Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/15qg7jnuR170dIKjd6OzjguEeTM.roa
File:                     15qg7jnuR170dIKjd6OzjguEeTM.roa (raw, json)
Hash identifier:          DS609YLThLt1NKuh2BCSkoQXm86Ct4DVxPTIZ5GafZg=
Subject key identifier:   D7:9A:A0:EE:39:EE:47:5E:F4:74:82:A3:77:A3:B3:8E:0B:84:79:33
Certificate issuer:       /CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
Certificate serial:       018CC9BCBC03D68D7C402975E4B604C773EF
Authority key identifier: 30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/15qg7jnuR170dIKjd6OzjguEeTM.roa
Signing time:             Tue 02 Jan 2024 10:33:58 +0000
ROA not before:           Tue 02 Jan 2024 10:33:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197478
IP address blocks:        195.57.43.0/24 maxlen: 24
                          194.224.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:bc:03:d6:8d:7c:40:29:75:e4:b6:04:c7:73:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
        Validity
            Not Before: Jan  2 10:33:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d79aa0ee39ee475ef47482a377a3b38e0b847933
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:1e:96:39:6e:5a:0c:94:1a:f4:47:27:89:28:
                    c6:de:29:5b:91:f2:e3:de:1a:56:cd:d2:31:f6:1d:
                    cc:fb:07:c4:c5:cf:9c:3d:7e:25:04:05:d6:2c:0c:
                    f6:76:4e:f2:b6:39:43:0c:9c:46:1b:43:b8:a1:b6:
                    86:95:73:cd:2d:a2:c8:0a:91:16:8a:8d:15:49:94:
                    16:71:9d:11:8e:81:3e:01:30:0a:a2:82:1a:24:4d:
                    90:dd:f2:9f:be:02:c9:79:88:0f:24:06:f0:c4:4f:
                    b5:56:c8:de:7a:fa:34:2d:ca:00:5d:98:75:a1:74:
                    7e:2f:5e:83:98:36:0c:8b:3b:ea:e8:c8:28:49:a5:
                    dd:13:62:01:b6:f5:0d:df:43:fe:a4:e8:96:5e:9a:
                    15:7c:11:7c:77:6c:ef:8e:cf:c9:32:ec:34:ae:19:
                    cd:a9:78:3b:2c:14:3a:f7:93:76:70:02:43:14:00:
                    4e:09:98:1f:b0:8b:97:d7:af:00:39:e8:49:2a:e3:
                    7e:d4:1e:e3:bb:be:7a:27:53:73:06:bd:bd:55:92:
                    a1:6b:af:75:ea:1d:51:15:f7:9c:c2:ee:f3:72:a5:
                    6a:47:8f:f2:e0:8a:3a:fb:0b:59:47:5f:54:68:68:
                    e8:83:85:a7:7f:92:4b:70:c5:60:81:bc:f4:ea:53:
                    bc:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:9A:A0:EE:39:EE:47:5E:F4:74:82:A3:77:A3:B3:8E:0B:84:79:33
            X509v3 Authority Key Identifier:
                keyid:30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/15qg7jnuR170dIKjd6OzjguEeTM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.224.229.0/24
                  195.57.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ee:fe:c2:48:7a:a9:60:dc:93:9a:bf:49:cd:cb:52:d4:ff:c4:
         00:2b:81:cd:40:e2:18:e5:fa:67:ba:e0:67:5b:94:a1:80:ee:
         6d:0f:38:b5:59:04:19:77:a9:55:95:d0:6f:e8:41:69:28:41:
         b5:93:20:f9:3f:9d:e2:2a:3f:5c:3a:35:81:92:92:72:25:ad:
         a6:42:05:d7:80:ae:dd:51:9f:63:79:ec:90:ca:85:85:f7:55:
         91:57:fb:9c:d3:dd:7b:7b:d9:e2:77:de:4f:64:58:68:8d:63:
         8a:60:46:94:6f:26:24:28:f5:e3:06:97:7a:13:f8:05:6c:9a:
         e8:46:e9:d0:47:42:1d:70:5a:6f:2d:e8:f9:3e:61:e2:16:fd:
         58:1a:08:f3:d8:d3:07:bb:a9:76:fb:a2:b6:ee:bb:71:4c:c4:
         ff:18:49:2c:dd:de:96:26:1d:c9:4e:72:62:87:1c:58:0b:08:
         1b:53:f0:a5:63:d1:1a:0a:fb:14:e7:7e:97:aa:5a:2b:bb:7b:
         74:28:36:13:b6:1b:12:1a:f5:40:d8:83:0a:5f:f4:90:76:9d:
         fb:d0:4a:ef:19:5c:b7:58:39:76:75:54:e0:6a:cf:09:17:95:
         f4:b6:63:0b:07:06:a8:64:41:eb:37:9a:c0:5e:ff:65:4c:d4:
         2c:be:1a:45
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJvLwD1o18QCl15LYEx3PvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwN2Y1ZmUyNzQwYTJiNmRlNGMzNzA5ZDI5NjQxMTViM2M5
NjdkYTEwHhcNMjQwMTAyMTAzMzU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzlhYTBlZTM5ZWU0NzVlZjQ3NDgyYTM3N2EzYjM4ZTBiODQ3OTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnR6WOW5aDJQa9EcniSjG3ilbkfLj
3hpWzdIx9h3M+wfExc+cPX4lBAXWLAz2dk7ytjlDDJxGG0O4obaGlXPNLaLICpEW
io0VSZQWcZ0RjoE+ATAKooIaJE2Q3fKfvgLJeYgPJAbwxE+1Vsjeevo0LcoAXZh1
oXR+L16DmDYMizvq6MgoSaXdE2IBtvUN30P+pOiWXpoVfBF8d2zvjs/JMuw0rhnN
qXg7LBQ695N2cAJDFABOCZgfsIuX168AOehJKuN+1B7ju756J1NzBr29VZKha691
6h1RFfecwu7zcqVqR4/y4Io6+wtZR19UaGjog4Wnf5JLcMVggbz06lO8hwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNeaoO457kde9HSCo3ejs44LhHkzMB8GA1UdIwQY
MBaAFDB/X+J0Citt5MNwnSlkEVs8ln2hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQt
NGJhMmY4ZjFmODNiLzEvMTVxZzdqbnVSMTcwZElLamQ2T3pqZ3VFZVRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQtNGJhMmY4ZjFmODNi
LzEvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwuDlAwQA
wzkrMA0GCSqGSIb3DQEBCwUAA4IBAQDu/sJIeqlg3JOav0nNy1LU/8QAK4HNQOIY
5fpnuuBnW5ShgO5tDzi1WQQZd6lVldBv6EFpKEG1kyD5P53iKj9cOjWBkpJyJa2m
QgXXgK7dUZ9jeeyQyoWF91WRV/uc0917e9nid95PZFhojWOKYEaUbyYkKPXjBpd6
E/gFbJroRunQR0IdcFpvLej5PmHiFv1YGgjz2NMHu6l2+6K27rtxTMT/GEks3d6W
Jh3JTnJihxxYCwgbU/ClY9EaCvsU536Xqloru3t0KDYTthsSGvVA2IMKX/SQdp37
0ErvGVy3WDl2dVTgas8JF5X0tmMLBwaoZEHrN5rAXv9lTNQsvhpF
-----END CERTIFICATE-----