Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/IOS5lnyJn3Mn3GWKT5zxb-6aIis.roa
File:                     IOS5lnyJn3Mn3GWKT5zxb-6aIis.roa (raw, json)
Hash identifier:          Fj8pUMlgR7s+v9bZc9O2VBfhcvKGMejPgcB1+qBcBJA=
Subject key identifier:   20:E4:B9:96:7C:89:9F:73:27:DC:65:8A:4F:9C:F1:6F:EE:9A:22:2B
Certificate issuer:       /CN=015b6d1596ac0501a71a393447051a62ff1dda16
Certificate serial:       018CC348E2A205B29B14E2F77A970A2CC604
Authority key identifier: 01:5B:6D:15:96:AC:05:01:A7:1A:39:34:47:05:1A:62:FF:1D:DA:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AVttFZasBQGnGjk0RwUaYv8d2hY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/IOS5lnyJn3Mn3GWKT5zxb-6aIis.roa
Signing time:             Mon 01 Jan 2024 04:29:42 +0000
ROA not before:           Mon 01 Jan 2024 04:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202279
IP address blocks:        128.0.80.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/AVttFZasBQGnGjk0RwUaYv8d2hY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/AVttFZasBQGnGjk0RwUaYv8d2hY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AVttFZasBQGnGjk0RwUaYv8d2hY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e2:a2:05:b2:9b:14:e2:f7:7a:97:0a:2c:c6:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=015b6d1596ac0501a71a393447051a62ff1dda16
        Validity
            Not Before: Jan  1 04:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20e4b9967c899f7327dc658a4f9cf16fee9a222b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:6e:07:81:ba:07:5d:66:3b:a1:7d:56:27:c9:
                    b9:6a:8c:60:cd:d2:a0:3b:b3:2e:6f:57:b5:32:78:
                    ab:41:a6:a9:f8:32:78:7b:71:2f:62:d8:ed:6d:3b:
                    8b:d8:68:3d:ae:9f:7a:db:f2:b5:74:49:d3:f0:4c:
                    11:7a:37:ac:2c:9e:ae:3c:a0:e7:89:e9:09:e4:34:
                    33:bf:74:d4:71:6e:3e:df:a4:e0:61:e0:0f:c2:97:
                    ed:a6:19:50:4c:1d:ce:27:d5:0a:21:1a:8b:64:d5:
                    ab:92:d1:a1:8f:7d:89:73:b1:e9:25:b0:e2:78:c5:
                    93:e4:cd:12:a9:63:bb:be:43:5a:5b:7b:0d:bb:a2:
                    14:37:2f:21:aa:15:3e:02:dc:32:d5:e7:d2:1f:24:
                    12:9d:d4:69:a6:3b:f9:52:aa:68:58:a3:51:22:26:
                    fd:19:81:ff:1d:14:c8:b0:0d:05:10:9d:a2:1b:80:
                    bb:ce:28:9b:38:b0:38:93:e3:12:f2:1b:38:c2:38:
                    87:77:a4:80:53:05:fe:97:e9:84:ac:f6:22:11:7f:
                    c2:63:a8:a2:52:a1:6f:94:ea:7b:83:f3:64:10:1c:
                    ee:f7:8d:e2:ea:dc:81:3d:91:cf:b6:18:f9:2a:8e:
                    6b:af:b4:3d:f9:55:b0:42:1a:54:a2:00:c1:d2:cc:
                    11:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:E4:B9:96:7C:89:9F:73:27:DC:65:8A:4F:9C:F1:6F:EE:9A:22:2B
            X509v3 Authority Key Identifier:
                keyid:01:5B:6D:15:96:AC:05:01:A7:1A:39:34:47:05:1A:62:FF:1D:DA:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AVttFZasBQGnGjk0RwUaYv8d2hY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/IOS5lnyJn3Mn3GWKT5zxb-6aIis.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/AVttFZasBQGnGjk0RwUaYv8d2hY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.0.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         71:62:14:dc:4e:b6:35:1a:58:07:da:75:3c:21:4d:e1:d2:c5:
         db:ec:ee:4e:d1:51:d3:6b:53:ab:51:96:63:c7:a2:ff:6b:e2:
         06:91:66:11:ea:fd:24:27:51:04:07:f4:a9:91:74:ef:07:6a:
         20:2b:59:ed:a4:41:2d:2c:47:a7:32:c1:ae:de:0a:c2:9b:80:
         8a:5e:a4:f3:99:c0:28:38:70:e4:2d:82:ba:ac:75:ac:57:14:
         c7:37:f2:9c:59:12:5c:d9:c8:38:1a:b7:3d:c8:3e:5b:52:88:
         65:da:6d:f1:4a:9c:57:b8:57:42:90:97:ea:b9:42:09:fa:6f:
         0c:5e:7e:1f:74:4d:be:af:a2:29:03:7f:f4:79:d1:63:15:c2:
         ee:cd:89:ef:42:7c:80:bc:83:a0:3f:3c:6a:b0:9a:7f:f2:07:
         a0:42:09:7a:40:f2:89:bc:fc:1b:ff:40:0f:fc:9e:4d:5c:b3:
         9e:7d:c5:84:b5:f3:5c:84:dc:84:36:1f:5a:91:b4:97:1b:b6:
         25:a7:fd:af:2a:f8:bf:30:70:41:9e:c7:7b:de:a7:d6:6b:e9:
         2c:9d:a4:9f:5b:49:8f:41:c7:12:5b:ce:1c:f4:b7:a2:4a:7b:
         77:27:34:ea:8e:dc:71:c5:b9:61:82:87:16:11:5a:ec:f6:48:
         23:1b:f9:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSOKiBbKbFOL3epcKLMYEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNWI2ZDE1OTZhYzA1MDFhNzFhMzkzNDQ3MDUxYTYyZmYx
ZGRhMTYwHhcNMjQwMTAxMDQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGU0Yjk5NjdjODk5ZjczMjdkYzY1OGE0ZjljZjE2ZmVlOWEyMjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp24HgboHXWY7oX1WJ8m5aoxgzdKg
O7Mub1e1MnirQaap+DJ4e3EvYtjtbTuL2Gg9rp962/K1dEnT8EwRejesLJ6uPKDn
iekJ5DQzv3TUcW4+36TgYeAPwpftphlQTB3OJ9UKIRqLZNWrktGhj32Jc7HpJbDi
eMWT5M0SqWO7vkNaW3sNu6IUNy8hqhU+Atwy1efSHyQSndRppjv5UqpoWKNRIib9
GYH/HRTIsA0FEJ2iG4C7ziibOLA4k+MS8hs4wjiHd6SAUwX+l+mErPYiEX/CY6ii
UqFvlOp7g/NkEBzu943i6tyBPZHPthj5Ko5rr7Q9+VWwQhpUogDB0swRAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCDkuZZ8iZ9zJ9xlik+c8W/umiIrMB8GA1UdIwQY
MBaAFAFbbRWWrAUBpxo5NEcFGmL/HdoWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVZ0dEZaYXNCUUduR2prMFJ3VWFZdjhkMmhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC81MmE4OGYtZTlhMi00ODUxLTkxNDgt
ZmVlOGYzNzkwNTY3LzEvSU9TNWxueUpuM01uM0dXS1Q1enhiLTZhSWlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC81MmE4OGYtZTlhMi00ODUxLTkxNDgtZmVlOGYzNzkwNTY3
LzEvQVZ0dEZaYXNCUUduR2prMFJ3VWFZdjhkMmhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCgABQMA0G
CSqGSIb3DQEBCwUAA4IBAQBxYhTcTrY1GlgH2nU8IU3h0sXb7O5O0VHTa1OrUZZj
x6L/a+IGkWYR6v0kJ1EEB/SpkXTvB2ogK1ntpEEtLEenMsGu3grCm4CKXqTzmcAo
OHDkLYK6rHWsVxTHN/KcWRJc2cg4Grc9yD5bUohl2m3xSpxXuFdCkJfquUIJ+m8M
Xn4fdE2+r6IpA3/0edFjFcLuzYnvQnyAvIOgPzxqsJp/8gegQgl6QPKJvPwb/0AP
/J5NXLOefcWEtfNchNyENh9akbSXG7Ylp/2vKvi/MHBBnsd73qfWa+ksnaSfW0mP
QccSW84c9LeiSnt3JzTqjtxxxblhgocWEVrs9kgjG/nG
-----END CERTIFICATE-----