Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/iysA4OBra7sYMehwOS33Mnsjm1s.roa
File:                     iysA4OBra7sYMehwOS33Mnsjm1s.roa (raw, json)
Hash identifier:          tbp3TiM9ruKp57uvuQXxQ1MuPlrjxzpx2JWQProp1m8=
Subject key identifier:   8B:2B:00:E0:E0:6B:6B:BB:18:31:E8:70:39:2D:F7:32:7B:23:9B:5B
Certificate issuer:       /CN=5b698c4b612afee2cbb1cdd509e4f0246fbb80e1
Certificate serial:       018CCA2A257A9835DA4977644FE25ECFE4C1
Authority key identifier: 5B:69:8C:4B:61:2A:FE:E2:CB:B1:CD:D5:09:E4:F0:24:6F:BB:80:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/iysA4OBra7sYMehwOS33Mnsjm1s.roa
Signing time:             Tue 02 Jan 2024 12:33:28 +0000
ROA not before:           Tue 02 Jan 2024 12:33:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59708
IP address blocks:        80.253.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:25:7a:98:35:da:49:77:64:4f:e2:5e:cf:e4:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b698c4b612afee2cbb1cdd509e4f0246fbb80e1
        Validity
            Not Before: Jan  2 12:33:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b2b00e0e06b6bbb1831e870392df7327b239b5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:5f:3b:72:1e:f2:a0:1e:fb:b6:4d:7f:c1:e7:
                    ba:27:ef:b6:59:96:62:d0:64:9d:aa:8b:a9:55:eb:
                    7d:12:3e:09:99:d0:d9:69:30:db:66:47:2f:5d:93:
                    a8:06:b2:69:f9:83:88:6e:e2:01:e3:32:c4:db:3c:
                    93:dd:50:20:7d:cd:a1:39:5a:76:82:bd:ca:2d:49:
                    79:56:64:ec:7d:7d:6b:bd:4c:23:82:39:d5:da:09:
                    4d:e5:d4:2e:36:99:be:01:11:60:fd:35:3e:a3:77:
                    27:52:1b:cd:ea:ec:da:05:6f:42:46:7d:8e:a2:94:
                    5b:1c:16:4a:22:64:07:2b:b8:53:3d:d7:4b:a0:00:
                    8d:e9:17:57:64:81:e7:ce:52:78:da:ad:3e:a6:78:
                    1d:23:b5:62:90:04:e5:cf:33:9d:fb:58:9e:69:59:
                    ca:05:c0:31:e8:2c:fa:84:69:0f:58:82:95:7d:7c:
                    12:fd:fa:1c:48:7c:a1:e5:8a:ee:68:af:26:31:d8:
                    8c:aa:24:a0:0b:88:7a:5b:6b:59:71:81:9b:c6:2e:
                    24:ef:d3:27:35:e9:92:30:d0:4c:9a:d4:bb:34:6f:
                    29:ee:07:04:6d:1a:a6:cb:f6:ec:15:e6:53:f9:87:
                    5b:df:d9:aa:50:21:e5:bf:18:14:1a:26:1e:03:e9:
                    6f:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:2B:00:E0:E0:6B:6B:BB:18:31:E8:70:39:2D:F7:32:7B:23:9B:5B
            X509v3 Authority Key Identifier:
                keyid:5B:69:8C:4B:61:2A:FE:E2:CB:B1:CD:D5:09:E4:F0:24:6F:BB:80:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/iysA4OBra7sYMehwOS33Mnsjm1s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/c16f55-b44d-40c3-9dac-cc2fafe3a8b4/1/W2mMS2Eq_uLLsc3VCeTwJG-7gOE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.253.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:74:09:03:6c:04:dc:b4:29:fe:e6:f8:ad:91:26:db:28:e0:
         7c:df:1d:28:4f:00:4a:b2:9a:c3:a7:6b:09:09:0f:fe:9e:06:
         11:f7:ae:b5:6c:bf:2e:60:45:7d:1f:7a:e2:cb:b0:76:d7:79:
         3f:0b:0d:a6:2e:3a:7f:d8:8c:97:ec:4b:db:1e:10:9c:36:d7:
         fe:80:77:55:0f:32:cb:37:66:01:bc:0c:29:65:0c:0a:06:60:
         80:b6:e2:93:62:f0:bf:85:4a:10:2e:0f:5b:37:8c:07:30:76:
         2b:9a:f8:e8:1e:be:1c:df:01:92:85:72:61:73:5e:7a:4c:c9:
         00:91:02:df:8d:92:65:6d:b0:04:c8:e1:ac:1d:42:f8:3c:61:
         d5:fc:de:fc:fc:05:e8:6e:12:6a:86:0d:fd:3f:75:b7:87:c9:
         3f:72:f2:83:c0:f6:82:5f:3b:b9:94:1f:82:c4:f0:6a:51:44:
         e3:5d:3b:35:fd:55:9b:30:61:35:bd:0d:b4:f7:94:1a:5a:c5:
         32:ba:8e:51:ae:72:b5:aa:14:d3:1e:ee:de:f1:87:3d:dc:ac:
         a2:df:7e:b7:af:62:87:71:a5:0d:28:fc:12:d1:46:64:32:6d:
         18:62:e1:d6:c6:b9:07:55:cb:53:92:66:7a:ba:ec:7e:5f:94:
         a4:07:2f:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKiV6mDXaSXdkT+Jez+TBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNjk4YzRiNjEyYWZlZTJjYmIxY2RkNTA5ZTRmMDI0NmZi
YjgwZTEwHhcNMjQwMTAyMTIzMzI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjJiMDBlMGUwNmI2YmJiMTgzMWU4NzAzOTJkZjczMjdiMjM5YjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjV87ch7yoB77tk1/wee6J++2WZZi
0GSdqoupVet9Ej4JmdDZaTDbZkcvXZOoBrJp+YOIbuIB4zLE2zyT3VAgfc2hOVp2
gr3KLUl5VmTsfX1rvUwjgjnV2glN5dQuNpm+ARFg/TU+o3cnUhvN6uzaBW9CRn2O
opRbHBZKImQHK7hTPddLoACN6RdXZIHnzlJ42q0+pngdI7VikATlzzOd+1ieaVnK
BcAx6Cz6hGkPWIKVfXwS/focSHyh5YruaK8mMdiMqiSgC4h6W2tZcYGbxi4k79Mn
NemSMNBMmtS7NG8p7gcEbRqmy/bsFeZT+Ydb39mqUCHlvxgUGiYeA+lvgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIsrAODga2u7GDHocDkt9zJ7I5tbMB8GA1UdIwQY
MBaAFFtpjEthKv7iy7HN1Qnk8CRvu4DhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzJtTVMyRXFfdUxMc2MzVkNlVHdKRy03Z09FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9jMTZmNTUtYjQ0ZC00MGMzLTlkYWMt
Y2MyZmFmZTNhOGI0LzEvaXlzQTRPQnJhN3NZTWVod09TMzNNbnNqbTFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9jMTZmNTUtYjQ0ZC00MGMzLTlkYWMtY2MyZmFmZTNhOGI0
LzEvVzJtTVMyRXFfdUxMc2MzVkNlVHdKRy03Z09FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUP2dMA0G
CSqGSIb3DQEBCwUAA4IBAQBCdAkDbATctCn+5vitkSbbKOB83x0oTwBKsprDp2sJ
CQ/+ngYR9661bL8uYEV9H3riy7B213k/Cw2mLjp/2IyX7EvbHhCcNtf+gHdVDzLL
N2YBvAwpZQwKBmCAtuKTYvC/hUoQLg9bN4wHMHYrmvjoHr4c3wGShXJhc156TMkA
kQLfjZJlbbAEyOGsHUL4PGHV/N78/AXobhJqhg39P3W3h8k/cvKDwPaCXzu5lB+C
xPBqUUTjXTs1/VWbMGE1vQ2095QaWsUyuo5RrnK1qhTTHu7e8Yc93Kyi3363r2KH
caUNKPwS0UZkMm0YYuHWxrkHVctTkmZ6uux+X5SkBy8t
-----END CERTIFICATE-----