7B1
Authority key identifier: 36:FE:D2:D5:EB:5B:3C:52:66:AB:AA:61:7C:96:07:03:C5:5D:07:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nv7S1etbPFJmq6phfJYHA8VdB4U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/5324bd-7926-4513-bd1f-68ef3238a72e/1/8_VDYxYfQ3xVlWP15Ma3Tw9vIZY.roa
Signing time:             Wed 01 Jan 2025 05:48:14 +0000
ROA not before:           Wed 01 Jan 2025 05:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204861
IP address blocks:        2.57.4.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/5324bd-7926-4513-bd1f-68ef3238a72e/1/Nv7S1etbPFJmq6phfJYHA8VdB4U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/5324bd-7926-4513-bd1f-68ef3238a72e/1/Nv7S1etbPFJmq6phfJYHA8VdB4U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nv7S1etbPFJmq6phfJYHA8VdB4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:4e:71:45:57:be:87:e6:04:49:aa:a5:33:a7:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36fed2d5eb5b3c5266abaa617c960703c55d0785
        Validity
            Not Before: Jan  1 05:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f3f54363161f437c559563f5e4c6b74f0f6f2196
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:8a:fa:df:e5:7d:bc:b0:59:e3:7b:c4:27:a5:
                    62:6a:64:91:69:a8:8f:f8:ef:e7:b3:a1:98:17:bb:
                    1c:cf:58:d6:e0:93:e8:26:ed:e0:e9:c4:18:fb:f8:
                    5d:23:e1:08:4a:a9:79:17:33:dd:46:88:96:be:40:
                    0c:78:a7:86:88:c3:63:1f:7c:71:3e:4b:76:43:48:
                    f0:d7:b7:8f:71:0c:c9:69:54:c3:d9:53:99:db:03:
                    23:e6:b7:f2:74:ab:12:18:12:d9:79:25:81:d6:36:
                    78:c1:8e:f6:49:cc:94:03:42:ac:5a:2c:56:ea:28:
                    25:07:9d:cb:83:7d:49:8d:ba:8e:89:0b:ab:eb:b9:
                    e0:09:50:48:c8:ef:86:51:55:ef:80:39:b1:ab:f3:
                    3e:bc:30:b9:06:84:c2:93:0c:ec:8d:a9:ba:14:ed:
                    74:fd:e7:c3:80:6b:7d:8a:85:9b:6e:7f:a6:bd:92:
                    11:0b:0f:1e:a1:77:fa:8d:de:7e:0d:65:32:93:b6:
                    b4:0c:04:90:0a:fd:95:74:cd:a6:52:a2:85:8c:97:
                    f1:c1:98:95:49:e0:8e:f6:84:5c:3d:87:57:e5:e7:
                    72:a6:4d:2c:ed:af:40:df:3b:af:e8:79:40:10:37:
                    fe:8d:5d:7e:e0:ab:dd:86:d0:f2:a6:8c:86:c0:5a:
                    cf:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:F5:43:63:16:1F:43:7C:55:95:63:F5:E4:C6:B7:4F:0F:6F:21:96
            X509v3 Authority Key Identifier:
                keyid:36:FE:D2:D5:EB:5B:3C:52:66:AB:AA:61:7C:96:07:03:C5:5D:07:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nv7S1etbPFJmq6phfJYHA8VdB4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5324bd-7926-4513-bd1f-68ef3238a72e/1/8_VDYxYfQ3xVlWP15Ma3Tw9vIZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5324bd-7926-4513-bd1f-68ef3238a72e/1/Nv7S1etbPFJmq6phfJYHA8VdB4U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         71:fe:cb:48:75:82:ac:ca:50:88:d7:2c:98:62:46:d2:be:97:
         80:27:42:83:bb:9e:a5:60:5c:5d:19:f0:39:6f:92:b2:96:03:
         95:b6:9a:a3:2d:86:fd:1b:ac:bf:c0:f1:fb:80:42:de:34:29:
         19:09:72:92:fd:7d:59:f0:7c:9e:61:56:2a:ca:0a:e5:bf:42:
         cb:47:54:f9:47:8b:00:8c:2c:b9:3e:bf:85:a4:bc:5e:5c:70:
         58:71:d1:6c:e1:86:53:3a:9b:23:0d:b3:88:97:34:85:3f:03:
         52:9e:a3:44:ea:60:9d:dc:73:53:ac:24:1e:84:59:42:08:79:
         ec:f4:6f:ea:70:24:95:ac:12:4c:a9:b3:ff:cd:91:be:05:84:
         b7:ba:62:f2:63:9e:8e:f3:fb:37:1c:f8:b5:87:39:c4:f7:06:
         b6:ec:7e:32:7a:df:fa:7d:0a:fe:99:64:99:73:3e:b2:47:a6:
         67:61:0a:c9:69:92:b2:d5:be:fd:7c:14:f1:55:7f:04:3f:e2:
         df:6e:3b:29:db:b7:2c:4d:a6:9d:83:05:39:bc:f5:56:00:6c:
         ee:15:15:cc:cb:7d:5c:69:a6:d0:ae:c4:42:be:65:32:8a:58:
         90:68:b5:a2:ee:4b:5d:b5:93:4e:c6:ac:08:ef:b2:7e:32:c0:
         98:b4:53:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaE5xRVe+h+YESaqlM6exMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2ZmVkMmQ1ZWI1YjNjNTI2NmFiYWE2MTdjOTYwNzAzYzU1
ZDA3ODUwHhcNMjUwMTAxMDU0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2Y1NDM2MzE2MWY0MzdjNTU5NTYzZjVlNGM2Yjc0ZjBmNmYyMTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+4r63+V9vLBZ43vEJ6ViamSRaaiP
+O/ns6GYF7scz1jW4JPoJu3g6cQY+/hdI+EISql5FzPdRoiWvkAMeKeGiMNjH3xx
Pkt2Q0jw17ePcQzJaVTD2VOZ2wMj5rfydKsSGBLZeSWB1jZ4wY72ScyUA0KsWixW
6iglB53Lg31JjbqOiQur67ngCVBIyO+GUVXvgDmxq/M+vDC5BoTCkwzsjam6FO10
/efDgGt9ioWbbn+mvZIRCw8eoXf6jd5+DWUyk7a0DASQCv2VdM2mUqKFjJfxwZiV
SeCO9oRcPYdX5edypk0s7a9A3zuv6HlAEDf+jV1+4KvdhtDypoyGwFrP2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPP1Q2MWH0N8VZVj9eTGt08PbyGWMB8GA1UdIwQY
MBaAFDb+0tXrWzxSZquqYXyWBwPFXQeFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnY3UzFldGJQRkptcTZwaGZKWUhBOFZkQjRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS81MzI0YmQtNzkyNi00NTEzLWJkMWYt
NjhlZjMyMzhhNzJlLzEvOF9WRFl4WWZRM3hWbFdQMTVNYTNUdzl2SVpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS81MzI0YmQtNzkyNi00NTEzLWJkMWYtNjhlZjMyMzhhNzJl
LzEvTnY3UzFldGJQRkptcTZwaGZKWUhBOFZkQjRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCAjkEMA0G
CSqGSIb3DQEBCwUAA4IBAQBx/stIdYKsylCI1yyYYkbSvpeAJ0KDu56lYFxdGfA5
b5KylgOVtpqjLYb9G6y/wPH7gELeNCkZCXKS/X1Z8HyeYVYqygrlv0LLR1T5R4sA
jCy5Pr+FpLxeXHBYcdFs4YZTOpsjDbOIlzSFPwNSnqNE6mCd3HNTrCQehFlCCHns
9G/qcCSVrBJMqbP/zZG+BYS3umLyY56O8/s3HPi1hznE9wa27H4yet/6fQr+mWSZ
cz6yR6ZnYQrJaZKy1b79fBTxVX8EP+Lfbjsp27csTaadgwU5vPVWAGzuFRXMy31c
aabQrsRCvmUyiliQaLWi7ktdtZNOxqwI77J+MsCYtFNZ
-----END CERTIFICATE-----