Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/8d85d7-4049-4b5a-9bf7-91c70f61a067/1/Aey51jH7bkxbsmtoOlphfCjAmw8.roa
File:                     Aey51jH7bkxbsmtoOlphfCjAmw8.roa (raw, json)
Hash identifier:          II70r7jtu+NdV1v5wweV1NhGw+4fqKX49fp1ITuTHWU=
Subject key identifier:   01:EC:B9:D6:31:FB:6E:4C:5B:B2:6B:68:3A:5A:61:7C:28:C0:9B:0F
Certificate issuer:       /CN=7c4b917dc9046a065678ae0df4d3e30369c59c69
Certificate serial:       018CC64AB5EFA9AA4E1058C916C62DADC2CD
Authority key identifier: 7C:4B:91:7D:C9:04:6A:06:56:78:AE:0D:F4:D3:E3:03:69:C5:9C:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fEuRfckEagZWeK4N9NPjA2nFnGk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/8d85d7-4049-4b5a-9bf7-91c70f61a067/1/Aey51jH7bkxbsmtoOlphfCjAmw8.roa
Signing time:             Mon 01 Jan 2024 18:30:34 +0000
ROA not before:           Mon 01 Jan 2024 18:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15623
IP address blocks:        185.117.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/8d85d7-4049-4b5a-9bf7-91c70f61a067/1/fEuRfckEagZWeK4N9NPjA2nFnGk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/8d85d7-4049-4b5a-9bf7-91c70f61a067/1/fEuRfckEagZWeK4N9NPjA2nFnGk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fEuRfckEagZWeK4N9NPjA2nFnGk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:b5:ef:a9:aa:4e:10:58:c9:16:c6:2d:ad:c2:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c4b917dc9046a065678ae0df4d3e30369c59c69
        Validity
            Not Before: Jan  1 18:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01ecb9d631fb6e4c5bb26b683a5a617c28c09b0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:87:45:7d:b8:13:2d:a3:03:93:62:60:ac:6e:
                    d9:60:c6:f5:a3:fc:55:47:59:53:c2:4c:c8:89:52:
                    75:3e:3e:e6:9b:77:6f:95:82:66:97:21:90:22:e7:
                    b8:45:75:c4:e3:a5:bd:0a:e0:f6:70:b0:3e:4e:8e:
                    08:d9:a8:bd:54:a0:d6:64:8d:05:13:7e:fd:8d:e3:
                    35:ee:43:bb:da:3d:47:be:f1:d0:6a:41:38:ce:9d:
                    32:83:9a:e5:e1:48:0d:85:88:fa:43:58:ac:f7:6c:
                    0b:e6:b3:e4:c0:3e:69:5b:5f:61:67:1d:32:66:80:
                    05:26:f3:39:fb:20:c1:2e:ef:35:bc:bb:e5:cd:bc:
                    6a:b8:0d:2a:a8:8c:de:1f:87:12:fe:1b:86:78:05:
                    f3:ba:44:f6:c0:d4:c7:1b:43:2d:e0:66:db:5e:2d:
                    8d:99:60:32:19:62:1d:c8:52:45:b6:10:e0:34:39:
                    ac:46:78:5a:84:f3:7d:f3:dd:ce:84:4d:d8:a9:bc:
                    ca:32:b3:ba:d7:76:f7:d4:c5:f6:0d:0c:f7:7e:fa:
                    eb:ff:c4:8e:b3:26:69:6a:4e:e3:1a:e6:8a:19:2e:
                    b8:a5:32:78:e3:2d:37:59:bb:01:d4:9d:c5:b2:23:
                    ec:76:52:8b:f7:de:e1:25:d1:92:fb:02:85:a9:a1:
                    92:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:EC:B9:D6:31:FB:6E:4C:5B:B2:6B:68:3A:5A:61:7C:28:C0:9B:0F
            X509v3 Authority Key Identifier:
                keyid:7C:4B:91:7D:C9:04:6A:06:56:78:AE:0D:F4:D3:E3:03:69:C5:9C:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fEuRfckEagZWeK4N9NPjA2nFnGk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/8d85d7-4049-4b5a-9bf7-91c70f61a067/1/Aey51jH7bkxbsmtoOlphfCjAmw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/8d85d7-4049-4b5a-9bf7-91c70f61a067/1/fEuRfckEagZWeK4N9NPjA2nFnGk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:0a:e3:c9:27:ce:71:6a:25:80:2e:10:d8:a1:69:a4:06:a7:
         6f:99:bf:91:e8:a0:58:b6:69:66:fd:9d:c7:cc:50:c6:73:ab:
         6e:93:1d:b5:6e:e4:35:fe:f5:79:ce:ff:09:fb:51:e8:5d:d0:
         ab:1c:5a:e1:4d:0a:61:53:13:35:02:4e:da:db:2f:27:b8:3a:
         97:0d:12:d4:d2:32:77:dc:55:d8:70:9f:38:b1:23:2c:0a:59:
         71:a6:74:9d:a5:46:27:65:27:10:e0:fe:1d:e4:80:e6:89:20:
         22:ab:c9:ec:d8:4b:a5:68:b9:ff:a3:1e:e9:79:1b:1e:34:69:
         52:af:82:a2:6a:24:3f:25:fc:55:3c:2b:4b:34:cd:39:17:19:
         b2:9d:89:4f:ef:e7:b5:2d:26:9c:ad:b6:dc:4b:c3:79:ae:18:
         ab:08:72:57:74:a6:ba:12:68:ac:a1:68:6c:06:9c:fe:87:82:
         89:4a:bd:f6:e2:2c:55:c7:6e:b2:c4:f8:d4:f5:9f:d8:a9:a2:
         50:a0:b9:1c:e6:92:03:20:46:ce:e9:b6:4b:14:64:dc:be:e8:
         9c:14:72:1f:cc:74:95:1b:83:08:9f:ff:35:cb:6b:50:d2:0b:
         82:8d:b5:6e:30:fa:e6:5e:13:40:a9:97:3d:9a:c1:fe:66:65:
         ae:df:f3:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSrXvqapOEFjJFsYtrcLNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjNGI5MTdkYzkwNDZhMDY1Njc4YWUwZGY0ZDNlMzAzNjlj
NTljNjkwHhcNMjQwMTAxMTgzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWVjYjlkNjMxZmI2ZTRjNWJiMjZiNjgzYTVhNjE3YzI4YzA5YjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiYdFfbgTLaMDk2JgrG7ZYMb1o/xV
R1lTwkzIiVJ1Pj7mm3dvlYJmlyGQIue4RXXE46W9CuD2cLA+To4I2ai9VKDWZI0F
E379jeM17kO72j1HvvHQakE4zp0yg5rl4UgNhYj6Q1is92wL5rPkwD5pW19hZx0y
ZoAFJvM5+yDBLu81vLvlzbxquA0qqIzeH4cS/huGeAXzukT2wNTHG0Mt4GbbXi2N
mWAyGWIdyFJFthDgNDmsRnhahPN9893OhE3YqbzKMrO613b31MX2DQz3fvrr/8SO
syZpak7jGuaKGS64pTJ44y03WbsB1J3FsiPsdlKL997hJdGS+wKFqaGSawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAHsudYx+25MW7JraDpaYXwowJsPMB8GA1UdIwQY
MBaAFHxLkX3JBGoGVniuDfTT4wNpxZxpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkV1UmZja0VhZ1pXZUs0TjlOUGpBMm5GbkdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi84ZDg1ZDctNDA0OS00YjVhLTliZjct
OTFjNzBmNjFhMDY3LzEvQWV5NTFqSDdia3hic210b09scGhmQ2pBbXc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi84ZDg1ZDctNDA0OS00YjVhLTliZjctOTFjNzBmNjFhMDY3
LzEvZkV1UmZja0VhZ1pXZUs0TjlOUGpBMm5GbkdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXUPMA0G
CSqGSIb3DQEBCwUAA4IBAQC1CuPJJ85xaiWALhDYoWmkBqdvmb+R6KBYtmlm/Z3H
zFDGc6tukx21buQ1/vV5zv8J+1HoXdCrHFrhTQphUxM1Ak7a2y8nuDqXDRLU0jJ3
3FXYcJ84sSMsCllxpnSdpUYnZScQ4P4d5IDmiSAiq8ns2EulaLn/ox7peRseNGlS
r4KiaiQ/JfxVPCtLNM05FxmynYlP7+e1LSacrbbcS8N5rhirCHJXdKa6EmisoWhs
Bpz+h4KJSr324ixVx26yxPjU9Z/YqaJQoLkc5pIDIEbO6bZLFGTcvuicFHIfzHSV
G4MIn/81y2tQ0guCjbVuMPrmXhNAqZc9msH+ZmWu3/MP
-----END CERTIFICATE-----