Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/pPJOYykbOQ79Uph6dfRaLTp9-U0.roa
File:                     pPJOYykbOQ79Uph6dfRaLTp9-U0.roa (raw, json)
Hash identifier:          1Q0v7nHxeBLDqR4FMfAcvL5IkWrd95haRm3Rp9fQxcw=
Subject key identifier:   A4:F2:4E:63:29:1B:39:0E:FD:52:98:7A:75:F4:5A:2D:3A:7D:F9:4D
Certificate issuer:       /CN=79101035d53377c5a72bedca522fc1456e0b8419
Certificate serial:       018CC64AC2511F048DB2486B83EF5C44E56B
Authority key identifier: 79:10:10:35:D5:33:77:C5:A7:2B:ED:CA:52:2F:C1:45:6E:0B:84:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eRAQNdUzd8WnK-3KUi_BRW4LhBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/pPJOYykbOQ79Uph6dfRaLTp9-U0.roa
Signing time:             Mon 01 Jan 2024 18:30:37 +0000
ROA not before:           Mon 01 Jan 2024 18:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49806
IP address blocks:        185.15.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/eRAQNdUzd8WnK-3KUi_BRW4LhBk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/eRAQNdUzd8WnK-3KUi_BRW4LhBk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eRAQNdUzd8WnK-3KUi_BRW4LhBk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 06:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:c2:51:1f:04:8d:b2:48:6b:83:ef:5c:44:e5:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79101035d53377c5a72bedca522fc1456e0b8419
        Validity
            Not Before: Jan  1 18:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4f24e63291b390efd52987a75f45a2d3a7df94d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:94:24:a8:23:83:ab:6c:55:53:f8:2a:f1:07:
                    77:9d:ae:1a:a1:66:71:93:6e:c1:04:b7:3d:9d:c9:
                    c0:64:0f:13:8b:f1:4d:7e:27:bd:30:9b:fe:e2:18:
                    c7:0b:91:65:32:9e:88:70:cb:43:5b:72:b8:c1:bc:
                    d4:65:8a:07:d7:b9:4a:78:28:c6:99:ff:e9:5f:50:
                    c3:82:c8:51:9b:f8:e1:b4:1c:9c:fb:91:a4:fa:8e:
                    31:ec:dc:26:19:8a:a0:32:76:b7:83:ca:5b:b1:66:
                    4d:e8:ca:40:52:1e:f4:e5:b1:42:5e:98:7e:e9:71:
                    40:ca:86:bb:62:e8:2a:3a:30:8c:e9:a1:b1:84:ab:
                    35:86:e7:2f:9b:1e:11:da:76:f4:e4:ae:10:ef:31:
                    ea:20:26:24:c7:6d:8a:92:25:93:5a:b6:bb:6e:c8:
                    cb:df:a0:dc:0a:f1:8b:b7:c4:b0:d2:3f:57:7a:dc:
                    49:36:42:91:72:c3:09:22:c5:7f:c6:64:39:4c:e2:
                    e8:b2:48:c0:af:e0:64:a2:ae:65:11:5f:4b:bd:11:
                    28:f4:44:51:18:48:5f:ac:32:f3:01:8f:49:a8:75:
                    67:d8:b7:a3:13:12:a7:a8:e7:c3:a0:ce:fd:dd:1f:
                    c0:61:91:8d:fe:d9:3e:38:2f:55:16:d1:e9:03:07:
                    8e:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:F2:4E:63:29:1B:39:0E:FD:52:98:7A:75:F4:5A:2D:3A:7D:F9:4D
            X509v3 Authority Key Identifier:
                keyid:79:10:10:35:D5:33:77:C5:A7:2B:ED:CA:52:2F:C1:45:6E:0B:84:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eRAQNdUzd8WnK-3KUi_BRW4LhBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/pPJOYykbOQ79Uph6dfRaLTp9-U0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/eRAQNdUzd8WnK-3KUi_BRW4LhBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.15.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:37:7f:63:ad:30:7b:7c:2e:05:6d:af:10:6e:11:d3:25:53:
         9c:21:74:a2:3c:0c:91:54:86:a4:6f:0b:06:8d:83:54:c0:62:
         a0:7d:3e:a3:c5:6a:fa:a9:dd:4e:a0:c1:c4:17:2b:86:fa:de:
         c7:27:50:4c:4f:f8:09:69:a4:f2:3d:65:18:b8:ca:22:b7:60:
         f8:2e:f4:c7:78:87:4d:aa:89:16:26:92:89:d0:87:ad:f5:e2:
         80:b5:2f:65:6d:3b:85:bb:21:8f:82:14:1e:4c:76:8f:7a:9a:
         8c:ee:42:6a:53:a4:a0:d8:7e:53:e4:22:cb:a1:b4:15:96:a5:
         94:4b:f3:7c:68:b4:3f:51:d4:24:50:21:c0:65:44:50:8c:48:
         bf:50:c3:36:fc:2a:a7:34:cc:42:ca:da:a7:73:22:ec:51:16:
         93:b7:3f:c4:9c:7d:62:e8:44:bc:64:84:ac:68:59:96:f8:11:
         63:8a:f3:ff:de:2a:c1:44:fe:8f:54:9e:d3:f4:51:4f:ef:0a:
         43:a7:7a:e1:c4:39:a7:52:19:7d:cd:52:bd:c8:81:74:d3:0b:
         fb:99:ca:c6:0d:e5:4c:e7:26:de:28:43:85:cb:e4:a1:e9:2d:
         08:ac:77:ca:a0:4e:8c:76:3a:36:90:ad:8c:09:a7:5c:2c:c1:
         be:39:7c:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSsJRHwSNskhrg+9cROVrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5MTAxMDM1ZDUzMzc3YzVhNzJiZWRjYTUyMmZjMTQ1NmUw
Yjg0MTkwHhcNMjQwMTAxMTgzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGYyNGU2MzI5MWIzOTBlZmQ1Mjk4N2E3NWY0NWEyZDNhN2RmOTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZQkqCODq2xVU/gq8Qd3na4aoWZx
k27BBLc9ncnAZA8Ti/FNfie9MJv+4hjHC5FlMp6IcMtDW3K4wbzUZYoH17lKeCjG
mf/pX1DDgshRm/jhtByc+5Gk+o4x7NwmGYqgMna3g8pbsWZN6MpAUh705bFCXph+
6XFAyoa7YugqOjCM6aGxhKs1hucvmx4R2nb05K4Q7zHqICYkx22KkiWTWra7bsjL
36DcCvGLt8Sw0j9XetxJNkKRcsMJIsV/xmQ5TOLoskjAr+Bkoq5lEV9LvREo9ERR
GEhfrDLzAY9JqHVn2LejExKnqOfDoM793R/AYZGN/tk+OC9VFtHpAweO0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKTyTmMpGzkO/VKYenX0Wi06fflNMB8GA1UdIwQY
MBaAFHkQEDXVM3fFpyvtylIvwUVuC4QZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVJBUU5kVXpkOFduSy0zS1VpX0JSVzRMaEJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS85NThjMmMtYjRjMy00MzJkLTlhYjEt
MGNjODNiMDBmYzU4LzEvcFBKT1l5a2JPUTc5VXBoNmRmUmFMVHA5LVUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS85NThjMmMtYjRjMy00MzJkLTlhYjEtMGNjODNiMDBmYzU4
LzEvZVJBUU5kVXpkOFduSy0zS1VpX0JSVzRMaEJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQ+dMA0G
CSqGSIb3DQEBCwUAA4IBAQBCN39jrTB7fC4Fba8QbhHTJVOcIXSiPAyRVIakbwsG
jYNUwGKgfT6jxWr6qd1OoMHEFyuG+t7HJ1BMT/gJaaTyPWUYuMoit2D4LvTHeIdN
qokWJpKJ0Iet9eKAtS9lbTuFuyGPghQeTHaPepqM7kJqU6Sg2H5T5CLLobQVlqWU
S/N8aLQ/UdQkUCHAZURQjEi/UMM2/CqnNMxCytqncyLsURaTtz/EnH1i6ES8ZISs
aFmW+BFjivP/3irBRP6PVJ7T9FFP7wpDp3rhxDmnUhl9zVK9yIF00wv7mcrGDeVM
5ybeKEOFy+Sh6S0IrHfKoE6Mdjo2kK2MCadcLMG+OXxf
-----END CERTIFICATE-----