Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/f501f6-1702-48d3-8027-96b8691f5260/1/Nt1jO-Z_Ba_QQRG7t9vS0DQz1ks.roa
File:                     Nt1jO-Z_Ba_QQRG7t9vS0DQz1ks.roa (raw, json)
Hash identifier:          waJzR3RUX4v5HGF8r0W0vzUcc1IliOREClyd2Qd451M=
Subject key identifier:   36:DD:63:3B:E6:7F:05:AF:D0:41:11:BB:B7:DB:D2:D0:34:33:D6:4B
Certificate issuer:       /CN=15d1ff6bec9fbcb89e950a3a01ef2d686f0e7a31
Certificate serial:       018CC79518909C09BC30002390D919072478
Authority key identifier: 15:D1:FF:6B:EC:9F:BC:B8:9E:95:0A:3A:01:EF:2D:68:6F:0E:7A:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FdH_a-yfvLielQo6Ae8taG8OejE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/f501f6-1702-48d3-8027-96b8691f5260/1/Nt1jO-Z_Ba_QQRG7t9vS0DQz1ks.roa
Signing time:             Tue 02 Jan 2024 00:31:26 +0000
ROA not before:           Tue 02 Jan 2024 00:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203147
IP address blocks:        185.150.219.0/24 maxlen: 24
                          185.150.216.0/23 maxlen: 23
                          185.150.218.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/f501f6-1702-48d3-8027-96b8691f5260/1/FdH_a-yfvLielQo6Ae8taG8OejE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/f501f6-1702-48d3-8027-96b8691f5260/1/FdH_a-yfvLielQo6Ae8taG8OejE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FdH_a-yfvLielQo6Ae8taG8OejE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:18:90:9c:09:bc:30:00:23:90:d9:19:07:24:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15d1ff6bec9fbcb89e950a3a01ef2d686f0e7a31
        Validity
            Not Before: Jan  2 00:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36dd633be67f05afd04111bbb7dbd2d03433d64b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:07:b5:26:bf:74:d4:e2:47:71:03:10:a2:df:
                    59:e9:d3:4d:22:ba:54:41:2c:a1:b3:4e:20:c7:ae:
                    f5:3c:bb:c2:06:4b:2c:51:76:df:5a:54:72:b1:e4:
                    4b:b7:67:9c:a0:c4:8e:0f:d8:62:6e:01:36:9f:20:
                    80:47:4d:8d:e1:4d:7b:b3:e6:52:16:db:02:2d:39:
                    08:b9:af:59:93:38:a4:52:aa:52:44:41:c8:f5:52:
                    ca:a2:d1:a1:70:a8:0d:ed:88:7b:1b:cd:a0:33:22:
                    0c:02:b5:1d:a3:1b:34:23:90:0c:92:04:fd:97:8e:
                    90:78:a6:75:d2:a4:7f:60:7c:18:b1:f1:d2:11:ce:
                    02:5e:c0:88:48:2c:aa:75:3e:bb:27:42:5d:5a:ac:
                    ee:61:51:a6:18:22:92:73:22:b7:f2:36:1c:38:04:
                    57:d8:59:49:b7:93:53:83:69:f4:57:c6:ea:b6:4b:
                    96:08:e1:0d:e6:bc:d7:43:41:0f:9f:65:5e:e4:af:
                    53:9c:72:c1:b4:5e:fd:9e:84:37:44:34:ee:80:95:
                    fa:a6:29:f3:f5:17:48:fd:3f:6f:e2:3a:3b:dd:83:
                    dd:75:42:bf:4e:59:13:0f:ca:31:ef:27:b6:1e:02:
                    1b:56:97:dd:33:a8:eb:dd:24:dc:ab:43:c1:53:77:
                    3d:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:DD:63:3B:E6:7F:05:AF:D0:41:11:BB:B7:DB:D2:D0:34:33:D6:4B
            X509v3 Authority Key Identifier:
                keyid:15:D1:FF:6B:EC:9F:BC:B8:9E:95:0A:3A:01:EF:2D:68:6F:0E:7A:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FdH_a-yfvLielQo6Ae8taG8OejE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/f501f6-1702-48d3-8027-96b8691f5260/1/Nt1jO-Z_Ba_QQRG7t9vS0DQz1ks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/f501f6-1702-48d3-8027-96b8691f5260/1/FdH_a-yfvLielQo6Ae8taG8OejE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9d:81:8a:58:5e:4a:d0:ca:4c:03:6b:cc:83:85:16:6a:2f:1d:
         02:49:24:55:f8:c3:39:f0:38:e3:d8:f8:53:ae:fe:7e:02:a9:
         37:a0:95:98:d9:13:cc:2c:73:87:03:48:cb:67:43:61:5f:4d:
         8f:d0:66:b3:13:3a:24:ba:b1:da:1f:f7:9f:b9:6b:e6:db:c9:
         81:c8:c9:02:c2:77:f4:4a:cd:48:8b:05:85:51:f7:ad:78:37:
         11:d2:5d:90:a4:e4:3d:d1:5c:46:69:68:d8:36:69:19:71:ba:
         50:c2:1c:90:df:9e:d3:f9:3b:e8:05:53:19:e3:1d:63:cb:dc:
         80:25:34:5d:f8:c2:7a:2b:34:68:4e:01:e0:94:3e:d6:27:79:
         73:62:83:d3:50:12:70:7d:a3:aa:46:fb:a9:5e:d3:e9:db:ba:
         59:c0:b8:45:2a:85:02:c1:7f:59:20:8b:63:4c:44:db:94:1d:
         60:e6:b0:dc:c8:db:0e:e4:66:ba:9f:e0:0c:82:fd:90:f5:a9:
         87:dc:d8:ed:ea:92:c7:43:17:5d:58:2b:2a:75:24:91:68:e8:
         36:e2:ca:b4:c0:9f:e5:0a:1d:51:72:23:8c:e7:23:d2:4c:9a:
         f7:9e:67:c5:44:0e:80:d6:f9:c2:2f:0c:ac:ae:08:f3:15:bd:
         08:63:b1:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlRiQnAm8MAAjkNkZByR4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZDFmZjZiZWM5ZmJjYjg5ZTk1MGEzYTAxZWYyZDY4NmYw
ZTdhMzEwHhcNMjQwMTAyMDAzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmRkNjMzYmU2N2YwNWFmZDA0MTExYmJiN2RiZDJkMDM0MzNkNjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlge1Jr901OJHcQMQot9Z6dNNIrpU
QSyhs04gx671PLvCBkssUXbfWlRyseRLt2ecoMSOD9hibgE2nyCAR02N4U17s+ZS
FtsCLTkIua9ZkzikUqpSREHI9VLKotGhcKgN7Yh7G82gMyIMArUdoxs0I5AMkgT9
l46QeKZ10qR/YHwYsfHSEc4CXsCISCyqdT67J0JdWqzuYVGmGCKScyK38jYcOARX
2FlJt5NTg2n0V8bqtkuWCOEN5rzXQ0EPn2Ve5K9TnHLBtF79noQ3RDTugJX6pinz
9RdI/T9v4jo73YPddUK/TlkTD8ox7ye2HgIbVpfdM6jr3STcq0PBU3c90QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDbdYzvmfwWv0EERu7fb0tA0M9ZLMB8GA1UdIwQY
MBaAFBXR/2vsn7y4npUKOgHvLWhvDnoxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmRIX2EteWZ2TGllbFFvNkFlOHRhRzhPZWpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9mNTAxZjYtMTcwMi00OGQzLTgwMjct
OTZiODY5MWY1MjYwLzEvTnQxak8tWl9CYV9RUVJHN3Q5dlMwRFF6MWtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9mNTAxZjYtMTcwMi00OGQzLTgwMjctOTZiODY5MWY1MjYw
LzEvRmRIX2EteWZ2TGllbFFvNkFlOHRhRzhPZWpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZbYMA0G
CSqGSIb3DQEBCwUAA4IBAQCdgYpYXkrQykwDa8yDhRZqLx0CSSRV+MM58Djj2PhT
rv5+Aqk3oJWY2RPMLHOHA0jLZ0NhX02P0GazEzokurHaH/efuWvm28mByMkCwnf0
Ss1IiwWFUfeteDcR0l2QpOQ90VxGaWjYNmkZcbpQwhyQ357T+TvoBVMZ4x1jy9yA
JTRd+MJ6KzRoTgHglD7WJ3lzYoPTUBJwfaOqRvupXtPp27pZwLhFKoUCwX9ZIItj
TETblB1g5rDcyNsO5Ga6n+AMgv2Q9amH3Njt6pLHQxddWCsqdSSRaOg24sq0wJ/l
Ch1RciOM5yPSTJr3nmfFRA6A1vnCLwysrgjzFb0IY7EY
-----END CERTIFICATE-----