Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/6ogVQUHBYYTz25iaBADgawv60yQ.roa
File:                     6ogVQUHBYYTz25iaBADgawv60yQ.roa (raw, json)
Hash identifier:          6hElMUOlfb8OLrcKTvUV6O0D4gV1WFXbakb6RG/fQjY=
Subject key identifier:   EA:88:15:41:41:C1:61:84:F3:DB:98:9A:04:00:E0:6B:0B:FA:D3:24
Certificate issuer:       /CN=22373571c90249bf2aa948e78bed13e08528b87e
Certificate serial:       01942143C83CC37F10DDE14F1378D86DA19B
Authority key identifier: 22:37:35:71:C9:02:49:BF:2A:A9:48:E7:8B:ED:13:E0:85:28:B8:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ijc1cckCSb8qqUjni-0T4IUouH4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/6ogVQUHBYYTz25iaBADgawv60yQ.roa
Signing time:             Wed 01 Jan 2025 09:47:57 +0000
ROA not before:           Wed 01 Jan 2025 09:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59757
IP address blocks:        5.160.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Ijc1cckCSb8qqUjni-0T4IUouH4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Ijc1cckCSb8qqUjni-0T4IUouH4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ijc1cckCSb8qqUjni-0T4IUouH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:c8:3c:c3:7f:10:dd:e1:4f:13:78:d8:6d:a1:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22373571c90249bf2aa948e78bed13e08528b87e
        Validity
            Not Before: Jan  1 09:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ea88154141c16184f3db989a0400e06b0bfad324
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:f3:11:f8:b9:87:e4:86:00:1f:7b:08:06:a6:
                    52:74:be:79:00:07:08:11:26:4a:50:62:bb:1a:35:
                    03:30:58:38:4d:c4:19:f9:89:0d:2a:13:57:5a:2a:
                    f3:65:0d:b8:8a:e9:a7:b1:f0:65:14:36:ca:c3:13:
                    65:2d:cb:4c:63:af:57:0e:32:e5:8b:a3:6e:d7:a9:
                    d5:6d:9c:f3:1d:ba:85:cd:65:d8:63:d4:cc:05:4b:
                    1d:98:02:1f:2f:55:0c:68:44:2d:bc:67:a2:82:08:
                    85:a0:dc:e0:b0:5b:6a:48:d7:b3:68:6f:e0:86:02:
                    0c:31:95:0c:b4:d7:01:7b:ee:ad:50:71:a1:c1:2d:
                    07:dd:6f:b0:4b:39:54:cf:87:fb:ea:da:c3:20:12:
                    2e:b4:13:c8:ca:74:a2:83:5b:d8:90:cd:3c:39:f8:
                    18:b8:6f:4d:b5:ac:91:85:db:38:84:93:5a:81:33:
                    83:64:b4:ba:be:30:c2:cf:e7:e6:27:0b:0b:1a:35:
                    1b:81:a9:c6:5e:34:76:c3:5d:2f:bc:05:3a:3d:b0:
                    2f:4d:67:27:bd:96:50:db:21:6b:44:85:cc:3b:43:
                    f8:6b:54:a1:60:53:78:1a:e0:1c:8d:35:68:7a:3a:
                    28:3b:4e:15:2e:1d:6a:d1:d8:1e:18:28:16:85:db:
                    b8:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:88:15:41:41:C1:61:84:F3:DB:98:9A:04:00:E0:6B:0B:FA:D3:24
            X509v3 Authority Key Identifier:
                keyid:22:37:35:71:C9:02:49:BF:2A:A9:48:E7:8B:ED:13:E0:85:28:B8:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ijc1cckCSb8qqUjni-0T4IUouH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/6ogVQUHBYYTz25iaBADgawv60yQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Ijc1cckCSb8qqUjni-0T4IUouH4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.160.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:22:fe:1c:34:de:08:7c:ad:97:ed:0e:7a:d7:cc:c8:cf:82:
         83:db:cc:8a:19:b0:db:81:32:18:d4:23:e1:20:32:52:aa:4c:
         82:6a:dd:ac:d4:d9:46:14:a2:96:a2:25:2e:03:49:c6:a1:18:
         d4:32:03:ca:a2:ce:61:61:cb:6c:97:da:f4:81:6b:86:5d:94:
         ac:b6:86:61:81:1f:03:57:7a:62:8d:09:3f:91:2b:80:a8:5c:
         5b:e3:b3:43:db:a6:00:83:19:80:4a:05:cc:ad:2b:aa:26:88:
         96:c7:97:a9:04:e8:b7:04:49:8d:7a:4e:85:e1:3e:70:f7:0b:
         d2:b4:a6:bd:ab:99:08:50:6b:94:af:c1:47:cd:2a:14:14:f3:
         ff:bd:e5:bf:25:ea:53:ba:b0:eb:c8:74:d1:73:7c:2c:af:db:
         e4:33:a1:c9:d6:79:1c:1b:77:a9:0e:ad:76:37:88:e1:a8:36:
         54:d0:9e:8e:50:e0:4b:1f:af:9b:2e:18:86:62:41:6a:27:74:
         ab:c8:7a:b0:92:41:13:ae:13:b6:e3:90:88:d1:2d:dc:08:c4:
         9e:2e:2e:88:04:92:55:ec:83:95:6a:e6:6f:50:4e:f9:aa:8b:
         ea:53:21:4c:8c:b4:e6:45:37:34:ff:b1:54:07:3f:2c:a3:36:
         af:3f:36:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ8g8w38Q3eFPE3jYbaGbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyMzczNTcxYzkwMjQ5YmYyYWE5NDhlNzhiZWQxM2UwODUy
OGI4N2UwHhcNMjUwMTAxMDk0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTg4MTU0MTQxYzE2MTg0ZjNkYjk4OWEwNDAwZTA2YjBiZmFkMzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1fMR+LmH5IYAH3sIBqZSdL55AAcI
ESZKUGK7GjUDMFg4TcQZ+YkNKhNXWirzZQ24iumnsfBlFDbKwxNlLctMY69XDjLl
i6Nu16nVbZzzHbqFzWXYY9TMBUsdmAIfL1UMaEQtvGeiggiFoNzgsFtqSNezaG/g
hgIMMZUMtNcBe+6tUHGhwS0H3W+wSzlUz4f76trDIBIutBPIynSig1vYkM08OfgY
uG9NtayRhds4hJNagTODZLS6vjDCz+fmJwsLGjUbganGXjR2w10vvAU6PbAvTWcn
vZZQ2yFrRIXMO0P4a1ShYFN4GuAcjTVoejooO04VLh1q0dgeGCgWhdu4FQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOqIFUFBwWGE89uYmgQA4GsL+tMkMB8GA1UdIwQY
MBaAFCI3NXHJAkm/KqlI54vtE+CFKLh+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWpjMWNja0NTYjhxcVVqbmktMFQ0SVVvdUg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS84NjZlNWUtODMxZS00Y2IxLWJkNTEt
YjQ1NDBjNzRjOTRiLzEvNm9nVlFVSEJZWVR6MjVpYUJBRGdhd3Y2MHlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS84NjZlNWUtODMxZS00Y2IxLWJkNTEtYjQ1NDBjNzRjOTRi
LzEvSWpjMWNja0NTYjhxcVVqbmktMFQ0SVVvdUg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABaDYMA0G
CSqGSIb3DQEBCwUAA4IBAQBqIv4cNN4IfK2X7Q5618zIz4KD28yKGbDbgTIY1CPh
IDJSqkyCat2s1NlGFKKWoiUuA0nGoRjUMgPKos5hYctsl9r0gWuGXZSstoZhgR8D
V3pijQk/kSuAqFxb47ND26YAgxmASgXMrSuqJoiWx5epBOi3BEmNek6F4T5w9wvS
tKa9q5kIUGuUr8FHzSoUFPP/veW/JepTurDryHTRc3wsr9vkM6HJ1nkcG3epDq12
N4jhqDZU0J6OUOBLH6+bLhiGYkFqJ3SryHqwkkETrhO245CI0S3cCMSeLi6IBJJV
7IOVauZvUE75qovqUyFMjLTmRTc0/7FUBz8sozavPzaT
-----END CERTIFICATE-----