Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/f501f6-1702-48d3-8027-96b8691f5260/1/oID11A9n-ginPfr60NbSUqMjK34.roa
File:                     oID11A9n-ginPfr60NbSUqMjK34.roa (raw, json)
Hash identifier:          OxVafolUPlJETXRZ0/4xUCtWNnTW0D94go27KByQMjM=
Subject key identifier:   A0:80:F5:D4:0F:67:FA:08:A7:3D:FA:FA:D0:D6:D2:52:A3:23:2B:7E
Certificate issuer:       /CN=15d1ff6bec9fbcb89e950a3a01ef2d686f0e7a31
Certificate serial:       018CC7951787157C015DCC5B1D427112691C
Authority key identifier: 15:D1:FF:6B:EC:9F:BC:B8:9E:95:0A:3A:01:EF:2D:68:6F:0E:7A:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FdH_a-yfvLielQo6Ae8taG8OejE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/f501f6-1702-48d3-8027-96b8691f5260/1/oID11A9n-ginPfr60NbSUqMjK34.roa
Signing time:             Tue 02 Jan 2024 00:31:25 +0000
ROA not before:           Tue 02 Jan 2024 00:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     4755
IP address blocks:        185.150.216.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/f501f6-1702-48d3-8027-96b8691f5260/1/FdH_a-yfvLielQo6Ae8taG8OejE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/f501f6-1702-48d3-8027-96b8691f5260/1/FdH_a-yfvLielQo6Ae8taG8OejE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FdH_a-yfvLielQo6Ae8taG8OejE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:17:87:15:7c:01:5d:cc:5b:1d:42:71:12:69:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15d1ff6bec9fbcb89e950a3a01ef2d686f0e7a31
        Validity
            Not Before: Jan  2 00:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a080f5d40f67fa08a73dfafad0d6d252a3232b7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:e6:c2:e9:a7:9a:63:6c:98:02:77:fc:13:f6:
                    80:57:c4:07:ed:1e:31:d4:39:c1:82:93:7e:8c:f8:
                    f1:d1:0a:f5:21:d8:37:00:12:e0:63:da:b4:05:85:
                    03:2a:6c:0e:03:a1:f6:b7:a4:c2:cf:24:3f:00:2e:
                    71:d0:e4:84:df:f8:f9:36:5a:2c:9c:68:56:ae:53:
                    e0:50:2b:c0:6f:cb:2c:02:6b:27:1f:46:9f:54:14:
                    b1:e6:e8:24:24:32:e4:e9:88:4d:5d:0c:ec:e4:3c:
                    1e:1a:a4:c2:dd:45:d3:1b:4b:2f:a5:2e:3d:5f:f9:
                    f7:65:ce:ef:7f:f2:9a:fc:c4:6f:5b:58:45:03:43:
                    33:b6:c2:e2:89:f2:71:a7:8e:bf:b3:cf:65:d6:3c:
                    7d:f6:77:04:f4:df:da:4a:76:3b:08:59:22:ac:72:
                    e0:05:e7:b9:8f:97:57:ad:e4:52:57:8d:36:d8:37:
                    58:a5:81:ad:df:5e:3d:a6:0e:1d:f5:20:a6:aa:f0:
                    16:9c:9e:8a:e5:4b:ab:86:43:c9:a8:11:31:60:fd:
                    4f:09:fc:59:18:fa:db:ca:37:76:62:49:e3:c0:b1:
                    fd:d3:bb:60:94:ad:5d:25:b3:15:ba:84:ba:d7:17:
                    9e:c3:b8:16:82:b2:72:96:5e:86:04:13:ce:79:39:
                    68:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:80:F5:D4:0F:67:FA:08:A7:3D:FA:FA:D0:D6:D2:52:A3:23:2B:7E
            X509v3 Authority Key Identifier:
                keyid:15:D1:FF:6B:EC:9F:BC:B8:9E:95:0A:3A:01:EF:2D:68:6F:0E:7A:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FdH_a-yfvLielQo6Ae8taG8OejE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/f501f6-1702-48d3-8027-96b8691f5260/1/oID11A9n-ginPfr60NbSUqMjK34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/f501f6-1702-48d3-8027-96b8691f5260/1/FdH_a-yfvLielQo6Ae8taG8OejE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:b7:24:69:63:61:21:25:d2:98:6b:60:bd:2c:a4:94:d3:24:
         40:6f:b8:5a:10:7b:09:bd:cc:b3:a9:a1:00:99:ba:5a:73:ba:
         c7:36:18:bf:a2:72:dd:34:8a:5a:8f:4a:f8:11:2c:bb:0e:8c:
         a9:cf:6b:65:d0:f6:fa:68:7c:02:5e:3c:2a:85:ba:3d:ce:98:
         8e:84:31:e1:fe:c3:3c:d7:65:52:4d:00:3a:c2:c8:89:ae:12:
         43:b5:8f:6a:f9:12:13:65:0e:e8:a4:7f:5e:3b:31:c6:d2:c0:
         70:d9:6c:35:0b:2b:0d:87:26:a9:85:e9:64:d7:8f:17:e7:dd:
         3d:cb:fa:9c:65:e1:0b:1a:50:e0:5f:77:0b:72:be:00:30:da:
         2e:8e:a4:16:58:e7:79:c2:97:0e:de:6d:f8:15:a8:a7:3a:97:
         9c:f8:1b:f1:87:64:c5:8c:99:2a:f5:6b:84:7f:e6:dd:74:f1:
         20:5d:6e:be:ec:a8:47:29:36:8e:c7:60:80:4a:64:5c:7e:ff:
         d8:f0:9a:dc:49:66:b7:ca:aa:d8:bf:5b:77:08:02:cf:e0:40:
         4f:84:1f:29:0f:16:df:61:60:81:24:7e:62:0f:f1:c5:fb:4a:
         ec:5d:51:d8:d7:50:7f:3d:d0:c4:ed:59:7f:97:3c:a4:45:ca:
         d1:51:03:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlReHFXwBXcxbHUJxEmkcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZDFmZjZiZWM5ZmJjYjg5ZTk1MGEzYTAxZWYyZDY4NmYw
ZTdhMzEwHhcNMjQwMTAyMDAzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDgwZjVkNDBmNjdmYTA4YTczZGZhZmFkMGQ2ZDI1MmEzMjMyYjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnebC6aeaY2yYAnf8E/aAV8QH7R4x
1DnBgpN+jPjx0Qr1Idg3ABLgY9q0BYUDKmwOA6H2t6TCzyQ/AC5x0OSE3/j5Nlos
nGhWrlPgUCvAb8ssAmsnH0afVBSx5ugkJDLk6YhNXQzs5DweGqTC3UXTG0svpS49
X/n3Zc7vf/Ka/MRvW1hFA0MztsLiifJxp46/s89l1jx99ncE9N/aSnY7CFkirHLg
Bee5j5dXreRSV4022DdYpYGt3149pg4d9SCmqvAWnJ6K5UurhkPJqBExYP1PCfxZ
GPrbyjd2YknjwLH907tglK1dJbMVuoS61xeew7gWgrJyll6GBBPOeTlo/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKCA9dQPZ/oIpz36+tDW0lKjIyt+MB8GA1UdIwQY
MBaAFBXR/2vsn7y4npUKOgHvLWhvDnoxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmRIX2EteWZ2TGllbFFvNkFlOHRhRzhPZWpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9mNTAxZjYtMTcwMi00OGQzLTgwMjct
OTZiODY5MWY1MjYwLzEvb0lEMTFBOW4tZ2luUGZyNjBOYlNVcU1qSzM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9mNTAxZjYtMTcwMi00OGQzLTgwMjctOTZiODY5MWY1MjYw
LzEvRmRIX2EteWZ2TGllbFFvNkFlOHRhRzhPZWpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZbYMA0G
CSqGSIb3DQEBCwUAA4IBAQBStyRpY2EhJdKYa2C9LKSU0yRAb7haEHsJvcyzqaEA
mbpac7rHNhi/onLdNIpaj0r4ESy7Doypz2tl0Pb6aHwCXjwqhbo9zpiOhDHh/sM8
12VSTQA6wsiJrhJDtY9q+RITZQ7opH9eOzHG0sBw2Ww1CysNhyaphelk148X5909
y/qcZeELGlDgX3cLcr4AMNoujqQWWOd5wpcO3m34FainOpec+Bvxh2TFjJkq9WuE
f+bddPEgXW6+7KhHKTaOx2CASmRcfv/Y8JrcSWa3yqrYv1t3CALP4EBPhB8pDxbf
YWCBJH5iD/HF+0rsXVHY11B/PdDE7Vl/lzykRcrRUQP9
-----END CERTIFICATE-----