Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/e5O0a2n4SrX2k92xjh2h46ikKvU.roa
File:                     e5O0a2n4SrX2k92xjh2h46ikKvU.roa (raw, json)
Hash identifier:          JYuI8/3Rm+/q9UxK7s7HJQg6/RxjwyU4KwlySoBbjRI=
Subject key identifier:   7B:93:B4:6B:69:F8:4A:B5:F6:93:DD:B1:8E:1D:A1:E3:A8:A4:2A:F5
Certificate issuer:       /CN=5806da5a59251275ceb18694e17415352aedd6aa
Certificate serial:       018CC64B8E1A07358F979473A7AB852DC818
Authority key identifier: 58:06:DA:5A:59:25:12:75:CE:B1:86:94:E1:74:15:35:2A:ED:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WAbaWlklEnXOsYaU4XQVNSrt1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/e5O0a2n4SrX2k92xjh2h46ikKvU.roa
Signing time:             Mon 01 Jan 2024 18:31:29 +0000
ROA not before:           Mon 01 Jan 2024 18:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212335
IP address blocks:        185.255.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/WAbaWlklEnXOsYaU4XQVNSrt1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/WAbaWlklEnXOsYaU4XQVNSrt1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WAbaWlklEnXOsYaU4XQVNSrt1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:8e:1a:07:35:8f:97:94:73:a7:ab:85:2d:c8:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5806da5a59251275ceb18694e17415352aedd6aa
        Validity
            Not Before: Jan  1 18:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b93b46b69f84ab5f693ddb18e1da1e3a8a42af5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:33:4a:bd:db:17:36:63:e3:75:e5:a8:57:82:
                    91:05:1e:c2:ca:57:dd:d1:a4:12:19:d9:6d:19:14:
                    c1:68:c7:45:39:6d:3d:57:9b:91:a3:57:d6:35:79:
                    6e:6d:22:30:fb:83:f6:8a:66:84:e6:f2:1f:70:97:
                    59:0a:84:82:09:a1:56:ce:12:f2:df:59:81:e6:f6:
                    e2:7f:3c:c7:7e:43:e2:ae:e3:24:92:91:94:5a:da:
                    76:7b:1b:20:d0:ee:ef:00:4d:11:ef:49:b2:1d:f0:
                    ae:d3:53:18:74:6c:f1:7d:b0:30:32:d2:6f:d2:3a:
                    0a:ad:0a:94:e9:7f:84:b7:3d:94:f2:ad:fe:ac:0c:
                    5f:df:85:80:82:49:b9:fc:c1:23:28:d1:bf:78:10:
                    80:8e:f0:91:28:94:b4:fa:1c:d1:f0:e1:77:65:70:
                    f6:cc:c5:4e:4e:c9:d7:f9:ac:6f:4a:8c:2d:b4:ca:
                    0f:e0:f3:08:24:60:7e:83:1e:72:63:d0:c8:86:40:
                    d1:7f:49:19:99:7e:ca:7e:77:c4:67:1e:7a:f4:db:
                    48:8d:ca:93:8b:26:9a:af:ab:76:71:f5:30:c0:53:
                    7e:ce:0a:e4:40:1e:23:83:70:d7:34:aa:5a:65:d3:
                    14:68:c7:5b:a5:8d:47:04:39:90:d6:02:44:81:77:
                    23:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:93:B4:6B:69:F8:4A:B5:F6:93:DD:B1:8E:1D:A1:E3:A8:A4:2A:F5
            X509v3 Authority Key Identifier:
                keyid:58:06:DA:5A:59:25:12:75:CE:B1:86:94:E1:74:15:35:2A:ED:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WAbaWlklEnXOsYaU4XQVNSrt1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/e5O0a2n4SrX2k92xjh2h46ikKvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/WAbaWlklEnXOsYaU4XQVNSrt1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:61:bf:59:75:c3:1c:c8:b3:9d:ac:45:b4:76:ee:5a:27:bf:
         5c:f7:59:f3:49:a6:2a:da:8e:a1:0d:21:00:66:0f:11:95:46:
         41:5c:22:95:19:45:d9:70:e1:f5:f5:cf:64:b3:0e:bb:e6:82:
         e0:4e:eb:82:f9:af:9e:cb:27:bd:73:aa:c0:8d:20:26:61:38:
         af:9d:39:f4:29:09:29:25:e5:a7:ae:9f:1b:fa:3a:48:a6:93:
         1a:4f:9c:a0:83:7a:ff:7e:0a:ef:b9:17:01:67:6b:e5:f1:bd:
         8f:d1:25:33:93:71:39:f4:9a:cc:23:86:da:b8:aa:8c:d1:69:
         28:63:96:27:0e:d0:3e:df:af:58:32:d2:72:26:07:3d:15:a9:
         9a:4a:dd:6d:a0:62:c2:0c:a5:d0:35:d0:29:88:93:46:56:f1:
         fa:c9:a6:26:2a:09:fb:d1:6a:c0:b4:8f:6d:22:19:aa:72:75:
         7a:ba:db:1c:f6:3b:0a:cd:86:78:8c:d7:d1:44:03:35:93:4b:
         e8:db:c0:00:f3:f7:99:b4:a5:43:63:8b:fc:e1:61:f7:da:de:
         3b:6c:ff:67:fc:eb:58:a1:ee:54:be:f8:a8:ba:fa:5b:bb:6e:
         16:a6:83:f2:4f:79:1d:fd:5a:6b:94:8b:5f:75:4f:fe:1a:94:
         fd:07:10:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS44aBzWPl5Rzp6uFLcgYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4MDZkYTVhNTkyNTEyNzVjZWIxODY5NGUxNzQxNTM1MmFl
ZGQ2YWEwHhcNMjQwMTAxMTgzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjkzYjQ2YjY5Zjg0YWI1ZjY5M2RkYjE4ZTFkYTFlM2E4YTQyYWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+DNKvdsXNmPjdeWoV4KRBR7Cylfd
0aQSGdltGRTBaMdFOW09V5uRo1fWNXlubSIw+4P2imaE5vIfcJdZCoSCCaFWzhLy
31mB5vbifzzHfkPiruMkkpGUWtp2exsg0O7vAE0R70myHfCu01MYdGzxfbAwMtJv
0joKrQqU6X+Etz2U8q3+rAxf34WAgkm5/MEjKNG/eBCAjvCRKJS0+hzR8OF3ZXD2
zMVOTsnX+axvSowttMoP4PMIJGB+gx5yY9DIhkDRf0kZmX7KfnfEZx569NtIjcqT
iyaar6t2cfUwwFN+zgrkQB4jg3DXNKpaZdMUaMdbpY1HBDmQ1gJEgXcjKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHuTtGtp+Eq19pPdsY4doeOopCr1MB8GA1UdIwQY
MBaAFFgG2lpZJRJ1zrGGlOF0FTUq7daqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0FiYVdsa2xFblhPc1lhVTRYUVZOU3J0MXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81ZGYxMTktYjFkZi00Y2ViLWJkNGYt
Zjc5Y2NjM2Y0ZWFmLzEvZTVPMGEybjRTclgyazkyeGpoMmg0NmlrS3ZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81ZGYxMTktYjFkZi00Y2ViLWJkNGYtZjc5Y2NjM2Y0ZWFm
LzEvV0FiYVdsa2xFblhPc1lhVTRYUVZOU3J0MXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf/FMA0G
CSqGSIb3DQEBCwUAA4IBAQC5Yb9ZdcMcyLOdrEW0du5aJ79c91nzSaYq2o6hDSEA
Zg8RlUZBXCKVGUXZcOH19c9ksw675oLgTuuC+a+eyye9c6rAjSAmYTivnTn0KQkp
JeWnrp8b+jpIppMaT5ygg3r/fgrvuRcBZ2vl8b2P0SUzk3E59JrMI4bauKqM0Wko
Y5YnDtA+369YMtJyJgc9FamaSt1toGLCDKXQNdApiJNGVvH6yaYmKgn70WrAtI9t
IhmqcnV6utsc9jsKzYZ4jNfRRAM1k0vo28AA8/eZtKVDY4v84WH32t47bP9n/OtY
oe5Uvviouvpbu24WpoPyT3kd/VprlItfdU/+GpT9BxC8
-----END CERTIFICATE-----