Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/zeq7-J2PPXPdY81lgQnl1cUtfoU.roa
File:                     zeq7-J2PPXPdY81lgQnl1cUtfoU.roa (raw, json)
Hash identifier:          NjgAbNrcJi6leUxxE6MqpI2OqI5yw7gqud969ZgJWbU=
Subject key identifier:   CD:EA:BB:F8:9D:8F:3D:73:DD:63:CD:65:81:09:E5:D5:C5:2D:7E:85
Certificate issuer:       /CN=015b6d1596ac0501a71a393447051a62ff1dda16
Certificate serial:       018CC348E0F0DC1C6005CF7C46C26859FD6F
Authority key identifier: 01:5B:6D:15:96:AC:05:01:A7:1A:39:34:47:05:1A:62:FF:1D:DA:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AVttFZasBQGnGjk0RwUaYv8d2hY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/zeq7-J2PPXPdY81lgQnl1cUtfoU.roa
Signing time:             Mon 01 Jan 2024 04:29:42 +0000
ROA not before:           Mon 01 Jan 2024 04:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41172
IP address blocks:        5.153.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/AVttFZasBQGnGjk0RwUaYv8d2hY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/AVttFZasBQGnGjk0RwUaYv8d2hY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AVttFZasBQGnGjk0RwUaYv8d2hY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e0:f0:dc:1c:60:05:cf:7c:46:c2:68:59:fd:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=015b6d1596ac0501a71a393447051a62ff1dda16
        Validity
            Not Before: Jan  1 04:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cdeabbf89d8f3d73dd63cd658109e5d5c52d7e85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:23:2c:75:b5:2e:da:55:cd:09:73:21:fe:bb:
                    c4:87:bf:1b:c1:a5:dc:63:2a:4f:61:a3:23:8b:5a:
                    1c:83:f6:db:a8:6a:d5:3e:2b:27:0e:c2:15:43:dc:
                    18:33:9f:ac:59:c3:dc:75:4c:c7:52:95:8a:9c:fa:
                    ac:ca:cc:27:31:1b:52:44:e1:81:fc:21:0f:8e:b5:
                    dc:78:7c:88:23:a3:26:30:ae:aa:71:2b:5a:d0:69:
                    c2:d4:59:2e:ca:95:93:e9:74:be:e8:32:c5:a4:b8:
                    1e:f4:67:50:8d:49:0e:d8:7a:4d:e4:59:0a:aa:89:
                    bb:f5:f7:03:59:df:2e:55:c2:3e:94:b2:2b:80:6b:
                    5e:c7:56:d6:e0:b3:b2:4e:4c:9d:30:cf:38:b0:1a:
                    eb:e9:22:a4:0c:4a:6f:49:5b:55:91:34:f0:42:fb:
                    e0:88:d2:82:34:a2:73:75:fa:34:c3:f9:02:c9:24:
                    81:00:72:a7:8d:e0:78:3c:9b:80:0e:58:f5:65:88:
                    13:5e:2a:0d:32:08:08:7b:02:ab:a4:f1:f5:75:f3:
                    61:41:27:c2:2f:55:e9:51:76:cd:39:4b:11:1c:00:
                    ec:4d:3f:5a:55:ab:60:32:3d:40:c8:ae:07:66:c7:
                    82:7d:76:04:17:f4:bc:07:90:6c:67:46:5c:4d:c6:
                    a6:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:EA:BB:F8:9D:8F:3D:73:DD:63:CD:65:81:09:E5:D5:C5:2D:7E:85
            X509v3 Authority Key Identifier:
                keyid:01:5B:6D:15:96:AC:05:01:A7:1A:39:34:47:05:1A:62:FF:1D:DA:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AVttFZasBQGnGjk0RwUaYv8d2hY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/zeq7-J2PPXPdY81lgQnl1cUtfoU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/AVttFZasBQGnGjk0RwUaYv8d2hY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.153.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:75:43:f0:cd:6d:12:d2:da:ab:47:9f:04:8f:13:0c:db:fb:
         5e:82:59:7d:3f:42:6d:9d:2f:8c:48:cb:f6:e8:69:fb:20:ec:
         f4:4b:bb:3d:3d:dc:0b:38:05:59:50:c1:5e:9a:fb:b3:c2:1b:
         9f:03:3e:ab:db:11:fe:ad:1f:67:f5:7d:97:c4:a3:35:f8:8b:
         6c:db:77:84:3b:28:e7:44:88:55:96:9d:5c:e8:08:27:cb:d3:
         3b:d0:6b:85:3c:46:1b:77:d6:3b:af:f5:09:c1:43:d4:5c:2f:
         08:93:20:48:de:48:fd:67:e4:d4:0b:c9:20:1a:18:91:05:e3:
         f1:fa:d3:af:b5:41:ed:00:56:ce:27:2a:90:a5:a1:b8:dd:f9:
         6a:80:79:30:c5:a8:0a:6f:ee:e9:00:12:5a:51:c2:87:6d:af:
         f1:44:0d:a3:cc:b4:9c:2a:69:91:81:e5:0d:57:b1:e1:7c:7a:
         c5:52:63:a3:dc:86:bf:31:70:8d:af:cc:8f:f7:03:07:80:a3:
         d5:0f:e4:a1:a7:47:1c:22:e2:76:7e:cd:0a:7b:7b:aa:85:b6:
         1d:18:6a:57:b7:8e:cc:8b:c7:87:b0:d5:76:96:9c:16:c2:0a:
         fc:89:3c:04:53:23:1e:ca:57:76:b7:5f:51:c9:db:71:f3:47:
         45:13:66:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSODw3BxgBc98RsJoWf1vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNWI2ZDE1OTZhYzA1MDFhNzFhMzkzNDQ3MDUxYTYyZmYx
ZGRhMTYwHhcNMjQwMTAxMDQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGVhYmJmODlkOGYzZDczZGQ2M2NkNjU4MTA5ZTVkNWM1MmQ3ZTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwyMsdbUu2lXNCXMh/rvEh78bwaXc
YypPYaMji1ocg/bbqGrVPisnDsIVQ9wYM5+sWcPcdUzHUpWKnPqsyswnMRtSROGB
/CEPjrXceHyII6MmMK6qcSta0GnC1FkuypWT6XS+6DLFpLge9GdQjUkO2HpN5FkK
qom79fcDWd8uVcI+lLIrgGtex1bW4LOyTkydMM84sBrr6SKkDEpvSVtVkTTwQvvg
iNKCNKJzdfo0w/kCySSBAHKnjeB4PJuADlj1ZYgTXioNMggIewKrpPH1dfNhQSfC
L1XpUXbNOUsRHADsTT9aVatgMj1AyK4HZseCfXYEF/S8B5BsZ0ZcTcamIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM3qu/idjz1z3WPNZYEJ5dXFLX6FMB8GA1UdIwQY
MBaAFAFbbRWWrAUBpxo5NEcFGmL/HdoWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVZ0dEZaYXNCUUduR2prMFJ3VWFZdjhkMmhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC81MmE4OGYtZTlhMi00ODUxLTkxNDgt
ZmVlOGYzNzkwNTY3LzEvemVxNy1KMlBQWFBkWTgxbGdRbmwxY1V0Zm9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC81MmE4OGYtZTlhMi00ODUxLTkxNDgtZmVlOGYzNzkwNTY3
LzEvQVZ0dEZaYXNCUUduR2prMFJ3VWFZdjhkMmhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABZm4MA0G
CSqGSIb3DQEBCwUAA4IBAQBkdUPwzW0S0tqrR58EjxMM2/tegll9P0JtnS+MSMv2
6Gn7IOz0S7s9PdwLOAVZUMFemvuzwhufAz6r2xH+rR9n9X2XxKM1+Its23eEOyjn
RIhVlp1c6Agny9M70GuFPEYbd9Y7r/UJwUPUXC8IkyBI3kj9Z+TUC8kgGhiRBePx
+tOvtUHtAFbOJyqQpaG43flqgHkwxagKb+7pABJaUcKHba/xRA2jzLScKmmRgeUN
V7HhfHrFUmOj3Ia/MXCNr8yP9wMHgKPVD+Shp0ccIuJ2fs0Ke3uqhbYdGGpXt47M
i8eHsNV2lpwWwgr8iTwEUyMeyld2t19Rydtx80dFE2aS
-----END CERTIFICATE-----