Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/59afab-e0a8-42d0-873b-6005c0111f1e/1/kqBsLfAuQksoTU1sXHPywER1BJI.roa
File:                     kqBsLfAuQksoTU1sXHPywER1BJI.roa (raw, json)
Hash identifier:          6b0J4RHnrGFv1Ah6foZ4jSV4ZBVNC6n4VPUpasjfUUk=
Subject key identifier:   92:A0:6C:2D:F0:2E:42:4B:28:4D:4D:6C:5C:73:F2:C0:44:75:04:92
Certificate issuer:       /CN=47a82e55779a1ea4ef9967f821d5cc05b7bd99e9
Certificate serial:       018CC348AF0221E227E68885406DCCAFCBE2
Authority key identifier: 47:A8:2E:55:77:9A:1E:A4:EF:99:67:F8:21:D5:CC:05:B7:BD:99:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R6guVXeaHqTvmWf4IdXMBbe9mek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/59afab-e0a8-42d0-873b-6005c0111f1e/1/kqBsLfAuQksoTU1sXHPywER1BJI.roa
Signing time:             Mon 01 Jan 2024 04:29:29 +0000
ROA not before:           Mon 01 Jan 2024 04:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     559
IP address blocks:        193.5.60.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/59afab-e0a8-42d0-873b-6005c0111f1e/1/R6guVXeaHqTvmWf4IdXMBbe9mek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/59afab-e0a8-42d0-873b-6005c0111f1e/1/R6guVXeaHqTvmWf4IdXMBbe9mek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R6guVXeaHqTvmWf4IdXMBbe9mek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 04:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:af:02:21:e2:27:e6:88:85:40:6d:cc:af:cb:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47a82e55779a1ea4ef9967f821d5cc05b7bd99e9
        Validity
            Not Before: Jan  1 04:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92a06c2df02e424b284d4d6c5c73f2c044750492
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:de:68:ec:91:cb:25:5e:2f:25:db:65:19:cb:
                    e6:19:d8:31:f9:ea:51:f0:c8:eb:47:70:3c:1f:18:
                    e7:7c:20:e4:cf:eb:5a:94:90:a4:dc:eb:7c:3f:f4:
                    32:03:4c:2e:c7:f1:52:08:bd:40:1d:cb:40:9d:52:
                    fc:1c:b4:63:95:bc:72:2a:37:a7:81:bc:23:19:f3:
                    b4:54:a1:9b:b4:b8:7f:07:50:03:20:e0:ca:cb:cb:
                    1e:1b:53:db:30:c7:2a:52:c5:b7:0a:dc:b5:3a:4a:
                    fd:c7:da:6d:a4:e5:6e:70:71:2e:ea:70:eb:95:d1:
                    3b:f3:15:75:5a:d6:60:1b:cf:dd:18:94:0a:c0:5b:
                    b6:8b:d3:7d:ef:59:e9:e0:a4:41:1d:69:b1:7c:59:
                    86:ef:7b:d8:dd:2a:8e:b9:6e:77:aa:4b:4d:4f:3b:
                    19:99:7a:98:f4:dd:f6:f6:a6:dd:3f:43:e9:3d:15:
                    75:f8:d3:ef:cf:db:cc:9b:4c:94:5f:3e:09:3d:bc:
                    97:48:a7:65:bb:bb:4c:1f:2d:21:40:1a:0f:0a:06:
                    fc:81:c0:af:14:53:1c:2f:98:fd:64:85:e8:f8:cf:
                    1a:3b:ef:77:1a:a7:9f:2f:87:d3:8a:38:c0:db:b6:
                    75:b8:52:01:ed:79:0d:6f:52:75:47:05:5e:95:5a:
                    8d:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:A0:6C:2D:F0:2E:42:4B:28:4D:4D:6C:5C:73:F2:C0:44:75:04:92
            X509v3 Authority Key Identifier:
                keyid:47:A8:2E:55:77:9A:1E:A4:EF:99:67:F8:21:D5:CC:05:B7:BD:99:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R6guVXeaHqTvmWf4IdXMBbe9mek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/59afab-e0a8-42d0-873b-6005c0111f1e/1/kqBsLfAuQksoTU1sXHPywER1BJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/59afab-e0a8-42d0-873b-6005c0111f1e/1/R6guVXeaHqTvmWf4IdXMBbe9mek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.5.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:b4:6a:05:c3:66:3b:e4:e9:0a:15:c7:7c:4c:84:74:e2:a4:
         23:bd:33:8c:81:7b:ef:51:2a:d3:ab:3c:a1:92:97:6f:0a:95:
         1a:9d:08:b6:23:2f:7c:54:e7:74:6b:62:a1:03:05:f7:1f:78:
         1f:a4:a4:e4:2d:b2:c1:c0:f0:7b:85:f5:1f:8b:5b:29:52:b4:
         66:52:dc:79:b2:17:9c:2e:4d:54:11:2c:46:a2:b5:b0:c2:77:
         e8:af:66:4a:a0:3e:c4:23:7c:ca:42:89:3f:97:95:88:99:7a:
         d7:ab:ef:02:d1:d6:dc:3e:71:a9:3f:31:ae:18:69:79:92:46:
         2f:68:dd:48:f0:50:3b:83:69:1e:9b:0c:c5:7d:21:7d:a6:d4:
         a4:86:7d:4e:dd:d5:34:cc:88:a3:a1:81:ba:f7:2a:95:aa:4b:
         fa:5b:3a:b4:6e:77:19:a0:00:ba:80:fb:07:51:48:5f:16:1f:
         22:57:55:3d:c8:f6:08:d1:da:62:91:5d:70:4e:fe:d5:2a:e8:
         2c:e3:92:74:87:b4:9d:99:37:e4:6a:d4:9d:5f:1c:c3:32:06:
         83:45:c1:73:7f:87:91:e0:52:0e:ae:c9:a5:94:e2:fc:c7:9f:
         53:98:ec:5c:61:39:99:7f:34:e6:3b:3c:c4:1c:0f:be:eb:76:
         24:6f:44:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSK8CIeIn5oiFQG3Mr8viMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3YTgyZTU1Nzc5YTFlYTRlZjk5NjdmODIxZDVjYzA1Yjdi
ZDk5ZTkwHhcNMjQwMTAxMDQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmEwNmMyZGYwMmU0MjRiMjg0ZDRkNmM1YzczZjJjMDQ0NzUwNDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkd5o7JHLJV4vJdtlGcvmGdgx+epR
8MjrR3A8HxjnfCDkz+talJCk3Ot8P/QyA0wux/FSCL1AHctAnVL8HLRjlbxyKjen
gbwjGfO0VKGbtLh/B1ADIODKy8seG1PbMMcqUsW3Cty1Okr9x9ptpOVucHEu6nDr
ldE78xV1WtZgG8/dGJQKwFu2i9N971np4KRBHWmxfFmG73vY3SqOuW53qktNTzsZ
mXqY9N329qbdP0PpPRV1+NPvz9vMm0yUXz4JPbyXSKdlu7tMHy0hQBoPCgb8gcCv
FFMcL5j9ZIXo+M8aO+93GqefL4fTijjA27Z1uFIB7XkNb1J1RwVelVqNwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJKgbC3wLkJLKE1NbFxz8sBEdQSSMB8GA1UdIwQY
MBaAFEeoLlV3mh6k75ln+CHVzAW3vZnpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjZndVZYZWFIcVR2bVdmNElkWE1CYmU5bWVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS81OWFmYWItZTBhOC00MmQwLTg3M2It
NjAwNWMwMTExZjFlLzEva3FCc0xmQXVRa3NvVFUxc1hIUHl3RVIxQkpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS81OWFmYWItZTBhOC00MmQwLTg3M2ItNjAwNWMwMTExZjFl
LzEvUjZndVZYZWFIcVR2bVdmNElkWE1CYmU5bWVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQU8MA0G
CSqGSIb3DQEBCwUAA4IBAQAMtGoFw2Y75OkKFcd8TIR04qQjvTOMgXvvUSrTqzyh
kpdvCpUanQi2Iy98VOd0a2KhAwX3H3gfpKTkLbLBwPB7hfUfi1spUrRmUtx5shec
Lk1UESxGorWwwnfor2ZKoD7EI3zKQok/l5WImXrXq+8C0dbcPnGpPzGuGGl5kkYv
aN1I8FA7g2kemwzFfSF9ptSkhn1O3dU0zIijoYG69yqVqkv6Wzq0bncZoAC6gPsH
UUhfFh8iV1U9yPYI0dpikV1wTv7VKugs45J0h7SdmTfkatSdXxzDMgaDRcFzf4eR
4FIOrsmllOL8x59TmOxcYTmZfzTmOzzEHA++63Ykb0Sy
-----END CERTIFICATE-----