Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/c32ed5-7a1b-4f26-ad3f-2d2b4f70c3a3/1/vZBKPqLou4-daeiaMhnrSl8E5Tg.roa
File:                     vZBKPqLou4-daeiaMhnrSl8E5Tg.roa (raw, json)
Hash identifier:          d+LSW7UunWmttI61gZ/nsQSXTIK9Q57ysQv33xxOjJs=
Subject key identifier:   BD:90:4A:3E:A2:E8:BB:8F:9D:69:E8:9A:32:19:EB:4A:5F:04:E5:38
Certificate issuer:       /CN=6893188ebfce20e5bc53f3acf57f407d9e57ac17
Certificate serial:       018CC7942A7EEF4777BD80CBFA33DAAFA4DD
Authority key identifier: 68:93:18:8E:BF:CE:20:E5:BC:53:F3:AC:F5:7F:40:7D:9E:57:AC:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aJMYjr_OIOW8U_Os9X9AfZ5XrBc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/c32ed5-7a1b-4f26-ad3f-2d2b4f70c3a3/1/vZBKPqLou4-daeiaMhnrSl8E5Tg.roa
Signing time:             Tue 02 Jan 2024 00:30:25 +0000
ROA not before:           Tue 02 Jan 2024 00:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29236
IP address blocks:        194.55.159.0/24 maxlen: 24
                          2001:67c:2d28::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/c32ed5-7a1b-4f26-ad3f-2d2b4f70c3a3/1/aJMYjr_OIOW8U_Os9X9AfZ5XrBc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/c32ed5-7a1b-4f26-ad3f-2d2b4f70c3a3/1/aJMYjr_OIOW8U_Os9X9AfZ5XrBc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aJMYjr_OIOW8U_Os9X9AfZ5XrBc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:2a:7e:ef:47:77:bd:80:cb:fa:33:da:af:a4:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6893188ebfce20e5bc53f3acf57f407d9e57ac17
        Validity
            Not Before: Jan  2 00:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd904a3ea2e8bb8f9d69e89a3219eb4a5f04e538
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:59:b9:6c:93:d0:20:f1:ff:36:05:37:fb:08:
                    7e:2a:e2:49:5d:a4:a3:b3:73:9a:af:48:5f:66:c3:
                    e6:66:f9:73:ed:5d:ea:ca:c2:95:c4:b1:3c:c3:08:
                    d0:91:9c:98:e1:ad:af:bb:ef:98:f1:c4:e7:70:a2:
                    2b:1b:c9:36:37:20:15:8b:46:c8:89:24:46:74:1b:
                    66:a5:03:be:8d:90:94:2d:e6:46:bc:be:7f:f1:76:
                    3f:af:ba:4e:8f:0c:bb:be:31:33:96:4b:8c:83:05:
                    27:f0:16:44:ec:56:e3:af:43:49:dc:ca:f5:40:62:
                    5c:0f:07:cd:28:04:66:4c:e6:90:ff:e1:5b:1d:62:
                    24:15:bc:d4:d3:6e:7e:69:68:c2:e3:79:10:58:5e:
                    2f:86:a6:cc:24:1b:0a:07:25:1b:27:e5:de:ba:31:
                    82:ef:43:6d:2a:b7:c8:1f:65:e7:e0:a9:0d:1e:6e:
                    ca:94:4c:e0:45:d4:fa:da:79:5c:7a:0d:fc:20:5d:
                    8c:dd:d6:62:44:9c:01:24:7d:87:9d:78:8f:d6:a9:
                    54:74:cf:db:80:7e:8f:9d:ec:fb:b9:a0:f0:89:fe:
                    e4:ae:61:7a:99:22:f3:30:de:fc:57:62:b0:c8:64:
                    93:cc:b5:f2:78:b8:ce:65:c7:8a:01:07:91:8e:c5:
                    88:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:90:4A:3E:A2:E8:BB:8F:9D:69:E8:9A:32:19:EB:4A:5F:04:E5:38
            X509v3 Authority Key Identifier:
                keyid:68:93:18:8E:BF:CE:20:E5:BC:53:F3:AC:F5:7F:40:7D:9E:57:AC:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aJMYjr_OIOW8U_Os9X9AfZ5XrBc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/c32ed5-7a1b-4f26-ad3f-2d2b4f70c3a3/1/vZBKPqLou4-daeiaMhnrSl8E5Tg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/c32ed5-7a1b-4f26-ad3f-2d2b4f70c3a3/1/aJMYjr_OIOW8U_Os9X9AfZ5XrBc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.55.159.0/24
                IPv6:
                  2001:67c:2d28::/48

    Signature Algorithm: sha256WithRSAEncryption
         5e:4e:d8:10:d8:3e:2d:59:e4:33:db:f1:86:30:46:dd:18:6a:
         7b:fa:0d:00:87:81:18:21:fd:0f:a1:0c:ef:d7:1c:03:bc:21:
         a3:e9:6c:0a:f3:dc:cf:3c:c9:0f:1a:f4:1c:bb:d0:40:43:eb:
         08:2c:5f:4a:02:a6:e4:06:4e:6a:d0:0f:d4:8f:28:31:42:c4:
         d9:85:16:a6:ee:6e:ad:23:6f:67:2e:6b:14:18:e9:8b:1b:71:
         82:45:c5:0a:4e:c6:2e:6f:a7:fe:ee:49:2d:64:e0:9a:6c:84:
         8a:0f:c7:4d:c6:df:ab:c1:f8:60:8e:0c:8c:b1:f1:a4:15:29:
         69:39:92:f7:ed:1f:54:41:e2:fa:78:07:22:7f:84:0b:60:e5:
         9d:e3:db:29:ff:db:1d:29:6a:af:88:0a:7b:9f:2a:64:f1:cf:
         1c:ef:d4:b2:55:c0:81:4c:19:ab:5c:6e:0b:c5:a8:7d:21:67:
         a9:d2:2d:7d:18:ce:ce:69:03:a9:de:0e:8d:34:05:e2:16:e8:
         64:99:ff:16:8c:08:5e:9e:29:ff:83:aa:33:ee:33:96:2f:4a:
         43:85:fc:95:62:ee:95:d0:52:a6:3b:12:5f:e4:bd:bd:dc:12:
         2a:ff:5f:13:24:91:55:e9:62:8d:6e:19:db:c4:bd:7f:66:a7:
         0b:da:19:0e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHlCp+70d3vYDL+jPar6TdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4OTMxODhlYmZjZTIwZTViYzUzZjNhY2Y1N2Y0MDdkOWU1
N2FjMTcwHhcNMjQwMTAyMDAzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDkwNGEzZWEyZThiYjhmOWQ2OWU4OWEzMjE5ZWI0YTVmMDRlNTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjFm5bJPQIPH/NgU3+wh+KuJJXaSj
s3Oar0hfZsPmZvlz7V3qysKVxLE8wwjQkZyY4a2vu++Y8cTncKIrG8k2NyAVi0bI
iSRGdBtmpQO+jZCULeZGvL5/8XY/r7pOjwy7vjEzlkuMgwUn8BZE7Fbjr0NJ3Mr1
QGJcDwfNKARmTOaQ/+FbHWIkFbzU025+aWjC43kQWF4vhqbMJBsKByUbJ+XeujGC
70NtKrfIH2Xn4KkNHm7KlEzgRdT62nlceg38IF2M3dZiRJwBJH2HnXiP1qlUdM/b
gH6Pnez7uaDwif7krmF6mSLzMN78V2KwyGSTzLXyeLjOZceKAQeRjsWIGwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFL2QSj6i6LuPnWnomjIZ60pfBOU4MB8GA1UdIwQY
MBaAFGiTGI6/ziDlvFPzrPV/QH2eV6wXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUpNWWpyX09JT1c4VV9PczlYOUFmWjVYckJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi9jMzJlZDUtN2ExYi00ZjI2LWFkM2Yt
MmQyYjRmNzBjM2EzLzEvdlpCS1BxTG91NC1kYWVpYU1obnJTbDhFNVRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi9jMzJlZDUtN2ExYi00ZjI2LWFkM2YtMmQyYjRmNzBjM2Ez
LzEvYUpNWWpyX09JT1c4VV9PczlYOUFmWjVYckJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwjefMA8E
AgACMAkDBwAgAQZ8LSgwDQYJKoZIhvcNAQELBQADggEBAF5O2BDYPi1Z5DPb8YYw
Rt0Yanv6DQCHgRgh/Q+hDO/XHAO8IaPpbArz3M88yQ8a9By70EBD6wgsX0oCpuQG
TmrQD9SPKDFCxNmFFqbubq0jb2cuaxQY6YsbcYJFxQpOxi5vp/7uSS1k4JpshIoP
x03G36vB+GCODIyx8aQVKWk5kvftH1RB4vp4ByJ/hAtg5Z3j2yn/2x0paq+ICnuf
KmTxzxzv1LJVwIFMGatcbgvFqH0hZ6nSLX0Yzs5pA6neDo00BeIW6GSZ/xaMCF6e
Kf+DqjPuM5YvSkOF/JVi7pXQUqY7El/kvb3cEir/XxMkkVXpYo1uGdvEvX9mpwva
GQ4=
-----END CERTIFICATE-----