Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/5zPwNgZxj6B6ClgmZJ_fxErKNSc.roa
File:                     5zPwNgZxj6B6ClgmZJ_fxErKNSc.roa (raw, json)
Hash identifier:          qu7XAxqp7t6ycDtE9iLVduRfbpTF3d4dh3tNmsnsyM4=
Subject key identifier:   E7:33:F0:36:06:71:8F:A0:7A:0A:58:26:64:9F:DF:C4:4A:CA:35:27
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       018CC80121A893EC6D058F3041CB3ACBF96D
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/5zPwNgZxj6B6ClgmZJ_fxErKNSc.roa
Signing time:             Tue 02 Jan 2024 02:29:26 +0000
ROA not before:           Tue 02 Jan 2024 02:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6832
IP address blocks:        159.148.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:21:a8:93:ec:6d:05:8f:30:41:cb:3a:cb:f9:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jan  2 02:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e733f03606718fa07a0a5826649fdfc44aca3527
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ca:66:b6:63:3d:85:10:c0:78:02:c5:87:c6:
                    75:4c:58:39:50:55:af:5e:53:c2:cb:09:6c:4a:61:
                    3c:6c:f4:9f:4f:e3:f3:ff:aa:04:bf:56:ea:13:cd:
                    a8:bb:63:8a:e8:ba:46:9b:a2:a0:09:76:d8:0f:12:
                    0a:a5:b4:5e:28:50:c5:d2:8b:b0:e6:cb:2e:5e:05:
                    9e:eb:ec:f8:9e:6a:37:d4:3b:3e:04:1d:7c:e1:ab:
                    69:dc:fa:f2:14:5b:66:68:3f:ec:0f:2b:87:01:63:
                    e4:94:e8:3e:40:23:a1:fa:92:c7:24:1f:9b:fc:f4:
                    51:fd:c9:e1:79:d7:d3:14:d2:a5:d1:ab:a0:83:3d:
                    68:5a:26:16:74:2c:37:cd:60:7a:06:c8:25:56:76:
                    68:a2:e5:9e:17:ec:5b:12:77:62:b1:97:f5:35:de:
                    70:5d:05:ac:83:6b:ab:07:e7:47:33:5a:ff:33:dd:
                    c9:7d:6b:f6:49:0c:f9:0f:09:ad:d0:e7:50:d6:02:
                    05:e2:f5:0f:5c:88:01:d1:6a:e4:7d:45:0f:77:3f:
                    d6:77:9e:ae:ce:10:97:b5:8f:f5:c5:47:45:a8:34:
                    eb:65:90:cb:4b:8d:c4:ee:4e:be:ec:20:b1:5e:10:
                    37:c4:3d:b1:af:b8:38:bb:0a:e7:4e:03:c6:f1:77:
                    f9:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:33:F0:36:06:71:8F:A0:7A:0A:58:26:64:9F:DF:C4:4A:CA:35:27
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/5zPwNgZxj6B6ClgmZJ_fxErKNSc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.148.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:3f:1f:88:33:45:5f:b7:b1:d7:d7:94:b6:72:c3:a2:53:52:
         4a:43:30:a3:13:10:b8:dd:86:d2:03:02:b1:20:fb:59:64:ab:
         bd:5e:e3:fd:f4:c5:87:14:c1:18:ba:e7:2c:4e:a6:3a:81:e7:
         fd:b0:d6:bd:59:5a:2f:e1:5d:b7:7c:1a:0d:19:e9:03:0a:aa:
         61:0e:75:b0:26:2b:36:12:28:66:28:24:9b:9b:4c:70:2c:41:
         43:98:b7:a6:6e:9b:8e:8e:e8:7c:66:60:6a:7d:03:83:8b:57:
         96:4d:06:12:87:d7:8f:8d:0a:87:c0:79:15:b3:16:26:71:3e:
         43:ac:0a:48:27:f7:a8:30:74:c7:0f:03:1c:55:94:87:9b:d3:
         e6:2c:5c:d2:c8:42:4f:b9:7b:2b:b9:2b:fb:a9:d9:8e:40:3c:
         56:63:03:54:73:62:c5:4d:68:32:29:e9:08:3e:33:fe:c6:60:
         28:36:75:2d:f8:82:45:41:20:0f:2d:03:86:56:96:9a:99:27:
         f8:4a:1b:64:dc:42:2e:64:05:aa:06:8b:2f:b1:09:19:fe:66:
         82:2e:bb:2b:fe:a7:2d:27:15:97:31:a5:ec:62:25:8c:ea:44:
         e8:91:80:72:22:1d:49:cf:1f:6e:40:16:ba:15:a5:58:38:97:
         a0:f0:d0:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIASGok+xtBY8wQcs6y/ltMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQwMTAyMDIyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzMzZjAzNjA2NzE4ZmEwN2EwYTU4MjY2NDlmZGZjNDRhY2EzNTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoMpmtmM9hRDAeALFh8Z1TFg5UFWv
XlPCywlsSmE8bPSfT+Pz/6oEv1bqE82ou2OK6LpGm6KgCXbYDxIKpbReKFDF0ouw
5ssuXgWe6+z4nmo31Ds+BB184atp3PryFFtmaD/sDyuHAWPklOg+QCOh+pLHJB+b
/PRR/cnhedfTFNKl0auggz1oWiYWdCw3zWB6BsglVnZoouWeF+xbEndisZf1Nd5w
XQWsg2urB+dHM1r/M93JfWv2SQz5Dwmt0OdQ1gIF4vUPXIgB0WrkfUUPdz/Wd56u
zhCXtY/1xUdFqDTrZZDLS43E7k6+7CCxXhA3xD2xr7g4uwrnTgPG8Xf5WQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOcz8DYGcY+gegpYJmSf38RKyjUnMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvNXpQd05nWnhqNkI2Q2xnbVpKX2Z4RXJLTlNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn5SQMA0G
CSqGSIb3DQEBCwUAA4IBAQBTPx+IM0Vft7HX15S2csOiU1JKQzCjExC43YbSAwKx
IPtZZKu9XuP99MWHFMEYuucsTqY6gef9sNa9WVov4V23fBoNGekDCqphDnWwJis2
EihmKCSbm0xwLEFDmLembpuOjuh8ZmBqfQODi1eWTQYSh9ePjQqHwHkVsxYmcT5D
rApIJ/eoMHTHDwMcVZSHm9PmLFzSyEJPuXsruSv7qdmOQDxWYwNUc2LFTWgyKekI
PjP+xmAoNnUt+IJFQSAPLQOGVpaamSf4Shtk3EIuZAWqBosvsQkZ/maCLrsr/qct
JxWXMaXsYiWM6kTokYByIh1Jzx9uQBa6FaVYOJeg8NDd
-----END CERTIFICATE-----