Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/aa2311-b1cd-4d18-aebb-a3f2324f6d8c/1/p0mW0_xq2HSGhiIwJXscHUFmFbE.roa
File:                     p0mW0_xq2HSGhiIwJXscHUFmFbE.roa (raw, json)
Hash identifier:          KI3yEotZNkWUWnJQ0A7GnaTcsKVZHPvtu26FJHeWomg=
Subject key identifier:   A7:49:96:D3:FC:6A:D8:74:86:86:22:30:25:7B:1C:1D:41:66:15:B1
Certificate issuer:       /CN=59f915ae3e2216be338f6334532f9380cfd2f40a
Certificate serial:       018CC86F99B59CCCBF74FD784451B5FFCC17
Authority key identifier: 59:F9:15:AE:3E:22:16:BE:33:8F:63:34:53:2F:93:80:CF:D2:F4:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WfkVrj4iFr4zj2M0Uy-TgM_S9Ao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/aa2311-b1cd-4d18-aebb-a3f2324f6d8c/1/p0mW0_xq2HSGhiIwJXscHUFmFbE.roa
Signing time:             Tue 02 Jan 2024 04:30:06 +0000
ROA not before:           Tue 02 Jan 2024 04:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21190
IP address blocks:        194.56.100.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/aa2311-b1cd-4d18-aebb-a3f2324f6d8c/1/WfkVrj4iFr4zj2M0Uy-TgM_S9Ao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/aa2311-b1cd-4d18-aebb-a3f2324f6d8c/1/WfkVrj4iFr4zj2M0Uy-TgM_S9Ao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WfkVrj4iFr4zj2M0Uy-TgM_S9Ao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:99:b5:9c:cc:bf:74:fd:78:44:51:b5:ff:cc:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59f915ae3e2216be338f6334532f9380cfd2f40a
        Validity
            Not Before: Jan  2 04:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a74996d3fc6ad87486862230257b1c1d416615b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:1e:1b:c3:ee:12:5e:7e:1e:3c:a7:12:fb:33:
                    7a:3a:7d:05:7d:1a:81:b7:cf:b9:bc:ac:a6:70:76:
                    4d:13:7f:74:af:64:e4:ae:37:48:06:7a:ca:7b:d9:
                    87:51:09:56:59:09:81:c7:e7:ef:cd:a8:d5:21:5e:
                    9e:97:a4:b4:38:2a:45:76:a0:35:19:9b:ee:cb:9e:
                    a8:25:42:e1:aa:f8:af:6d:49:b8:b7:2a:8c:8c:c9:
                    34:8b:9c:79:a2:bc:e9:03:98:0a:04:3f:de:af:80:
                    13:06:33:b7:54:88:c2:73:59:9b:2d:d6:fa:de:e5:
                    ad:ca:4c:cc:13:51:86:a7:43:4c:be:65:93:13:91:
                    72:74:7d:de:5e:6e:1f:00:59:2e:14:1c:62:c8:e6:
                    8d:8b:c1:50:d5:72:22:e4:97:09:8f:6b:22:65:da:
                    91:be:e6:17:6c:70:1a:92:cb:2e:bb:0a:84:00:72:
                    84:c8:bf:8a:81:50:9b:cd:7d:2a:13:27:6b:d0:4b:
                    fb:2f:75:c2:0a:b5:08:fd:75:53:1c:c5:8e:77:27:
                    54:52:22:db:1c:f2:a2:a4:bf:c3:2b:22:0c:8e:83:
                    6a:cd:2b:d3:4f:52:34:17:c6:45:e0:1c:5c:19:3d:
                    61:e9:81:88:3c:03:07:c3:75:2f:46:60:b0:3f:22:
                    dd:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:49:96:D3:FC:6A:D8:74:86:86:22:30:25:7B:1C:1D:41:66:15:B1
            X509v3 Authority Key Identifier:
                keyid:59:F9:15:AE:3E:22:16:BE:33:8F:63:34:53:2F:93:80:CF:D2:F4:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WfkVrj4iFr4zj2M0Uy-TgM_S9Ao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/aa2311-b1cd-4d18-aebb-a3f2324f6d8c/1/p0mW0_xq2HSGhiIwJXscHUFmFbE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/aa2311-b1cd-4d18-aebb-a3f2324f6d8c/1/WfkVrj4iFr4zj2M0Uy-TgM_S9Ao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.56.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         81:69:14:61:66:df:75:80:fb:fe:d7:e9:92:c4:25:1d:ed:69:
         0a:f8:d8:dd:b4:7c:6d:bd:c0:81:f1:34:0a:48:26:f6:91:31:
         56:5e:2e:dd:55:97:ac:27:92:11:0a:3a:f3:a3:17:08:ce:ae:
         3b:da:c6:a8:12:fa:44:a4:3b:7b:73:b6:af:9b:10:f6:f5:07:
         cd:fa:fa:82:b2:87:ca:9c:7c:fb:81:d1:e7:41:f6:11:5e:b4:
         71:70:ea:9d:2c:0a:3d:bf:68:aa:91:11:13:15:26:f7:90:8c:
         eb:3c:4d:32:8a:91:b6:45:f1:9f:41:b4:4f:ca:50:51:7a:b4:
         20:2a:c9:50:fa:9a:98:d0:24:f0:f4:c2:68:b9:3e:18:64:a6:
         a0:52:fb:99:96:34:fd:5b:1f:e8:18:d3:10:ad:4e:10:2a:ae:
         71:f6:4f:56:cc:c8:c4:87:fa:4b:b3:47:78:5d:e2:aa:d3:21:
         17:ba:94:11:67:9f:60:18:1d:ee:35:6e:08:33:ac:58:c6:17:
         8b:c9:06:07:bc:59:49:63:62:f6:70:ef:ff:da:94:8e:68:ff:
         51:32:50:0a:bd:a6:b7:b4:37:50:e0:52:ce:7e:77:1f:5f:7c:
         95:94:0f:8d:46:e6:b5:55:89:b7:96:74:ad:64:eb:7d:18:7f:
         29:33:1c:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb5m1nMy/dP14RFG1/8wXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5ZjkxNWFlM2UyMjE2YmUzMzhmNjMzNDUzMmY5MzgwY2Zk
MmY0MGEwHhcNMjQwMTAyMDQzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzQ5OTZkM2ZjNmFkODc0ODY4NjIyMzAyNTdiMWMxZDQxNjYxNWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlR4bw+4SXn4ePKcS+zN6On0FfRqB
t8+5vKymcHZNE390r2TkrjdIBnrKe9mHUQlWWQmBx+fvzajVIV6el6S0OCpFdqA1
GZvuy56oJULhqvivbUm4tyqMjMk0i5x5orzpA5gKBD/er4ATBjO3VIjCc1mbLdb6
3uWtykzME1GGp0NMvmWTE5FydH3eXm4fAFkuFBxiyOaNi8FQ1XIi5JcJj2siZdqR
vuYXbHAakssuuwqEAHKEyL+KgVCbzX0qEydr0Ev7L3XCCrUI/XVTHMWOdydUUiLb
HPKipL/DKyIMjoNqzSvTT1I0F8ZF4BxcGT1h6YGIPAMHw3UvRmCwPyLdrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKdJltP8ath0hoYiMCV7HB1BZhWxMB8GA1UdIwQY
MBaAFFn5Fa4+Iha+M49jNFMvk4DP0vQKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2ZrVnJqNGlGcjR6ajJNMFV5LVRnTV9TOUFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9hYTIzMTEtYjFjZC00ZDE4LWFlYmIt
YTNmMjMyNGY2ZDhjLzEvcDBtVzBfeHEySFNHaGlJd0pYc2NIVUZtRmJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9hYTIzMTEtYjFjZC00ZDE4LWFlYmItYTNmMjMyNGY2ZDhj
LzEvV2ZrVnJqNGlGcjR6ajJNMFV5LVRnTV9TOUFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwjhkMA0G
CSqGSIb3DQEBCwUAA4IBAQCBaRRhZt91gPv+1+mSxCUd7WkK+NjdtHxtvcCB8TQK
SCb2kTFWXi7dVZesJ5IRCjrzoxcIzq472saoEvpEpDt7c7avmxD29QfN+vqCsofK
nHz7gdHnQfYRXrRxcOqdLAo9v2iqkRETFSb3kIzrPE0yipG2RfGfQbRPylBRerQg
KslQ+pqY0CTw9MJouT4YZKagUvuZljT9Wx/oGNMQrU4QKq5x9k9WzMjEh/pLs0d4
XeKq0yEXupQRZ59gGB3uNW4IM6xYxheLyQYHvFlJY2L2cO//2pSOaP9RMlAKvaa3
tDdQ4FLOfncfX3yVlA+NRua1VYm3lnStZOt9GH8pMxy4
-----END CERTIFICATE-----