Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/5324bd-7926-4513-bd1f-68ef3238a72e/1/fFCT5beLjpdGFDExPSDurZRO_A0.roa
File:                     fFCT5beLjpdGFDExPSDurZRO_A0.roa (raw, json)
Hash identifier:          8L7Cv5kJrTwfGNKpOl5MufZst7ckKnruJcAqCFzFRDw=
Subject key identifier:   7C:50:93:E5:B7:8B:8E:97:46:14:31:31:3D:20:EE:AD:94:4E:FC:0D
Certificate issuer:       /CN=36fed2d5eb5b3c5266abaa617c960703c55d0785
Certificate serial:       018CC87118BBB37706E822243ED3CC456958
Authority key identifier: 36:FE:D2:D5:EB:5B:3C:52:66:AB:AA:61:7C:96:07:03:C5:5D:07:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nv7S1etbPFJmq6phfJYHA8VdB4U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/5324bd-7926-4513-bd1f-68ef3238a72e/1/fFCT5beLjpdGFDExPSDurZRO_A0.roa
Signing time:             Tue 02 Jan 2024 04:31:44 +0000
ROA not before:           Tue 02 Jan 2024 04:31:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204861
IP address blocks:        2.57.4.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/5324bd-7926-4513-bd1f-68ef3238a72e/1/Nv7S1etbPFJmq6phfJYHA8VdB4U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/5324bd-7926-4513-bd1f-68ef3238a72e/1/Nv7S1etbPFJmq6phfJYHA8VdB4U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nv7S1etbPFJmq6phfJYHA8VdB4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:18:bb:b3:77:06:e8:22:24:3e:d3:cc:45:69:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36fed2d5eb5b3c5266abaa617c960703c55d0785
        Validity
            Not Before: Jan  2 04:31:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c5093e5b78b8e97461431313d20eead944efc0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:05:5f:68:d2:bc:cc:83:f6:5b:a9:d8:86:07:
                    8a:dd:9e:20:27:02:47:3a:de:b0:c9:0c:ed:3e:73:
                    b0:1b:6f:4b:49:93:6b:1f:43:89:e5:e1:8e:fc:79:
                    47:eb:6e:04:9c:d0:ce:fa:0b:a2:a4:60:07:a5:f2:
                    46:65:be:dd:e5:09:08:d0:27:a8:61:80:1d:ed:b6:
                    24:d1:c3:43:da:23:83:10:bf:6d:0e:2d:11:fc:2f:
                    2c:b3:87:52:b2:e0:a2:59:b5:b5:e5:09:b3:ad:68:
                    c4:ef:ca:93:42:1a:0c:9c:2d:eb:c1:ab:ae:50:07:
                    dd:21:df:46:d0:32:d4:8c:f8:a5:f1:18:ba:12:01:
                    b1:39:d0:e8:fe:07:1f:19:e2:e6:70:52:8c:c5:09:
                    af:76:8f:96:ab:f7:be:6a:99:41:07:f5:40:19:9a:
                    7f:24:7a:26:da:6f:06:14:89:3f:8d:3a:01:6b:3e:
                    be:1a:17:36:3b:96:6a:ff:6c:05:84:eb:ef:06:0f:
                    0b:1f:cc:ea:73:bf:5b:bc:c9:6c:d4:48:67:ce:8d:
                    9a:89:b6:cb:39:52:6f:cd:9a:e7:f6:51:c7:4a:74:
                    c2:4c:80:bc:aa:ae:83:35:5f:fb:5a:9e:bb:dc:e8:
                    46:f7:98:99:1b:d4:2b:c1:8f:36:55:99:ea:63:8c:
                    bd:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:50:93:E5:B7:8B:8E:97:46:14:31:31:3D:20:EE:AD:94:4E:FC:0D
            X509v3 Authority Key Identifier:
                keyid:36:FE:D2:D5:EB:5B:3C:52:66:AB:AA:61:7C:96:07:03:C5:5D:07:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nv7S1etbPFJmq6phfJYHA8VdB4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5324bd-7926-4513-bd1f-68ef3238a72e/1/fFCT5beLjpdGFDExPSDurZRO_A0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5324bd-7926-4513-bd1f-68ef3238a72e/1/Nv7S1etbPFJmq6phfJYHA8VdB4U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         26:6a:42:07:ef:f9:87:76:97:20:41:2e:32:f2:ac:d1:37:96:
         4b:50:ec:f5:ae:63:85:16:ca:d6:65:f8:2a:ba:0c:92:2a:63:
         96:6b:8b:9c:92:4b:6c:58:c5:a2:a1:38:ed:17:9c:f6:75:ae:
         c1:c7:31:5c:56:80:6f:f8:44:80:c9:74:41:0a:a4:ce:66:d7:
         40:0c:b9:41:7f:17:cb:6c:20:0f:75:3b:00:b0:14:23:ae:63:
         03:1b:d7:33:22:01:ee:e1:75:c1:69:b0:cf:0d:48:49:63:01:
         20:31:82:f3:70:3f:a2:e6:2b:75:92:f4:d5:1b:8d:e8:8d:f8:
         04:3a:a4:98:ad:3d:60:f9:86:38:fe:9c:99:9c:58:6a:0b:ee:
         2e:06:85:25:0c:0c:c1:b3:e4:42:4a:87:b4:66:ab:60:f4:a4:
         fc:46:d0:5b:87:12:2e:f8:79:60:d0:9b:6e:e2:5d:41:be:60:
         f9:d4:65:0a:7b:f7:2e:73:bd:09:e7:e9:cb:81:d3:49:37:6c:
         d0:05:7d:79:3b:cd:7c:cc:16:07:a7:36:7e:f3:24:43:4d:37:
         56:35:d8:9a:c1:c1:d4:91:e4:55:64:6c:65:e5:7d:c1:70:49:
         3a:af:be:4f:35:5b:c8:7a:3e:52:60:1d:bb:76:ca:e1:e0:60:
         5e:51:2c:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcRi7s3cG6CIkPtPMRWlYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2ZmVkMmQ1ZWI1YjNjNTI2NmFiYWE2MTdjOTYwNzAzYzU1
ZDA3ODUwHhcNMjQwMTAyMDQzMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzUwOTNlNWI3OGI4ZTk3NDYxNDMxMzEzZDIwZWVhZDk0NGVmYzBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgVfaNK8zIP2W6nYhgeK3Z4gJwJH
Ot6wyQztPnOwG29LSZNrH0OJ5eGO/HlH624EnNDO+guipGAHpfJGZb7d5QkI0Ceo
YYAd7bYk0cND2iODEL9tDi0R/C8ss4dSsuCiWbW15QmzrWjE78qTQhoMnC3rwauu
UAfdId9G0DLUjPil8Ri6EgGxOdDo/gcfGeLmcFKMxQmvdo+Wq/e+aplBB/VAGZp/
JHom2m8GFIk/jToBaz6+Ghc2O5Zq/2wFhOvvBg8LH8zqc79bvMls1Ehnzo2aibbL
OVJvzZrn9lHHSnTCTIC8qq6DNV/7Wp673OhG95iZG9QrwY82VZnqY4y9iQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHxQk+W3i46XRhQxMT0g7q2UTvwNMB8GA1UdIwQY
MBaAFDb+0tXrWzxSZquqYXyWBwPFXQeFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnY3UzFldGJQRkptcTZwaGZKWUhBOFZkQjRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS81MzI0YmQtNzkyNi00NTEzLWJkMWYt
NjhlZjMyMzhhNzJlLzEvZkZDVDViZUxqcGRHRkRFeFBTRHVyWlJPX0EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS81MzI0YmQtNzkyNi00NTEzLWJkMWYtNjhlZjMyMzhhNzJl
LzEvTnY3UzFldGJQRkptcTZwaGZKWUhBOFZkQjRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCAjkEMA0G
CSqGSIb3DQEBCwUAA4IBAQAmakIH7/mHdpcgQS4y8qzRN5ZLUOz1rmOFFsrWZfgq
ugySKmOWa4uckktsWMWioTjtF5z2da7BxzFcVoBv+ESAyXRBCqTOZtdADLlBfxfL
bCAPdTsAsBQjrmMDG9czIgHu4XXBabDPDUhJYwEgMYLzcD+i5it1kvTVG43ojfgE
OqSYrT1g+YY4/pyZnFhqC+4uBoUlDAzBs+RCSoe0Zqtg9KT8RtBbhxIu+Hlg0Jtu
4l1BvmD51GUKe/cuc70J5+nLgdNJN2zQBX15O818zBYHpzZ+8yRDTTdWNdiawcHU
keRVZGxl5X3BcEk6r75PNVvIej5SYB27dsrh4GBeUSy1
-----END CERTIFICATE-----