Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/565f89-6208-471a-b69c-3e22198aeb52/1/C15kHgjlyIrpgW85gi8SHvrGSY8.roa
File:                     C15kHgjlyIrpgW85gi8SHvrGSY8.roa (raw, json)
Hash identifier:          8rNgFy+jpJw6X1scH5BCKnwT/oiXquusOk6q7GuVkOk=
Subject key identifier:   0B:5E:64:1E:08:E5:C8:8A:E9:81:6F:39:82:2F:12:1E:FA:C6:49:8F
Certificate issuer:       /CN=f3672df0e46988bbeed9be5410da12a3f170d691
Certificate serial:       018CC4246E23155C487064D9EFB5DDAAA7FB
Authority key identifier: F3:67:2D:F0:E4:69:88:BB:EE:D9:BE:54:10:DA:12:A3:F1:70:D6:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/82ct8ORpiLvu2b5UENoSo_Fw1pE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/565f89-6208-471a-b69c-3e22198aeb52/1/C15kHgjlyIrpgW85gi8SHvrGSY8.roa
Signing time:             Mon 01 Jan 2024 08:29:30 +0000
ROA not before:           Mon 01 Jan 2024 08:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21275
IP address blocks:        195.24.228.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/565f89-6208-471a-b69c-3e22198aeb52/1/82ct8ORpiLvu2b5UENoSo_Fw1pE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/565f89-6208-471a-b69c-3e22198aeb52/1/82ct8ORpiLvu2b5UENoSo_Fw1pE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/82ct8ORpiLvu2b5UENoSo_Fw1pE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 07:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:6e:23:15:5c:48:70:64:d9:ef:b5:dd:aa:a7:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3672df0e46988bbeed9be5410da12a3f170d691
        Validity
            Not Before: Jan  1 08:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b5e641e08e5c88ae9816f39822f121efac6498f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:00:6c:63:b4:52:fe:74:45:ed:3f:16:dc:c4:
                    b7:ac:38:da:24:a7:ac:83:9a:6d:1b:b8:e3:c6:7f:
                    cc:44:a9:db:d5:85:de:e8:3d:59:58:24:20:86:ee:
                    e9:00:5d:f2:38:70:ce:2b:73:76:12:4f:a9:32:3f:
                    33:e2:79:61:67:22:90:d4:1b:48:82:13:60:d6:3f:
                    0f:77:3b:6e:60:8c:5b:ba:cd:04:71:35:42:10:08:
                    e0:a8:d8:f7:db:94:01:31:18:79:63:d8:a2:5f:be:
                    56:36:e4:c1:1b:d8:10:d8:67:b2:6f:39:39:00:4b:
                    72:6a:9b:9d:7a:0b:2c:99:b9:de:76:6f:10:70:79:
                    ec:82:bd:a0:65:eb:86:b1:68:dc:80:7c:59:fb:f1:
                    fd:9f:02:72:c4:12:c4:4f:31:b2:70:3e:c5:d7:e7:
                    55:f7:b3:7d:41:0b:39:0b:24:6c:d5:ae:bc:0e:65:
                    21:60:02:9e:29:ba:7a:92:6f:2c:ec:84:3a:2c:86:
                    f3:ad:1a:3e:b2:a0:84:31:7e:99:48:0d:f1:04:bd:
                    65:77:35:23:1f:4c:4b:44:aa:de:e5:3a:8c:e2:08:
                    a0:05:03:b5:2f:72:30:5f:08:2f:73:8f:a4:7d:22:
                    3e:5a:40:8b:ee:72:93:e1:77:06:b7:b2:44:a7:94:
                    3f:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:5E:64:1E:08:E5:C8:8A:E9:81:6F:39:82:2F:12:1E:FA:C6:49:8F
            X509v3 Authority Key Identifier:
                keyid:F3:67:2D:F0:E4:69:88:BB:EE:D9:BE:54:10:DA:12:A3:F1:70:D6:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/82ct8ORpiLvu2b5UENoSo_Fw1pE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/565f89-6208-471a-b69c-3e22198aeb52/1/C15kHgjlyIrpgW85gi8SHvrGSY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/565f89-6208-471a-b69c-3e22198aeb52/1/82ct8ORpiLvu2b5UENoSo_Fw1pE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.24.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         71:d8:53:1d:d0:77:f2:dc:46:43:6b:39:56:52:f5:4e:0e:1f:
         51:fc:70:98:37:72:3d:d0:20:3e:38:a8:2d:c0:1b:40:6a:f5:
         81:71:7a:8c:00:d1:5a:67:a8:bc:fe:cc:d1:e6:2b:69:e6:1a:
         18:fc:b6:bd:0e:5b:c8:fe:dc:c2:c3:99:0b:25:22:ed:6f:36:
         0e:be:af:13:e4:df:4a:1a:c1:ec:02:04:31:f5:6f:7d:71:33:
         30:c4:50:7b:2e:15:8b:63:8a:44:d6:1f:a3:1d:d7:f8:4c:ff:
         62:81:46:a1:29:60:8a:53:cc:14:17:18:e6:60:e6:dd:90:25:
         10:f5:b5:e8:2d:03:2d:3b:25:07:8e:8a:07:31:db:79:52:e2:
         9e:0a:5e:6d:dd:f5:8b:c2:79:1a:0f:fa:e5:fc:6f:9e:c7:3c:
         54:fb:e4:d5:9b:ce:57:b9:18:4d:25:d7:b1:fd:df:81:91:86:
         e5:8d:b3:03:ec:90:fc:ca:cc:79:55:0d:e2:01:27:c8:44:94:
         53:40:e6:8f:24:b9:99:3a:c4:4b:70:be:7b:5a:be:89:1a:9e:
         26:d8:95:35:d4:0b:a8:92:5b:fe:86:6e:18:fe:6e:cf:4e:29:
         e8:01:7b:59:5b:10:2e:84:22:96:1f:1d:eb:d4:c0:ca:d9:cf:
         56:d9:59:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJG4jFVxIcGTZ77Xdqqf7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzNjcyZGYwZTQ2OTg4YmJlZWQ5YmU1NDEwZGExMmEzZjE3
MGQ2OTEwHhcNMjQwMTAxMDgyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjVlNjQxZTA4ZTVjODhhZTk4MTZmMzk4MjJmMTIxZWZhYzY0OThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjQBsY7RS/nRF7T8W3MS3rDjaJKes
g5ptG7jjxn/MRKnb1YXe6D1ZWCQghu7pAF3yOHDOK3N2Ek+pMj8z4nlhZyKQ1BtI
ghNg1j8PdztuYIxbus0EcTVCEAjgqNj325QBMRh5Y9iiX75WNuTBG9gQ2Geybzk5
AEtyapudegssmbnedm8QcHnsgr2gZeuGsWjcgHxZ+/H9nwJyxBLETzGycD7F1+dV
97N9QQs5CyRs1a68DmUhYAKeKbp6km8s7IQ6LIbzrRo+sqCEMX6ZSA3xBL1ldzUj
H0xLRKre5TqM4gigBQO1L3IwXwgvc4+kfSI+WkCL7nKT4XcGt7JEp5Q/xQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAteZB4I5ciK6YFvOYIvEh76xkmPMB8GA1UdIwQY
MBaAFPNnLfDkaYi77tm+VBDaEqPxcNaRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODJjdDhPUnBpTHZ1MmI1VUVOb1NvX0Z3MXBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC81NjVmODktNjIwOC00NzFhLWI2OWMt
M2UyMjE5OGFlYjUyLzEvQzE1a0hnamx5SXJwZ1c4NWdpOFNIdnJHU1k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC81NjVmODktNjIwOC00NzFhLWI2OWMtM2UyMjE5OGFlYjUy
LzEvODJjdDhPUnBpTHZ1MmI1VUVOb1NvX0Z3MXBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwxjkMA0G
CSqGSIb3DQEBCwUAA4IBAQBx2FMd0Hfy3EZDazlWUvVODh9R/HCYN3I90CA+OKgt
wBtAavWBcXqMANFaZ6i8/szR5itp5hoY/La9DlvI/tzCw5kLJSLtbzYOvq8T5N9K
GsHsAgQx9W99cTMwxFB7LhWLY4pE1h+jHdf4TP9igUahKWCKU8wUFxjmYObdkCUQ
9bXoLQMtOyUHjooHMdt5UuKeCl5t3fWLwnkaD/rl/G+exzxU++TVm85XuRhNJdex
/d+BkYbljbMD7JD8ysx5VQ3iASfIRJRTQOaPJLmZOsRLcL57Wr6JGp4m2JU11Auo
klv+hm4Y/m7PTinoAXtZWxAuhCKWHx3r1MDK2c9W2Vks
-----END CERTIFICATE-----