Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/2a0808-7e97-47e0-afbb-74ccd8240bad/1/xp1JGS6h3gih6q4UF-e22uE97bI.roa
File:                     xp1JGS6h3gih6q4UF-e22uE97bI.roa (raw, json)
Hash identifier:          Nfmr9jCYPjHaHDgOXwsrlhrxZ5fJTKWKHiKyv8n419s=
Subject key identifier:   C6:9D:49:19:2E:A1:DE:08:A1:EA:AE:14:17:E7:B6:DA:E1:3D:ED:B2
Certificate issuer:       /CN=59877720c014688494ea6910c83474de13e99802
Certificate serial:       018D078F2EFFE4EF82FD423F2E2E3C378E4C
Authority key identifier: 59:87:77:20:C0:14:68:84:94:EA:69:10:C8:34:74:DE:13:E9:98:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WYd3IMAUaISU6mkQyDR03hPpmAI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/2a0808-7e97-47e0-afbb-74ccd8240bad/1/xp1JGS6h3gih6q4UF-e22uE97bI.roa
Signing time:             Sun 14 Jan 2024 10:40:40 +0000
ROA not before:           Sun 14 Jan 2024 10:40:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        185.144.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/2a0808-7e97-47e0-afbb-74ccd8240bad/1/WYd3IMAUaISU6mkQyDR03hPpmAI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/2a0808-7e97-47e0-afbb-74ccd8240bad/1/WYd3IMAUaISU6mkQyDR03hPpmAI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WYd3IMAUaISU6mkQyDR03hPpmAI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 04:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:07:8f:2e:ff:e4:ef:82:fd:42:3f:2e:2e:3c:37:8e:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59877720c014688494ea6910c83474de13e99802
        Validity
            Not Before: Jan 14 10:40:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c69d49192ea1de08a1eaae1417e7b6dae13dedb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:95:9c:3d:d6:2b:20:35:64:80:45:d9:b4:57:
                    21:46:4d:e2:63:64:d9:ee:66:80:f6:4b:e6:32:38:
                    a0:88:ed:2c:58:ee:6d:80:f4:77:82:8b:1e:60:56:
                    7e:d3:98:e2:fa:54:4c:a2:c1:2f:b4:9c:6c:be:c3:
                    51:b4:94:a3:bd:77:c2:4c:3c:12:48:65:2b:7a:54:
                    be:c0:e3:1d:5d:29:03:68:ba:97:f0:8c:e2:1c:76:
                    e5:00:2f:e2:71:51:61:7b:d4:2b:37:4c:78:b0:47:
                    6d:57:f6:b1:a5:2e:7b:02:90:bd:01:f4:d6:0a:01:
                    ab:92:d3:59:43:90:9e:53:e1:6e:b2:87:aa:36:51:
                    64:d7:6b:a2:18:72:42:9a:6b:29:f9:58:96:93:22:
                    8d:03:9f:00:73:e0:d0:06:e5:33:d6:4e:89:8f:75:
                    38:89:53:a5:73:3c:ef:c5:7e:7b:40:da:17:6b:33:
                    7d:55:59:06:10:78:5e:54:58:0b:54:64:4d:a0:5a:
                    d8:63:60:c0:7d:9b:24:f8:5e:e5:b7:43:82:ea:47:
                    4c:15:f9:bc:7f:e1:7e:0f:82:59:3f:1f:59:91:3a:
                    07:52:86:78:9d:87:35:ca:0b:bd:9e:0b:55:39:cb:
                    5f:b2:ae:30:25:d5:53:9f:59:96:e0:5b:c1:8f:be:
                    0d:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:9D:49:19:2E:A1:DE:08:A1:EA:AE:14:17:E7:B6:DA:E1:3D:ED:B2
            X509v3 Authority Key Identifier:
                keyid:59:87:77:20:C0:14:68:84:94:EA:69:10:C8:34:74:DE:13:E9:98:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WYd3IMAUaISU6mkQyDR03hPpmAI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/2a0808-7e97-47e0-afbb-74ccd8240bad/1/xp1JGS6h3gih6q4UF-e22uE97bI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/2a0808-7e97-47e0-afbb-74ccd8240bad/1/WYd3IMAUaISU6mkQyDR03hPpmAI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.144.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:a8:b5:d8:52:b2:e7:e5:e0:ca:96:1c:c0:cf:df:52:c3:af:
         dd:77:84:17:94:78:c8:ec:1c:7c:84:99:4d:a8:bb:d8:63:53:
         0e:00:7a:45:0a:fa:6e:9a:43:22:96:28:ca:ba:22:1e:29:54:
         7d:d4:af:74:15:2f:38:5c:22:6b:72:ec:34:b3:fd:24:02:84:
         2f:a3:4c:28:91:59:fe:a0:95:c7:0b:c4:76:17:c5:4a:46:67:
         74:11:4b:61:2d:b7:d6:8b:1a:cc:ff:25:4d:b3:c3:ab:ef:2e:
         c0:bc:bf:bb:aa:83:ec:b4:32:20:1c:62:bf:eb:17:5b:aa:f1:
         04:35:56:82:56:89:f4:b8:17:b2:df:85:8d:d5:33:9f:73:ef:
         ab:79:1e:f0:9d:87:ba:33:ae:5a:87:3a:ea:bc:94:94:38:11:
         b7:5c:39:48:ed:eb:94:be:ea:7e:09:bb:7d:2c:dd:1f:e8:ce:
         cd:0d:06:ed:9b:9f:d8:40:da:69:cc:fa:0a:60:04:bc:91:1b:
         bd:4b:2b:ad:7a:70:6a:ab:73:f3:be:02:c9:5b:9f:30:67:49:
         77:f8:7f:e4:1e:fe:0f:9d:2b:c2:1d:80:85:22:f7:25:9c:5d:
         44:e9:2f:c9:5f:0c:9f:d0:b1:6a:4a:86:13:cd:c7:99:fd:bc:
         0d:14:15:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0Hjy7/5O+C/UI/Li48N45MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5ODc3NzIwYzAxNDY4ODQ5NGVhNjkxMGM4MzQ3NGRlMTNl
OTk4MDIwHhcNMjQwMTE0MTA0MDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjlkNDkxOTJlYTFkZTA4YTFlYWFlMTQxN2U3YjZkYWUxM2RlZGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZWcPdYrIDVkgEXZtFchRk3iY2TZ
7maA9kvmMjigiO0sWO5tgPR3goseYFZ+05ji+lRMosEvtJxsvsNRtJSjvXfCTDwS
SGUrelS+wOMdXSkDaLqX8IziHHblAC/icVFhe9QrN0x4sEdtV/axpS57ApC9AfTW
CgGrktNZQ5CeU+FusoeqNlFk12uiGHJCmmsp+ViWkyKNA58Ac+DQBuUz1k6Jj3U4
iVOlczzvxX57QNoXazN9VVkGEHheVFgLVGRNoFrYY2DAfZsk+F7lt0OC6kdMFfm8
f+F+D4JZPx9ZkToHUoZ4nYc1ygu9ngtVOctfsq4wJdVTn1mW4FvBj74N3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMadSRkuod4IoequFBfnttrhPe2yMB8GA1UdIwQY
MBaAFFmHdyDAFGiElOppEMg0dN4T6ZgCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1lkM0lNQVVhSVNVNm1rUXlEUjAzaFBwbUFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy8yYTA4MDgtN2U5Ny00N2UwLWFmYmIt
NzRjY2Q4MjQwYmFkLzEveHAxSkdTNmgzZ2loNnE0VUYtZTIydUU5N2JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy8yYTA4MDgtN2U5Ny00N2UwLWFmYmItNzRjY2Q4MjQwYmFk
LzEvV1lkM0lNQVVhSVNVNm1rUXlEUjAzaFBwbUFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZAPMA0G
CSqGSIb3DQEBCwUAA4IBAQAiqLXYUrLn5eDKlhzAz99Sw6/dd4QXlHjI7Bx8hJlN
qLvYY1MOAHpFCvpumkMilijKuiIeKVR91K90FS84XCJrcuw0s/0kAoQvo0wokVn+
oJXHC8R2F8VKRmd0EUthLbfWixrM/yVNs8Or7y7AvL+7qoPstDIgHGK/6xdbqvEE
NVaCVon0uBey34WN1TOfc++reR7wnYe6M65ahzrqvJSUOBG3XDlI7euUvup+Cbt9
LN0f6M7NDQbtm5/YQNppzPoKYAS8kRu9SyutenBqq3PzvgLJW58wZ0l3+H/kHv4P
nSvCHYCFIvclnF1E6S/JXwyf0LFqSoYTzceZ/bwNFBU3
-----END CERTIFICATE-----