Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/a46349-1bc0-4a0b-b67f-b217a68ceaf4/1/Zc7gasNJq6H68qUZHLtRXEvbUkg.roa
File:                     Zc7gasNJq6H68qUZHLtRXEvbUkg.roa (raw, json)
Hash identifier:          /zDpzZ+DMs5xihuyd4eAWRsJ7oRjlX9MyL0nPC9fb6k=
Subject key identifier:   65:CE:E0:6A:C3:49:AB:A1:FA:F2:A5:19:1C:BB:51:5C:4B:DB:52:48
Certificate issuer:       /CN=5906325e34418a57ce566efc0c3e8b38a0efa5db
Certificate serial:       0192952D60AE856465F74C095EB5A2156C34
Authority key identifier: 59:06:32:5E:34:41:8A:57:CE:56:6E:FC:0C:3E:8B:38:A0:EF:A5:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WQYyXjRBilfOVm78DD6LOKDvpds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/a46349-1bc0-4a0b-b67f-b217a68ceaf4/1/Zc7gasNJq6H68qUZHLtRXEvbUkg.roa
Signing time:             Wed 16 Oct 2024 11:53:51 +0000
ROA not before:           Wed 16 Oct 2024 11:53:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        155.55.196.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/a46349-1bc0-4a0b-b67f-b217a68ceaf4/1/WQYyXjRBilfOVm78DD6LOKDvpds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/a46349-1bc0-4a0b-b67f-b217a68ceaf4/1/WQYyXjRBilfOVm78DD6LOKDvpds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WQYyXjRBilfOVm78DD6LOKDvpds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:95:2d:60:ae:85:64:65:f7:4c:09:5e:b5:a2:15:6c:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5906325e34418a57ce566efc0c3e8b38a0efa5db
        Validity
            Not Before: Oct 16 11:53:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65cee06ac349aba1faf2a5191cbb515c4bdb5248
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:60:12:16:95:7e:11:8b:0a:6c:cc:2d:ce:68:
                    dc:4b:45:71:11:35:f3:cb:80:6f:db:66:28:7b:79:
                    46:4a:5c:b1:59:3b:9c:f8:11:ee:e0:d7:35:de:f7:
                    4a:44:15:6f:b0:08:02:4a:81:67:b5:d0:58:6b:dd:
                    d5:6b:60:27:23:0a:e6:d6:0b:ef:e3:5d:8f:7e:4f:
                    02:6c:ac:20:35:e7:b1:45:10:ec:08:1c:1c:af:9f:
                    86:be:ad:2f:33:54:b2:a8:46:e7:ab:81:e2:a4:8e:
                    8a:9c:80:93:00:7d:bd:52:cc:d8:eb:e0:23:e4:79:
                    8d:c2:23:2b:01:5f:2c:69:bc:52:d0:eb:65:c5:64:
                    cc:c0:59:0c:8d:ec:e0:6c:22:7f:c7:ec:f0:47:a1:
                    b7:25:3f:e1:f7:76:ed:5b:b6:c5:18:e2:94:bc:95:
                    25:1b:04:60:ec:22:d9:bc:48:2b:c5:66:a3:7e:d3:
                    dc:0a:37:a9:a5:86:3b:36:d9:f0:db:ef:d0:e2:b5:
                    53:0f:be:b3:d1:c8:d2:93:d7:b8:ae:ae:b0:9d:2e:
                    51:a9:04:ea:c2:f0:d1:09:fd:ab:92:2c:89:0c:a9:
                    b7:61:00:a9:40:df:1e:0a:ed:fd:15:87:0b:6d:2a:
                    80:42:da:14:98:e8:48:fd:39:ee:02:dc:9a:85:dd:
                    75:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:CE:E0:6A:C3:49:AB:A1:FA:F2:A5:19:1C:BB:51:5C:4B:DB:52:48
            X509v3 Authority Key Identifier:
                keyid:59:06:32:5E:34:41:8A:57:CE:56:6E:FC:0C:3E:8B:38:A0:EF:A5:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WQYyXjRBilfOVm78DD6LOKDvpds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/a46349-1bc0-4a0b-b67f-b217a68ceaf4/1/Zc7gasNJq6H68qUZHLtRXEvbUkg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/a46349-1bc0-4a0b-b67f-b217a68ceaf4/1/WQYyXjRBilfOVm78DD6LOKDvpds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.55.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6c:03:c1:f6:14:1c:0a:04:f9:27:3c:a3:9e:81:09:e8:2f:81:
         82:91:b9:07:f3:03:c1:74:bb:fc:64:6e:b7:7f:c3:52:ad:1e:
         04:78:d2:b6:87:f9:75:04:20:76:a9:c6:dc:34:8e:f9:db:0b:
         df:12:f3:e7:60:f5:87:be:12:f8:9b:e5:27:c7:a4:df:fa:f9:
         49:02:36:7c:58:89:5a:72:c2:c1:04:39:0e:f5:fc:2c:2c:6b:
         2e:66:c1:a9:d2:a1:7c:d9:50:7a:e0:42:de:ac:f8:fb:b8:56:
         57:9c:db:1f:b7:22:55:ae:6f:25:bc:a6:32:6c:3a:b7:e9:b9:
         49:13:90:09:c8:22:38:53:c4:d0:cf:4f:d9:f8:91:33:86:90:
         fb:13:a0:1e:dd:cb:9e:9d:ac:b1:06:7f:7d:62:06:10:23:10:
         c8:00:1a:75:8d:40:94:b8:94:6c:ff:87:94:b9:2a:ff:8e:55:
         6e:eb:16:2e:d4:47:dd:3a:5b:0c:71:ba:02:5a:03:22:02:54:
         04:91:4a:cb:f4:17:6a:fa:46:2c:e7:8a:66:93:81:06:c1:9f:
         e5:89:91:4f:0e:43:a9:5a:cb:2a:ae:8b:8f:79:fe:b0:3c:15:
         8d:52:44:b5:6a:fb:6b:92:cb:f0:cf:39:b4:7f:13:74:81:99:
         56:28:0a:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKVLWCuhWRl90wJXrWiFWw0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5MDYzMjVlMzQ0MThhNTdjZTU2NmVmYzBjM2U4YjM4YTBl
ZmE1ZGIwHhcNMjQxMDE2MTE1MzUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWNlZTA2YWMzNDlhYmExZmFmMmE1MTkxY2JiNTE1YzRiZGI1MjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8GASFpV+EYsKbMwtzmjcS0VxETXz
y4Bv22Yoe3lGSlyxWTuc+BHu4Nc13vdKRBVvsAgCSoFntdBYa93Va2AnIwrm1gvv
412Pfk8CbKwgNeexRRDsCBwcr5+Gvq0vM1SyqEbnq4HipI6KnICTAH29UszY6+Aj
5HmNwiMrAV8sabxS0OtlxWTMwFkMjezgbCJ/x+zwR6G3JT/h93btW7bFGOKUvJUl
GwRg7CLZvEgrxWajftPcCjeppYY7Ntnw2+/Q4rVTD76z0cjSk9e4rq6wnS5RqQTq
wvDRCf2rkiyJDKm3YQCpQN8eCu39FYcLbSqAQtoUmOhI/TnuAtyahd11GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGXO4GrDSauh+vKlGRy7UVxL21JIMB8GA1UdIwQY
MBaAFFkGMl40QYpXzlZu/Aw+izig76XbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1FZeVhqUkJpbGZPVm03OERENkxPS0R2cGRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni9hNDYzNDktMWJjMC00YTBiLWI2N2Yt
YjIxN2E2OGNlYWY0LzEvWmM3Z2FzTkpxNkg2OHFVWkhMdFJYRXZiVWtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni9hNDYzNDktMWJjMC00YTBiLWI2N2YtYjIxN2E2OGNlYWY0
LzEvV1FZeVhqUkJpbGZPVm03OERENkxPS0R2cGRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCmzfEMA0G
CSqGSIb3DQEBCwUAA4IBAQBsA8H2FBwKBPknPKOegQnoL4GCkbkH8wPBdLv8ZG63
f8NSrR4EeNK2h/l1BCB2qcbcNI752wvfEvPnYPWHvhL4m+Unx6Tf+vlJAjZ8WIla
csLBBDkO9fwsLGsuZsGp0qF82VB64ELerPj7uFZXnNsftyJVrm8lvKYybDq36blJ
E5AJyCI4U8TQz0/Z+JEzhpD7E6Ae3cuenayxBn99YgYQIxDIABp1jUCUuJRs/4eU
uSr/jlVu6xYu1EfdOlsMcboCWgMiAlQEkUrL9Bdq+kYs54pmk4EGwZ/liZFPDkOp
WssqrouPef6wPBWNUkS1avtrksvwzzm0fxN0gZlWKArA
-----END CERTIFICATE-----