Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/94c919-e6ea-4e18-af12-ed5b01d2528c/1/actWQyOp_AKAxdS2oWJvuioGhQ8.roa
File:                     actWQyOp_AKAxdS2oWJvuioGhQ8.roa (raw, json)
Hash identifier:          ppBBSVDWkt25cpNi4X/ntehor4mrI7RnuiIE/uYYa8A=
Subject key identifier:   69:CB:56:43:23:A9:FC:02:80:C5:D4:B6:A1:62:6F:BA:2A:06:85:0F
Certificate issuer:       /CN=5ab1996515884434b87882b5b972a6e529ffb00b
Certificate serial:       019423D6AA9B2553C2D5735CF773DCEA1C82
Authority key identifier: 5A:B1:99:65:15:88:44:34:B8:78:82:B5:B9:72:A6:E5:29:FF:B0:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WrGZZRWIRDS4eIK1uXKm5Sn_sAs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/94c919-e6ea-4e18-af12-ed5b01d2528c/1/actWQyOp_AKAxdS2oWJvuioGhQ8.roa
Signing time:             Wed 01 Jan 2025 21:47:38 +0000
ROA not before:           Wed 01 Jan 2025 21:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8473
IP address blocks:        185.159.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/94c919-e6ea-4e18-af12-ed5b01d2528c/1/WrGZZRWIRDS4eIK1uXKm5Sn_sAs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/94c919-e6ea-4e18-af12-ed5b01d2528c/1/WrGZZRWIRDS4eIK1uXKm5Sn_sAs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WrGZZRWIRDS4eIK1uXKm5Sn_sAs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:aa:9b:25:53:c2:d5:73:5c:f7:73:dc:ea:1c:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ab1996515884434b87882b5b972a6e529ffb00b
        Validity
            Not Before: Jan  1 21:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=69cb564323a9fc0280c5d4b6a1626fba2a06850f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:29:e5:2b:8c:e1:21:0a:a1:10:63:a3:71:5d:
                    ba:d7:c7:94:af:2b:ea:1f:40:b1:f3:8d:52:73:ef:
                    f6:62:47:4b:49:f4:b3:d4:35:08:39:83:6e:a3:03:
                    cd:c6:c8:bf:e4:d7:8f:5d:e7:8a:a8:dd:96:35:fb:
                    1c:73:69:1d:bb:cd:0f:5a:29:01:1e:1b:64:97:c0:
                    da:18:7f:d9:3f:67:0f:75:f7:e9:47:3c:09:c0:5f:
                    ab:83:d0:19:27:43:0a:b8:b3:52:81:cd:ec:13:59:
                    1e:8e:c5:82:66:02:53:14:d5:ab:3e:f8:d6:f6:b5:
                    bb:23:da:cc:f5:fa:bc:5d:70:7f:42:6d:b5:9f:91:
                    22:7b:08:6e:d6:a6:f5:5d:09:a7:1b:08:25:11:e6:
                    92:cd:e1:e9:4a:ad:06:1e:77:08:f9:4c:f1:c6:14:
                    2a:c7:f3:a7:10:33:82:4d:59:d0:26:f2:ab:94:24:
                    5b:27:14:aa:a0:b3:34:bf:94:9f:79:9f:59:7e:56:
                    55:f7:38:08:45:66:28:09:2e:87:50:fd:da:03:d3:
                    b5:1b:8a:b4:61:0e:8e:7f:d9:38:2c:60:c8:d1:7f:
                    36:9b:60:e1:11:04:2a:82:6c:dd:af:88:df:1f:38:
                    c2:aa:0a:0e:ae:e3:fd:f9:45:c1:9d:7f:d6:5f:17:
                    76:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:CB:56:43:23:A9:FC:02:80:C5:D4:B6:A1:62:6F:BA:2A:06:85:0F
            X509v3 Authority Key Identifier:
                keyid:5A:B1:99:65:15:88:44:34:B8:78:82:B5:B9:72:A6:E5:29:FF:B0:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WrGZZRWIRDS4eIK1uXKm5Sn_sAs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/94c919-e6ea-4e18-af12-ed5b01d2528c/1/actWQyOp_AKAxdS2oWJvuioGhQ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/94c919-e6ea-4e18-af12-ed5b01d2528c/1/WrGZZRWIRDS4eIK1uXKm5Sn_sAs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.159.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:fd:d2:17:48:6d:79:0d:6a:8b:4f:bf:3b:eb:8e:a2:a6:35:
         d0:6b:82:d4:73:dd:8c:02:d2:88:ba:fe:78:e6:35:4d:e9:35:
         53:4d:72:9b:d7:7c:be:b3:3c:f1:71:0e:88:6a:a0:87:6d:6c:
         fd:0f:fb:3e:2c:1e:12:05:b7:fd:1c:1a:2d:3e:4c:75:fe:ff:
         e5:48:9f:60:8b:b6:83:6e:ff:12:bf:86:e3:48:f2:72:8f:0d:
         63:af:f5:bd:d1:f0:42:cb:38:97:e6:3d:05:3a:82:ab:88:fc:
         2c:d4:ad:a8:b1:f9:14:71:d3:23:62:54:6b:92:a1:b4:3b:30:
         9a:82:cb:04:4a:2b:77:84:c3:7f:52:92:b4:85:95:ac:54:fc:
         be:7c:d8:3f:92:41:bb:d2:31:aa:b3:3f:79:a6:4b:9a:df:2b:
         21:2f:91:67:0f:23:c0:ea:c9:c9:5c:c3:d2:7d:13:68:8c:5c:
         36:a0:2c:49:e2:c1:3f:cb:2a:85:61:d9:c7:d9:64:3e:9f:84:
         06:44:a7:a1:e5:ad:ee:2d:07:95:31:24:de:a9:52:35:36:60:
         77:e2:07:c8:28:96:4f:e1:f5:69:0d:29:25:2e:58:95:b8:0b:
         e4:ef:a6:3c:4e:95:bb:ad:aa:29:74:b6:2e:c8:09:dd:95:26:
         98:47:42:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1qqbJVPC1XNc93Pc6hyCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhYjE5OTY1MTU4ODQ0MzRiODc4ODJiNWI5NzJhNmU1Mjlm
ZmIwMGIwHhcNMjUwMTAxMjE0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWNiNTY0MzIzYTlmYzAyODBjNWQ0YjZhMTYyNmZiYTJhMDY4NTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAminlK4zhIQqhEGOjcV2618eUryvq
H0Cx841Sc+/2YkdLSfSz1DUIOYNuowPNxsi/5NePXeeKqN2WNfscc2kdu80PWikB
Hhtkl8DaGH/ZP2cPdffpRzwJwF+rg9AZJ0MKuLNSgc3sE1kejsWCZgJTFNWrPvjW
9rW7I9rM9fq8XXB/Qm21n5Eiewhu1qb1XQmnGwglEeaSzeHpSq0GHncI+UzxxhQq
x/OnEDOCTVnQJvKrlCRbJxSqoLM0v5SfeZ9ZflZV9zgIRWYoCS6HUP3aA9O1G4q0
YQ6Of9k4LGDI0X82m2DhEQQqgmzdr4jfHzjCqgoOruP9+UXBnX/WXxd2gwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGnLVkMjqfwCgMXUtqFib7oqBoUPMB8GA1UdIwQY
MBaAFFqxmWUViEQ0uHiCtblypuUp/7ALMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3JHWlpSV0lSRFM0ZUlLMXVYS201U25fc0FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85NGM5MTktZTZlYS00ZTE4LWFmMTIt
ZWQ1YjAxZDI1MjhjLzEvYWN0V1F5T3BfQUtBeGRTMm9XSnZ1aW9HaFE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85NGM5MTktZTZlYS00ZTE4LWFmMTItZWQ1YjAxZDI1Mjhj
LzEvV3JHWlpSV0lSRFM0ZUlLMXVYS201U25fc0FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZ+cMA0G
CSqGSIb3DQEBCwUAA4IBAQCx/dIXSG15DWqLT787646ipjXQa4LUc92MAtKIuv54
5jVN6TVTTXKb13y+szzxcQ6IaqCHbWz9D/s+LB4SBbf9HBotPkx1/v/lSJ9gi7aD
bv8Sv4bjSPJyjw1jr/W90fBCyziX5j0FOoKriPws1K2osfkUcdMjYlRrkqG0OzCa
gssESit3hMN/UpK0hZWsVPy+fNg/kkG70jGqsz95pkua3yshL5FnDyPA6snJXMPS
fRNojFw2oCxJ4sE/yyqFYdnH2WQ+n4QGRKeh5a3uLQeVMSTeqVI1NmB34gfIKJZP
4fVpDSklLliVuAvk76Y8TpW7raopdLYuyAndlSaYR0JA
-----END CERTIFICATE-----