Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/a46349-1bc0-4a0b-b67f-b217a68ceaf4/1/xyGqaFm8wV6in1t_6bj0_LRGfV0.roa
File:                     xyGqaFm8wV6in1t_6bj0_LRGfV0.roa (raw, json)
Hash identifier:          m0Saw+cLOstpLd2stdgUm+hFFozHrcVyidN3zuOottg=
Subject key identifier:   C7:21:AA:68:59:BC:C1:5E:A2:9F:5B:7F:E9:B8:F4:FC:B4:46:7D:5D
Certificate issuer:       /CN=5906325e34418a57ce566efc0c3e8b38a0efa5db
Certificate serial:       01942068649793585F16B08518B22257C958
Authority key identifier: 59:06:32:5E:34:41:8A:57:CE:56:6E:FC:0C:3E:8B:38:A0:EF:A5:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WQYyXjRBilfOVm78DD6LOKDvpds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/a46349-1bc0-4a0b-b67f-b217a68ceaf4/1/xyGqaFm8wV6in1t_6bj0_LRGfV0.roa
Signing time:             Wed 01 Jan 2025 05:48:19 +0000
ROA not before:           Wed 01 Jan 2025 05:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        155.55.192.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/a46349-1bc0-4a0b-b67f-b217a68ceaf4/1/WQYyXjRBilfOVm78DD6LOKDvpds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/a46349-1bc0-4a0b-b67f-b217a68ceaf4/1/WQYyXjRBilfOVm78DD6LOKDvpds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WQYyXjRBilfOVm78DD6LOKDvpds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:64:97:93:58:5f:16:b0:85:18:b2:22:57:c9:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5906325e34418a57ce566efc0c3e8b38a0efa5db
        Validity
            Not Before: Jan  1 05:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c721aa6859bcc15ea29f5b7fe9b8f4fcb4467d5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:c1:99:3e:91:78:c6:4f:54:20:96:fa:79:d0:
                    d3:c2:c6:84:91:3b:d5:34:4f:d3:ac:e5:2e:3a:1b:
                    36:b7:8e:ed:85:76:c4:64:28:da:8d:af:d7:4c:13:
                    fd:b2:db:d7:b4:a4:c5:4f:29:4e:96:ae:6e:26:0c:
                    cb:ed:c3:67:e8:30:18:d2:27:64:5a:48:6d:23:ce:
                    33:a1:8e:4d:a7:35:68:75:ea:0f:32:c2:af:26:e6:
                    ea:ca:9d:b1:18:1a:08:85:a5:3c:b4:d2:cf:e0:8a:
                    a1:88:cd:51:e4:62:bd:f5:b7:7c:15:fd:d6:e7:28:
                    6f:07:42:2a:af:bc:8e:00:56:ad:26:f2:f2:1a:3a:
                    a6:67:db:25:94:fa:06:c8:df:9b:5d:89:76:d2:d7:
                    de:c7:7c:62:19:38:60:f0:88:09:92:7f:34:31:3a:
                    8e:5f:1e:05:62:36:42:8f:1b:a4:2b:5c:15:55:08:
                    d6:2e:df:e7:3a:da:86:07:05:2e:29:35:6c:9b:87:
                    f8:4c:f6:9b:9d:86:39:f8:e4:01:45:f9:7b:ed:75:
                    49:aa:18:09:ea:f4:e2:6e:f2:a9:eb:d3:b4:03:cb:
                    35:e8:d7:da:27:a2:47:f4:36:3a:fc:2a:09:12:9c:
                    4b:38:a1:ca:46:b8:aa:ec:5f:cb:a0:cf:4c:06:78:
                    4b:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:21:AA:68:59:BC:C1:5E:A2:9F:5B:7F:E9:B8:F4:FC:B4:46:7D:5D
            X509v3 Authority Key Identifier:
                keyid:59:06:32:5E:34:41:8A:57:CE:56:6E:FC:0C:3E:8B:38:A0:EF:A5:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WQYyXjRBilfOVm78DD6LOKDvpds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/a46349-1bc0-4a0b-b67f-b217a68ceaf4/1/xyGqaFm8wV6in1t_6bj0_LRGfV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/a46349-1bc0-4a0b-b67f-b217a68ceaf4/1/WQYyXjRBilfOVm78DD6LOKDvpds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.55.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         07:1f:67:c9:77:68:88:87:73:04:6f:d4:24:05:8e:23:31:88:
         e6:33:de:ac:42:bc:67:1d:5e:3f:37:03:42:40:62:27:68:76:
         d1:8e:bb:41:b7:f9:d4:85:1b:e5:e9:5b:08:cd:22:ad:f5:7d:
         da:f3:a9:3e:af:e0:e4:7a:ec:00:66:2d:a8:88:70:b8:30:c3:
         d7:c3:7d:16:0e:56:84:95:87:5f:1a:cb:1e:bb:20:b3:c0:0d:
         a4:f7:8c:ba:17:4f:02:a9:81:a9:64:1c:88:20:02:c3:aa:cb:
         ee:26:09:09:33:49:ff:08:bc:b5:d8:34:a0:98:b3:c0:28:10:
         06:78:1e:08:23:5d:8d:c2:39:05:6c:62:ab:bb:bf:bd:37:4c:
         9e:1c:26:7b:24:b2:36:30:07:c3:5c:2f:6a:d7:8c:ac:b6:af:
         20:78:8f:88:c5:ef:e4:65:68:1e:88:ee:02:37:f6:34:f6:88:
         65:67:ab:b2:bd:93:38:15:53:11:67:b7:17:7a:33:94:f3:52:
         67:5d:78:2d:9c:78:af:2e:a8:21:b0:cb:9a:5e:17:59:3b:57:
         01:48:76:d3:a4:13:5d:a0:df:d6:b0:b4:89:f2:7f:f2:a0:10:
         c3:14:08:63:dc:91:2d:64:ab:e4:d8:30:2a:fd:e4:e3:0b:e5:
         33:b1:6f:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaGSXk1hfFrCFGLIiV8lYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5MDYzMjVlMzQ0MThhNTdjZTU2NmVmYzBjM2U4YjM4YTBl
ZmE1ZGIwHhcNMjUwMTAxMDU0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzIxYWE2ODU5YmNjMTVlYTI5ZjViN2ZlOWI4ZjRmY2I0NDY3ZDVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsGZPpF4xk9UIJb6edDTwsaEkTvV
NE/TrOUuOhs2t47thXbEZCjaja/XTBP9stvXtKTFTylOlq5uJgzL7cNn6DAY0idk
WkhtI84zoY5NpzVodeoPMsKvJubqyp2xGBoIhaU8tNLP4IqhiM1R5GK99bd8Ff3W
5yhvB0Iqr7yOAFatJvLyGjqmZ9sllPoGyN+bXYl20tfex3xiGThg8IgJkn80MTqO
Xx4FYjZCjxukK1wVVQjWLt/nOtqGBwUuKTVsm4f4TPabnYY5+OQBRfl77XVJqhgJ
6vTibvKp69O0A8s16NfaJ6JH9DY6/CoJEpxLOKHKRriq7F/LoM9MBnhLFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMchqmhZvMFeop9bf+m49Py0Rn1dMB8GA1UdIwQY
MBaAFFkGMl40QYpXzlZu/Aw+izig76XbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1FZeVhqUkJpbGZPVm03OERENkxPS0R2cGRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni9hNDYzNDktMWJjMC00YTBiLWI2N2Yt
YjIxN2E2OGNlYWY0LzEveHlHcWFGbTh3VjZpbjF0XzZiajBfTFJHZlYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni9hNDYzNDktMWJjMC00YTBiLWI2N2YtYjIxN2E2OGNlYWY0
LzEvV1FZeVhqUkJpbGZPVm03OERENkxPS0R2cGRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCmzfAMA0G
CSqGSIb3DQEBCwUAA4IBAQAHH2fJd2iIh3MEb9QkBY4jMYjmM96sQrxnHV4/NwNC
QGInaHbRjrtBt/nUhRvl6VsIzSKt9X3a86k+r+DkeuwAZi2oiHC4MMPXw30WDlaE
lYdfGsseuyCzwA2k94y6F08CqYGpZByIIALDqsvuJgkJM0n/CLy12DSgmLPAKBAG
eB4II12NwjkFbGKru7+9N0yeHCZ7JLI2MAfDXC9q14ystq8geI+Ixe/kZWgeiO4C
N/Y09ohlZ6uyvZM4FVMRZ7cXejOU81JnXXgtnHivLqghsMuaXhdZO1cBSHbTpBNd
oN/WsLSJ8n/yoBDDFAhj3JEtZKvk2DAq/eTjC+UzsW9u
-----END CERTIFICATE-----