Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/68500d-a781-4739-b26c-0cc5168ea15a/1/cBKVs6q0cxYCdeIY5DzEzBhM_3s.roa
File:                     cBKVs6q0cxYCdeIY5DzEzBhM_3s.roa (raw, json)
Hash identifier:          DJBsYfnemPKjQutyRco9f0EsmcmnBCB/iyPUDzRITXM=
Subject key identifier:   70:12:95:B3:AA:B4:73:16:02:75:E2:18:E4:3C:C4:CC:18:4C:FF:7B
Certificate issuer:       /CN=dd75fc8c45d36101008837119cbfa84aee19e29a
Certificate serial:       018D893DA72541825477D8FF3417EAE67CF3
Authority key identifier: DD:75:FC:8C:45:D3:61:01:00:88:37:11:9C:BF:A8:4A:EE:19:E2:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3XX8jEXTYQEAiDcRnL-oSu4Z4po.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/68500d-a781-4739-b26c-0cc5168ea15a/1/cBKVs6q0cxYCdeIY5DzEzBhM_3s.roa
Signing time:             Thu 08 Feb 2024 15:02:15 +0000
ROA not before:           Thu 08 Feb 2024 15:02:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8851
IP address blocks:        159.15.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/68500d-a781-4739-b26c-0cc5168ea15a/1/3XX8jEXTYQEAiDcRnL-oSu4Z4po.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/68500d-a781-4739-b26c-0cc5168ea15a/1/3XX8jEXTYQEAiDcRnL-oSu4Z4po.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3XX8jEXTYQEAiDcRnL-oSu4Z4po.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:89:3d:a7:25:41:82:54:77:d8:ff:34:17:ea:e6:7c:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd75fc8c45d36101008837119cbfa84aee19e29a
        Validity
            Not Before: Feb  8 15:02:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=701295b3aab473160275e218e43cc4cc184cff7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:a3:f7:90:17:81:81:db:8f:f0:77:bd:12:49:
                    a6:dd:10:9b:5e:95:fa:27:84:0b:ee:c3:b4:32:9d:
                    55:68:79:e2:6a:6f:25:34:f0:95:27:ca:df:8f:0f:
                    be:be:f8:1a:24:a7:f9:17:6f:bb:1e:7e:21:52:0c:
                    b5:6f:64:5c:24:22:15:24:4f:d3:d8:37:6f:4a:88:
                    68:42:05:cc:17:76:4a:26:62:9d:d9:7c:fc:70:56:
                    d6:e9:cf:6c:8e:2a:79:fd:d9:38:b9:cc:6c:58:aa:
                    20:08:2c:12:58:c0:b5:30:af:c4:42:ff:1b:ec:cc:
                    0b:60:be:ea:2a:7e:1f:de:93:70:2a:78:d2:63:6a:
                    fd:3f:67:ff:e6:d2:db:22:3f:11:f2:ae:42:e5:9b:
                    81:e2:2d:13:94:60:7f:6f:3e:1a:28:a8:fd:14:76:
                    e9:cb:af:36:f5:ca:91:68:91:6b:f1:11:f1:8b:dd:
                    61:5d:23:e3:15:0e:9c:92:19:3c:f6:e5:d9:d1:f1:
                    57:a7:04:fa:7e:76:7a:ee:13:69:07:cc:1b:0b:0f:
                    2a:62:f9:4a:54:96:be:f4:13:95:99:8e:c4:a4:ca:
                    72:32:c5:82:f9:56:22:40:21:23:12:88:9b:ac:82:
                    68:06:63:ed:f1:d2:d6:54:17:bd:b0:ea:20:41:a8:
                    aa:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:12:95:B3:AA:B4:73:16:02:75:E2:18:E4:3C:C4:CC:18:4C:FF:7B
            X509v3 Authority Key Identifier:
                keyid:DD:75:FC:8C:45:D3:61:01:00:88:37:11:9C:BF:A8:4A:EE:19:E2:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3XX8jEXTYQEAiDcRnL-oSu4Z4po.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/68500d-a781-4739-b26c-0cc5168ea15a/1/cBKVs6q0cxYCdeIY5DzEzBhM_3s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/68500d-a781-4739-b26c-0cc5168ea15a/1/3XX8jEXTYQEAiDcRnL-oSu4Z4po.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.15.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         31:b9:41:fa:cd:4f:e3:8a:e6:23:79:b1:39:be:f6:2f:7a:05:
         c3:d5:ed:0b:0a:25:e6:93:5b:29:b8:6a:86:a3:4b:79:a4:96:
         da:20:78:3e:e4:e7:5c:7c:50:40:8e:4e:0b:48:c4:7c:74:68:
         6d:7f:46:4e:db:05:07:c3:51:13:57:ba:b2:86:a4:45:8e:c8:
         a1:2b:b7:45:e1:95:59:9d:d2:75:59:44:11:f5:92:2d:f8:80:
         ad:d6:20:48:19:51:60:06:d2:c7:6d:be:b5:1f:be:31:1f:b7:
         67:ca:10:10:09:ee:55:d4:af:77:fc:34:2b:bc:e8:fe:83:1f:
         28:cb:36:c3:1b:25:5d:07:81:a6:94:64:ac:3d:2e:1c:9d:ce:
         a4:9b:98:6d:02:e0:d8:48:3c:c2:60:83:56:2f:39:4e:7a:cc:
         72:a4:8a:04:23:2a:10:f4:40:2a:53:bc:4d:82:59:bb:b9:ad:
         24:59:84:99:75:03:7e:57:dd:7c:0e:a2:64:29:45:08:1e:1b:
         c1:2d:cb:93:f4:9f:76:44:64:df:ce:47:42:11:6b:b4:dc:65:
         ae:41:17:a6:67:17:e4:a3:95:63:61:cf:91:7e:50:6e:d9:df:
         dd:81:9f:4c:cf:f9:b4:35:04:62:df:44:10:46:e2:87:4c:82:
         92:39:99:a7
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAY2JPaclQYJUd9j/NBfq5nzzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNzVmYzhjNDVkMzYxMDEwMDg4MzcxMTljYmZhODRhZWUx
OWUyOWEwHhcNMjQwMjA4MTUwMjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDEyOTViM2FhYjQ3MzE2MDI3NWUyMThlNDNjYzRjYzE4NGNmZjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqKP3kBeBgduP8He9Ekmm3RCbXpX6
J4QL7sO0Mp1VaHniam8lNPCVJ8rfjw++vvgaJKf5F2+7Hn4hUgy1b2RcJCIVJE/T
2DdvSohoQgXMF3ZKJmKd2Xz8cFbW6c9sjip5/dk4ucxsWKogCCwSWMC1MK/EQv8b
7MwLYL7qKn4f3pNwKnjSY2r9P2f/5tLbIj8R8q5C5ZuB4i0TlGB/bz4aKKj9FHbp
y6829cqRaJFr8RHxi91hXSPjFQ6ckhk89uXZ0fFXpwT6fnZ67hNpB8wbCw8qYvlK
VJa+9BOVmY7EpMpyMsWC+VYiQCEjEoibrIJoBmPt8dLWVBe9sOogQaiqsQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFHASlbOqtHMWAnXiGOQ8xMwYTP97MB8GA1UdIwQY
MBaAFN11/IxF02EBAIg3EZy/qEruGeKaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1hYOGpFWFRZUUVBaURjUm5MLW9TdTRaNHBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC82ODUwMGQtYTc4MS00NzM5LWIyNmMt
MGNjNTE2OGVhMTVhLzEvY0JLVnM2cTBjeFlDZGVJWTVEekV6QmhNXzNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC82ODUwMGQtYTc4MS00NzM5LWIyNmMtMGNjNTE2OGVhMTVh
LzEvM1hYOGpFWFRZUUVBaURjUm5MLW9TdTRaNHBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAnw8wDQYJ
KoZIhvcNAQELBQADggEBADG5QfrNT+OK5iN5sTm+9i96BcPV7QsKJeaTWym4aoaj
S3mkltogeD7k51x8UECOTgtIxHx0aG1/Rk7bBQfDURNXurKGpEWOyKErt0XhlVmd
0nVZRBH1ki34gK3WIEgZUWAG0sdtvrUfvjEft2fKEBAJ7lXUr3f8NCu86P6DHyjL
NsMbJV0HgaaUZKw9LhydzqSbmG0C4NhIPMJgg1YvOU56zHKkigQjKhD0QCpTvE2C
Wbu5rSRZhJl1A35X3XwOomQpRQgeG8Ety5P0n3ZEZN/OR0IRa7TcZa5BF6ZnF+Sj
lWNhz5F+UG7Z392Bn0zP+bQ1BGLfRBBG4odMgpI5mac=
-----END CERTIFICATE-----