Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/53f652-01b1-42f2-85e9-4dcb23fdb06a/1/nO87UM6XQyW8FbdAMS6qdYCedjc.roa
File:                     nO87UM6XQyW8FbdAMS6qdYCedjc.roa (raw, json)
Hash identifier:          Z5c2Nn/AP59h4CubpozQndrkIb7d+GCr0FqteK/fggs=
Subject key identifier:   9C:EF:3B:50:CE:97:43:25:BC:15:B7:40:31:2E:AA:75:80:9E:76:37
Certificate issuer:       /CN=7a91b34153da0d5d121cff43259fcd9e3dbfc7d4
Certificate serial:       018CC6B8726E27D1A368F2FD042F0160A5FD
Authority key identifier: 7A:91:B3:41:53:DA:0D:5D:12:1C:FF:43:25:9F:CD:9E:3D:BF:C7:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/epGzQVPaDV0SHP9DJZ_Nnj2_x9Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/53f652-01b1-42f2-85e9-4dcb23fdb06a/1/nO87UM6XQyW8FbdAMS6qdYCedjc.roa
Signing time:             Mon 01 Jan 2024 20:30:25 +0000
ROA not before:           Mon 01 Jan 2024 20:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1299
IP address blocks:        185.154.150.0/23 maxlen: 23
                          2a14:3b00:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/53f652-01b1-42f2-85e9-4dcb23fdb06a/1/epGzQVPaDV0SHP9DJZ_Nnj2_x9Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/53f652-01b1-42f2-85e9-4dcb23fdb06a/1/epGzQVPaDV0SHP9DJZ_Nnj2_x9Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/epGzQVPaDV0SHP9DJZ_Nnj2_x9Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 11:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:72:6e:27:d1:a3:68:f2:fd:04:2f:01:60:a5:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a91b34153da0d5d121cff43259fcd9e3dbfc7d4
        Validity
            Not Before: Jan  1 20:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9cef3b50ce974325bc15b740312eaa75809e7637
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:89:56:1f:3a:89:6d:7e:b1:ca:26:a0:f1:69:
                    80:82:d0:fe:46:8b:9e:fb:02:cc:8d:c3:73:b2:2e:
                    6e:fd:b3:d3:46:bf:f7:c7:d7:4c:06:fd:25:6d:09:
                    db:0b:e8:96:cb:64:44:fb:fe:0d:6d:88:33:77:d3:
                    78:82:08:37:f0:fe:5e:2b:71:06:43:24:8c:b9:24:
                    5c:49:e8:b6:45:60:d4:66:66:2f:97:cd:66:0e:b5:
                    bd:59:ce:a0:b3:f0:3d:24:73:53:14:5f:55:a5:45:
                    92:f1:ef:06:de:b6:b3:95:8e:45:01:b7:ba:a5:db:
                    25:e7:15:0e:37:48:dc:c0:50:96:d8:95:10:a5:bd:
                    7d:e0:a5:ef:bc:bd:bd:57:8a:e3:f0:eb:e3:73:04:
                    c2:47:ea:ef:24:3f:c5:28:f7:68:02:0f:ab:cc:c9:
                    0d:09:f1:b9:ee:fa:6d:5b:73:e9:5f:9b:d1:21:b4:
                    58:49:ca:13:a2:7e:15:02:bb:60:6b:7f:24:7b:80:
                    de:c4:36:bc:30:03:cf:62:59:cc:95:15:16:4f:f6:
                    91:d5:cb:fb:b2:ff:b0:25:ca:f7:23:09:02:aa:cf:
                    82:1a:13:dc:37:9e:29:ae:ee:83:7a:5f:cd:e4:2b:
                    ff:a6:cc:81:c9:92:57:d5:1e:58:68:18:b0:9b:58:
                    7a:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:EF:3B:50:CE:97:43:25:BC:15:B7:40:31:2E:AA:75:80:9E:76:37
            X509v3 Authority Key Identifier:
                keyid:7A:91:B3:41:53:DA:0D:5D:12:1C:FF:43:25:9F:CD:9E:3D:BF:C7:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/epGzQVPaDV0SHP9DJZ_Nnj2_x9Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/53f652-01b1-42f2-85e9-4dcb23fdb06a/1/nO87UM6XQyW8FbdAMS6qdYCedjc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/53f652-01b1-42f2-85e9-4dcb23fdb06a/1/epGzQVPaDV0SHP9DJZ_Nnj2_x9Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.154.150.0/23
                IPv6:
                  2a14:3b00:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         5e:09:d2:50:f7:56:71:ae:40:d5:7f:d5:0e:ed:34:c4:0f:ef:
         3f:13:5f:55:1f:48:0d:95:70:52:b8:19:81:84:d1:0e:b0:57:
         53:c8:74:cf:1e:99:0b:51:f7:9d:f3:28:f6:f9:cd:e7:4a:74:
         63:81:d8:80:76:44:42:ce:49:87:78:c9:32:d9:4f:29:94:73:
         8a:f7:b9:7a:b2:45:bd:4f:0d:55:82:84:ec:cc:fa:69:56:46:
         f6:08:6d:9a:9b:66:f7:b2:c2:d7:ab:35:2b:88:f1:90:44:f6:
         f3:b4:ca:e5:12:3e:5f:f6:19:73:ea:a4:93:82:2b:9e:fe:ce:
         ca:ae:31:48:89:cb:ad:bb:45:50:87:77:e6:d0:56:2b:cd:a8:
         98:c6:72:15:bf:2b:ff:cc:00:e7:04:60:59:a8:fa:fa:a5:92:
         9f:eb:3a:f6:90:92:2e:94:54:b3:7f:bb:77:3f:2f:51:71:40:
         6a:a9:bd:cf:b3:16:07:0b:5e:87:ad:ae:a9:e3:f4:9d:17:25:
         5c:19:9c:89:18:61:48:8e:94:0f:a2:04:c8:b7:3a:72:a6:e4:
         0b:b0:ad:fd:31:54:c8:a6:b1:1a:5f:ea:9e:a3:f5:c8:fa:58:
         6e:45:43:09:9f:1b:25:e5:4b:1a:2a:d6:82:fb:ff:9f:a6:64:
         32:5d:eb:31
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGuHJuJ9GjaPL9BC8BYKX9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhOTFiMzQxNTNkYTBkNWQxMjFjZmY0MzI1OWZjZDllM2Ri
ZmM3ZDQwHhcNMjQwMTAxMjAzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2VmM2I1MGNlOTc0MzI1YmMxNWI3NDAzMTJlYWE3NTgwOWU3NjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmolWHzqJbX6xyiag8WmAgtD+Roue
+wLMjcNzsi5u/bPTRr/3x9dMBv0lbQnbC+iWy2RE+/4NbYgzd9N4ggg38P5eK3EG
QySMuSRcSei2RWDUZmYvl81mDrW9Wc6gs/A9JHNTFF9VpUWS8e8G3razlY5FAbe6
pdsl5xUON0jcwFCW2JUQpb194KXvvL29V4rj8OvjcwTCR+rvJD/FKPdoAg+rzMkN
CfG57vptW3PpX5vRIbRYScoTon4VArtga38ke4DexDa8MAPPYlnMlRUWT/aR1cv7
sv+wJcr3IwkCqs+CGhPcN54pru6Del/N5Cv/psyByZJX1R5YaBiwm1h61wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJzvO1DOl0MlvBW3QDEuqnWAnnY3MB8GA1UdIwQY
MBaAFHqRs0FT2g1dEhz/QyWfzZ49v8fUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXBHelFWUGFEVjBTSFA5REpaX05uajJfeDlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC81M2Y2NTItMDFiMS00MmYyLTg1ZTkt
NGRjYjIzZmRiMDZhLzEvbk84N1VNNlhReVc4RmJkQU1TNnFkWUNlZGpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC81M2Y2NTItMDFiMS00MmYyLTg1ZTktNGRjYjIzZmRiMDZh
LzEvZXBHelFWUGFEVjBTSFA5REpaX05uajJfeDlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBuZqWMA8E
AgACMAkDBwAqFDsAAAEwDQYJKoZIhvcNAQELBQADggEBAF4J0lD3VnGuQNV/1Q7t
NMQP7z8TX1UfSA2VcFK4GYGE0Q6wV1PIdM8emQtR953zKPb5zedKdGOB2IB2RELO
SYd4yTLZTymUc4r3uXqyRb1PDVWChOzM+mlWRvYIbZqbZveywterNSuI8ZBE9vO0
yuUSPl/2GXPqpJOCK57+zsquMUiJy627RVCHd+bQVivNqJjGchW/K//MAOcEYFmo
+vqlkp/rOvaQki6UVLN/u3c/L1FxQGqpvc+zFgcLXoetrqnj9J0XJVwZnIkYYUiO
lA+iBMi3OnKm5Auwrf0xVMimsRpf6p6j9cj6WG5FQwmfGyXlSxoq1oL7/5+mZDJd
6zE=
-----END CERTIFICATE-----