Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/q7ghvUn7MPVQvBkkffjNdCk5Kxo.roa
File:                     q7ghvUn7MPVQvBkkffjNdCk5Kxo.roa (raw, json)
Hash identifier:          KpSTaJH3GQ3pT2lqVeEzsIW5exGCg5MarAHumupWoG4=
Subject key identifier:   AB:B8:21:BD:49:FB:30:F5:50:BC:19:24:7D:F8:CD:74:29:39:2B:1A
Certificate issuer:       /CN=5806da5a59251275ceb18694e17415352aedd6aa
Certificate serial:       0192AEF04D4E2E98EBE7D441350206D7B447
Authority key identifier: 58:06:DA:5A:59:25:12:75:CE:B1:86:94:E1:74:15:35:2A:ED:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WAbaWlklEnXOsYaU4XQVNSrt1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/q7ghvUn7MPVQvBkkffjNdCk5Kxo.roa
Signing time:             Mon 21 Oct 2024 11:57:16 +0000
ROA not before:           Mon 21 Oct 2024 11:57:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     153371
IP address blocks:        185.255.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/WAbaWlklEnXOsYaU4XQVNSrt1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/WAbaWlklEnXOsYaU4XQVNSrt1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WAbaWlklEnXOsYaU4XQVNSrt1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Oct 2024 02:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ae:f0:4d:4e:2e:98:eb:e7:d4:41:35:02:06:d7:b4:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5806da5a59251275ceb18694e17415352aedd6aa
        Validity
            Not Before: Oct 21 11:57:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=abb821bd49fb30f550bc19247df8cd7429392b1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:d3:8a:0b:75:c9:2b:a5:95:06:b0:14:bf:cd:
                    ef:be:00:ef:8c:09:f8:03:7a:0e:cd:92:72:cc:be:
                    52:e0:27:62:7e:af:cc:67:0f:42:5e:25:a3:dd:45:
                    5f:f1:aa:4e:de:ff:24:b6:d2:66:84:64:e4:cd:03:
                    ab:a6:72:e0:20:78:ce:dd:17:2f:d2:f5:bb:d4:8c:
                    70:10:36:3f:48:a8:a6:5a:02:8f:d5:b1:4c:29:23:
                    bc:99:d5:08:b9:f7:56:fe:e0:c7:5a:1b:f6:c9:d1:
                    6c:b6:5a:0e:c7:a6:97:3e:18:01:42:f2:10:80:a3:
                    c9:cd:e0:28:4c:da:ad:c7:e3:30:fd:34:46:73:a7:
                    86:0b:56:32:c2:8a:1a:ea:1f:b8:5a:57:2d:b1:ef:
                    4b:04:f6:97:ae:f8:bf:68:18:b9:66:6c:0f:77:84:
                    bc:4c:93:1e:e5:38:4b:e0:11:17:51:58:3b:8d:3a:
                    cf:fe:72:09:c5:31:ce:40:5e:72:3c:be:db:4f:06:
                    a1:88:2d:35:e0:fa:00:ae:51:f5:2e:b7:14:3f:67:
                    a8:1c:1d:04:06:3e:a4:95:59:e8:61:28:69:2e:40:
                    a6:82:08:aa:ec:e6:12:65:d8:2d:a0:a5:e7:72:bf:
                    75:5f:af:27:54:4f:1a:bb:6e:74:c6:74:7d:7a:ac:
                    3e:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:B8:21:BD:49:FB:30:F5:50:BC:19:24:7D:F8:CD:74:29:39:2B:1A
            X509v3 Authority Key Identifier:
                keyid:58:06:DA:5A:59:25:12:75:CE:B1:86:94:E1:74:15:35:2A:ED:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WAbaWlklEnXOsYaU4XQVNSrt1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/q7ghvUn7MPVQvBkkffjNdCk5Kxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5df119-b1df-4ceb-bd4f-f79ccc3f4eaf/1/WAbaWlklEnXOsYaU4XQVNSrt1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:6d:1f:bd:83:d3:14:f5:9e:64:a9:65:76:48:cf:33:84:dc:
         3f:86:f5:f2:a0:d2:31:0b:6e:ce:4f:16:b8:b8:51:4b:a7:4a:
         9f:8d:b4:7b:25:cb:7d:6d:ed:95:c8:85:73:fa:74:7a:ee:d2:
         c8:17:86:e0:0a:d6:ef:3f:bc:31:05:3b:ee:14:fc:42:2d:17:
         c2:c3:5f:0d:52:24:d8:56:b2:67:bf:f8:e8:74:e3:93:92:71:
         33:96:fd:90:ea:51:3c:c0:0c:9f:c5:ca:6a:eb:2b:9d:9f:0f:
         4f:80:68:6a:15:08:70:d1:91:67:14:53:27:5a:ec:0f:a5:c2:
         a9:ab:48:62:38:f7:c0:88:69:47:16:12:1f:2b:6c:64:2b:6e:
         fe:2e:b2:f2:3e:04:0c:e2:07:33:88:39:d5:01:3c:fa:6a:44:
         bf:0f:0d:78:4e:f7:d1:cc:1a:57:0a:6b:a2:02:5a:b3:fd:fd:
         c9:77:03:91:33:a3:ef:f5:6c:20:1d:72:df:39:49:43:28:f6:
         c1:fa:21:6f:b6:2f:64:21:8c:77:3c:dc:cd:76:93:8d:0a:81:
         97:2e:4e:c9:62:04:f3:93:22:e3:66:c2:25:0d:b8:7e:6f:0b:
         9b:2a:4b:1a:ff:04:71:ff:97:c3:a8:a0:92:4b:e4:a3:78:06:
         52:07:a7:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKu8E1OLpjr59RBNQIG17RHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4MDZkYTVhNTkyNTEyNzVjZWIxODY5NGUxNzQxNTM1MmFl
ZGQ2YWEwHhcNMjQxMDIxMTE1NzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmI4MjFiZDQ5ZmIzMGY1NTBiYzE5MjQ3ZGY4Y2Q3NDI5MzkyYjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdOKC3XJK6WVBrAUv83vvgDvjAn4
A3oOzZJyzL5S4Cdifq/MZw9CXiWj3UVf8apO3v8kttJmhGTkzQOrpnLgIHjO3Rcv
0vW71IxwEDY/SKimWgKP1bFMKSO8mdUIufdW/uDHWhv2ydFstloOx6aXPhgBQvIQ
gKPJzeAoTNqtx+Mw/TRGc6eGC1Yywooa6h+4Wlctse9LBPaXrvi/aBi5ZmwPd4S8
TJMe5ThL4BEXUVg7jTrP/nIJxTHOQF5yPL7bTwahiC014PoArlH1LrcUP2eoHB0E
Bj6klVnoYShpLkCmggiq7OYSZdgtoKXncr91X68nVE8au250xnR9eqw+PQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKu4Ib1J+zD1ULwZJH34zXQpOSsaMB8GA1UdIwQY
MBaAFFgG2lpZJRJ1zrGGlOF0FTUq7daqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0FiYVdsa2xFblhPc1lhVTRYUVZOU3J0MXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81ZGYxMTktYjFkZi00Y2ViLWJkNGYt
Zjc5Y2NjM2Y0ZWFmLzEvcTdnaHZVbjdNUFZRdkJra2Zmak5kQ2s1S3hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81ZGYxMTktYjFkZi00Y2ViLWJkNGYtZjc5Y2NjM2Y0ZWFm
LzEvV0FiYVdsa2xFblhPc1lhVTRYUVZOU3J0MXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf/GMA0G
CSqGSIb3DQEBCwUAA4IBAQANbR+9g9MU9Z5kqWV2SM8zhNw/hvXyoNIxC27OTxa4
uFFLp0qfjbR7Jct9be2VyIVz+nR67tLIF4bgCtbvP7wxBTvuFPxCLRfCw18NUiTY
VrJnv/jodOOTknEzlv2Q6lE8wAyfxcpq6yudnw9PgGhqFQhw0ZFnFFMnWuwPpcKp
q0hiOPfAiGlHFhIfK2xkK27+LrLyPgQM4gcziDnVATz6akS/Dw14TvfRzBpXCmui
Alqz/f3JdwORM6Pv9WwgHXLfOUlDKPbB+iFvti9kIYx3PNzNdpONCoGXLk7JYgTz
kyLjZsIlDbh+bwubKksa/wRx/5fDqKCSS+SjeAZSB6fq
-----END CERTIFICATE-----