Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/O8uvSRIILHAvkeP1cFw0R2xPoNw.roa
File:                     O8uvSRIILHAvkeP1cFw0R2xPoNw.roa (raw, json)
Hash identifier:          UpTYzrz2lasx/G1Acq07IVH7l3u2LwotURBUI4GD5dI=
Subject key identifier:   3B:CB:AF:49:12:08:2C:70:2F:91:E3:F5:70:5C:34:47:6C:4F:A0:DC
Certificate issuer:       /CN=015b6d1596ac0501a71a393447051a62ff1dda16
Certificate serial:       018CC348E1FEF440F6B18DB032DEB84B4E67
Authority key identifier: 01:5B:6D:15:96:AC:05:01:A7:1A:39:34:47:05:1A:62:FF:1D:DA:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AVttFZasBQGnGjk0RwUaYv8d2hY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/O8uvSRIILHAvkeP1cFw0R2xPoNw.roa
Signing time:             Mon 01 Jan 2024 04:29:42 +0000
ROA not before:           Mon 01 Jan 2024 04:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196977
IP address blocks:        5.153.190.0/24 maxlen: 24
                          5.153.191.0/24 maxlen: 24
                          5.153.190.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/AVttFZasBQGnGjk0RwUaYv8d2hY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/AVttFZasBQGnGjk0RwUaYv8d2hY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AVttFZasBQGnGjk0RwUaYv8d2hY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Nov 2024 03:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e1:fe:f4:40:f6:b1:8d:b0:32:de:b8:4b:4e:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=015b6d1596ac0501a71a393447051a62ff1dda16
        Validity
            Not Before: Jan  1 04:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3bcbaf4912082c702f91e3f5705c34476c4fa0dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:82:9a:20:3c:55:79:d9:e1:23:76:6b:a1:5e:
                    9c:9b:fd:0e:ef:4e:d4:8b:d7:b3:f5:b0:f1:a3:21:
                    9e:90:03:9a:48:08:7a:4d:45:a1:7b:9c:63:62:4f:
                    51:73:a3:25:c9:3b:9a:00:7a:a8:75:c3:11:79:50:
                    23:24:63:f2:7a:f3:a3:15:3b:6a:95:cb:a1:22:be:
                    d0:2d:11:06:95:93:38:a9:04:38:1a:73:c7:6e:fa:
                    aa:0e:35:5a:6a:f2:cb:e0:0b:1b:8c:68:3c:b5:f7:
                    34:f5:c0:dc:32:bd:b0:2a:d4:d3:3f:5e:6f:b2:d4:
                    22:3e:ac:f7:e2:f0:2c:13:d7:75:a5:12:6e:16:62:
                    53:f5:be:f7:f0:dd:0f:36:a9:0d:8d:3f:56:65:bc:
                    aa:ea:7b:87:68:ab:fd:ef:9a:cb:0c:c2:70:34:15:
                    b3:02:94:e9:33:7d:58:3e:d1:05:d5:43:36:0e:ee:
                    8f:e9:2b:4c:33:4c:33:61:d4:64:6e:15:0f:8b:65:
                    55:68:a1:c7:79:3b:9c:04:77:7f:81:2c:84:2a:09:
                    8b:27:d0:98:83:18:dd:78:d2:48:ce:5d:4e:15:83:
                    cb:16:e6:5b:9d:dc:a9:f4:d0:19:b6:77:33:ec:3c:
                    f6:ac:91:c0:d4:f3:c6:1e:0e:1e:23:7a:b5:98:aa:
                    51:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:CB:AF:49:12:08:2C:70:2F:91:E3:F5:70:5C:34:47:6C:4F:A0:DC
            X509v3 Authority Key Identifier:
                keyid:01:5B:6D:15:96:AC:05:01:A7:1A:39:34:47:05:1A:62:FF:1D:DA:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AVttFZasBQGnGjk0RwUaYv8d2hY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/O8uvSRIILHAvkeP1cFw0R2xPoNw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/AVttFZasBQGnGjk0RwUaYv8d2hY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.153.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1b:2c:bc:9d:8d:b2:87:cb:73:58:ff:d8:33:ad:b6:52:47:44:
         f8:d1:a6:dd:ef:b4:56:f6:fe:aa:2a:a8:7e:ce:97:b6:0b:52:
         49:4a:fb:14:44:26:93:df:1f:52:5b:15:34:05:20:f2:e7:26:
         d4:92:de:f1:16:e5:40:cf:b4:3f:87:5d:a2:38:d0:0f:0e:6e:
         cf:2a:cd:9f:03:ea:16:08:f2:64:e7:6e:65:97:f4:9e:04:2f:
         71:36:0c:e2:82:ff:b8:8f:01:04:94:38:89:a5:38:7f:16:64:
         43:75:13:c7:57:5d:5c:cd:26:7d:4e:a2:bc:80:d3:5e:32:4f:
         a2:31:e5:aa:36:e4:25:ec:d5:b9:73:77:63:89:1f:ca:32:81:
         66:b5:63:52:6a:76:d2:d6:4b:be:f8:39:bd:5d:89:14:7e:5c:
         05:04:e8:d5:72:f8:56:23:dc:41:7f:d5:1f:d7:e7:65:06:d7:
         53:8f:90:25:a4:98:64:15:b7:d2:10:6d:b0:db:8b:2c:8e:d2:
         b0:0b:06:a7:72:8f:55:20:b2:cc:e6:3d:bc:e9:f0:af:5b:43:
         7d:97:91:49:b2:8d:a1:ae:cc:d0:02:bb:97:04:ac:c1:82:4b:
         58:d7:18:66:c4:98:6f:97:89:6d:83:4d:87:4c:f8:13:1d:5f:
         c9:0f:2a:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSOH+9ED2sY2wMt64S05nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNWI2ZDE1OTZhYzA1MDFhNzFhMzkzNDQ3MDUxYTYyZmYx
ZGRhMTYwHhcNMjQwMTAxMDQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmNiYWY0OTEyMDgyYzcwMmY5MWUzZjU3MDVjMzQ0NzZjNGZhMGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAooKaIDxVednhI3ZroV6cm/0O707U
i9ez9bDxoyGekAOaSAh6TUWhe5xjYk9Rc6MlyTuaAHqodcMReVAjJGPyevOjFTtq
lcuhIr7QLREGlZM4qQQ4GnPHbvqqDjVaavLL4AsbjGg8tfc09cDcMr2wKtTTP15v
stQiPqz34vAsE9d1pRJuFmJT9b738N0PNqkNjT9WZbyq6nuHaKv975rLDMJwNBWz
ApTpM31YPtEF1UM2Du6P6StMM0wzYdRkbhUPi2VVaKHHeTucBHd/gSyEKgmLJ9CY
gxjdeNJIzl1OFYPLFuZbndyp9NAZtncz7Dz2rJHA1PPGHg4eI3q1mKpR7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDvLr0kSCCxwL5Hj9XBcNEdsT6DcMB8GA1UdIwQY
MBaAFAFbbRWWrAUBpxo5NEcFGmL/HdoWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVZ0dEZaYXNCUUduR2prMFJ3VWFZdjhkMmhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC81MmE4OGYtZTlhMi00ODUxLTkxNDgt
ZmVlOGYzNzkwNTY3LzEvTzh1dlNSSUlMSEF2a2VQMWNGdzBSMnhQb053LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC81MmE4OGYtZTlhMi00ODUxLTkxNDgtZmVlOGYzNzkwNTY3
LzEvQVZ0dEZaYXNCUUduR2prMFJ3VWFZdjhkMmhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBZm+MA0G
CSqGSIb3DQEBCwUAA4IBAQAbLLydjbKHy3NY/9gzrbZSR0T40abd77RW9v6qKqh+
zpe2C1JJSvsURCaT3x9SWxU0BSDy5ybUkt7xFuVAz7Q/h12iONAPDm7PKs2fA+oW
CPJk525ll/SeBC9xNgzigv+4jwEElDiJpTh/FmRDdRPHV11czSZ9TqK8gNNeMk+i
MeWqNuQl7NW5c3djiR/KMoFmtWNSanbS1ku++Dm9XYkUflwFBOjVcvhWI9xBf9Uf
1+dlBtdTj5AlpJhkFbfSEG2w24ssjtKwCwanco9VILLM5j286fCvW0N9l5FJso2h
rszQAruXBKzBgktY1xhmxJhvl4ltg02HTPgTHV/JDyoj
-----END CERTIFICATE-----