Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/5bab79-afaa-4cdd-bc23-40314fc3d874/1/_S1if803oEiFp2Dv-KWrUeVNtE8.roa
File:                     _S1if803oEiFp2Dv-KWrUeVNtE8.roa (raw, json)
Hash identifier:          5okpoIQ5zOMqZAbiIi8zesIfbwqPB0NcTd3Pf+sVzO4=
Subject key identifier:   FD:2D:62:7F:CD:37:A0:48:85:A7:60:EF:F8:A5:AB:51:E5:4D:B4:4F
Certificate issuer:       /CN=8f0064c6f80e0967fbe4e4b8fb24a4143c4857c6
Certificate serial:       018CC72766277CE049B9160C570E71F79CDE
Authority key identifier: 8F:00:64:C6:F8:0E:09:67:FB:E4:E4:B8:FB:24:A4:14:3C:48:57:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jwBkxvgOCWf75OS4-ySkFDxIV8Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/5bab79-afaa-4cdd-bc23-40314fc3d874/1/_S1if803oEiFp2Dv-KWrUeVNtE8.roa
Signing time:             Mon 01 Jan 2024 22:31:36 +0000
ROA not before:           Mon 01 Jan 2024 22:31:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202475
IP address blocks:        193.57.52.0/24 maxlen: 24
                          193.57.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/5bab79-afaa-4cdd-bc23-40314fc3d874/1/jwBkxvgOCWf75OS4-ySkFDxIV8Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/5bab79-afaa-4cdd-bc23-40314fc3d874/1/jwBkxvgOCWf75OS4-ySkFDxIV8Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jwBkxvgOCWf75OS4-ySkFDxIV8Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:66:27:7c:e0:49:b9:16:0c:57:0e:71:f7:9c:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f0064c6f80e0967fbe4e4b8fb24a4143c4857c6
        Validity
            Not Before: Jan  1 22:31:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd2d627fcd37a04885a760eff8a5ab51e54db44f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:20:18:e9:7f:49:5c:2f:1f:2d:c9:16:5a:8b:
                    ac:ac:be:73:86:b7:a1:72:2e:7b:67:53:59:3d:c1:
                    84:e3:f8:e4:32:ea:df:79:31:7a:12:92:f3:7c:a0:
                    eb:15:e8:92:29:01:ac:39:a6:5d:c6:60:77:21:e3:
                    7c:b9:22:95:ec:f2:72:05:bb:74:bb:f4:f6:48:b5:
                    45:6a:04:02:3b:9a:c4:46:82:54:64:8d:74:b4:a4:
                    42:0b:94:9e:27:b8:2e:50:c8:af:d8:a3:98:5d:d7:
                    83:fc:ea:ab:d2:2f:6d:61:0d:c9:96:2d:06:22:2b:
                    90:9f:d1:73:55:57:dd:0f:fe:5b:29:e0:65:7e:28:
                    69:bd:b9:46:23:04:06:f7:52:e9:5e:9d:4f:bb:8b:
                    9c:22:17:61:4b:06:97:21:ab:ba:05:f8:a9:7c:08:
                    f2:28:e2:26:06:87:9a:76:d1:b7:b8:41:41:7e:87:
                    1d:c5:81:93:dc:cc:90:63:47:5c:b0:b2:9a:f0:d5:
                    d6:57:6a:6f:b1:fa:32:eb:69:60:fa:bd:9c:da:f5:
                    c1:00:7b:4d:ab:2a:85:a9:53:86:70:15:3c:2c:49:
                    ed:a7:f8:5d:8d:2b:f4:f5:90:d7:bb:b2:f4:f1:f9:
                    23:90:ae:50:69:35:89:2c:0a:2c:11:17:af:5d:15:
                    9a:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:2D:62:7F:CD:37:A0:48:85:A7:60:EF:F8:A5:AB:51:E5:4D:B4:4F
            X509v3 Authority Key Identifier:
                keyid:8F:00:64:C6:F8:0E:09:67:FB:E4:E4:B8:FB:24:A4:14:3C:48:57:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jwBkxvgOCWf75OS4-ySkFDxIV8Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/5bab79-afaa-4cdd-bc23-40314fc3d874/1/_S1if803oEiFp2Dv-KWrUeVNtE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/5bab79-afaa-4cdd-bc23-40314fc3d874/1/jwBkxvgOCWf75OS4-ySkFDxIV8Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a5:4c:4d:33:94:a8:55:37:66:8b:83:2a:a9:34:d3:47:bc:28:
         09:89:3a:e6:c8:ea:7c:a7:38:c5:6f:fa:8e:d1:cd:24:93:fd:
         34:f0:6e:a4:47:77:b4:f8:2d:16:47:4f:1f:ad:76:e4:3e:f0:
         e0:41:55:52:98:b7:0e:bb:d9:80:c4:a1:61:e0:6b:25:57:c8:
         e6:63:a4:40:2e:09:ca:da:0c:28:25:11:cc:8c:6f:a1:47:e0:
         11:a9:75:8f:65:ca:07:f7:3d:b4:6f:be:64:68:76:01:b4:2e:
         7a:18:00:35:81:1b:26:3b:d0:41:8d:8e:bd:7b:55:15:9b:59:
         87:25:6a:e2:25:50:d4:3b:9f:27:8d:33:13:03:7e:a9:29:d4:
         3e:21:c0:de:8b:3c:7b:a9:ce:82:82:00:4f:0d:9c:63:0a:86:
         82:11:30:ba:4a:fd:34:b6:12:8c:d2:ce:ae:81:b2:6f:11:5e:
         aa:d4:3f:67:29:3a:8d:2b:fc:d1:83:81:6e:20:cc:c2:20:1a:
         bd:1e:c0:53:64:a5:e6:a0:9f:c7:82:d0:54:6b:33:f3:f3:65:
         9d:64:f3:17:35:bc:69:fe:9b:ac:f0:a5:b5:6f:06:2d:53:e7:
         90:d3:12:6d:82:c7:1f:cc:63:c3:14:6c:17:dd:31:5e:7a:91:
         48:86:d1:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ2YnfOBJuRYMVw5x95zeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMDA2NGM2ZjgwZTA5NjdmYmU0ZTRiOGZiMjRhNDE0M2M0
ODU3YzYwHhcNMjQwMTAxMjIzMTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDJkNjI3ZmNkMzdhMDQ4ODVhNzYwZWZmOGE1YWI1MWU1NGRiNDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiAY6X9JXC8fLckWWousrL5zhreh
ci57Z1NZPcGE4/jkMurfeTF6EpLzfKDrFeiSKQGsOaZdxmB3IeN8uSKV7PJyBbt0
u/T2SLVFagQCO5rERoJUZI10tKRCC5SeJ7guUMiv2KOYXdeD/Oqr0i9tYQ3Jli0G
IiuQn9FzVVfdD/5bKeBlfihpvblGIwQG91LpXp1Pu4ucIhdhSwaXIau6BfipfAjy
KOImBoeadtG3uEFBfocdxYGT3MyQY0dcsLKa8NXWV2pvsfoy62lg+r2c2vXBAHtN
qyqFqVOGcBU8LEntp/hdjSv09ZDXu7L08fkjkK5QaTWJLAosERevXRWa1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP0tYn/NN6BIhadg7/ilq1HlTbRPMB8GA1UdIwQY
MBaAFI8AZMb4Dgln++TkuPskpBQ8SFfGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvandCa3h2Z09DV2Y3NU9TNC15U2tGRHhJVjhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy81YmFiNzktYWZhYS00Y2RkLWJjMjMt
NDAzMTRmYzNkODc0LzEvX1MxaWY4MDNvRWlGcDJEdi1LV3JVZVZOdEU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy81YmFiNzktYWZhYS00Y2RkLWJjMjMtNDAzMTRmYzNkODc0
LzEvandCa3h2Z09DV2Y3NU9TNC15U2tGRHhJVjhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwTk0MA0G
CSqGSIb3DQEBCwUAA4IBAQClTE0zlKhVN2aLgyqpNNNHvCgJiTrmyOp8pzjFb/qO
0c0kk/008G6kR3e0+C0WR08frXbkPvDgQVVSmLcOu9mAxKFh4GslV8jmY6RALgnK
2gwoJRHMjG+hR+ARqXWPZcoH9z20b75kaHYBtC56GAA1gRsmO9BBjY69e1UVm1mH
JWriJVDUO58njTMTA36pKdQ+IcDeizx7qc6CggBPDZxjCoaCETC6Sv00thKM0s6u
gbJvEV6q1D9nKTqNK/zRg4FuIMzCIBq9HsBTZKXmoJ/HgtBUazPz82WdZPMXNbxp
/pus8KW1bwYtU+eQ0xJtgscfzGPDFGwX3TFeepFIhtFb
-----END CERTIFICATE-----