Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/0b8951-2699-44b3-9067-d9a40c4d3291/1/Rf16zVfG6L9cJkUA3ArMl0-GItg.roa
File:                     Rf16zVfG6L9cJkUA3ArMl0-GItg.roa (raw, json)
Hash identifier:          Un13kQ4zN6b8bLiuzXK+8p39r2WWnuSJ2y9pGUe8sMg=
Subject key identifier:   45:FD:7A:CD:57:C6:E8:BF:5C:26:45:00:DC:0A:CC:97:4F:86:22:D8
Certificate issuer:       /CN=cf89cb889f99212e8bf53d06e45d87abb9169506
Certificate serial:       018CC2DB0962366FC72663DE3131018B8C90
Authority key identifier: CF:89:CB:88:9F:99:21:2E:8B:F5:3D:06:E4:5D:87:AB:B9:16:95:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z4nLiJ-ZIS6L9T0G5F2Hq7kWlQY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/0b8951-2699-44b3-9067-d9a40c4d3291/1/Rf16zVfG6L9cJkUA3ArMl0-GItg.roa
Signing time:             Mon 01 Jan 2024 02:29:43 +0000
ROA not before:           Mon 01 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56423
IP address blocks:        185.15.6.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/0b8951-2699-44b3-9067-d9a40c4d3291/1/z4nLiJ-ZIS6L9T0G5F2Hq7kWlQY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/0b8951-2699-44b3-9067-d9a40c4d3291/1/z4nLiJ-ZIS6L9T0G5F2Hq7kWlQY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z4nLiJ-ZIS6L9T0G5F2Hq7kWlQY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 07:03:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:09:62:36:6f:c7:26:63:de:31:31:01:8b:8c:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf89cb889f99212e8bf53d06e45d87abb9169506
        Validity
            Not Before: Jan  1 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45fd7acd57c6e8bf5c264500dc0acc974f8622d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:62:28:65:d0:35:cf:b7:4f:22:2d:c1:e0:94:
                    86:b1:cd:ee:d3:aa:6b:66:dd:6f:c6:c7:72:6c:12:
                    fc:42:02:9f:14:8b:4b:0c:14:53:04:fa:a1:7c:86:
                    1b:2d:98:19:96:ed:15:57:8c:91:f8:d3:f5:07:58:
                    c7:fc:bf:8b:4a:07:4d:f4:ce:c4:2f:11:e8:9d:fc:
                    7d:85:54:7e:8e:33:b7:c0:d6:c2:76:16:39:60:a6:
                    d3:50:13:3f:e5:1b:0a:19:0f:e8:ee:a6:76:ec:b7:
                    30:b4:fc:30:b2:45:8e:bf:8b:99:7b:cd:22:e0:47:
                    99:3c:c0:a7:84:69:b7:d0:6d:20:f1:0a:83:7f:32:
                    24:bb:b1:aa:5e:6b:53:30:b3:ef:ec:13:96:57:b6:
                    19:95:86:3d:44:7f:51:45:59:f0:a2:23:fd:7c:41:
                    be:a3:e0:24:f6:6c:83:09:44:40:13:08:6f:ac:04:
                    56:96:b6:08:a3:3d:3f:57:4f:4c:3b:6a:51:38:85:
                    d5:dd:3c:27:07:fc:27:ca:6c:86:cf:3a:73:c8:7c:
                    06:f3:ad:b8:6d:08:91:21:5a:e4:e3:4d:13:83:ba:
                    4d:45:b1:c5:cd:26:78:18:21:79:26:1d:c4:a0:ce:
                    ab:0f:0e:5b:1a:7f:28:87:a2:a0:96:f4:fe:7a:29:
                    c1:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:FD:7A:CD:57:C6:E8:BF:5C:26:45:00:DC:0A:CC:97:4F:86:22:D8
            X509v3 Authority Key Identifier:
                keyid:CF:89:CB:88:9F:99:21:2E:8B:F5:3D:06:E4:5D:87:AB:B9:16:95:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z4nLiJ-ZIS6L9T0G5F2Hq7kWlQY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/0b8951-2699-44b3-9067-d9a40c4d3291/1/Rf16zVfG6L9cJkUA3ArMl0-GItg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/0b8951-2699-44b3-9067-d9a40c4d3291/1/z4nLiJ-ZIS6L9T0G5F2Hq7kWlQY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.15.6.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1b:ac:ba:ed:1a:76:d9:2a:00:5e:ea:e2:f2:ef:bb:49:1e:3c:
         c1:04:16:33:c7:4c:f1:fe:a0:f9:c0:7c:71:47:9b:a9:cf:6d:
         eb:90:46:25:19:95:82:17:cb:d8:40:c9:18:9e:2f:8b:eb:22:
         e8:18:ef:99:e7:69:aa:7e:cb:11:c3:4b:2a:a5:5b:86:2d:54:
         8b:c4:e2:da:d3:cd:cf:f0:35:6f:ec:b1:a3:da:85:ac:69:bc:
         cc:5f:ef:96:5f:2c:b9:e4:0a:ef:d5:f1:bf:3d:41:40:6b:14:
         0d:b7:bc:3b:34:16:cf:c5:67:d1:dc:d5:f4:b3:ee:ac:5d:de:
         96:e7:01:3b:0c:ac:e5:d3:93:ee:93:6a:59:d4:f2:52:d7:c5:
         b8:1e:f0:00:b1:73:b0:c4:56:fd:b8:b3:99:30:86:2a:09:5b:
         50:9b:ff:67:0a:13:00:9c:c7:21:0f:fb:aa:ce:39:74:9e:57:
         f4:f5:fc:c0:48:54:e3:0e:d4:96:e7:07:96:a8:b6:f0:d9:f0:
         ef:8c:dd:ca:78:92:d5:06:49:6b:19:4d:d6:45:49:7d:a9:eb:
         9d:a8:2e:d9:27:7c:79:38:98:5e:37:32:13:64:e9:15:8b:68:
         33:de:bc:fe:06:ae:18:da:8b:67:54:fd:7f:c1:a2:4b:91:36:
         e5:9d:cf:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2wliNm/HJmPeMTEBi4yQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmODljYjg4OWY5OTIxMmU4YmY1M2QwNmU0NWQ4N2FiYjkx
Njk1MDYwHhcNMjQwMTAxMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWZkN2FjZDU3YzZlOGJmNWMyNjQ1MDBkYzBhY2M5NzRmODYyMmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzmIoZdA1z7dPIi3B4JSGsc3u06pr
Zt1vxsdybBL8QgKfFItLDBRTBPqhfIYbLZgZlu0VV4yR+NP1B1jH/L+LSgdN9M7E
LxHonfx9hVR+jjO3wNbCdhY5YKbTUBM/5RsKGQ/o7qZ27LcwtPwwskWOv4uZe80i
4EeZPMCnhGm30G0g8QqDfzIku7GqXmtTMLPv7BOWV7YZlYY9RH9RRVnwoiP9fEG+
o+Ak9myDCURAEwhvrARWlrYIoz0/V09MO2pROIXV3TwnB/wnymyGzzpzyHwG8624
bQiRIVrk400Tg7pNRbHFzSZ4GCF5Jh3EoM6rDw5bGn8oh6KglvT+einBxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEX9es1Xxui/XCZFANwKzJdPhiLYMB8GA1UdIwQY
MBaAFM+Jy4ifmSEui/U9BuRdh6u5FpUGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejRuTGlKLVpJUzZMOVQwRzVGMkhxN2tXbFFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS8wYjg5NTEtMjY5OS00NGIzLTkwNjct
ZDlhNDBjNGQzMjkxLzEvUmYxNnpWZkc2TDljSmtVQTNBck1sMC1HSXRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS8wYjg5NTEtMjY5OS00NGIzLTkwNjctZDlhNDBjNGQzMjkx
LzEvejRuTGlKLVpJUzZMOVQwRzVGMkhxN2tXbFFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuQ8GMA0G
CSqGSIb3DQEBCwUAA4IBAQAbrLrtGnbZKgBe6uLy77tJHjzBBBYzx0zx/qD5wHxx
R5upz23rkEYlGZWCF8vYQMkYni+L6yLoGO+Z52mqfssRw0sqpVuGLVSLxOLa083P
8DVv7LGj2oWsabzMX++WXyy55Arv1fG/PUFAaxQNt7w7NBbPxWfR3NX0s+6sXd6W
5wE7DKzl05Puk2pZ1PJS18W4HvAAsXOwxFb9uLOZMIYqCVtQm/9nChMAnMchD/uq
zjl0nlf09fzASFTjDtSW5weWqLbw2fDvjN3KeJLVBklrGU3WRUl9qeudqC7ZJ3x5
OJheNzITZOkVi2gz3rz+Bq4Y2otnVP1/waJLkTblnc/n
-----END CERTIFICATE-----