Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/f83073-9e80-42f2-b0a8-5f28137a7658/1/9M75nPNP2utYS_dlJWR2yGIP7Jk.roa
File:                     9M75nPNP2utYS_dlJWR2yGIP7Jk.roa (raw, json)
Hash identifier:          oSlGqk2lYc/SHvXF35AlUFEFY8DfHOjUW0AO1ApFGRc=
Subject key identifier:   F4:CE:F9:9C:F3:4F:DA:EB:58:4B:F7:65:25:64:76:C8:62:0F:EC:99
Certificate issuer:       /CN=e31aba3c2f56283ce5c74bce405844c1591babfc
Certificate serial:       018CC80113A36BFC19EA60D3928BE92C18C2
Authority key identifier: E3:1A:BA:3C:2F:56:28:3C:E5:C7:4B:CE:40:58:44:C1:59:1B:AB:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4xq6PC9WKDzlx0vOQFhEwVkbq_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/f83073-9e80-42f2-b0a8-5f28137a7658/1/9M75nPNP2utYS_dlJWR2yGIP7Jk.roa
Signing time:             Tue 02 Jan 2024 02:29:22 +0000
ROA not before:           Tue 02 Jan 2024 02:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199469
IP address blocks:        185.15.112.0/22 maxlen: 22
                          185.15.112.0/24 maxlen: 24
                          185.15.115.0/24 maxlen: 24
                          185.15.114.0/24 maxlen: 24
                          185.15.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/f83073-9e80-42f2-b0a8-5f28137a7658/1/4xq6PC9WKDzlx0vOQFhEwVkbq_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/f83073-9e80-42f2-b0a8-5f28137a7658/1/4xq6PC9WKDzlx0vOQFhEwVkbq_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4xq6PC9WKDzlx0vOQFhEwVkbq_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:13:a3:6b:fc:19:ea:60:d3:92:8b:e9:2c:18:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e31aba3c2f56283ce5c74bce405844c1591babfc
        Validity
            Not Before: Jan  2 02:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4cef99cf34fdaeb584bf765256476c8620fec99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:53:91:a9:26:c9:9f:e7:65:12:06:96:b9:98:
                    c8:20:8b:e6:f5:90:46:80:db:ef:61:12:e3:50:a7:
                    bb:8e:08:57:35:b7:42:c2:58:8a:83:44:71:de:aa:
                    bd:9d:f4:3c:9c:5d:b7:22:8d:1e:af:d8:6c:4e:87:
                    6b:9c:24:50:68:4d:c0:a4:d4:18:82:71:66:a1:bc:
                    a1:8e:e7:78:87:fc:76:d4:59:5e:3a:a1:d3:4c:f1:
                    a4:81:2c:f4:5f:c3:b7:cb:e0:69:d8:78:da:17:d1:
                    65:2a:bd:76:3f:1e:35:74:1e:bb:82:2a:31:9b:11:
                    2f:1c:44:51:dd:e6:6f:9a:e9:8c:13:f9:98:87:e4:
                    cf:b8:50:cb:1e:5c:4a:b2:29:99:b1:b0:a8:3c:bc:
                    c4:d6:33:14:b6:e5:f7:de:f7:fb:70:4f:f7:18:db:
                    92:50:f2:ad:1f:db:ae:59:3f:8e:23:4c:8d:d0:97:
                    df:42:96:f4:d3:ff:3c:2a:a0:0d:bd:97:33:af:04:
                    cc:a9:32:fa:b4:3e:50:eb:43:dc:81:19:68:8d:db:
                    bc:b9:b0:c7:cd:38:ad:c7:fe:4a:2a:f5:31:c5:e3:
                    99:48:4e:73:e9:3a:ff:2d:45:b8:2c:23:84:76:42:
                    19:97:9c:01:34:64:4f:aa:01:e2:ab:79:9a:72:0a:
                    e0:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:CE:F9:9C:F3:4F:DA:EB:58:4B:F7:65:25:64:76:C8:62:0F:EC:99
            X509v3 Authority Key Identifier:
                keyid:E3:1A:BA:3C:2F:56:28:3C:E5:C7:4B:CE:40:58:44:C1:59:1B:AB:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4xq6PC9WKDzlx0vOQFhEwVkbq_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/f83073-9e80-42f2-b0a8-5f28137a7658/1/9M75nPNP2utYS_dlJWR2yGIP7Jk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/f83073-9e80-42f2-b0a8-5f28137a7658/1/4xq6PC9WKDzlx0vOQFhEwVkbq_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.15.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:11:c0:a9:81:36:6f:54:0a:25:aa:13:8b:35:f3:9d:99:90:
         17:a8:e5:82:96:b0:d3:84:88:2c:58:0a:28:59:11:55:86:c3:
         9e:70:a5:0a:5a:51:3b:24:4f:c6:e2:15:9c:ea:06:30:3f:48:
         3d:cd:73:17:e9:19:f4:fe:67:d6:71:c9:71:f9:89:50:cd:c9:
         98:ca:7d:39:da:47:ae:3f:e5:2f:6d:29:d4:1f:7d:ec:28:45:
         64:91:e8:e1:56:89:77:2e:5a:62:ee:22:66:01:ee:0a:9f:f5:
         70:3b:93:1d:b4:63:67:b8:2a:2f:a3:5e:94:82:54:f0:8e:c4:
         1a:53:0f:35:e1:52:01:a2:65:01:98:82:d3:38:3e:a8:98:29:
         46:ba:89:5d:f3:3b:46:81:27:2a:2b:e1:e4:ea:78:83:16:60:
         bd:e3:4d:7a:7a:79:b4:fe:d7:21:f7:14:4f:0e:7c:a3:bd:02:
         3b:83:17:bd:fc:e6:f7:d1:26:aa:a0:c4:1c:2a:f6:c7:46:01:
         55:a5:27:76:f8:2e:b6:fa:f6:4b:0a:2a:cc:76:5a:c3:76:df:
         8f:59:71:b6:98:70:e9:53:fe:ef:d8:b0:48:2d:d3:6c:5e:3e:
         2f:31:b0:fa:ec:63:e1:60:de:f1:1b:a6:55:7a:52:c9:d8:87:
         fe:e5:76:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAROja/wZ6mDTkovpLBjCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMWFiYTNjMmY1NjI4M2NlNWM3NGJjZTQwNTg0NGMxNTkx
YmFiZmMwHhcNMjQwMTAyMDIyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGNlZjk5Y2YzNGZkYWViNTg0YmY3NjUyNTY0NzZjODYyMGZlYzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1ORqSbJn+dlEgaWuZjIIIvm9ZBG
gNvvYRLjUKe7jghXNbdCwliKg0Rx3qq9nfQ8nF23Io0er9hsTodrnCRQaE3ApNQY
gnFmobyhjud4h/x21FleOqHTTPGkgSz0X8O3y+Bp2HjaF9FlKr12Px41dB67giox
mxEvHERR3eZvmumME/mYh+TPuFDLHlxKsimZsbCoPLzE1jMUtuX33vf7cE/3GNuS
UPKtH9uuWT+OI0yN0JffQpb00/88KqANvZczrwTMqTL6tD5Q60PcgRlojdu8ubDH
zTitx/5KKvUxxeOZSE5z6Tr/LUW4LCOEdkIZl5wBNGRPqgHiq3macgrgWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPTO+ZzzT9rrWEv3ZSVkdshiD+yZMB8GA1UdIwQY
MBaAFOMaujwvVig85cdLzkBYRMFZG6v8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHhxNlBDOVdLRHpseDB2T1FGaEV3VmticV93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9mODMwNzMtOWU4MC00MmYyLWIwYTgt
NWYyODEzN2E3NjU4LzEvOU03NW5QTlAydXRZU19kbEpXUjJ5R0lQN0prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9mODMwNzMtOWU4MC00MmYyLWIwYTgtNWYyODEzN2E3NjU4
LzEvNHhxNlBDOVdLRHpseDB2T1FGaEV3VmticV93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQ9wMA0G
CSqGSIb3DQEBCwUAA4IBAQApEcCpgTZvVAolqhOLNfOdmZAXqOWClrDThIgsWAoo
WRFVhsOecKUKWlE7JE/G4hWc6gYwP0g9zXMX6Rn0/mfWcclx+YlQzcmYyn052keu
P+UvbSnUH33sKEVkkejhVol3Llpi7iJmAe4Kn/VwO5MdtGNnuCovo16UglTwjsQa
Uw814VIBomUBmILTOD6omClGuold8ztGgScqK+Hk6niDFmC94016enm0/tch9xRP
DnyjvQI7gxe9/Ob30SaqoMQcKvbHRgFVpSd2+C62+vZLCirMdlrDdt+PWXG2mHDp
U/7v2LBILdNsXj4vMbD67GPhYN7xG6ZVelLJ2If+5XZ2
-----END CERTIFICATE-----