Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/e70d98-426e-46fe-afaf-82139f3b433c/1/tNe6Hc1PXnhTBWXei2RjM_J5_Vc.roa
File:                     tNe6Hc1PXnhTBWXei2RjM_J5_Vc.roa (raw, json)
Hash identifier:          fFS+4FijofseuSwI/cd8tweKbPxpEjrC2ERUD2U2gVw=
Subject key identifier:   B4:D7:BA:1D:CD:4F:5E:78:53:05:65:DE:8B:64:63:33:F2:79:FD:57
Certificate issuer:       /CN=fb5d3e114fbce2cf0f920431c56a7c73dfda5a7e
Certificate serial:       018EE18840FF491BEACBDF72FA0CB587A924
Authority key identifier: FB:5D:3E:11:4F:BC:E2:CF:0F:92:04:31:C5:6A:7C:73:DF:DA:5A:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-10-EU-84s8PkgQxxWp8c9_aWn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/e70d98-426e-46fe-afaf-82139f3b433c/1/tNe6Hc1PXnhTBWXei2RjM_J5_Vc.roa
Signing time:             Mon 15 Apr 2024 11:33:06 +0000
ROA not before:           Mon 15 Apr 2024 11:33:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57032
IP address blocks:        2.57.239.0/24 maxlen: 24
                          2a12:9bc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/e70d98-426e-46fe-afaf-82139f3b433c/1/1-10-EU-84s8PkgQxxWp8c9_aWn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/e70d98-426e-46fe-afaf-82139f3b433c/1/1-10-EU-84s8PkgQxxWp8c9_aWn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-10-EU-84s8PkgQxxWp8c9_aWn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e1:88:40:ff:49:1b:ea:cb:df:72:fa:0c:b5:87:a9:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb5d3e114fbce2cf0f920431c56a7c73dfda5a7e
        Validity
            Not Before: Apr 15 11:33:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4d7ba1dcd4f5e78530565de8b646333f279fd57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:0a:a3:0f:3e:35:bd:f4:78:53:24:73:fb:dd:
                    bc:50:22:4f:84:4d:a6:11:1e:b4:8f:c7:30:e4:a0:
                    2e:51:99:cc:6f:8f:1b:03:c9:f8:51:6d:e0:49:39:
                    b2:34:b5:83:f5:3b:55:2a:80:e2:eb:be:91:e3:22:
                    24:26:8a:a4:bf:ae:fd:91:ca:9d:75:84:7e:4a:4a:
                    7f:c1:4c:c4:95:97:c7:26:e5:39:50:19:52:b8:85:
                    ba:d7:f2:07:ac:57:07:5e:c7:63:50:0e:4d:37:77:
                    d9:9f:05:1e:1b:e6:74:ed:dc:ae:a6:8a:1b:a6:54:
                    73:fc:ce:ba:e6:24:7e:ba:1b:72:8f:bb:e9:22:62:
                    b6:ee:b4:b9:52:9e:93:40:03:26:05:be:26:d7:fd:
                    13:c6:14:2c:f8:57:38:77:88:75:7e:5b:64:48:33:
                    ca:85:20:6a:7e:3c:ff:24:9f:34:63:46:6e:a0:5c:
                    88:19:47:84:95:be:9b:1e:73:81:99:4d:75:3f:5c:
                    60:37:53:a7:cd:4e:7b:16:0e:83:89:9c:a9:b7:c7:
                    4d:07:b8:a7:9a:9c:f5:bd:ae:54:ed:ae:4d:72:39:
                    2e:b8:92:02:81:33:58:8f:c8:ad:6a:55:0e:65:de:
                    b7:ef:c8:c7:05:3e:fc:0b:10:3e:f2:d4:0c:09:d4:
                    df:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:D7:BA:1D:CD:4F:5E:78:53:05:65:DE:8B:64:63:33:F2:79:FD:57
            X509v3 Authority Key Identifier:
                keyid:FB:5D:3E:11:4F:BC:E2:CF:0F:92:04:31:C5:6A:7C:73:DF:DA:5A:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-10-EU-84s8PkgQxxWp8c9_aWn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/e70d98-426e-46fe-afaf-82139f3b433c/1/tNe6Hc1PXnhTBWXei2RjM_J5_Vc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/e70d98-426e-46fe-afaf-82139f3b433c/1/1-10-EU-84s8PkgQxxWp8c9_aWn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.239.0/24
                IPv6:
                  2a12:9bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         3a:21:62:dd:a0:35:3b:fb:87:c8:1e:48:3a:ab:5f:0d:b0:0d:
         2a:7a:c4:8e:80:a3:57:d1:7c:89:3a:58:e2:77:d4:a6:bf:d1:
         7f:9f:96:05:39:44:ed:93:c0:58:e1:3b:ae:6e:4a:d2:81:f1:
         b6:3b:8d:4e:32:78:9c:31:ed:1c:fc:09:f5:7a:d1:5f:34:e8:
         b6:55:ae:90:01:6f:c0:70:9c:f3:cb:8f:4d:81:54:99:2d:0d:
         39:81:c1:a9:93:1e:e9:01:24:eb:b1:2c:19:c7:fc:15:72:59:
         89:41:6f:22:36:56:fd:22:58:df:84:09:94:3f:2d:de:78:23:
         b4:e9:63:00:43:65:39:72:a1:77:f7:e3:d9:e6:0f:65:f3:db:
         00:1c:f8:cd:38:48:f6:08:06:cd:ba:75:1b:b2:a4:83:b0:71:
         27:4c:09:4f:f8:4f:57:98:36:6f:09:b2:9f:1a:ba:c4:8f:52:
         2b:f7:bf:7b:12:18:ab:dc:e9:8f:f2:38:c9:d0:18:e0:7d:6c:
         df:e6:ea:80:27:0c:e9:9c:8d:ac:cb:17:23:a4:3f:12:29:ef:
         8b:c7:30:fb:c4:11:42:63:a5:31:dc:03:e7:4a:02:f2:71:d1:
         73:f3:57:a6:c0:77:eb:af:b4:dd:94:fa:da:fb:de:8e:9d:52:
         89:49:e7:f7
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY7hiED/SRvqy99y+gy1h6kkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiNWQzZTExNGZiY2UyY2YwZjkyMDQzMWM1NmE3YzczZGZk
YTVhN2UwHhcNMjQwNDE1MTEzMzA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGQ3YmExZGNkNGY1ZTc4NTMwNTY1ZGU4YjY0NjMzM2YyNzlmZDU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAqjDz41vfR4UyRz+928UCJPhE2m
ER60j8cw5KAuUZnMb48bA8n4UW3gSTmyNLWD9TtVKoDi676R4yIkJoqkv679kcqd
dYR+Skp/wUzElZfHJuU5UBlSuIW61/IHrFcHXsdjUA5NN3fZnwUeG+Z07dyupoob
plRz/M665iR+uhtyj7vpImK27rS5Up6TQAMmBb4m1/0TxhQs+Fc4d4h1fltkSDPK
hSBqfjz/JJ80Y0ZuoFyIGUeElb6bHnOBmU11P1xgN1OnzU57Fg6DiZypt8dNB7in
mpz1va5U7a5NcjkuuJICgTNYj8italUOZd6378jHBT78CxA+8tQMCdTf5QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLTXuh3NT154UwVl3otkYzPyef1XMB8GA1UdIwQY
MBaAFPtdPhFPvOLPD5IEMcVqfHPf2lp+MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS0xMC1FVS04NHM4UGtnUXh4V3A4YzlfYVduNC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjIvZTcwZDk4LTQyNmUtNDZmZS1hZmFm
LTgyMTM5ZjNiNDMzYy8xL3ROZTZIYzFQWG5oVEJXWGVpMlJqTV9KNV9WYy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZjIvZTcwZDk4LTQyNmUtNDZmZS1hZmFmLTgyMTM5ZjNiNDMz
Yy8xLzEtMTAtRVUtODRzOFBrZ1F4eFdwOGM5X2FXbjQuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBAACOe8w
DQQCAAIwBwMFAyoSm8AwDQYJKoZIhvcNAQELBQADggEBADohYt2gNTv7h8geSDqr
Xw2wDSp6xI6Ao1fRfIk6WOJ31Ka/0X+flgU5RO2TwFjhO65uStKB8bY7jU4yeJwx
7Rz8CfV60V806LZVrpABb8BwnPPLj02BVJktDTmBwamTHukBJOuxLBnH/BVyWYlB
byI2Vv0iWN+ECZQ/Ld54I7TpYwBDZTlyoXf349nmD2Xz2wAc+M04SPYIBs26dRuy
pIOwcSdMCU/4T1eYNm8Jsp8ausSPUiv3v3sSGKvc6Y/yOMnQGOB9bN/m6oAnDOmc
jazLFyOkPxIp74vHMPvEEUJjpTHcA+dKAvJx0XPzV6bAd+uvtN2U+tr73o6dUolJ
5/c=
-----END CERTIFICATE-----