Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/149bc5-51aa-4e7b-8f03-b73a36d939b2/1/sDG59Mm-cTmnN-R7tpWLyQSV2wg.roa
File:                     sDG59Mm-cTmnN-R7tpWLyQSV2wg.roa (raw, json)
Hash identifier:          Q5IJ8QsYgyXdLMA4kpfaic5uELsw/xmcw+9xcTDdsQM=
Subject key identifier:   B0:31:B9:F4:C9:BE:71:39:A7:37:E4:7B:B6:95:8B:C9:04:95:DB:08
Certificate issuer:       /CN=15ffa042114301368b4069abd68a1efbac47fdce
Certificate serial:       018CCA29FAEE4ACE1E707566ACEB4F605683
Authority key identifier: 15:FF:A0:42:11:43:01:36:8B:40:69:AB:D6:8A:1E:FB:AC:47:FD:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ff-gQhFDATaLQGmr1ooe-6xH_c4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/149bc5-51aa-4e7b-8f03-b73a36d939b2/1/sDG59Mm-cTmnN-R7tpWLyQSV2wg.roa
Signing time:             Tue 02 Jan 2024 12:33:17 +0000
ROA not before:           Tue 02 Jan 2024 12:33:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196820
IP address blocks:        62.215.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/149bc5-51aa-4e7b-8f03-b73a36d939b2/1/Ff-gQhFDATaLQGmr1ooe-6xH_c4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/149bc5-51aa-4e7b-8f03-b73a36d939b2/1/Ff-gQhFDATaLQGmr1ooe-6xH_c4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ff-gQhFDATaLQGmr1ooe-6xH_c4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 12:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:fa:ee:4a:ce:1e:70:75:66:ac:eb:4f:60:56:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15ffa042114301368b4069abd68a1efbac47fdce
        Validity
            Not Before: Jan  2 12:33:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b031b9f4c9be7139a737e47bb6958bc90495db08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:30:ff:20:91:d4:02:4c:44:a0:9f:9b:df:e0:
                    8f:09:cd:03:e6:19:8e:57:fd:57:ff:a3:85:e8:a6:
                    41:db:eb:e4:d9:e8:db:b7:26:e5:05:2d:61:b3:a8:
                    75:82:e4:cf:70:a6:fd:06:41:d2:2b:2a:2a:5a:94:
                    18:4c:d3:d7:cd:8d:8a:7b:41:3d:ea:bf:05:09:0a:
                    c3:98:50:65:2e:d0:49:00:ec:74:c3:fb:d4:ce:5b:
                    3f:de:13:de:2d:9b:d1:4f:b7:ee:99:f7:ea:3b:10:
                    41:ba:2c:14:78:9c:4d:57:03:62:6a:12:c3:55:27:
                    0e:0f:80:28:3f:fe:5a:d3:7e:94:5f:35:6e:5d:16:
                    dd:ea:43:ce:6b:36:71:32:60:71:38:bd:fe:f3:32:
                    94:05:15:68:c8:f4:42:4d:17:3e:cf:51:e5:8e:9c:
                    f3:ae:05:c1:f4:1e:07:c7:fc:46:9f:44:ca:dc:f4:
                    c0:f1:c6:4f:25:20:6f:9a:e6:f9:ec:58:0c:f5:f9:
                    24:a6:93:96:e7:d4:2a:c9:bc:dc:03:bc:ca:c7:50:
                    6d:18:bc:0a:60:52:d7:53:68:fa:d7:28:5f:b9:63:
                    ee:e3:7b:45:28:f8:aa:59:8a:e6:54:2a:78:ca:c9:
                    95:a2:8c:f2:56:39:6d:7c:4e:a4:dc:86:41:90:7c:
                    36:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:31:B9:F4:C9:BE:71:39:A7:37:E4:7B:B6:95:8B:C9:04:95:DB:08
            X509v3 Authority Key Identifier:
                keyid:15:FF:A0:42:11:43:01:36:8B:40:69:AB:D6:8A:1E:FB:AC:47:FD:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ff-gQhFDATaLQGmr1ooe-6xH_c4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/149bc5-51aa-4e7b-8f03-b73a36d939b2/1/sDG59Mm-cTmnN-R7tpWLyQSV2wg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/149bc5-51aa-4e7b-8f03-b73a36d939b2/1/Ff-gQhFDATaLQGmr1ooe-6xH_c4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.215.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:8b:b1:c6:07:fb:d9:80:93:c9:d7:29:11:3b:96:e4:4d:43:
         f3:20:e1:80:51:46:bd:d0:0e:c1:f7:f7:60:c3:50:2a:fb:6f:
         0f:5a:a0:7b:27:ca:fa:c8:d9:e2:90:a2:93:27:d0:92:35:00:
         10:d2:ef:5f:e0:85:a9:67:5b:30:c9:00:76:da:e9:0a:94:6a:
         63:bc:2c:87:68:8e:33:72:66:f3:b2:66:84:a9:b4:09:be:00:
         18:bf:9c:92:a4:4e:85:b6:af:fd:32:29:5b:2c:4b:1f:a1:12:
         e7:34:bf:4c:1a:4a:fa:14:e0:dd:d2:a4:2a:02:e5:8f:fd:a6:
         5f:1d:69:59:53:3c:56:eb:31:61:f7:81:7d:91:42:e9:52:4e:
         f3:0f:ad:79:6d:28:c8:2f:cf:eb:6f:93:53:22:c8:19:f5:18:
         ce:9e:8d:43:bf:cd:f6:c1:f7:eb:0b:ec:b6:1a:4c:74:b0:43:
         7a:f5:9c:0e:ea:c1:01:10:90:ad:bb:a2:56:13:8d:f4:45:f8:
         fb:fd:71:5f:e5:27:e0:98:c9:dd:a8:ce:ab:ae:81:76:8d:5b:
         a0:1d:cd:82:dc:01:a9:d3:d5:6e:b9:b3:78:19:64:1a:de:17:
         9b:9c:a0:8b:5c:ad:f3:2a:1f:69:24:71:ec:ca:28:f9:b6:a6:
         5c:e7:0b:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKfruSs4ecHVmrOtPYFaDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZmZhMDQyMTE0MzAxMzY4YjQwNjlhYmQ2OGExZWZiYWM0
N2ZkY2UwHhcNMjQwMTAyMTIzMzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDMxYjlmNGM5YmU3MTM5YTczN2U0N2JiNjk1OGJjOTA0OTVkYjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzD/IJHUAkxEoJ+b3+CPCc0D5hmO
V/1X/6OF6KZB2+vk2ejbtyblBS1hs6h1guTPcKb9BkHSKyoqWpQYTNPXzY2Ke0E9
6r8FCQrDmFBlLtBJAOx0w/vUzls/3hPeLZvRT7fumffqOxBBuiwUeJxNVwNiahLD
VScOD4AoP/5a036UXzVuXRbd6kPOazZxMmBxOL3+8zKUBRVoyPRCTRc+z1Hljpzz
rgXB9B4Hx/xGn0TK3PTA8cZPJSBvmub57FgM9fkkppOW59QqybzcA7zKx1BtGLwK
YFLXU2j61yhfuWPu43tFKPiqWYrmVCp4ysmVoozyVjltfE6k3IZBkHw2gwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLAxufTJvnE5pzfke7aVi8kEldsIMB8GA1UdIwQY
MBaAFBX/oEIRQwE2i0Bpq9aKHvusR/3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmYtZ1FoRkRBVGFMUUdtcjFvb2UtNnhIX2M0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi8xNDliYzUtNTFhYS00ZTdiLThmMDMt
YjczYTM2ZDkzOWIyLzEvc0RHNTlNbS1jVG1uTi1SN3RwV0x5UVNWMndnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi8xNDliYzUtNTFhYS00ZTdiLThmMDMtYjczYTM2ZDkzOWIy
LzEvRmYtZ1FoRkRBVGFMUUdtcjFvb2UtNnhIX2M0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPtdvMA0G
CSqGSIb3DQEBCwUAA4IBAQBei7HGB/vZgJPJ1ykRO5bkTUPzIOGAUUa90A7B9/dg
w1Aq+28PWqB7J8r6yNnikKKTJ9CSNQAQ0u9f4IWpZ1swyQB22ukKlGpjvCyHaI4z
cmbzsmaEqbQJvgAYv5ySpE6Ftq/9MilbLEsfoRLnNL9MGkr6FODd0qQqAuWP/aZf
HWlZUzxW6zFh94F9kULpUk7zD615bSjIL8/rb5NTIsgZ9RjOno1Dv832wffrC+y2
Gkx0sEN69ZwO6sEBEJCtu6JWE430Rfj7/XFf5SfgmMndqM6rroF2jVugHc2C3AGp
09VuubN4GWQa3hebnKCLXK3zKh9pJHHsyij5tqZc5wt4
-----END CERTIFICATE-----