Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/ryMzbaZeqshY2U41UiqjLp4ggbc.roa
File:                     ryMzbaZeqshY2U41UiqjLp4ggbc.roa (raw, json)
Hash identifier:          xe4Lvja05Wokpa8NmZ5nrnjO4REbhClZIiYZLqhknXw=
Subject key identifier:   AF:23:33:6D:A6:5E:AA:C8:58:D9:4E:35:52:2A:A3:2E:9E:20:81:B7
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       0192D942A8C1B25ED31328B786C683F04074
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/ryMzbaZeqshY2U41UiqjLp4ggbc.roa
Signing time:             Tue 29 Oct 2024 17:11:17 +0000
ROA not before:           Tue 29 Oct 2024 17:11:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     55154
IP address blocks:        104.238.26.0/24 maxlen: 24
                          104.238.29.0/24 maxlen: 24
                          104.239.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d9:42:a8:c1:b2:5e:d3:13:28:b7:86:c6:83:f0:40:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Oct 29 17:11:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af23336da65eaac858d94e35522aa32e9e2081b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:dc:be:6b:43:62:c2:1c:4a:03:93:3b:1d:b2:
                    98:12:87:ce:e5:e0:bc:7f:c8:17:e8:06:f0:a2:13:
                    fc:f8:f0:96:d2:c3:8e:32:24:02:c9:66:65:44:a6:
                    da:f9:6f:e5:36:9c:fc:7d:8b:03:30:ce:bf:11:43:
                    dd:ef:8e:11:9e:3c:fc:89:d6:8b:a6:70:7d:f6:5c:
                    65:59:a0:3b:be:bc:9b:c6:65:c4:a5:80:10:5a:80:
                    92:a5:70:bc:c0:fc:f8:81:0b:2f:45:b6:fc:0b:26:
                    cd:0d:a8:25:1a:97:f9:84:49:35:db:8f:f3:54:7e:
                    2e:8b:a1:64:94:46:2a:7c:5a:1a:8e:3f:1e:86:3f:
                    fe:6d:aa:13:85:de:68:b8:4e:74:a5:bb:ad:70:b3:
                    17:ec:56:49:19:23:72:51:23:ea:93:38:43:d5:57:
                    3d:5f:69:3f:18:a3:52:0e:e7:28:6e:e1:d2:19:0a:
                    28:9f:d0:98:90:53:58:2c:51:30:e8:59:ce:2f:57:
                    e1:53:24:27:b8:9f:0b:fc:9c:0e:cf:a5:c9:0b:84:
                    1f:3a:6b:af:99:40:d3:1f:06:f9:92:cc:30:c0:16:
                    61:9f:c4:10:73:96:91:a2:1c:b1:d5:ee:ee:8d:44:
                    e8:83:11:76:c8:3d:29:a9:dd:ca:e8:a3:56:2a:79:
                    46:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:23:33:6D:A6:5E:AA:C8:58:D9:4E:35:52:2A:A3:2E:9E:20:81:B7
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/ryMzbaZeqshY2U41UiqjLp4ggbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.238.26.0/24
                  104.238.29.0/24
                  104.239.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:96:b0:7f:0c:aa:43:dc:b0:cd:62:ff:c6:c4:b0:0f:56:8a:
         90:45:25:06:2e:a8:f0:8b:e1:fd:e2:8a:81:d9:1c:84:86:d4:
         80:46:ec:5f:95:c2:a5:a3:8f:b0:0a:ba:14:9d:96:04:86:e9:
         1d:16:91:46:54:90:47:0a:90:f6:48:c5:70:79:4f:0b:b2:f9:
         1d:3f:61:89:b8:50:e0:0d:f6:ec:40:fe:0b:fb:91:8d:02:5a:
         c8:40:96:6d:69:26:26:6b:76:e5:c3:d5:3b:48:6c:23:10:3c:
         e1:28:95:14:0d:da:14:e1:ef:e9:ed:5a:83:fd:6c:e1:20:84:
         69:c6:27:f3:2c:4f:a1:0b:e6:a5:6f:96:04:3d:db:23:ca:fd:
         99:69:ff:9b:f2:54:85:de:8d:6d:ee:8f:94:95:35:79:17:98:
         4d:6b:54:f1:9a:bd:97:fb:3f:7f:a5:c1:a6:77:d1:39:f5:47:
         8b:a0:be:5b:d7:66:59:2c:2d:46:21:be:88:25:21:06:80:98:
         56:38:f6:19:b0:e3:db:07:74:4d:a5:da:6c:47:66:3b:94:e2:
         0f:f0:a4:3e:35:c6:b0:08:4c:40:ee:b1:23:0d:0c:14:7e:ad:
         a4:3b:45:bd:af:cc:4c:d6:b9:f0:33:75:b2:c9:68:1c:1c:d4:
         f2:ba:ab:7d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZLZQqjBsl7TEyi3hsaD8EB0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjQxMDI5MTcxMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjIzMzM2ZGE2NWVhYWM4NThkOTRlMzU1MjJhYTMyZTllMjA4MWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh9y+a0NiwhxKA5M7HbKYEofO5eC8
f8gX6AbwohP8+PCW0sOOMiQCyWZlRKba+W/lNpz8fYsDMM6/EUPd744Rnjz8idaL
pnB99lxlWaA7vrybxmXEpYAQWoCSpXC8wPz4gQsvRbb8CybNDaglGpf5hEk124/z
VH4ui6FklEYqfFoajj8ehj/+baoThd5ouE50pbutcLMX7FZJGSNyUSPqkzhD1Vc9
X2k/GKNSDucobuHSGQoon9CYkFNYLFEw6FnOL1fhUyQnuJ8L/JwOz6XJC4QfOmuv
mUDTHwb5kswwwBZhn8QQc5aRohyx1e7ujUTogxF2yD0pqd3K6KNWKnlGyQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFK8jM22mXqrIWNlONVIqoy6eIIG3MB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvcnlNemJhWmVxc2hZMlU0MVVpcWpMcDRnZ2JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAaO4aAwQA
aO4dAwQAaO8zMA0GCSqGSIb3DQEBCwUAA4IBAQCIlrB/DKpD3LDNYv/GxLAPVoqQ
RSUGLqjwi+H94oqB2RyEhtSARuxflcKlo4+wCroUnZYEhukdFpFGVJBHCpD2SMVw
eU8LsvkdP2GJuFDgDfbsQP4L+5GNAlrIQJZtaSYma3blw9U7SGwjEDzhKJUUDdoU
4e/p7VqD/WzhIIRpxifzLE+hC+alb5YEPdsjyv2Zaf+b8lSF3o1t7o+UlTV5F5hN
a1Txmr2X+z9/pcGmd9E59UeLoL5b12ZZLC1GIb6IJSEGgJhWOPYZsOPbB3RNpdps
R2Y7lOIP8KQ+NcawCExA7rEjDQwUfq2kO0W9r8xM1rnwM3WyyWgcHNTyuqt9
-----END CERTIFICATE-----