Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/1-enz8eg6hyjD5DOIwPXWVJ8PCOY.roa
File:                     1-enz8eg6hyjD5DOIwPXWVJ8PCOY.roa (raw, json)
Hash identifier:          tgLX1TuiDQ8Q0Hyhu4jXqT9Jr6PWNjqWxMAI8C3yYOg=
Subject key identifier:   F9:E9:F3:F1:E8:3A:87:28:C3:E4:33:88:C0:F5:D6:54:9F:0F:08:E6
Certificate issuer:       /CN=015b6d1596ac0501a71a393447051a62ff1dda16
Certificate serial:       018CC348E36DC8E0499FEB15B1B403CC8DAB
Authority key identifier: 01:5B:6D:15:96:AC:05:01:A7:1A:39:34:47:05:1A:62:FF:1D:DA:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AVttFZasBQGnGjk0RwUaYv8d2hY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/1-enz8eg6hyjD5DOIwPXWVJ8PCOY.roa
Signing time:             Mon 01 Jan 2024 04:29:42 +0000
ROA not before:           Mon 01 Jan 2024 04:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209595
IP address blocks:        5.153.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/AVttFZasBQGnGjk0RwUaYv8d2hY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/AVttFZasBQGnGjk0RwUaYv8d2hY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AVttFZasBQGnGjk0RwUaYv8d2hY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e3:6d:c8:e0:49:9f:eb:15:b1:b4:03:cc:8d:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=015b6d1596ac0501a71a393447051a62ff1dda16
        Validity
            Not Before: Jan  1 04:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9e9f3f1e83a8728c3e43388c0f5d6549f0f08e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:23:8e:c2:5c:32:cc:31:0b:6a:92:f9:e0:bd:
                    00:d9:f3:f6:21:a6:e1:4f:8b:5e:7f:7b:f7:20:99:
                    10:e3:b1:71:e7:67:30:e3:a7:15:02:81:41:7d:24:
                    bf:78:93:d8:e3:3b:c4:b2:ed:5d:71:7f:85:db:43:
                    a2:43:b8:4f:a7:44:76:c4:23:87:f5:4e:43:33:3a:
                    92:27:ea:ee:1f:15:ab:44:ff:bf:33:6f:07:23:1c:
                    d3:7d:05:1b:6b:1c:f4:77:c6:1f:ea:7e:ab:ed:d1:
                    9e:50:25:ae:80:a5:bf:de:33:0d:37:c3:ba:0d:cf:
                    88:16:a6:35:9c:24:2d:5d:f3:87:b6:8e:12:12:d8:
                    a5:bd:77:79:1f:5d:71:76:86:f5:db:ac:12:cd:d8:
                    34:c7:4c:39:d2:5e:28:f2:2b:69:6f:35:a2:4d:3c:
                    df:28:4f:8a:eb:a2:a9:c4:14:2f:54:02:b9:e4:35:
                    ef:5e:43:73:bb:23:cc:00:96:5a:0d:dd:ad:bc:23:
                    6e:1e:40:5d:39:b3:62:be:65:e0:31:7f:b5:ce:9e:
                    e8:6f:4b:ff:7e:ee:14:06:de:a6:cb:2d:5a:8f:58:
                    9e:d6:eb:c6:67:dc:37:e4:fe:43:33:bb:f7:d8:f0:
                    d1:c8:64:3f:9d:d5:63:55:d7:3b:ee:f3:fb:ac:a9:
                    1f:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:E9:F3:F1:E8:3A:87:28:C3:E4:33:88:C0:F5:D6:54:9F:0F:08:E6
            X509v3 Authority Key Identifier:
                keyid:01:5B:6D:15:96:AC:05:01:A7:1A:39:34:47:05:1A:62:FF:1D:DA:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AVttFZasBQGnGjk0RwUaYv8d2hY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/1-enz8eg6hyjD5DOIwPXWVJ8PCOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/AVttFZasBQGnGjk0RwUaYv8d2hY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.153.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:08:d7:25:bc:6d:04:12:0f:0d:c5:15:10:5a:63:69:23:a4:
         66:a4:14:56:9d:80:4e:98:30:95:87:25:b1:cb:43:2a:09:c4:
         59:80:9e:e3:64:df:11:46:d1:1d:4b:41:ad:14:06:67:65:92:
         6f:b2:f3:a3:77:4f:fb:1e:42:84:6f:d6:58:8d:3f:e9:58:55:
         e2:e4:fe:08:f1:6a:60:bc:4e:57:dc:5a:7d:00:8d:83:9c:06:
         11:bf:59:8c:0a:fc:83:d0:9f:94:58:cd:55:2b:aa:31:07:f7:
         e4:80:24:f4:96:91:e5:d5:c2:5a:be:6b:bc:95:09:fd:d6:0d:
         58:73:aa:fc:ce:b6:ee:07:ec:f7:c3:42:9f:fd:6c:da:44:4d:
         d5:13:06:c6:ac:bf:3d:da:f6:46:69:f4:40:9a:ea:a7:59:70:
         a7:62:1a:a5:a9:d1:fe:62:56:b2:46:d0:34:43:b9:27:0f:c3:
         5f:75:e0:db:d0:7b:e8:4e:f3:9b:2f:00:db:61:71:e8:92:e9:
         c3:dc:b2:4d:8d:eb:f5:c5:48:6d:67:3f:41:e5:33:80:a8:86:
         24:aa:a5:5d:d4:dd:79:23:7a:fd:c2:48:18:8e:88:a6:ef:e6:
         8f:f7:34:a9:aa:28:18:41:c1:da:28:e1:db:79:13:e5:0f:6e:
         99:f7:75:39
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSONtyOBJn+sVsbQDzI2rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNWI2ZDE1OTZhYzA1MDFhNzFhMzkzNDQ3MDUxYTYyZmYx
ZGRhMTYwHhcNMjQwMTAxMDQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWU5ZjNmMWU4M2E4NzI4YzNlNDMzODhjMGY1ZDY1NDlmMGYwOGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlCOOwlwyzDELapL54L0A2fP2Iabh
T4tef3v3IJkQ47Fx52cw46cVAoFBfSS/eJPY4zvEsu1dcX+F20OiQ7hPp0R2xCOH
9U5DMzqSJ+ruHxWrRP+/M28HIxzTfQUbaxz0d8Yf6n6r7dGeUCWugKW/3jMNN8O6
Dc+IFqY1nCQtXfOHto4SEtilvXd5H11xdob126wSzdg0x0w50l4o8itpbzWiTTzf
KE+K66KpxBQvVAK55DXvXkNzuyPMAJZaDd2tvCNuHkBdObNivmXgMX+1zp7ob0v/
fu4UBt6myy1aj1ie1uvGZ9w35P5DM7v32PDRyGQ/ndVjVdc77vP7rKkfvQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPnp8/HoOocow+QziMD11lSfDwjmMB8GA1UdIwQY
MBaAFAFbbRWWrAUBpxo5NEcFGmL/HdoWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVZ0dEZaYXNCUUduR2prMFJ3VWFZdjhkMmhZLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC81MmE4OGYtZTlhMi00ODUxLTkxNDgt
ZmVlOGYzNzkwNTY3LzEvMS1lbno4ZWc2aHlqRDVET0l3UFhXVko4UENPWS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjQvNTJhODhmLWU5YTItNDg1MS05MTQ4LWZlZThmMzc5MDU2
Ny8xL0FWdHRGWmFzQlFHbkdqazBSd1VhWXY4ZDJoWS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAWZrDAN
BgkqhkiG9w0BAQsFAAOCAQEAaAjXJbxtBBIPDcUVEFpjaSOkZqQUVp2ATpgwlYcl
sctDKgnEWYCe42TfEUbRHUtBrRQGZ2WSb7Lzo3dP+x5ChG/WWI0/6VhV4uT+CPFq
YLxOV9xafQCNg5wGEb9ZjAr8g9CflFjNVSuqMQf35IAk9JaR5dXCWr5rvJUJ/dYN
WHOq/M627gfs98NCn/1s2kRN1RMGxqy/Pdr2Rmn0QJrqp1lwp2IapanR/mJWskbQ
NEO5Jw/DX3Xg29B76E7zmy8A22Fx6JLpw9yyTY3r9cVIbWc/QeUzgKiGJKqlXdTd
eSN6/cJIGI6Ipu/mj/c0qaooGEHB2ijh23kT5Q9umfd1OQ==
-----END CERTIFICATE-----