Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/466aab-a470-4344-a367-547be4cfa457/1/pnqGwFVmFB9u19ctK-ssDPpwKp8.roa
File:                     pnqGwFVmFB9u19ctK-ssDPpwKp8.roa (raw, json)
Hash identifier:          ksNmNMnON9CVRWw8O9+CxZaaxm+tOVk/EJEsB7OybuQ=
Subject key identifier:   A6:7A:86:C0:55:66:14:1F:6E:D7:D7:2D:2B:EB:2C:0C:FA:70:2A:9F
Certificate issuer:       /CN=75b795066150a1c367dabccf69c970ab0c723215
Certificate serial:       0191294097FD17A6A10CD203BCAF292B5E9B
Authority key identifier: 75:B7:95:06:61:50:A1:C3:67:DA:BC:CF:69:C9:70:AB:0C:72:32:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dbeVBmFQocNn2rzPaclwqwxyMhU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/466aab-a470-4344-a367-547be4cfa457/1/pnqGwFVmFB9u19ctK-ssDPpwKp8.roa
Signing time:             Tue 06 Aug 2024 19:53:04 +0000
ROA not before:           Tue 06 Aug 2024 19:53:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58192
IP address blocks:        194.5.54.0/24 maxlen: 24
                          2a13:5e40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/466aab-a470-4344-a367-547be4cfa457/1/dbeVBmFQocNn2rzPaclwqwxyMhU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/466aab-a470-4344-a367-547be4cfa457/1/dbeVBmFQocNn2rzPaclwqwxyMhU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dbeVBmFQocNn2rzPaclwqwxyMhU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:29:40:97:fd:17:a6:a1:0c:d2:03:bc:af:29:2b:5e:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75b795066150a1c367dabccf69c970ab0c723215
        Validity
            Not Before: Aug  6 19:53:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a67a86c05566141f6ed7d72d2beb2c0cfa702a9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:b3:d4:a5:82:30:7d:ec:9c:1a:bf:74:a6:8f:
                    4e:dd:1d:dc:75:8f:86:08:f1:80:3a:8c:91:9b:f4:
                    af:7f:3e:47:be:7a:98:d1:89:c1:df:34:29:f6:4e:
                    ea:31:3f:53:d6:a7:2c:0a:52:f1:76:15:0a:02:7f:
                    41:8a:3f:25:4e:f7:91:69:f1:dc:11:c0:b3:7c:87:
                    d9:47:9b:27:ca:26:8a:b3:7e:66:95:4a:e6:41:10:
                    49:31:26:6c:01:d6:bf:5c:16:6f:c1:d4:18:90:cf:
                    31:a8:17:53:2a:a7:d8:0a:35:ac:82:ec:88:c5:99:
                    f2:64:86:d7:68:26:3f:26:69:61:55:ef:b0:f4:40:
                    0f:6b:17:75:17:f1:ee:f8:62:c5:08:61:58:57:4a:
                    f6:be:49:20:d6:d2:97:eb:e4:13:08:cf:e3:e9:f5:
                    c8:b5:cf:e1:f6:01:a1:27:8c:18:be:4b:95:1c:66:
                    a4:48:75:81:09:76:5d:52:79:dd:f1:02:7e:37:2f:
                    5f:65:6e:37:a6:08:26:bb:15:a1:8b:b1:5a:70:be:
                    c9:f5:e0:de:a2:2d:61:65:7f:31:67:a6:3d:06:d8:
                    57:f6:f5:26:99:c6:72:31:ca:75:5a:a4:4c:54:6f:
                    be:52:34:b3:65:d0:04:22:84:76:3f:f6:e1:6f:80:
                    4d:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:7A:86:C0:55:66:14:1F:6E:D7:D7:2D:2B:EB:2C:0C:FA:70:2A:9F
            X509v3 Authority Key Identifier:
                keyid:75:B7:95:06:61:50:A1:C3:67:DA:BC:CF:69:C9:70:AB:0C:72:32:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dbeVBmFQocNn2rzPaclwqwxyMhU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/466aab-a470-4344-a367-547be4cfa457/1/pnqGwFVmFB9u19ctK-ssDPpwKp8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/466aab-a470-4344-a367-547be4cfa457/1/dbeVBmFQocNn2rzPaclwqwxyMhU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.54.0/24
                IPv6:
                  2a13:5e40::/29

    Signature Algorithm: sha256WithRSAEncryption
         3d:f7:26:8d:ca:ac:dd:47:a1:cf:8b:1b:94:e9:d8:9f:dc:ec:
         ac:fa:ff:33:ae:a2:d1:fa:ab:f9:12:a2:cc:25:69:7f:84:60:
         2f:97:aa:1f:ab:f2:6d:3d:5b:2c:6f:fe:ec:e8:b7:94:08:a5:
         37:18:69:28:3f:5b:c9:3f:f5:c3:03:a4:1f:78:c3:ee:54:36:
         d3:a9:cc:97:cb:2d:16:93:9b:d0:e0:c7:38:81:ce:ec:04:97:
         ca:f9:a2:cd:e2:d7:99:09:7d:1d:c8:26:54:73:39:e1:c7:fa:
         a0:23:87:9f:6e:83:44:70:a6:7f:1f:e6:62:bb:0e:66:b2:b8:
         33:c6:f8:57:16:40:2a:2d:40:1a:0c:f7:29:be:fa:46:98:27:
         d6:a8:2a:84:ea:a9:d0:b8:cc:a6:95:82:98:e3:0d:26:03:dc:
         df:1e:e0:27:02:dc:fe:5e:7a:bf:c6:ba:b7:b9:bf:4e:67:23:
         07:b4:09:fd:21:bc:35:6f:b0:15:ba:a9:18:8e:ac:e6:ab:04:
         12:bc:4f:44:b4:6a:c7:5a:80:0e:ed:ea:eb:36:27:50:3f:ab:
         7d:d9:f5:5d:01:38:2d:f4:ce:09:18:19:e2:e8:e0:8f:6b:fb:
         78:d7:d8:b4:e6:33:fb:d3:19:d5:ae:62:0a:b2:01:fe:e8:be:
         e5:a5:1e:5a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZEpQJf9F6ahDNIDvK8pK16bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1Yjc5NTA2NjE1MGExYzM2N2RhYmNjZjY5Yzk3MGFiMGM3
MjMyMTUwHhcNMjQwODA2MTk1MzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjdhODZjMDU1NjYxNDFmNmVkN2Q3MmQyYmViMmMwY2ZhNzAyYTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7PUpYIwfeycGr90po9O3R3cdY+G
CPGAOoyRm/Svfz5HvnqY0YnB3zQp9k7qMT9T1qcsClLxdhUKAn9Bij8lTveRafHc
EcCzfIfZR5snyiaKs35mlUrmQRBJMSZsAda/XBZvwdQYkM8xqBdTKqfYCjWsguyI
xZnyZIbXaCY/JmlhVe+w9EAPaxd1F/Hu+GLFCGFYV0r2vkkg1tKX6+QTCM/j6fXI
tc/h9gGhJ4wYvkuVHGakSHWBCXZdUnnd8QJ+Ny9fZW43pggmuxWhi7FacL7J9eDe
oi1hZX8xZ6Y9BthX9vUmmcZyMcp1WqRMVG++UjSzZdAEIoR2P/bhb4BNjwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKZ6hsBVZhQfbtfXLSvrLAz6cCqfMB8GA1UdIwQY
MBaAFHW3lQZhUKHDZ9q8z2nJcKsMcjIVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGJlVkJtRlFvY05uMnJ6UGFjbHdxd3h5TWhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS80NjZhYWItYTQ3MC00MzQ0LWEzNjct
NTQ3YmU0Y2ZhNDU3LzEvcG5xR3dGVm1GQjl1MTljdEstc3NEUHB3S3A4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS80NjZhYWItYTQ3MC00MzQ0LWEzNjctNTQ3YmU0Y2ZhNDU3
LzEvZGJlVkJtRlFvY05uMnJ6UGFjbHdxd3h5TWhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwgU2MA0E
AgACMAcDBQMqE15AMA0GCSqGSIb3DQEBCwUAA4IBAQA99yaNyqzdR6HPixuU6dif
3Oys+v8zrqLR+qv5EqLMJWl/hGAvl6ofq/JtPVssb/7s6LeUCKU3GGkoP1vJP/XD
A6QfeMPuVDbTqcyXyy0Wk5vQ4Mc4gc7sBJfK+aLN4teZCX0dyCZUcznhx/qgI4ef
boNEcKZ/H+Ziuw5msrgzxvhXFkAqLUAaDPcpvvpGmCfWqCqE6qnQuMymlYKY4w0m
A9zfHuAnAtz+Xnq/xrq3ub9OZyMHtAn9Ibw1b7AVuqkYjqzmqwQSvE9EtGrHWoAO
7errNidQP6t92fVdATgt9M4JGBni6OCPa/t419i05jP70xnVrmIKsgH+6L7lpR5a
-----END CERTIFICATE-----