Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/149bc5-51aa-4e7b-8f03-b73a36d939b2/1/7LlQV1ZSqvk9ii1uKG7QzCTbuvA.roa
File:                     7LlQV1ZSqvk9ii1uKG7QzCTbuvA.roa (raw, json)
Hash identifier:          IJcFOAzRNCD0REntkfEQy7Ux6HiFmOMpzU+01pB5Jlg=
Subject key identifier:   EC:B9:50:57:56:52:AA:F9:3D:8A:2D:6E:28:6E:D0:CC:24:DB:BA:F0
Certificate issuer:       /CN=15ffa042114301368b4069abd68a1efbac47fdce
Certificate serial:       018CCA29F9C9974FA845F7BE157404EBB7EE
Authority key identifier: 15:FF:A0:42:11:43:01:36:8B:40:69:AB:D6:8A:1E:FB:AC:47:FD:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ff-gQhFDATaLQGmr1ooe-6xH_c4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/149bc5-51aa-4e7b-8f03-b73a36d939b2/1/7LlQV1ZSqvk9ii1uKG7QzCTbuvA.roa
Signing time:             Tue 02 Jan 2024 12:33:17 +0000
ROA not before:           Tue 02 Jan 2024 12:33:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60661
IP address blocks:        83.96.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/149bc5-51aa-4e7b-8f03-b73a36d939b2/1/Ff-gQhFDATaLQGmr1ooe-6xH_c4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/149bc5-51aa-4e7b-8f03-b73a36d939b2/1/Ff-gQhFDATaLQGmr1ooe-6xH_c4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ff-gQhFDATaLQGmr1ooe-6xH_c4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:f9:c9:97:4f:a8:45:f7:be:15:74:04:eb:b7:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15ffa042114301368b4069abd68a1efbac47fdce
        Validity
            Not Before: Jan  2 12:33:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ecb950575652aaf93d8a2d6e286ed0cc24dbbaf0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:80:20:e3:ba:ae:cf:ac:2f:92:3e:40:04:26:
                    77:1c:cf:32:be:ea:f1:6d:e7:1b:7b:8d:79:4e:94:
                    a2:fe:ae:17:18:94:14:78:67:30:3d:76:d2:a8:c6:
                    3c:bd:00:33:86:f2:3b:68:5e:dc:1b:69:92:80:b3:
                    67:31:b4:65:b0:f4:29:2f:4a:cb:e8:f1:87:2d:21:
                    91:8c:2d:48:ec:56:db:1d:a0:a9:3c:9e:9e:72:f7:
                    9e:6c:7e:82:12:ad:c8:4a:4b:74:f4:c8:a5:ce:10:
                    62:cf:3b:db:29:a8:73:0a:7f:a0:b8:d5:79:2a:1b:
                    1e:3a:4d:f6:ca:81:76:b4:d8:d7:05:35:62:f5:4a:
                    6e:0c:3a:c8:cb:f0:8e:a4:85:8c:98:40:21:6d:de:
                    a9:01:ec:e6:9f:2e:1f:dd:b8:31:6f:90:12:b7:e0:
                    21:46:81:e8:ab:bc:b9:53:ee:5b:26:60:7b:1d:7f:
                    48:9a:ad:cb:5d:a0:b4:6b:48:ad:13:d7:1b:4b:3c:
                    5d:ea:0b:24:cf:a3:c6:db:1f:50:35:ab:da:d1:b9:
                    c6:ce:af:0e:9d:61:62:d4:ff:60:49:54:fd:89:37:
                    b6:e4:a8:6d:ec:f7:cb:fd:15:f8:3d:08:7d:40:6b:
                    4f:7e:e6:a7:9b:92:95:97:38:39:f9:91:10:bd:c0:
                    24:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:B9:50:57:56:52:AA:F9:3D:8A:2D:6E:28:6E:D0:CC:24:DB:BA:F0
            X509v3 Authority Key Identifier:
                keyid:15:FF:A0:42:11:43:01:36:8B:40:69:AB:D6:8A:1E:FB:AC:47:FD:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ff-gQhFDATaLQGmr1ooe-6xH_c4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/149bc5-51aa-4e7b-8f03-b73a36d939b2/1/7LlQV1ZSqvk9ii1uKG7QzCTbuvA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/149bc5-51aa-4e7b-8f03-b73a36d939b2/1/Ff-gQhFDATaLQGmr1ooe-6xH_c4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.96.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:4f:4b:d1:d6:f0:5e:10:0e:46:5e:a9:da:fb:30:41:50:92:
         72:5e:8b:3e:78:e5:9e:3a:1e:84:d3:ed:75:5c:bb:ce:93:a1:
         d2:2d:62:b4:65:98:b3:96:9c:d9:14:47:f8:b5:1a:2e:60:1f:
         1e:1b:9b:e4:8e:7e:3c:5b:5c:c3:a9:5a:d6:af:dc:f5:82:a2:
         ab:18:8a:66:78:8c:65:07:4e:5b:b8:93:33:6e:ed:00:aa:5e:
         bc:6c:22:f2:e1:56:0b:0e:08:04:bb:a4:3a:60:84:a5:32:f1:
         65:40:df:f4:d8:06:6c:be:6d:94:07:4c:44:79:36:ec:78:1f:
         62:52:d9:99:ff:e5:28:d3:d8:1a:84:71:2c:a3:f0:82:bb:69:
         6d:c9:d1:0f:01:a7:43:b5:24:c0:01:0b:05:00:2c:03:21:84:
         ba:f6:58:13:94:44:04:0c:27:70:fb:fb:02:ac:d3:53:bc:56:
         40:01:d7:83:28:fd:c6:a0:f9:cb:91:9f:cc:8a:83:1a:f0:47:
         1b:23:d5:c9:19:dd:79:5c:f7:67:cc:bf:80:c3:98:34:44:b0:
         e3:27:fe:b3:fb:e4:8a:c2:76:72:6c:18:e8:bd:35:98:af:e9:
         3f:b7:01:f8:8f:f3:72:88:a8:38:4a:50:ee:5b:30:f0:25:0e:
         ad:8b:55:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKfnJl0+oRfe+FXQE67fuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZmZhMDQyMTE0MzAxMzY4YjQwNjlhYmQ2OGExZWZiYWM0
N2ZkY2UwHhcNMjQwMTAyMTIzMzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2I5NTA1NzU2NTJhYWY5M2Q4YTJkNmUyODZlZDBjYzI0ZGJiYWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAooAg47quz6wvkj5ABCZ3HM8yvurx
becbe415TpSi/q4XGJQUeGcwPXbSqMY8vQAzhvI7aF7cG2mSgLNnMbRlsPQpL0rL
6PGHLSGRjC1I7FbbHaCpPJ6ecveebH6CEq3ISkt09MilzhBizzvbKahzCn+guNV5
KhseOk32yoF2tNjXBTVi9UpuDDrIy/COpIWMmEAhbd6pAezmny4f3bgxb5ASt+Ah
RoHoq7y5U+5bJmB7HX9Imq3LXaC0a0itE9cbSzxd6gskz6PG2x9QNava0bnGzq8O
nWFi1P9gSVT9iTe25Kht7PfL/RX4PQh9QGtPfuanm5KVlzg5+ZEQvcAk0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOy5UFdWUqr5PYotbihu0Mwk27rwMB8GA1UdIwQY
MBaAFBX/oEIRQwE2i0Bpq9aKHvusR/3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmYtZ1FoRkRBVGFMUUdtcjFvb2UtNnhIX2M0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi8xNDliYzUtNTFhYS00ZTdiLThmMDMt
YjczYTM2ZDkzOWIyLzEvN0xsUVYxWlNxdms5aWkxdUtHN1F6Q1RidXZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi8xNDliYzUtNTFhYS00ZTdiLThmMDMtYjczYTM2ZDkzOWIy
LzEvRmYtZ1FoRkRBVGFMUUdtcjFvb2UtNnhIX2M0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU2AfMA0G
CSqGSIb3DQEBCwUAA4IBAQA9T0vR1vBeEA5GXqna+zBBUJJyXos+eOWeOh6E0+11
XLvOk6HSLWK0ZZizlpzZFEf4tRouYB8eG5vkjn48W1zDqVrWr9z1gqKrGIpmeIxl
B05buJMzbu0Aql68bCLy4VYLDggEu6Q6YISlMvFlQN/02AZsvm2UB0xEeTbseB9i
UtmZ/+Uo09gahHEso/CCu2ltydEPAadDtSTAAQsFACwDIYS69lgTlEQEDCdw+/sC
rNNTvFZAAdeDKP3GoPnLkZ/MioMa8EcbI9XJGd15XPdnzL+Aw5g0RLDjJ/6z++SK
wnZybBjovTWYr+k/twH4j/NyiKg4SlDuWzDwJQ6ti1VT
-----END CERTIFICATE-----