Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/1-oCWye8rHIOCz7buRoOPFWfkOcs.roa
File:                     1-oCWye8rHIOCz7buRoOPFWfkOcs.roa (raw, json)
Hash identifier:          3sZUYsBA/2T7SBuki56Suy1supyrGcXwgS0WJtCJGoA=
Subject key identifier:   FA:80:96:C9:EF:2B:1C:83:82:CF:B6:EE:46:83:8F:15:67:E4:39:CB
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018CC94E4477A21609748B92BD5EB3075B90
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/1-oCWye8rHIOCz7buRoOPFWfkOcs.roa
Signing time:             Tue 02 Jan 2024 08:33:18 +0000
ROA not before:           Tue 02 Jan 2024 08:33:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216226
IP address blocks:        5.253.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:44:77:a2:16:09:74:8b:92:bd:5e:b3:07:5b:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 08:33:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa8096c9ef2b1c8382cfb6ee46838f1567e439cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:e3:23:1f:7b:af:3f:e1:6f:c3:ac:10:9d:99:
                    51:c4:67:e0:9a:c5:ab:1d:63:09:11:34:70:0d:eb:
                    41:ab:02:52:f1:b3:fd:9b:17:b7:af:a9:4d:c7:50:
                    3c:b3:70:8f:9f:c7:89:76:f1:f3:92:b4:69:f9:fa:
                    cd:e5:5e:7e:eb:8e:af:57:7e:0d:d6:48:0d:75:99:
                    75:1c:ec:00:08:09:bf:ea:27:99:9f:1f:a0:9d:17:
                    56:c0:87:ab:a3:39:ef:52:fc:c1:ea:39:69:b6:32:
                    4b:a4:dd:aa:95:61:da:45:7c:6e:06:76:31:bb:7f:
                    a5:3e:6f:81:cc:ff:87:a6:84:68:fb:f7:1d:55:87:
                    ee:cf:3b:05:fc:3a:2d:e5:4c:f5:a0:c3:5a:1e:e6:
                    77:a0:84:0f:7b:27:e7:1d:47:55:42:b2:ea:99:43:
                    12:61:96:48:46:2a:cb:52:16:e3:87:05:e9:56:73:
                    78:e2:0e:23:ad:8b:7b:1b:38:e4:48:f5:ee:e6:2f:
                    51:c9:12:7b:e8:c5:28:0f:dd:5f:b3:1a:45:a5:6e:
                    1a:26:e9:33:2e:a9:08:e9:33:5b:55:38:ce:31:1b:
                    78:21:a2:b2:ea:98:87:c3:62:d0:7f:18:6d:17:57:
                    bd:25:6c:4d:4c:43:dc:a6:8c:66:63:be:32:7d:d6:
                    c3:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:80:96:C9:EF:2B:1C:83:82:CF:B6:EE:46:83:8F:15:67:E4:39:CB
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/1-oCWye8rHIOCz7buRoOPFWfkOcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:62:8f:a2:f4:13:bc:77:65:a3:71:15:66:6a:05:11:0c:43:
         f7:d0:9d:2b:22:20:dc:f4:cd:20:34:23:da:46:ae:24:37:70:
         63:49:5d:7f:f9:22:eb:79:5b:88:fa:7e:f4:97:f9:21:22:c7:
         c2:80:90:f4:f6:e3:03:8c:88:c6:cd:79:81:b3:dc:27:99:ca:
         cd:38:49:1b:b1:db:0d:d3:9e:94:bf:cd:32:2a:e9:e9:57:c7:
         d9:31:1d:12:d1:5d:20:a2:c7:ca:ff:3a:bc:26:f6:3a:2b:54:
         14:4b:87:00:b5:79:3d:a4:57:3c:6a:31:7d:11:f2:dc:fb:ef:
         f9:d9:05:59:9b:05:fe:73:08:ee:f0:51:d8:a4:dd:80:2d:85:
         72:fa:18:b5:f4:60:d2:09:09:fb:ab:20:f8:02:11:68:19:7f:
         26:69:6a:ef:b6:83:83:16:4c:88:d3:c9:a1:63:0e:ed:2b:ff:
         e5:de:a8:62:06:62:a3:43:9e:2f:72:be:82:b4:8c:1a:92:0b:
         d1:25:bb:f5:26:e9:1e:3f:ce:98:b0:1f:8e:d2:2b:39:3d:1c:
         c2:ad:61:80:65:02:e8:b3:a7:fa:7a:fc:91:d6:6a:67:71:1d:
         e4:9f:ee:4e:29:89:16:ad:f2:20:eb:7a:7b:80:b1:f5:4c:63:
         7d:a9:af:95
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJTkR3ohYJdIuSvV6zB1uQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwMTAyMDgzMzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTgwOTZjOWVmMmIxYzgzODJjZmI2ZWU0NjgzOGYxNTY3ZTQzOWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkuMjH3uvP+Fvw6wQnZlRxGfgmsWr
HWMJETRwDetBqwJS8bP9mxe3r6lNx1A8s3CPn8eJdvHzkrRp+frN5V5+646vV34N
1kgNdZl1HOwACAm/6ieZnx+gnRdWwIeroznvUvzB6jlptjJLpN2qlWHaRXxuBnYx
u3+lPm+BzP+HpoRo+/cdVYfuzzsF/Dot5Uz1oMNaHuZ3oIQPeyfnHUdVQrLqmUMS
YZZIRirLUhbjhwXpVnN44g4jrYt7GzjkSPXu5i9RyRJ76MUoD91fsxpFpW4aJukz
LqkI6TNbVTjOMRt4IaKy6piHw2LQfxhtF1e9JWxNTEPcpoxmY74yfdbDFQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPqAlsnvKxyDgs+27kaDjxVn5DnLMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvMS1vQ1d5ZThySElPQ3o3YnVSb09QRldma09jcy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTYvMDk0MDgxLThhZWItNDJiZi1hNTc4LWEzY2EwZGI4MzI1
NC8xL0d3UVZ2OFE3T09uUDBhRXBsU0F1aDJOMUw5NC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAX99TAN
BgkqhkiG9w0BAQsFAAOCAQEAbmKPovQTvHdlo3EVZmoFEQxD99CdKyIg3PTNIDQj
2kauJDdwY0ldf/ki63lbiPp+9Jf5ISLHwoCQ9PbjA4yIxs15gbPcJ5nKzThJG7Hb
DdOelL/NMirp6VfH2TEdEtFdIKLHyv86vCb2OitUFEuHALV5PaRXPGoxfRHy3Pvv
+dkFWZsF/nMI7vBR2KTdgC2FcvoYtfRg0gkJ+6sg+AIRaBl/Jmlq77aDgxZMiNPJ
oWMO7Sv/5d6oYgZio0OeL3K+grSMGpIL0SW79SbpHj/OmLAfjtIrOT0cwq1hgGUC
6LOn+nr8kdZqZ3Ed5J/uTimJFq3yIOt6e4Cx9UxjfamvlQ==
-----END CERTIFICATE-----