Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/f3fb24-9a20-449e-af62-28f52052c1dd/1/0uiKaKzGrJZPirn81Dd7au3qV8w.roa
File:                     0uiKaKzGrJZPirn81Dd7au3qV8w.roa (raw, json)
Hash identifier:          2ot+RiXkeq65m0IFDZ72u9tDUMNNnugaWGFd28lUslU=
Subject key identifier:   D2:E8:8A:68:AC:C6:AC:96:4F:8A:B9:FC:D4:37:7B:6A:ED:EA:57:CC
Certificate issuer:       /CN=150183623fc16dc74cb775462c36d31016a40ac1
Certificate serial:       018CC5DC0E82EE7058FDD5A6D0EA52243312
Authority key identifier: 15:01:83:62:3F:C1:6D:C7:4C:B7:75:46:2C:36:D3:10:16:A4:0A:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FQGDYj_BbcdMt3VGLDbTEBakCsE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/f3fb24-9a20-449e-af62-28f52052c1dd/1/0uiKaKzGrJZPirn81Dd7au3qV8w.roa
Signing time:             Mon 01 Jan 2024 16:29:42 +0000
ROA not before:           Mon 01 Jan 2024 16:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49832
IP address blocks:        185.16.24.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/f3fb24-9a20-449e-af62-28f52052c1dd/1/FQGDYj_BbcdMt3VGLDbTEBakCsE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/f3fb24-9a20-449e-af62-28f52052c1dd/1/FQGDYj_BbcdMt3VGLDbTEBakCsE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FQGDYj_BbcdMt3VGLDbTEBakCsE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:0e:82:ee:70:58:fd:d5:a6:d0:ea:52:24:33:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=150183623fc16dc74cb775462c36d31016a40ac1
        Validity
            Not Before: Jan  1 16:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2e88a68acc6ac964f8ab9fcd4377b6aedea57cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:a9:91:99:4f:94:f4:7c:e3:b1:48:dd:0f:64:
                    10:c3:ed:c8:ee:16:be:63:e1:b6:38:83:e4:9b:6a:
                    9e:fe:d3:b6:21:ea:0d:36:61:cc:b9:5b:0d:6a:4d:
                    da:43:a7:40:06:2e:b4:2b:b7:00:c9:d1:88:cd:52:
                    40:4a:81:51:9b:d5:8c:86:ea:3f:a0:33:de:db:6f:
                    c4:95:e5:c6:9a:15:6b:e9:34:12:1e:54:d0:c3:44:
                    13:3c:77:1e:93:ea:17:06:2c:62:4a:e4:0f:50:4e:
                    9b:c6:53:4f:4f:a9:90:03:31:81:ff:24:7a:65:f0:
                    86:0a:24:57:33:ef:53:f7:d3:8c:95:32:cb:f9:d5:
                    dd:a3:cd:1b:86:63:46:8b:15:b4:0b:25:e3:94:f3:
                    b8:0f:a8:bd:c5:07:d3:dc:1f:95:d0:ab:32:f7:70:
                    7d:f7:7d:74:96:e2:6a:1b:a2:b6:2d:20:4f:90:9f:
                    cb:10:92:90:de:d2:27:7e:30:b5:03:ca:7e:da:00:
                    6b:26:2c:a2:2b:6f:8f:8c:64:ea:e1:9d:04:f1:28:
                    07:7a:f4:71:0a:e0:ee:5b:96:45:06:d2:9e:8a:34:
                    fb:f2:ed:d4:23:a8:6b:d9:90:2f:1b:c2:6a:b7:da:
                    ef:98:7e:ef:6d:f7:87:53:fb:51:af:e9:6c:cc:f6:
                    59:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:E8:8A:68:AC:C6:AC:96:4F:8A:B9:FC:D4:37:7B:6A:ED:EA:57:CC
            X509v3 Authority Key Identifier:
                keyid:15:01:83:62:3F:C1:6D:C7:4C:B7:75:46:2C:36:D3:10:16:A4:0A:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FQGDYj_BbcdMt3VGLDbTEBakCsE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/f3fb24-9a20-449e-af62-28f52052c1dd/1/0uiKaKzGrJZPirn81Dd7au3qV8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/f3fb24-9a20-449e-af62-28f52052c1dd/1/FQGDYj_BbcdMt3VGLDbTEBakCsE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.16.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:87:31:04:8e:f6:c5:0c:b5:8d:cf:d8:90:08:7e:2e:ca:62:
         82:0d:00:89:6f:ef:11:03:8f:e5:ed:dd:80:97:84:5d:cd:10:
         00:75:f0:41:a4:39:78:39:32:0a:57:af:ee:67:f1:0e:1f:56:
         e8:60:99:f0:52:57:26:9a:24:fa:56:0e:6c:47:78:2e:73:ab:
         cc:7e:3c:2a:82:a8:d0:0a:13:d1:18:e4:90:59:11:b6:ff:ad:
         5a:5a:41:58:1f:eb:f1:0d:5b:56:8e:43:07:ad:7d:ed:9e:a1:
         1e:cb:d8:f7:7a:f9:08:d7:bb:70:8d:1d:7e:91:b9:36:db:df:
         d9:65:05:7c:c2:20:1d:76:a8:b8:f2:d0:5d:6f:5c:47:1b:b7:
         9a:3f:06:5f:15:77:fa:36:4c:c8:b3:51:3d:a1:93:83:59:9c:
         51:b3:a5:f2:95:ee:21:e7:10:dd:a4:ea:36:34:bb:08:7f:14:
         bb:11:74:4a:30:88:f7:09:aa:d6:47:44:f6:3a:af:58:f1:6f:
         84:1b:3e:64:14:4b:11:5e:3e:37:02:c5:2c:90:c8:06:1f:14:
         2e:70:5c:e4:e9:15:e8:4f:80:3c:7b:04:eb:4e:7d:20:60:04:
         67:f4:61:21:29:1e:38:5c:4e:72:01:76:b6:a6:0e:a7:60:c9:
         44:f5:78:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3A6C7nBY/dWm0OpSJDMSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1MDE4MzYyM2ZjMTZkYzc0Y2I3NzU0NjJjMzZkMzEwMTZh
NDBhYzEwHhcNMjQwMTAxMTYyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmU4OGE2OGFjYzZhYzk2NGY4YWI5ZmNkNDM3N2I2YWVkZWE1N2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi6mRmU+U9HzjsUjdD2QQw+3I7ha+
Y+G2OIPkm2qe/tO2IeoNNmHMuVsNak3aQ6dABi60K7cAydGIzVJASoFRm9WMhuo/
oDPe22/EleXGmhVr6TQSHlTQw0QTPHcek+oXBixiSuQPUE6bxlNPT6mQAzGB/yR6
ZfCGCiRXM+9T99OMlTLL+dXdo80bhmNGixW0CyXjlPO4D6i9xQfT3B+V0Ksy93B9
9310luJqG6K2LSBPkJ/LEJKQ3tInfjC1A8p+2gBrJiyiK2+PjGTq4Z0E8SgHevRx
CuDuW5ZFBtKeijT78u3UI6hr2ZAvG8Jqt9rvmH7vbfeHU/tRr+lszPZZIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNLoimisxqyWT4q5/NQ3e2rt6lfMMB8GA1UdIwQY
MBaAFBUBg2I/wW3HTLd1Riw20xAWpArBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlFHRFlqX0JiY2RNdDNWR0xEYlRFQmFrQ3NFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9mM2ZiMjQtOWEyMC00NDllLWFmNjIt
MjhmNTIwNTJjMWRkLzEvMHVpS2FLekdySlpQaXJuODFEZDdhdTNxVjh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9mM2ZiMjQtOWEyMC00NDllLWFmNjItMjhmNTIwNTJjMWRk
LzEvRlFHRFlqX0JiY2RNdDNWR0xEYlRFQmFrQ3NFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRAYMA0G
CSqGSIb3DQEBCwUAA4IBAQBFhzEEjvbFDLWNz9iQCH4uymKCDQCJb+8RA4/l7d2A
l4RdzRAAdfBBpDl4OTIKV6/uZ/EOH1boYJnwUlcmmiT6Vg5sR3guc6vMfjwqgqjQ
ChPRGOSQWRG2/61aWkFYH+vxDVtWjkMHrX3tnqEey9j3evkI17twjR1+kbk229/Z
ZQV8wiAddqi48tBdb1xHG7eaPwZfFXf6NkzIs1E9oZODWZxRs6Xyle4h5xDdpOo2
NLsIfxS7EXRKMIj3CarWR0T2Oq9Y8W+EGz5kFEsRXj43AsUskMgGHxQucFzk6RXo
T4A8ewTrTn0gYARn9GEhKR44XE5yAXa2pg6nYMlE9Xht
-----END CERTIFICATE-----