Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/300195-7e7b-4e99-a52d-caf4fa072682/1/YBxGAELZSIZLCYgk4kwOKjmGcIY.roa
File:                     YBxGAELZSIZLCYgk4kwOKjmGcIY.roa (raw, json)
Hash identifier:          nPqqgpVKszTLaAEiuiA6VnTGWA3df/Gyz+JMdFDkn60=
Subject key identifier:   60:1C:46:00:42:D9:48:86:4B:09:88:24:E2:4C:0E:2A:39:86:70:86
Certificate issuer:       /CN=159ba29a75ae1325c0382fb484b321d68d154384
Certificate serial:       018E11A663FAB8F0BCC91D646F657F4D2CB4
Authority key identifier: 15:9B:A2:9A:75:AE:13:25:C0:38:2F:B4:84:B3:21:D6:8D:15:43:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FZuimnWuEyXAOC-0hLMh1o0VQ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/300195-7e7b-4e99-a52d-caf4fa072682/1/YBxGAELZSIZLCYgk4kwOKjmGcIY.roa
Signing time:             Wed 06 Mar 2024 02:45:01 +0000
ROA not before:           Wed 06 Mar 2024 02:45:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199334
IP address blocks:        159.255.146.0/24 maxlen: 24
                          185.176.132.0/24 maxlen: 24
                          2a13:c680::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/300195-7e7b-4e99-a52d-caf4fa072682/1/FZuimnWuEyXAOC-0hLMh1o0VQ4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/300195-7e7b-4e99-a52d-caf4fa072682/1/FZuimnWuEyXAOC-0hLMh1o0VQ4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FZuimnWuEyXAOC-0hLMh1o0VQ4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:11:a6:63:fa:b8:f0:bc:c9:1d:64:6f:65:7f:4d:2c:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=159ba29a75ae1325c0382fb484b321d68d154384
        Validity
            Not Before: Mar  6 02:45:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=601c460042d948864b098824e24c0e2a39867086
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:b4:96:dd:f6:1e:f5:91:a2:29:e8:9f:37:f4:
                    ca:4a:12:97:ba:7c:90:3a:49:1b:55:cc:fb:08:ce:
                    b4:10:58:fd:9b:31:df:a1:47:c1:9a:29:2b:ba:b8:
                    e2:e7:af:61:fb:6d:7b:04:c9:eb:8d:1c:f8:7e:43:
                    af:67:09:e4:37:59:42:fc:9a:ab:a6:b5:1b:e5:7f:
                    d3:34:bf:8d:18:0d:f2:ff:1a:23:d1:c2:0d:2a:2d:
                    b1:7c:5a:4c:56:4d:7f:09:1a:bd:90:24:7a:5e:37:
                    00:c9:3d:d2:c4:3e:a1:68:8a:e2:a8:f0:20:35:8b:
                    9b:17:97:7b:b8:51:c9:6a:bd:64:f7:6d:91:87:ae:
                    a0:ab:5f:df:f9:9d:e9:02:d4:2e:09:5e:76:70:ec:
                    c2:f5:e8:27:e8:2f:e6:6e:d3:ce:20:63:40:20:95:
                    87:6b:92:14:ef:4a:f5:3f:65:e3:c4:d4:92:c6:99:
                    98:1d:9c:59:76:fa:f7:92:78:00:d7:c9:dd:e5:7a:
                    50:2c:49:30:73:7b:f8:34:52:10:13:e4:b6:49:db:
                    88:10:66:9a:db:92:97:7b:0a:9b:9f:34:0c:61:44:
                    42:46:9d:c0:ff:04:c1:78:19:be:90:90:39:fb:44:
                    4c:2d:e4:45:41:e9:1f:df:5d:8e:58:54:0a:5b:da:
                    98:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:1C:46:00:42:D9:48:86:4B:09:88:24:E2:4C:0E:2A:39:86:70:86
            X509v3 Authority Key Identifier:
                keyid:15:9B:A2:9A:75:AE:13:25:C0:38:2F:B4:84:B3:21:D6:8D:15:43:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FZuimnWuEyXAOC-0hLMh1o0VQ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/300195-7e7b-4e99-a52d-caf4fa072682/1/YBxGAELZSIZLCYgk4kwOKjmGcIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/300195-7e7b-4e99-a52d-caf4fa072682/1/FZuimnWuEyXAOC-0hLMh1o0VQ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.255.146.0/24
                  185.176.132.0/24
                IPv6:
                  2a13:c680::/48

    Signature Algorithm: sha256WithRSAEncryption
         4d:e1:a1:26:5e:62:4b:a2:b1:a3:62:9a:34:9c:7d:23:18:6c:
         71:fd:bb:6c:8c:22:e2:f5:c7:f3:26:b4:23:49:ca:0f:2b:c1:
         65:01:55:fe:45:74:f1:bd:19:c3:4c:49:6e:75:39:18:35:46:
         bf:a6:7e:cc:18:89:55:bc:a9:e2:b3:1f:25:8e:6d:bf:03:59:
         29:c4:d0:01:6c:5b:0c:fb:a5:e3:dd:56:b4:aa:cc:c5:52:8d:
         ec:7f:95:68:56:70:b6:22:77:47:29:af:12:d4:4d:e2:af:26:
         5d:ae:cb:10:5c:3f:4b:9d:2b:ca:c4:22:e3:d6:c3:75:68:e7:
         61:fa:18:3c:7a:a1:4a:02:eb:92:8c:0c:64:07:2d:19:3b:4b:
         8c:43:db:cd:1d:1d:27:d5:2d:bf:a9:aa:1f:05:a7:c1:33:fe:
         98:c5:76:79:0b:40:c7:cd:57:ff:12:dd:01:ae:88:82:b7:72:
         82:ff:82:0a:15:ae:08:ee:24:ed:66:2d:e9:58:3c:6d:33:df:
         6c:8e:d8:c0:4d:89:af:67:77:56:d5:2c:df:93:d0:05:79:f5:
         08:ef:62:13:77:46:72:2b:af:8c:8d:21:32:a3:a8:d3:2f:9c:
         86:e1:00:e5:db:bd:c5:e4:7e:3c:a0:41:b0:35:1d:1a:fe:74:
         26:07:60:0b
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAY4RpmP6uPC8yR1kb2V/TSy0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1OWJhMjlhNzVhZTEzMjVjMDM4MmZiNDg0YjMyMWQ2OGQx
NTQzODQwHhcNMjQwMzA2MDI0NTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDFjNDYwMDQyZDk0ODg2NGIwOTg4MjRlMjRjMGUyYTM5ODY3MDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbSW3fYe9ZGiKeifN/TKShKXunyQ
OkkbVcz7CM60EFj9mzHfoUfBmikrurji569h+217BMnrjRz4fkOvZwnkN1lC/Jqr
prUb5X/TNL+NGA3y/xoj0cINKi2xfFpMVk1/CRq9kCR6XjcAyT3SxD6haIriqPAg
NYubF5d7uFHJar1k922Rh66gq1/f+Z3pAtQuCV52cOzC9egn6C/mbtPOIGNAIJWH
a5IU70r1P2XjxNSSxpmYHZxZdvr3kngA18nd5XpQLEkwc3v4NFIQE+S2SduIEGaa
25KXewqbnzQMYURCRp3A/wTBeBm+kJA5+0RMLeRFQekf312OWFQKW9qYeQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFGAcRgBC2UiGSwmIJOJMDio5hnCGMB8GA1UdIwQY
MBaAFBWbopp1rhMlwDgvtISzIdaNFUOEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlp1aW1uV3VFeVhBT0MtMGhMTWgxbzBWUTRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8zMDAxOTUtN2U3Yi00ZTk5LWE1MmQt
Y2FmNGZhMDcyNjgyLzEvWUJ4R0FFTFpTSVpMQ1lnazRrd09Lam1HY0lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8zMDAxOTUtN2U3Yi00ZTk5LWE1MmQtY2FmNGZhMDcyNjgy
LzEvRlp1aW1uV3VFeVhBT0MtMGhMTWgxbzBWUTRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAn/+SAwQA
ubCEMA8EAgACMAkDBwAqE8aAAAAwDQYJKoZIhvcNAQELBQADggEBAE3hoSZeYkui
saNimjScfSMYbHH9u2yMIuL1x/MmtCNJyg8rwWUBVf5FdPG9GcNMSW51ORg1Rr+m
fswYiVW8qeKzHyWObb8DWSnE0AFsWwz7pePdVrSqzMVSjex/lWhWcLYid0cprxLU
TeKvJl2uyxBcP0udK8rEIuPWw3Vo52H6GDx6oUoC65KMDGQHLRk7S4xD280dHSfV
Lb+pqh8Fp8Ez/pjFdnkLQMfNV/8S3QGuiIK3coL/ggoVrgjuJO1mLelYPG0z32yO
2MBNia9nd1bVLN+T0AV59QjvYhN3RnIrr4yNITKjqNMvnIbhAOXbvcXkfjygQbA1
HRr+dCYHYAs=
-----END CERTIFICATE-----