Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/N9uQme0v4ZYAgbNRQKcVoiJwaeY.roa
File:                     N9uQme0v4ZYAgbNRQKcVoiJwaeY.roa (raw, json)
Hash identifier:          NCajg8pYt+v71kCNHGJduzE8H1Y4pxueOL4cGk59Lwg=
Subject key identifier:   37:DB:90:99:ED:2F:E1:96:00:81:B3:51:40:A7:15:A2:22:70:69:E6
Certificate issuer:       /CN=5806da5a59251275ceb18694e17415352aedd6aa
Certificate serial:       018CC64B8DD56B2DAD498B77D07809734F56
Authority key identifier: 58:06:DA:5A:59:25:12:75:CE:B1:86:94:E1:74:15:35:2A:ED:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WAbaWlklEnXOsYaU4XQVNSrt1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/N9uQme0v4ZYAgbNRQKcVoiJwaeY.roa
Signing time:             Mon 01 Jan 2024 18:31:29 +0000
ROA not before:           Mon 01 Jan 2024 18:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211432
IP address blocks:        185.255.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/WAbaWlklEnXOsYaU4XQVNSrt1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/WAbaWlklEnXOsYaU4XQVNSrt1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WAbaWlklEnXOsYaU4XQVNSrt1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 14:49:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:8d:d5:6b:2d:ad:49:8b:77:d0:78:09:73:4f:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5806da5a59251275ceb18694e17415352aedd6aa
        Validity
            Not Before: Jan  1 18:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37db9099ed2fe1960081b35140a715a2227069e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:b6:62:1c:0d:f2:c2:42:ad:65:0a:2b:6e:9e:
                    72:6f:8a:eb:eb:46:fb:de:0b:21:19:db:40:ff:0f:
                    8b:cd:3d:13:14:ca:32:32:e6:df:31:e0:1e:6d:67:
                    89:f1:4d:df:28:5c:20:e1:96:ea:36:8b:f8:11:1c:
                    41:36:b8:f5:4e:ce:2e:fe:f5:0c:74:ee:5f:48:1b:
                    ea:bd:67:0c:1b:4c:04:c7:53:8f:b1:98:7d:c6:98:
                    dd:12:4f:cd:ed:b0:a3:81:8e:cd:8d:12:28:df:4b:
                    04:f6:73:77:68:38:77:62:c4:7c:06:f5:d6:98:70:
                    da:6a:36:7f:26:fb:98:3d:9e:5c:3c:02:7d:ed:ae:
                    69:c1:65:79:0e:9b:8f:45:7f:2b:3c:1b:bb:24:dd:
                    3f:b3:fe:19:d9:d6:ca:fd:4b:b1:76:04:4c:78:3e:
                    64:d7:2a:b7:5b:be:32:17:5f:89:eb:18:55:39:cf:
                    9d:2d:c1:7e:f1:5e:8c:78:70:e4:8b:1e:b0:2e:c2:
                    f6:2c:dc:10:f8:2a:dd:22:1a:6e:97:7a:6f:a8:d9:
                    a0:69:90:21:4f:c6:83:bf:19:24:79:fa:43:8b:de:
                    b1:b8:2f:5e:f0:e3:e8:1e:85:1e:aa:31:08:94:f2:
                    a9:03:47:9c:10:02:2f:6b:ad:80:cd:ab:b2:af:69:
                    c4:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:DB:90:99:ED:2F:E1:96:00:81:B3:51:40:A7:15:A2:22:70:69:E6
            X509v3 Authority Key Identifier:
                keyid:58:06:DA:5A:59:25:12:75:CE:B1:86:94:E1:74:15:35:2A:ED:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WAbaWlklEnXOsYaU4XQVNSrt1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/N9uQme0v4ZYAgbNRQKcVoiJwaeY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/WAbaWlklEnXOsYaU4XQVNSrt1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:20:11:8c:b6:e5:fc:0c:bd:cf:9e:1c:9a:8d:ce:0c:0a:8b:
         02:70:4f:98:65:dc:66:21:49:cb:c3:cf:0f:27:71:93:62:58:
         97:26:b1:98:5f:fc:aa:44:91:06:6c:cc:df:7f:7b:0d:92:14:
         ae:3d:0d:5c:09:d0:7c:eb:1a:5e:e3:89:46:28:e9:f0:d6:4a:
         d6:32:81:eb:e2:3d:f5:7b:ff:4e:12:10:7d:32:5f:21:20:4f:
         e3:8e:b6:7e:f9:a8:fb:0c:c4:61:57:be:bf:eb:d6:b1:2c:56:
         4f:b0:26:f0:6a:2b:53:b2:5e:f2:b1:91:10:da:b4:8a:91:13:
         dd:ac:07:de:42:d8:32:a9:ef:db:1b:c7:78:3c:ec:e9:ce:3c:
         89:3f:9a:4f:77:21:de:dc:aa:e2:95:29:1d:ec:35:93:be:10:
         ac:8d:a4:5d:3b:b8:e3:f6:de:67:3a:a1:88:e4:77:43:51:12:
         35:e3:50:24:40:29:c3:a0:4d:6a:5f:06:9c:01:2f:83:9c:4d:
         9f:17:fe:94:cf:bd:6b:47:a3:51:04:ec:f1:a2:97:87:1e:ea:
         8f:ca:18:11:f3:47:e5:a6:c2:c8:db:c5:7a:a1:19:cf:09:69:
         b6:ac:ac:54:d3:71:e6:e2:8d:70:5a:b2:12:d5:ec:dd:ad:b9:
         4a:44:e3:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS43Vay2tSYt30HgJc09WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4MDZkYTVhNTkyNTEyNzVjZWIxODY5NGUxNzQxNTM1MmFl
ZGQ2YWEwHhcNMjQwMTAxMTgzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2RiOTA5OWVkMmZlMTk2MDA4MWIzNTE0MGE3MTVhMjIyNzA2OWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjLZiHA3ywkKtZQorbp5yb4rr60b7
3gshGdtA/w+LzT0TFMoyMubfMeAebWeJ8U3fKFwg4ZbqNov4ERxBNrj1Ts4u/vUM
dO5fSBvqvWcMG0wEx1OPsZh9xpjdEk/N7bCjgY7NjRIo30sE9nN3aDh3YsR8BvXW
mHDaajZ/JvuYPZ5cPAJ97a5pwWV5DpuPRX8rPBu7JN0/s/4Z2dbK/UuxdgRMeD5k
1yq3W74yF1+J6xhVOc+dLcF+8V6MeHDkix6wLsL2LNwQ+CrdIhpul3pvqNmgaZAh
T8aDvxkkefpDi96xuC9e8OPoHoUeqjEIlPKpA0ecEAIva62Azauyr2nEgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDfbkJntL+GWAIGzUUCnFaIicGnmMB8GA1UdIwQY
MBaAFFgG2lpZJRJ1zrGGlOF0FTUq7daqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0FiYVdsa2xFblhPc1lhVTRYUVZOU3J0MXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81ZGYxMTktYjFkZi00Y2ViLWJkNGYt
Zjc5Y2NjM2Y0ZWFmLzEvTjl1UW1lMHY0WllBZ2JOUlFLY1ZvaUp3YWVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81ZGYxMTktYjFkZi00Y2ViLWJkNGYtZjc5Y2NjM2Y0ZWFm
LzEvV0FiYVdsa2xFblhPc1lhVTRYUVZOU3J0MXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf/FMA0G
CSqGSIb3DQEBCwUAA4IBAQA8IBGMtuX8DL3Pnhyajc4MCosCcE+YZdxmIUnLw88P
J3GTYliXJrGYX/yqRJEGbMzff3sNkhSuPQ1cCdB86xpe44lGKOnw1krWMoHr4j31
e/9OEhB9Ml8hIE/jjrZ++aj7DMRhV76/69axLFZPsCbwaitTsl7ysZEQ2rSKkRPd
rAfeQtgyqe/bG8d4POzpzjyJP5pPdyHe3KrilSkd7DWTvhCsjaRdO7jj9t5nOqGI
5HdDURI141AkQCnDoE1qXwacAS+DnE2fF/6Uz71rR6NRBOzxopeHHuqPyhgR80fl
psLI28V6oRnPCWm2rKxU03Hm4o1wWrIS1ezdrblKROPB
-----END CERTIFICATE-----