Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/b62878-ccc8-4d57-9fe0-7a104b80cd71/1/V1qcHFdGeXrBYEkXbhox7KWeYYo.roa
File:                     V1qcHFdGeXrBYEkXbhox7KWeYYo.roa (raw, json)
Hash identifier:          JUK932bjkzB2s5Bcem4RYN9kqzS87dcuKBbIbfVf0+8=
Subject key identifier:   57:5A:9C:1C:57:46:79:7A:C1:60:49:17:6E:1A:31:EC:A5:9E:61:8A
Certificate issuer:       /CN=0aeeaee0863d1dca624f61f39b2181c7db6cba3f
Certificate serial:       018CC86F5DB4C1EA934A362F75F27BE17A5D
Authority key identifier: 0A:EE:AE:E0:86:3D:1D:CA:62:4F:61:F3:9B:21:81:C7:DB:6C:BA:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Cu6u4IY9HcpiT2HzmyGBx9tsuj8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/b62878-ccc8-4d57-9fe0-7a104b80cd71/1/V1qcHFdGeXrBYEkXbhox7KWeYYo.roa
Signing time:             Tue 02 Jan 2024 04:29:50 +0000
ROA not before:           Tue 02 Jan 2024 04:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206685
IP address blocks:        159.255.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/b62878-ccc8-4d57-9fe0-7a104b80cd71/1/Cu6u4IY9HcpiT2HzmyGBx9tsuj8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/b62878-ccc8-4d57-9fe0-7a104b80cd71/1/Cu6u4IY9HcpiT2HzmyGBx9tsuj8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Cu6u4IY9HcpiT2HzmyGBx9tsuj8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:5d:b4:c1:ea:93:4a:36:2f:75:f2:7b:e1:7a:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0aeeaee0863d1dca624f61f39b2181c7db6cba3f
        Validity
            Not Before: Jan  2 04:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=575a9c1c5746797ac16049176e1a31eca59e618a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:8c:77:79:94:ad:33:d0:e4:07:a1:20:8f:6c:
                    c6:a2:c9:da:64:02:95:67:59:c7:93:89:07:24:a1:
                    22:3f:7f:62:24:08:77:21:4d:cb:6a:ad:2b:92:91:
                    7e:82:5c:9b:7b:1d:13:4d:26:d2:0b:07:11:06:15:
                    cf:ed:6b:25:42:15:b3:3e:7e:82:da:4e:60:11:6e:
                    c6:58:0b:6c:c6:b2:0c:85:cc:ca:81:19:ff:f7:68:
                    39:92:48:e9:91:92:a1:6f:bf:76:55:21:d7:56:b2:
                    f5:14:b3:f6:d7:e7:30:e1:b8:41:0a:7e:ae:ac:06:
                    78:b6:4c:cc:f8:b9:10:83:0c:37:cd:14:a7:b0:90:
                    03:a7:1e:a6:db:68:f3:53:12:59:ec:24:9d:e2:4e:
                    44:fc:f0:89:15:22:9b:8a:8f:54:9c:26:a0:28:dc:
                    54:12:ff:ee:9d:f7:a0:82:b9:f4:b8:35:9d:ce:1e:
                    65:27:fc:87:b7:ab:2a:1d:c0:f4:ba:3f:ad:f1:42:
                    ae:ef:62:7f:4c:b9:b6:0d:e3:24:b7:43:86:db:3b:
                    e2:7a:4d:06:f2:80:d2:0a:ee:21:84:12:d6:02:b8:
                    c7:68:c1:ef:f5:f8:aa:89:8c:2c:a1:7c:a4:45:a2:
                    c4:62:69:60:48:b2:b3:2a:6a:ed:e6:b0:87:18:a0:
                    42:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:5A:9C:1C:57:46:79:7A:C1:60:49:17:6E:1A:31:EC:A5:9E:61:8A
            X509v3 Authority Key Identifier:
                keyid:0A:EE:AE:E0:86:3D:1D:CA:62:4F:61:F3:9B:21:81:C7:DB:6C:BA:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cu6u4IY9HcpiT2HzmyGBx9tsuj8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/b62878-ccc8-4d57-9fe0-7a104b80cd71/1/V1qcHFdGeXrBYEkXbhox7KWeYYo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/b62878-ccc8-4d57-9fe0-7a104b80cd71/1/Cu6u4IY9HcpiT2HzmyGBx9tsuj8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.255.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:85:db:35:76:e8:ae:73:67:83:85:a0:4d:10:ff:67:c1:19:
         65:79:e6:f1:71:38:44:2b:3c:7e:83:ce:64:b7:dd:29:f4:75:
         d9:89:a5:8a:ed:4e:e7:33:d8:fd:a9:85:80:fc:5f:3a:33:83:
         61:5d:cb:a5:38:16:35:38:1b:88:59:b6:e5:79:17:91:7e:a8:
         37:09:76:25:5b:7a:90:bd:e4:9d:8a:93:00:16:8b:c2:78:d5:
         1a:36:be:0c:23:f3:5f:c2:fb:3c:59:03:28:09:3f:44:d3:2f:
         aa:8a:14:98:b3:89:4d:90:88:fe:3f:f0:2a:4a:d7:12:d0:01:
         59:9d:61:fb:07:ba:ab:14:22:88:99:3e:40:6b:f3:a8:17:e6:
         b8:c5:e7:22:46:ac:e3:c8:50:71:1b:68:58:76:0d:96:af:a0:
         fe:06:eb:91:54:ca:ae:7c:8b:6b:a4:a9:e7:69:b2:81:29:dd:
         65:ef:9d:94:d4:4e:e8:29:89:66:8e:b2:c7:50:c9:90:5e:c7:
         ce:10:32:5c:e4:db:e3:41:80:13:b7:d4:41:cd:18:20:ed:12:
         5e:8a:b7:35:e9:f7:de:1f:8e:92:63:df:83:c4:fa:3c:5d:7e:
         ff:75:43:49:6e:3a:b1:43:c1:37:b4:8a:95:f8:65:54:27:66:
         f5:bb:0b:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb120weqTSjYvdfJ74XpdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhZWVhZWUwODYzZDFkY2E2MjRmNjFmMzliMjE4MWM3ZGI2
Y2JhM2YwHhcNMjQwMTAyMDQyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzVhOWMxYzU3NDY3OTdhYzE2MDQ5MTc2ZTFhMzFlY2E1OWU2MThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Ix3eZStM9DkB6Egj2zGosnaZAKV
Z1nHk4kHJKEiP39iJAh3IU3Laq0rkpF+glybex0TTSbSCwcRBhXP7WslQhWzPn6C
2k5gEW7GWAtsxrIMhczKgRn/92g5kkjpkZKhb792VSHXVrL1FLP21+cw4bhBCn6u
rAZ4tkzM+LkQgww3zRSnsJADpx6m22jzUxJZ7CSd4k5E/PCJFSKbio9UnCagKNxU
Ev/unfeggrn0uDWdzh5lJ/yHt6sqHcD0uj+t8UKu72J/TLm2DeMkt0OG2zviek0G
8oDSCu4hhBLWArjHaMHv9fiqiYwsoXykRaLEYmlgSLKzKmrt5rCHGKBCoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFdanBxXRnl6wWBJF24aMeylnmGKMB8GA1UdIwQY
MBaAFAruruCGPR3KYk9h85shgcfbbLo/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3U2dTRJWTlIY3BpVDJIem15R0J4OXRzdWo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi9iNjI4NzgtY2NjOC00ZDU3LTlmZTAt
N2ExMDRiODBjZDcxLzEvVjFxY0hGZEdlWHJCWUVrWGJob3g3S1dlWVlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi9iNjI4NzgtY2NjOC00ZDU3LTlmZTAtN2ExMDRiODBjZDcx
LzEvQ3U2dTRJWTlIY3BpVDJIem15R0J4OXRzdWo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn/+9MA0G
CSqGSIb3DQEBCwUAA4IBAQCyhds1duiuc2eDhaBNEP9nwRlleebxcThEKzx+g85k
t90p9HXZiaWK7U7nM9j9qYWA/F86M4NhXculOBY1OBuIWbbleReRfqg3CXYlW3qQ
veSdipMAFovCeNUaNr4MI/Nfwvs8WQMoCT9E0y+qihSYs4lNkIj+P/AqStcS0AFZ
nWH7B7qrFCKImT5Aa/OoF+a4xeciRqzjyFBxG2hYdg2Wr6D+BuuRVMqufItrpKnn
abKBKd1l752U1E7oKYlmjrLHUMmQXsfOEDJc5NvjQYATt9RBzRgg7RJeirc16ffe
H46SY9+DxPo8XX7/dUNJbjqxQ8E3tIqV+GVUJ2b1uwvi
-----END CERTIFICATE-----