Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/q6kvN3zjYkceHbvOmSVaBMb3cv4.roa
File:                     q6kvN3zjYkceHbvOmSVaBMb3cv4.roa (raw, json)
Hash identifier:          Yv0NcbO/wtlvYrZV0sDt9/xWrGJ+JU/sJfYhSbXcQII=
Subject key identifier:   AB:A9:2F:37:7C:E3:62:47:1E:1D:BB:CE:99:25:5A:04:C6:F7:72:FE
Certificate issuer:       /CN=015b6d1596ac0501a71a393447051a62ff1dda16
Certificate serial:       018FA04848B5E9B7FA15CF14F3B2853B8E9E
Authority key identifier: 01:5B:6D:15:96:AC:05:01:A7:1A:39:34:47:05:1A:62:FF:1D:DA:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AVttFZasBQGnGjk0RwUaYv8d2hY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/q6kvN3zjYkceHbvOmSVaBMb3cv4.roa
Signing time:             Wed 22 May 2024 12:30:42 +0000
ROA not before:           Wed 22 May 2024 12:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206810
IP address blocks:        176.96.184.0/22 maxlen: 22
                          176.96.184.0/24 maxlen: 24
                          176.96.185.0/24 maxlen: 24
                          176.96.186.0/24 maxlen: 24
                          176.96.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/AVttFZasBQGnGjk0RwUaYv8d2hY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/AVttFZasBQGnGjk0RwUaYv8d2hY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AVttFZasBQGnGjk0RwUaYv8d2hY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a0:48:48:b5:e9:b7:fa:15:cf:14:f3:b2:85:3b:8e:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=015b6d1596ac0501a71a393447051a62ff1dda16
        Validity
            Not Before: May 22 12:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aba92f377ce362471e1dbbce99255a04c6f772fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b6:9f:be:c6:28:fc:ce:dd:ce:00:2d:1c:40:
                    be:65:d4:45:f9:d6:b6:8a:bd:9e:59:04:a7:9d:62:
                    33:a1:a4:bb:bd:31:ee:46:fd:14:f4:4f:e7:a5:d7:
                    91:5b:1e:c5:5c:d0:df:50:4d:02:fb:7e:26:1d:9b:
                    76:85:ee:3e:61:13:00:b6:d5:ad:ea:ef:96:b9:6d:
                    3a:c1:48:91:70:04:25:2b:0a:60:88:1d:fd:00:c7:
                    35:8f:1b:a7:71:10:7d:cd:d0:92:e9:1d:bc:64:b1:
                    c9:c2:21:3d:ca:70:5a:86:df:e3:1b:cd:eb:a3:b6:
                    0b:e8:ab:3c:97:23:1f:47:f2:4f:bd:2b:2a:d4:45:
                    2a:e8:a9:83:7e:f7:a8:88:e9:db:ec:f0:a9:3c:bf:
                    5f:51:bb:90:c1:36:e0:4f:a1:a5:57:2e:a0:fd:18:
                    18:e2:93:b7:71:a7:fc:53:3f:ac:c4:91:e5:3b:b0:
                    c1:66:71:ad:ec:f6:af:ea:65:12:ab:1a:0c:92:fa:
                    ea:3f:e4:61:08:15:fc:31:0f:8a:0d:2f:b8:09:d8:
                    14:1e:d6:d5:0c:6c:a8:f8:05:86:29:04:92:cd:f6:
                    47:e5:66:1c:fe:1c:4f:22:79:f7:48:91:bc:09:19:
                    6f:69:76:2f:c7:12:5d:97:99:18:56:ba:ad:89:d5:
                    c9:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:A9:2F:37:7C:E3:62:47:1E:1D:BB:CE:99:25:5A:04:C6:F7:72:FE
            X509v3 Authority Key Identifier:
                keyid:01:5B:6D:15:96:AC:05:01:A7:1A:39:34:47:05:1A:62:FF:1D:DA:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AVttFZasBQGnGjk0RwUaYv8d2hY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/q6kvN3zjYkceHbvOmSVaBMb3cv4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/AVttFZasBQGnGjk0RwUaYv8d2hY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.96.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         76:e0:d6:94:a2:91:7e:54:c2:d7:1e:8e:ac:ff:21:a9:6a:e9:
         43:f1:d0:6f:09:1e:51:2e:04:5c:a5:b0:0a:be:45:e4:11:8c:
         97:58:45:5b:b5:40:4f:20:56:62:73:e4:df:dd:67:44:9f:ad:
         76:f3:c6:22:d9:9a:6b:71:d2:f7:62:1b:a2:81:7c:df:9e:0c:
         5c:fd:c3:47:95:66:37:25:02:fc:c9:44:56:a2:87:35:5d:04:
         f4:85:e3:98:bb:a6:3d:ed:64:bb:1b:43:ca:01:69:ff:35:f1:
         d7:74:52:90:2d:d5:e5:ba:4d:96:2c:f4:25:0e:73:a8:7d:a9:
         49:9b:65:98:31:0d:ef:64:d4:91:dc:17:06:c1:30:ee:d0:21:
         21:83:32:b4:6a:9b:26:56:4f:11:7b:e3:7c:a8:a0:0a:fc:46:
         26:ff:86:96:c9:2f:b9:e6:b6:e7:ed:80:b8:5b:ad:28:73:c1:
         ba:95:70:49:e0:a1:11:1e:1c:22:15:16:a0:89:43:b3:b8:7f:
         87:59:39:59:2a:8c:b3:f7:de:1f:5f:6f:bc:3d:9a:f0:6b:c0:
         e7:22:68:f9:8a:58:56:01:4d:a9:93:e9:1f:59:39:1d:42:42:
         30:33:d9:38:33:2b:af:a8:cf:8e:f1:ac:70:a3:d2:90:c0:42:
         61:f4:e9:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+gSEi16bf6Fc8U87KFO46eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNWI2ZDE1OTZhYzA1MDFhNzFhMzkzNDQ3MDUxYTYyZmYx
ZGRhMTYwHhcNMjQwNTIyMTIzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmE5MmYzNzdjZTM2MjQ3MWUxZGJiY2U5OTI1NWEwNGM2Zjc3MmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLafvsYo/M7dzgAtHEC+ZdRF+da2
ir2eWQSnnWIzoaS7vTHuRv0U9E/npdeRWx7FXNDfUE0C+34mHZt2he4+YRMAttWt
6u+WuW06wUiRcAQlKwpgiB39AMc1jxuncRB9zdCS6R28ZLHJwiE9ynBaht/jG83r
o7YL6Ks8lyMfR/JPvSsq1EUq6KmDfveoiOnb7PCpPL9fUbuQwTbgT6GlVy6g/RgY
4pO3caf8Uz+sxJHlO7DBZnGt7Pav6mUSqxoMkvrqP+RhCBX8MQ+KDS+4CdgUHtbV
DGyo+AWGKQSSzfZH5WYc/hxPInn3SJG8CRlvaXYvxxJdl5kYVrqtidXJOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKupLzd842JHHh27zpklWgTG93L+MB8GA1UdIwQY
MBaAFAFbbRWWrAUBpxo5NEcFGmL/HdoWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVZ0dEZaYXNCUUduR2prMFJ3VWFZdjhkMmhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC81MmE4OGYtZTlhMi00ODUxLTkxNDgt
ZmVlOGYzNzkwNTY3LzEvcTZrdk4zempZa2NlSGJ2T21TVmFCTWIzY3Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC81MmE4OGYtZTlhMi00ODUxLTkxNDgtZmVlOGYzNzkwNTY3
LzEvQVZ0dEZaYXNCUUduR2prMFJ3VWFZdjhkMmhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCsGC4MA0G
CSqGSIb3DQEBCwUAA4IBAQB24NaUopF+VMLXHo6s/yGpaulD8dBvCR5RLgRcpbAK
vkXkEYyXWEVbtUBPIFZic+Tf3WdEn61288Yi2ZprcdL3YhuigXzfngxc/cNHlWY3
JQL8yURWooc1XQT0heOYu6Y97WS7G0PKAWn/NfHXdFKQLdXluk2WLPQlDnOofalJ
m2WYMQ3vZNSR3BcGwTDu0CEhgzK0apsmVk8Re+N8qKAK/EYm/4aWyS+55rbn7YC4
W60oc8G6lXBJ4KERHhwiFRagiUOzuH+HWTlZKoyz994fX2+8PZrwa8DnImj5ilhW
AU2pk+kfWTkdQkIwM9k4MyuvqM+O8axwo9KQwEJh9OlS
-----END CERTIFICATE-----