Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/r-gb5f9rVQ3NIcdP6qsdKuZJZ_E.roa
File:                     r-gb5f9rVQ3NIcdP6qsdKuZJZ_E.roa (raw, json)
Hash identifier:          r0tbOXdoSQwC1hwuXaZR2UFqfoyebo9DkU+mdJQLH5k=
Subject key identifier:   AF:E8:1B:E5:FF:6B:55:0D:CD:21:C7:4F:EA:AB:1D:2A:E6:49:67:F1
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018CC86F44EB013ED401E125CCB8B0B53C42
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/r-gb5f9rVQ3NIcdP6qsdKuZJZ_E.roa
Signing time:             Tue 02 Jan 2024 04:29:44 +0000
ROA not before:           Tue 02 Jan 2024 04:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200063
IP address blocks:        194.15.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:44:eb:01:3e:d4:01:e1:25:cc:b8:b0:b5:3c:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan  2 04:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=afe81be5ff6b550dcd21c74feaab1d2ae64967f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:ad:0c:d7:72:4f:c4:3e:2e:6f:81:e2:8e:76:
                    99:a1:5d:81:c8:f3:9d:d4:10:21:53:1e:7f:f3:49:
                    12:22:df:4d:11:35:a4:ac:86:94:78:6f:2d:d1:23:
                    97:d7:f2:79:ac:05:9e:99:74:17:99:c4:cc:f6:d8:
                    ad:45:13:a5:68:1a:5f:8b:2e:a5:09:ee:49:f0:89:
                    7e:ce:d3:ac:d9:5c:b8:c6:57:be:ee:02:6a:9a:11:
                    25:e6:c1:75:6c:fa:37:7d:5e:c2:f2:76:c2:50:29:
                    85:4b:eb:4e:ff:07:76:5b:57:20:5b:71:80:5c:69:
                    d4:03:d7:48:e8:45:ba:c8:a1:40:e5:f9:19:ff:0e:
                    88:fe:f4:6b:9b:0e:52:cc:40:59:9f:91:c5:e5:00:
                    e0:1d:1b:22:49:0c:32:8b:92:f4:2c:a3:d2:4d:f0:
                    50:7b:a4:1c:f4:09:bd:8f:44:65:5f:6e:9c:91:00:
                    54:96:d6:76:59:84:75:2a:c5:c4:a4:88:5d:e3:2d:
                    11:ae:42:ac:09:63:5c:84:e1:28:93:e9:0c:ad:d0:
                    2b:bb:79:c6:47:10:22:7b:40:ca:0c:c9:44:02:62:
                    90:44:8b:1c:dc:1f:c0:95:0a:5b:04:7e:22:8e:fd:
                    d9:3a:ec:6b:a6:0e:40:f5:5a:68:3b:21:ac:27:d0:
                    bb:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:E8:1B:E5:FF:6B:55:0D:CD:21:C7:4F:EA:AB:1D:2A:E6:49:67:F1
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/r-gb5f9rVQ3NIcdP6qsdKuZJZ_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:42:c5:aa:92:e7:d9:2b:66:c3:a5:ac:e4:d8:55:8b:ed:3f:
         4d:58:b9:a0:b4:3a:22:2c:bd:cf:6f:e8:99:c9:49:39:f4:24:
         ad:8a:b0:49:7d:71:c8:91:78:17:58:8e:f7:a7:ee:3b:ae:79:
         f5:13:67:28:6e:07:80:63:bc:e0:ea:c7:73:a4:54:f5:20:4d:
         39:63:c6:3f:74:75:80:3f:3d:35:6d:9f:8e:2a:b7:a0:38:f0:
         4e:b0:1e:c2:59:f6:a2:85:50:42:d3:22:9d:91:0d:eb:25:3f:
         22:2d:08:37:fc:44:19:f9:84:72:df:7e:12:44:e7:8e:be:ef:
         be:0b:14:bb:3b:48:c0:2c:7f:37:f3:ea:66:4e:1e:74:a1:c6:
         66:37:0d:8e:22:ab:84:80:19:0b:70:4f:be:e4:29:88:61:15:
         06:77:c2:00:c5:4d:f4:03:12:0d:5b:1e:c0:67:2b:1e:e7:c4:
         18:39:fd:67:de:88:38:ab:cf:c4:a6:e9:cc:e1:0a:70:e2:95:
         ac:6a:4a:72:7d:1c:c8:53:05:73:a4:c5:ef:4f:3f:46:4b:c6:
         f0:eb:eb:99:5f:26:dc:0f:34:b4:e5:24:fc:92:be:bd:fa:f9:
         38:e1:22:1f:83:da:96:a2:7b:87:b1:da:27:c1:03:d4:cc:6e:
         e4:7d:c3:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb0TrAT7UAeElzLiwtTxCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwMTAyMDQyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmU4MWJlNWZmNmI1NTBkY2QyMWM3NGZlYWFiMWQyYWU2NDk2N2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAha0M13JPxD4ub4HijnaZoV2ByPOd
1BAhUx5/80kSIt9NETWkrIaUeG8t0SOX1/J5rAWemXQXmcTM9titRROlaBpfiy6l
Ce5J8Il+ztOs2Vy4xle+7gJqmhEl5sF1bPo3fV7C8nbCUCmFS+tO/wd2W1cgW3GA
XGnUA9dI6EW6yKFA5fkZ/w6I/vRrmw5SzEBZn5HF5QDgHRsiSQwyi5L0LKPSTfBQ
e6Qc9Am9j0RlX26ckQBUltZ2WYR1KsXEpIhd4y0RrkKsCWNchOEok+kMrdAru3nG
RxAie0DKDMlEAmKQRIsc3B/AlQpbBH4ijv3ZOuxrpg5A9VpoOyGsJ9C7cQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK/oG+X/a1UNzSHHT+qrHSrmSWfxMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvci1nYjVmOXJWUTNOSWNkUDZxc2RLdVpKWl9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwg81MA0G
CSqGSIb3DQEBCwUAA4IBAQA6QsWqkufZK2bDpazk2FWL7T9NWLmgtDoiLL3Pb+iZ
yUk59CStirBJfXHIkXgXWI73p+47rnn1E2cobgeAY7zg6sdzpFT1IE05Y8Y/dHWA
Pz01bZ+OKregOPBOsB7CWfaihVBC0yKdkQ3rJT8iLQg3/EQZ+YRy334SROeOvu++
CxS7O0jALH838+pmTh50ocZmNw2OIquEgBkLcE++5CmIYRUGd8IAxU30AxINWx7A
Zyse58QYOf1n3og4q8/EpunM4Qpw4pWsakpyfRzIUwVzpMXvTz9GS8bw6+uZXybc
DzS05ST8kr69+vk44SIfg9qWonuHsdonwQPUzG7kfcNC
-----END CERTIFICATE-----