Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/486c96-8e0f-4161-a00e-b8ea18eb75f4/1/ColBb_R0iZJV75qqvzJMURmd-3U.roa
File:                     ColBb_R0iZJV75qqvzJMURmd-3U.roa (raw, json)
Hash identifier:          KXTXwNmIghC2HqSRt7s2ajVAp3wuibojtaMousZiblc=
Subject key identifier:   0A:89:41:6F:F4:74:89:92:55:EF:9A:AA:BF:32:4C:51:19:9D:FB:75
Certificate issuer:       /CN=c6a707934a762bbdf34fc0148f265ce124577213
Certificate serial:       0192B959BD6FCBEFF3663FAD6BBE91330060
Authority key identifier: C6:A7:07:93:4A:76:2B:BD:F3:4F:C0:14:8F:26:5C:E1:24:57:72:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xqcHk0p2K73zT8AUjyZc4SRXchM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/486c96-8e0f-4161-a00e-b8ea18eb75f4/1/ColBb_R0iZJV75qqvzJMURmd-3U.roa
Signing time:             Wed 23 Oct 2024 12:28:38 +0000
ROA not before:           Wed 23 Oct 2024 12:28:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215826
IP address blocks:        5.252.153.0/24 maxlen: 24
                          5.252.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/486c96-8e0f-4161-a00e-b8ea18eb75f4/1/xqcHk0p2K73zT8AUjyZc4SRXchM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/486c96-8e0f-4161-a00e-b8ea18eb75f4/1/xqcHk0p2K73zT8AUjyZc4SRXchM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xqcHk0p2K73zT8AUjyZc4SRXchM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b9:59:bd:6f:cb:ef:f3:66:3f:ad:6b:be:91:33:00:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6a707934a762bbdf34fc0148f265ce124577213
        Validity
            Not Before: Oct 23 12:28:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a89416ff474899255ef9aaabf324c51199dfb75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:1f:94:c9:71:c9:d3:d3:96:a2:00:08:2d:2a:
                    e9:d5:56:2d:2c:95:ab:cd:87:2d:58:b6:fc:ce:40:
                    31:7a:36:e9:31:f2:b1:4e:09:99:a9:d3:10:32:74:
                    e2:93:8f:f2:2e:3a:31:68:9d:11:92:ed:32:9f:a7:
                    96:18:97:69:d5:25:e8:df:f1:c3:71:c3:3f:8c:b3:
                    fe:51:43:90:96:bd:93:ae:55:79:7c:7a:de:d3:1d:
                    3c:b8:6f:19:26:d3:aa:47:62:03:fa:b1:0d:68:a6:
                    2f:59:fd:c9:7e:48:c8:f9:5b:f5:8e:25:c8:bc:e8:
                    a0:65:3e:96:99:17:1a:47:60:85:26:d7:49:2f:70:
                    5f:5a:49:fb:18:66:03:69:52:b3:fa:2e:99:01:ed:
                    6c:ab:14:8c:a0:01:42:67:5a:04:7e:61:70:ce:b8:
                    71:25:42:7d:b6:b6:0b:31:69:a8:93:d5:47:83:8f:
                    45:e7:84:e0:a4:af:56:0e:f5:7c:29:2f:09:4b:a1:
                    d8:89:22:c8:17:75:bd:bf:ac:d3:f7:5a:40:0b:5d:
                    7f:c6:ae:93:4b:37:c1:6b:28:bc:5f:04:72:69:3c:
                    01:9a:9c:27:55:2e:5f:2a:7c:9f:46:ba:62:a0:1c:
                    b1:3e:bf:3a:c7:e1:e6:2f:2c:31:5d:47:85:b4:07:
                    02:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:89:41:6F:F4:74:89:92:55:EF:9A:AA:BF:32:4C:51:19:9D:FB:75
            X509v3 Authority Key Identifier:
                keyid:C6:A7:07:93:4A:76:2B:BD:F3:4F:C0:14:8F:26:5C:E1:24:57:72:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xqcHk0p2K73zT8AUjyZc4SRXchM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/486c96-8e0f-4161-a00e-b8ea18eb75f4/1/ColBb_R0iZJV75qqvzJMURmd-3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/486c96-8e0f-4161-a00e-b8ea18eb75f4/1/xqcHk0p2K73zT8AUjyZc4SRXchM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.153.0/24
                  5.252.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:42:20:1b:5c:52:d6:65:6d:cc:1d:af:1c:9c:82:44:4f:13:
         73:13:a9:a2:a3:fc:d6:78:9a:7f:96:bc:5a:18:e6:cf:24:a4:
         79:0c:86:27:de:74:33:e2:c3:68:38:a8:be:b9:85:96:e8:04:
         eb:7a:5c:7e:6c:c8:f7:a1:3c:32:1f:36:15:a6:40:01:63:08:
         fc:18:80:1c:32:dd:df:b7:ae:08:1e:66:73:a0:5e:de:08:48:
         64:13:8b:41:3a:91:99:9b:9b:9c:39:49:c3:35:2b:a4:b5:df:
         4b:a6:3e:6f:9b:c0:8d:ec:14:d2:ec:0d:c9:02:f5:5d:84:43:
         10:6a:64:25:a1:4f:98:4e:53:2f:2d:de:f5:11:25:8f:2e:64:
         4c:9a:42:76:4a:d5:2f:25:32:54:8f:39:b2:04:c8:fe:2f:5d:
         eb:96:83:05:d0:d2:1a:c0:94:44:06:90:47:a6:2f:3d:6b:4e:
         11:1f:33:06:c6:1f:c4:41:a4:49:ab:47:1f:fd:80:be:d3:c3:
         26:ae:df:27:4a:04:cf:39:ae:6b:2f:13:2e:c1:0c:58:85:09:
         84:8a:68:42:3f:1c:c9:be:ca:69:31:fa:c2:b8:8a:4d:40:f9:
         a6:15:93:73:a9:e8:2c:74:ee:8e:06:b3:81:6c:37:bc:ed:05:
         e7:92:5c:ea
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZK5Wb1vy+/zZj+ta76RMwBgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2YTcwNzkzNGE3NjJiYmRmMzRmYzAxNDhmMjY1Y2UxMjQ1
NzcyMTMwHhcNMjQxMDIzMTIyODM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTg5NDE2ZmY0NzQ4OTkyNTVlZjlhYWFiZjMyNGM1MTE5OWRmYjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxh+UyXHJ09OWogAILSrp1VYtLJWr
zYctWLb8zkAxejbpMfKxTgmZqdMQMnTik4/yLjoxaJ0Rku0yn6eWGJdp1SXo3/HD
ccM/jLP+UUOQlr2TrlV5fHre0x08uG8ZJtOqR2ID+rENaKYvWf3JfkjI+Vv1jiXI
vOigZT6WmRcaR2CFJtdJL3BfWkn7GGYDaVKz+i6ZAe1sqxSMoAFCZ1oEfmFwzrhx
JUJ9trYLMWmok9VHg49F54TgpK9WDvV8KS8JS6HYiSLIF3W9v6zT91pAC11/xq6T
SzfBayi8XwRyaTwBmpwnVS5fKnyfRrpioByxPr86x+HmLywxXUeFtAcCNwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAqJQW/0dImSVe+aqr8yTFEZnft1MB8GA1UdIwQY
MBaAFManB5NKdiu980/AFI8mXOEkV3ITMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHFjSGswcDJLNzN6VDhBVWp5WmM0U1JYY2hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi80ODZjOTYtOGUwZi00MTYxLWEwMGUt
YjhlYTE4ZWI3NWY0LzEvQ29sQmJfUjBpWkpWNzVxcXZ6Sk1VUm1kLTNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi80ODZjOTYtOGUwZi00MTYxLWEwMGUtYjhlYTE4ZWI3NWY0
LzEveHFjSGswcDJLNzN6VDhBVWp5WmM0U1JYY2hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABfyZAwQA
BfybMA0GCSqGSIb3DQEBCwUAA4IBAQCVQiAbXFLWZW3MHa8cnIJETxNzE6mio/zW
eJp/lrxaGObPJKR5DIYn3nQz4sNoOKi+uYWW6ATrelx+bMj3oTwyHzYVpkABYwj8
GIAcMt3ft64IHmZzoF7eCEhkE4tBOpGZm5ucOUnDNSuktd9Lpj5vm8CN7BTS7A3J
AvVdhEMQamQloU+YTlMvLd71ESWPLmRMmkJ2StUvJTJUjzmyBMj+L13rloMF0NIa
wJREBpBHpi89a04RHzMGxh/EQaRJq0cf/YC+08Mmrt8nSgTPOa5rLxMuwQxYhQmE
imhCPxzJvsppMfrCuIpNQPmmFZNzqegsdO6OBrOBbDe87QXnklzq
-----END CERTIFICATE-----