Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/dd50de-8e2a-490c-a418-60116862616a/1/bX3oZWjtTuzwx_xG-vCMVNG-cOc.roa
File:                     bX3oZWjtTuzwx_xG-vCMVNG-cOc.roa (raw, json)
Hash identifier:          d1VXe5ysdAxKyO5IduA6oLfO1V4ILKmPg+j75Lo6HnE=
Subject key identifier:   6D:7D:E8:65:68:ED:4E:EC:F0:C7:FC:46:FA:F0:8C:54:D1:BE:70:E7
Certificate issuer:       /CN=15a7af707b5848b3539636a7431779d7014cda61
Certificate serial:       01941FFAA3A5E2838F3D323B1305A9E16A6D
Authority key identifier: 15:A7:AF:70:7B:58:48:B3:53:96:36:A7:43:17:79:D7:01:4C:DA:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FaevcHtYSLNTljanQxd51wFM2mE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/dd50de-8e2a-490c-a418-60116862616a/1/bX3oZWjtTuzwx_xG-vCMVNG-cOc.roa
Signing time:             Wed 01 Jan 2025 03:48:27 +0000
ROA not before:           Wed 01 Jan 2025 03:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197133
IP address blocks:        5.183.124.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/dd50de-8e2a-490c-a418-60116862616a/1/FaevcHtYSLNTljanQxd51wFM2mE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/dd50de-8e2a-490c-a418-60116862616a/1/FaevcHtYSLNTljanQxd51wFM2mE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FaevcHtYSLNTljanQxd51wFM2mE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:a3:a5:e2:83:8f:3d:32:3b:13:05:a9:e1:6a:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15a7af707b5848b3539636a7431779d7014cda61
        Validity
            Not Before: Jan  1 03:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6d7de86568ed4eecf0c7fc46faf08c54d1be70e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:c0:ab:29:03:af:6f:3b:73:ba:9b:18:28:d2:
                    cd:7a:eb:a0:c1:26:bc:b3:0d:34:54:90:1b:47:1e:
                    f4:83:1f:cd:10:11:08:a6:0f:71:84:28:aa:a2:24:
                    97:06:2e:a3:67:a4:90:e3:68:e8:42:33:ea:a9:f7:
                    b8:20:a9:29:b5:b6:41:a6:2c:52:bc:93:75:76:a4:
                    2f:0b:82:e4:85:b5:0b:10:02:9e:2e:4d:ed:8c:36:
                    fa:e8:fa:3f:f3:06:c6:34:2f:62:5b:9c:8b:2f:ee:
                    e7:6e:81:6b:1a:4f:95:8f:7e:f7:f4:e0:67:6c:f1:
                    f5:d4:e4:89:5c:bc:66:e6:6d:f1:ea:b0:64:a6:57:
                    0c:17:00:aa:98:00:ca:b4:59:d6:70:1c:fb:2b:6e:
                    3b:34:da:c8:d2:18:34:c7:fe:c9:14:01:ae:94:88:
                    8b:40:6b:aa:f7:21:a9:a7:a7:b9:41:90:ca:b1:e8:
                    6c:95:aa:70:5a:00:8d:f3:ab:0b:bf:6a:b4:8a:0e:
                    06:f2:3c:32:4d:53:d6:3d:5a:52:5f:04:b6:d1:a3:
                    c3:6a:2b:30:0c:30:ed:b6:07:ad:fb:6b:5c:a1:8c:
                    05:8e:68:ed:2c:f7:69:f9:ed:97:52:c1:20:18:a8:
                    16:5e:5c:bb:a1:7b:d2:91:d1:fa:b0:1a:f3:8a:ba:
                    df:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:7D:E8:65:68:ED:4E:EC:F0:C7:FC:46:FA:F0:8C:54:D1:BE:70:E7
            X509v3 Authority Key Identifier:
                keyid:15:A7:AF:70:7B:58:48:B3:53:96:36:A7:43:17:79:D7:01:4C:DA:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FaevcHtYSLNTljanQxd51wFM2mE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/dd50de-8e2a-490c-a418-60116862616a/1/bX3oZWjtTuzwx_xG-vCMVNG-cOc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/dd50de-8e2a-490c-a418-60116862616a/1/FaevcHtYSLNTljanQxd51wFM2mE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.183.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2b:c4:b7:22:1f:89:3f:38:ae:1c:03:85:bb:22:06:ee:43:50:
         8e:71:3e:19:f2:ca:3b:25:a6:3f:07:e4:7f:b1:df:0c:a8:8e:
         96:25:ce:a3:11:8a:e2:c8:30:b4:f1:65:44:dd:d8:92:36:5d:
         36:b5:91:8e:32:fd:82:b6:86:17:2b:6d:50:df:8f:f1:cc:41:
         19:07:63:cd:92:cd:1a:67:c7:19:66:e0:12:26:cf:83:f3:ca:
         23:2c:2b:a7:71:e1:46:ed:92:f8:9d:f2:df:b9:64:c4:24:ea:
         04:3a:63:7e:17:30:65:1a:12:99:d4:5d:52:90:79:0e:b6:07:
         64:7f:ef:e0:43:9f:ee:55:a1:58:36:cb:26:6f:2d:2d:93:f2:
         fd:8a:0c:77:6d:f4:35:98:30:74:c9:6b:c1:bf:ba:e5:bc:1a:
         10:2a:ac:6b:83:dd:86:73:3e:56:e9:2d:a2:9a:be:88:43:bc:
         b4:c3:0d:7b:db:f0:2f:71:a5:7a:c8:77:b0:4c:0e:d5:b5:49:
         48:c4:43:07:80:2d:2c:8c:e4:10:5b:48:7e:63:15:ad:90:9d:
         ef:8c:2a:58:6e:4b:5b:c8:a3:ed:f6:c7:4b:ad:9b:8e:0d:2a:
         55:56:e6:97:c8:17:1b:d7:8a:e3:d1:d9:a1:b2:6c:ac:0b:de:
         56:c8:59:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+qOl4oOPPTI7EwWp4WptMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1YTdhZjcwN2I1ODQ4YjM1Mzk2MzZhNzQzMTc3OWQ3MDE0
Y2RhNjEwHhcNMjUwMTAxMDM0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDdkZTg2NTY4ZWQ0ZWVjZjBjN2ZjNDZmYWYwOGM1NGQxYmU3MGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApsCrKQOvbztzupsYKNLNeuugwSa8
sw00VJAbRx70gx/NEBEIpg9xhCiqoiSXBi6jZ6SQ42joQjPqqfe4IKkptbZBpixS
vJN1dqQvC4LkhbULEAKeLk3tjDb66Po/8wbGNC9iW5yLL+7nboFrGk+Vj3739OBn
bPH11OSJXLxm5m3x6rBkplcMFwCqmADKtFnWcBz7K247NNrI0hg0x/7JFAGulIiL
QGuq9yGpp6e5QZDKsehslapwWgCN86sLv2q0ig4G8jwyTVPWPVpSXwS20aPDaisw
DDDttget+2tcoYwFjmjtLPdp+e2XUsEgGKgWXly7oXvSkdH6sBrzirrf0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG196GVo7U7s8Mf8RvrwjFTRvnDnMB8GA1UdIwQY
MBaAFBWnr3B7WEizU5Y2p0MXedcBTNphMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmFldmNIdFlTTE5UbGphblF4ZDUxd0ZNMm1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9kZDUwZGUtOGUyYS00OTBjLWE0MTgt
NjAxMTY4NjI2MTZhLzEvYlgzb1pXanRUdXp3eF94Ry12Q01WTkctY09jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9kZDUwZGUtOGUyYS00OTBjLWE0MTgtNjAxMTY4NjI2MTZh
LzEvRmFldmNIdFlTTE5UbGphblF4ZDUxd0ZNMm1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBbd8MA0G
CSqGSIb3DQEBCwUAA4IBAQArxLciH4k/OK4cA4W7IgbuQ1COcT4Z8so7JaY/B+R/
sd8MqI6WJc6jEYriyDC08WVE3diSNl02tZGOMv2CtoYXK21Q34/xzEEZB2PNks0a
Z8cZZuASJs+D88ojLCunceFG7ZL4nfLfuWTEJOoEOmN+FzBlGhKZ1F1SkHkOtgdk
f+/gQ5/uVaFYNssmby0tk/L9igx3bfQ1mDB0yWvBv7rlvBoQKqxrg92Gcz5W6S2i
mr6IQ7y0ww172/AvcaV6yHewTA7VtUlIxEMHgC0sjOQQW0h+YxWtkJ3vjCpYbktb
yKPt9sdLrZuODSpVVuaXyBcb14rj0dmhsmysC95WyFnv
-----END CERTIFICATE-----