Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/ddf529-1536-44f0-9eda-4dad48a16e42/1/8v_yAoyMX3cuizfYTk7v-w34mHw.roa
File:                     8v_yAoyMX3cuizfYTk7v-w34mHw.roa (raw, json)
Hash identifier:          FrPhuj6HO7xxnF+onbwmJ86g7gxEkOYOaO74Ff0rCT4=
Subject key identifier:   F2:FF:F2:02:8C:8C:5F:77:2E:8B:37:D8:4E:4E:EF:FB:0D:F8:98:7C
Certificate issuer:       /CN=7015ed275005408d2a86a2303701744430eda34a
Certificate serial:       018CC727305BE61B947D8DA60EB7AD482E65
Authority key identifier: 70:15:ED:27:50:05:40:8D:2A:86:A2:30:37:01:74:44:30:ED:A3:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cBXtJ1AFQI0qhqIwNwF0RDDto0o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/ddf529-1536-44f0-9eda-4dad48a16e42/1/8v_yAoyMX3cuizfYTk7v-w34mHw.roa
Signing time:             Mon 01 Jan 2024 22:31:23 +0000
ROA not before:           Mon 01 Jan 2024 22:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     22683
IP address blocks:        149.59.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/ddf529-1536-44f0-9eda-4dad48a16e42/1/cBXtJ1AFQI0qhqIwNwF0RDDto0o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/ddf529-1536-44f0-9eda-4dad48a16e42/1/cBXtJ1AFQI0qhqIwNwF0RDDto0o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cBXtJ1AFQI0qhqIwNwF0RDDto0o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:30:5b:e6:1b:94:7d:8d:a6:0e:b7:ad:48:2e:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7015ed275005408d2a86a2303701744430eda34a
        Validity
            Not Before: Jan  1 22:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2fff2028c8c5f772e8b37d84e4eeffb0df8987c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:78:7d:05:2a:84:cc:51:6c:a6:93:22:ab:ed:
                    06:89:bd:43:3c:5c:99:c0:23:e0:03:c9:49:fc:1b:
                    f1:1c:da:df:91:dd:21:bc:17:97:d1:26:a8:a7:0a:
                    51:81:71:78:fb:08:b1:6d:ad:87:1d:c6:2f:0e:45:
                    48:da:0a:f4:f1:33:f7:4f:42:75:d9:c0:9c:3d:c4:
                    38:d1:a4:9b:2c:82:25:e9:96:c1:74:fa:e0:ca:4e:
                    0e:2c:14:7f:d2:ab:ee:34:d4:ec:63:6c:21:fb:d2:
                    4d:09:31:1e:8e:ee:e0:a2:73:e3:0c:2f:5d:7b:6f:
                    57:4e:b3:70:ac:b9:9c:92:58:f9:f8:9a:3b:d9:57:
                    b1:15:2e:e7:38:d2:75:96:5d:6a:7a:5d:14:7a:48:
                    2c:a3:66:ea:3a:c5:38:e8:06:0f:5f:d3:62:a9:15:
                    7c:c8:b9:23:c7:6b:45:37:71:62:82:db:15:9d:7a:
                    e3:d5:2e:85:77:fe:c5:c3:6a:da:2a:9d:48:02:e9:
                    a5:84:99:a1:a4:e3:ff:82:2f:da:29:4e:18:ec:46:
                    37:1a:a7:e7:98:97:e8:32:5d:a8:42:43:66:73:47:
                    96:a6:c8:a7:ca:35:f6:d1:1a:dd:db:50:da:5d:50:
                    e3:09:c8:e0:d9:8f:f5:99:84:13:f1:a7:17:92:28:
                    18:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:FF:F2:02:8C:8C:5F:77:2E:8B:37:D8:4E:4E:EF:FB:0D:F8:98:7C
            X509v3 Authority Key Identifier:
                keyid:70:15:ED:27:50:05:40:8D:2A:86:A2:30:37:01:74:44:30:ED:A3:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cBXtJ1AFQI0qhqIwNwF0RDDto0o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/ddf529-1536-44f0-9eda-4dad48a16e42/1/8v_yAoyMX3cuizfYTk7v-w34mHw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/ddf529-1536-44f0-9eda-4dad48a16e42/1/cBXtJ1AFQI0qhqIwNwF0RDDto0o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.59.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         46:78:e9:36:5f:dc:ad:63:80:b5:a1:d5:d8:d0:68:9b:73:f2:
         8a:8c:21:e9:ea:03:15:09:3c:99:70:5d:86:c8:bb:f2:d9:d7:
         26:28:8b:98:d6:ef:b4:ed:14:dc:1b:d7:0f:2d:21:57:c9:3a:
         b1:a6:28:b0:ac:32:b6:b4:f6:62:25:78:82:66:53:5a:04:42:
         c8:34:7e:66:8c:b2:89:7f:b1:de:e0:57:76:f3:37:7a:cd:50:
         28:c5:23:3e:27:e0:83:a2:ed:40:8d:49:cb:f2:5b:79:4c:f0:
         0c:67:6f:31:30:62:6e:39:24:0a:55:80:bb:5a:11:2b:d7:7f:
         fa:0c:bf:b2:07:00:3a:bd:20:f6:50:9d:3e:38:2a:26:b2:8e:
         48:e7:f3:91:6e:11:a4:9a:21:7d:d8:9b:32:fc:46:24:bb:1c:
         3d:f4:53:43:ac:ac:22:36:2f:f1:0d:0d:eb:83:9d:e8:12:a2:
         ab:5f:42:df:a8:a0:06:0a:4b:84:f6:b2:42:e7:59:fa:38:fb:
         d1:1c:e7:24:43:82:0b:6c:dd:5a:cf:cc:57:f0:a1:bc:c2:ab:
         ae:91:2f:87:01:14:39:37:71:58:a5:42:a3:85:27:37:3f:c4:
         57:e9:b4:f6:5f:b7:5f:59:04:82:07:64:04:14:c7:70:a8:0b:
         c5:5a:9e:df
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzHJzBb5huUfY2mDretSC5lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwMTVlZDI3NTAwNTQwOGQyYTg2YTIzMDM3MDE3NDQ0MzBl
ZGEzNGEwHhcNMjQwMTAxMjIzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmZmZjIwMjhjOGM1Zjc3MmU4YjM3ZDg0ZTRlZWZmYjBkZjg5ODdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHh9BSqEzFFsppMiq+0Gib1DPFyZ
wCPgA8lJ/BvxHNrfkd0hvBeX0SaopwpRgXF4+wixba2HHcYvDkVI2gr08TP3T0J1
2cCcPcQ40aSbLIIl6ZbBdPrgyk4OLBR/0qvuNNTsY2wh+9JNCTEeju7gonPjDC9d
e29XTrNwrLmcklj5+Jo72VexFS7nONJ1ll1qel0Uekgso2bqOsU46AYPX9NiqRV8
yLkjx2tFN3FigtsVnXrj1S6Fd/7Fw2raKp1IAumlhJmhpOP/gi/aKU4Y7EY3Gqfn
mJfoMl2oQkNmc0eWpsinyjX20Rrd21DaXVDjCcjg2Y/1mYQT8acXkigYvQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFPL/8gKMjF93Los32E5O7/sN+Jh8MB8GA1UdIwQY
MBaAFHAV7SdQBUCNKoaiMDcBdEQw7aNKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0JYdEoxQUZRSTBxaHFJd053RjBSRER0bzBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9kZGY1MjktMTUzNi00NGYwLTllZGEt
NGRhZDQ4YTE2ZTQyLzEvOHZfeUFveU1YM2N1aXpmWVRrN3YtdzM0bUh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9kZGY1MjktMTUzNi00NGYwLTllZGEtNGRhZDQ4YTE2ZTQy
LzEvY0JYdEoxQUZRSTBxaHFJd053RjBSRER0bzBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAlTswDQYJ
KoZIhvcNAQELBQADggEBAEZ46TZf3K1jgLWh1djQaJtz8oqMIenqAxUJPJlwXYbI
u/LZ1yYoi5jW77TtFNwb1w8tIVfJOrGmKLCsMra09mIleIJmU1oEQsg0fmaMsol/
sd7gV3bzN3rNUCjFIz4n4IOi7UCNScvyW3lM8AxnbzEwYm45JApVgLtaESvXf/oM
v7IHADq9IPZQnT44Kiayjkjn85FuEaSaIX3YmzL8RiS7HD30U0OsrCI2L/ENDeuD
negSoqtfQt+ooAYKS4T2skLnWfo4+9Ec5yRDggts3VrPzFfwobzCq66RL4cBFDk3
cVilQqOFJzc/xFfptPZft19ZBIIHZAQUx3CoC8Vant8=
-----END CERTIFICATE-----