Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/68500d-a781-4739-b26c-0cc5168ea15a/1/1ohC5SImO6uA6qXlh4fSsvjaoWw.roa
File:                     1ohC5SImO6uA6qXlh4fSsvjaoWw.roa (raw, json)
Hash identifier:          Yb5e20vz0C/vVixtxyWPNd0Jz+e+uTnxB8RA6FMOT3o=
Subject key identifier:   D6:88:42:E5:22:26:3B:AB:80:EA:A5:E5:87:87:D2:B2:F8:DA:A1:6C
Certificate issuer:       /CN=dd75fc8c45d36101008837119cbfa84aee19e29a
Certificate serial:       018D893DA7BE630BFAD1ED82C33AB1E347C4
Authority key identifier: DD:75:FC:8C:45:D3:61:01:00:88:37:11:9C:BF:A8:4A:EE:19:E2:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3XX8jEXTYQEAiDcRnL-oSu4Z4po.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/68500d-a781-4739-b26c-0cc5168ea15a/1/1ohC5SImO6uA6qXlh4fSsvjaoWw.roa
Signing time:             Thu 08 Feb 2024 15:02:15 +0000
ROA not before:           Thu 08 Feb 2024 15:02:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206509
IP address blocks:        159.15.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/68500d-a781-4739-b26c-0cc5168ea15a/1/3XX8jEXTYQEAiDcRnL-oSu4Z4po.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/68500d-a781-4739-b26c-0cc5168ea15a/1/3XX8jEXTYQEAiDcRnL-oSu4Z4po.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3XX8jEXTYQEAiDcRnL-oSu4Z4po.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:89:3d:a7:be:63:0b:fa:d1:ed:82:c3:3a:b1:e3:47:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd75fc8c45d36101008837119cbfa84aee19e29a
        Validity
            Not Before: Feb  8 15:02:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d68842e522263bab80eaa5e58787d2b2f8daa16c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:eb:df:ca:31:6b:4f:a6:03:36:75:b7:ef:fb:
                    c7:c0:b7:c1:5e:22:8e:1c:3f:00:5c:6c:d7:7b:41:
                    09:f8:23:a4:32:d5:a5:cc:3a:8b:05:99:d9:b8:22:
                    1b:ee:9d:84:21:42:10:fd:8d:28:bf:29:73:07:1d:
                    04:7a:09:f3:10:3a:ac:cc:d7:5d:c2:a3:55:6a:ec:
                    40:75:9c:91:31:73:f7:93:81:95:0f:7f:2c:be:57:
                    a2:60:f3:13:ca:7d:4d:8a:fe:39:75:52:57:6a:a1:
                    5a:02:4f:6c:2b:fe:8e:23:94:49:11:11:4c:15:2f:
                    b8:ad:88:91:6c:78:1d:3d:45:6e:d7:a8:a9:c7:30:
                    fc:02:08:f2:6e:dc:8d:3a:7f:e6:ea:1a:0f:5c:45:
                    18:d0:cf:49:88:15:b7:d8:4e:4f:dd:27:cc:6d:74:
                    fc:fb:f4:e3:c7:0d:aa:0b:67:c8:5c:3a:e3:57:13:
                    ab:bc:da:b7:4d:7b:47:60:28:9c:1b:7a:c4:8d:a5:
                    06:8e:79:f5:8e:01:17:1f:6b:21:74:91:6c:fd:be:
                    66:a1:69:32:14:28:43:36:9a:bc:67:4c:4e:d4:75:
                    ac:db:3a:f9:b5:79:c8:e7:49:e2:d2:ac:18:ce:ff:
                    da:79:12:88:c0:2e:5c:1e:f5:05:88:a2:f3:0b:eb:
                    ef:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:88:42:E5:22:26:3B:AB:80:EA:A5:E5:87:87:D2:B2:F8:DA:A1:6C
            X509v3 Authority Key Identifier:
                keyid:DD:75:FC:8C:45:D3:61:01:00:88:37:11:9C:BF:A8:4A:EE:19:E2:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3XX8jEXTYQEAiDcRnL-oSu4Z4po.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/68500d-a781-4739-b26c-0cc5168ea15a/1/1ohC5SImO6uA6qXlh4fSsvjaoWw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/68500d-a781-4739-b26c-0cc5168ea15a/1/3XX8jEXTYQEAiDcRnL-oSu4Z4po.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.15.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         52:5c:ef:bb:72:39:01:db:39:24:fb:7a:da:96:ac:57:ca:b3:
         46:13:d7:76:21:9b:33:21:80:22:9e:27:86:b0:f0:fb:fa:cf:
         2f:f5:96:d7:74:4c:3a:d0:37:b7:d2:63:98:f8:75:2d:e5:05:
         56:4d:04:f2:32:78:45:df:70:ae:b3:d1:1f:2d:de:d1:cc:e5:
         92:74:08:9f:fe:cd:4b:f5:52:fd:84:52:cb:03:50:4f:a2:b0:
         35:14:3e:d2:ef:02:e4:bf:1b:b6:82:67:a4:ea:c0:65:a6:b9:
         35:c0:83:e1:1d:de:1a:aa:63:f0:fd:66:d5:fb:49:4e:d0:ff:
         8e:46:cf:b9:eb:d9:66:13:8a:ca:db:3b:db:f9:8d:7e:63:33:
         cf:e6:c3:f3:ef:d2:ae:c2:bc:b6:ec:52:7f:d4:9a:fb:36:44:
         81:ab:db:a4:f3:96:14:f0:18:99:87:dc:13:09:5e:5a:b9:a0:
         64:f5:73:09:bf:f2:18:07:5f:8b:df:7c:9d:b7:9b:65:57:3f:
         7e:6c:4b:4b:49:5f:bf:6d:d1:19:c1:d8:88:ec:52:29:ac:df:
         2e:82:d1:5d:b3:8f:3a:f1:af:7c:0e:be:64:64:c0:99:85:94:
         1c:33:37:af:f0:ec:d3:33:71:f3:8f:7f:19:07:38:1b:19:af:
         c2:fa:2e:cb
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAY2JPae+Ywv60e2Cwzqx40fEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNzVmYzhjNDVkMzYxMDEwMDg4MzcxMTljYmZhODRhZWUx
OWUyOWEwHhcNMjQwMjA4MTUwMjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjg4NDJlNTIyMjYzYmFiODBlYWE1ZTU4Nzg3ZDJiMmY4ZGFhMTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1uvfyjFrT6YDNnW37/vHwLfBXiKO
HD8AXGzXe0EJ+COkMtWlzDqLBZnZuCIb7p2EIUIQ/Y0ovylzBx0EegnzEDqszNdd
wqNVauxAdZyRMXP3k4GVD38svleiYPMTyn1Niv45dVJXaqFaAk9sK/6OI5RJERFM
FS+4rYiRbHgdPUVu16ipxzD8AgjybtyNOn/m6hoPXEUY0M9JiBW32E5P3SfMbXT8
+/Tjxw2qC2fIXDrjVxOrvNq3TXtHYCicG3rEjaUGjnn1jgEXH2shdJFs/b5moWky
FChDNpq8Z0xO1HWs2zr5tXnI50ni0qwYzv/aeRKIwC5cHvUFiKLzC+vvqQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFNaIQuUiJjurgOql5YeH0rL42qFsMB8GA1UdIwQY
MBaAFN11/IxF02EBAIg3EZy/qEruGeKaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1hYOGpFWFRZUUVBaURjUm5MLW9TdTRaNHBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC82ODUwMGQtYTc4MS00NzM5LWIyNmMt
MGNjNTE2OGVhMTVhLzEvMW9oQzVTSW1PNnVBNnFYbGg0ZlNzdmphb1d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC82ODUwMGQtYTc4MS00NzM5LWIyNmMtMGNjNTE2OGVhMTVh
LzEvM1hYOGpFWFRZUUVBaURjUm5MLW9TdTRaNHBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAnw8wDQYJ
KoZIhvcNAQELBQADggEBAFJc77tyOQHbOST7etqWrFfKs0YT13YhmzMhgCKeJ4aw
8Pv6zy/1ltd0TDrQN7fSY5j4dS3lBVZNBPIyeEXfcK6z0R8t3tHM5ZJ0CJ/+zUv1
Uv2EUssDUE+isDUUPtLvAuS/G7aCZ6TqwGWmuTXAg+Ed3hqqY/D9ZtX7SU7Q/45G
z7nr2WYTisrbO9v5jX5jM8/mw/Pv0q7CvLbsUn/Umvs2RIGr26TzlhTwGJmH3BMJ
Xlq5oGT1cwm/8hgHX4vffJ23m2VXP35sS0tJX79t0RnB2IjsUims3y6C0V2zjzrx
r3wOvmRkwJmFlBwzN6/w7NMzcfOPfxkHOBsZr8L6Lss=
-----END CERTIFICATE-----