Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/k5rYadNSYmC7yrMmI-doh8JySSY.roa
File:                     k5rYadNSYmC7yrMmI-doh8JySSY.roa (raw, json)
Hash identifier:          D/BiMoiIR8qvUdn+kupHPA7s4x9KgdCdXU5HMIMSEIY=
Subject key identifier:   93:9A:D8:69:D3:52:62:60:BB:CA:B3:26:23:E7:68:87:C2:72:49:26
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC80286E985BA6384BD2F2DD69A47F526
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/k5rYadNSYmC7yrMmI-doh8JySSY.roa
Signing time:             Tue 02 Jan 2024 02:30:57 +0000
ROA not before:           Tue 02 Jan 2024 02:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198246
IP address blocks:        194.26.100.0/24 maxlen: 24
                          185.230.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:86:e9:85:ba:63:84:bd:2f:2d:d6:9a:47:f5:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=939ad869d3526260bbcab32623e76887c2724926
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:3e:99:26:34:35:11:cd:7d:7e:64:8b:30:45:
                    37:10:32:d2:b1:c2:a4:cf:fa:89:eb:94:13:c1:e9:
                    87:7f:40:21:c8:39:2f:a8:7c:03:8e:7d:82:7a:96:
                    ae:4a:39:d2:e7:27:ab:fc:ec:4e:c1:dc:02:4e:d3:
                    80:8f:c5:56:39:ba:03:bf:b7:0a:c9:51:ed:7e:78:
                    b3:88:64:72:14:51:fc:9a:d7:8f:d8:cc:a7:98:75:
                    b5:9b:14:09:00:08:90:91:32:da:8a:63:db:db:92:
                    51:94:af:27:43:72:d7:4b:36:a1:9f:a4:27:70:b4:
                    6a:cd:a6:dc:4e:41:3a:1a:e1:20:df:b6:19:3f:be:
                    57:d6:28:4d:8b:75:6b:d6:d6:e3:c1:c5:a9:2d:7b:
                    26:74:af:03:08:5b:03:6b:40:46:e5:88:27:cc:d3:
                    cc:45:92:98:f1:6e:9e:82:fd:81:86:1c:50:6b:11:
                    05:81:13:e6:a2:03:f8:fd:7a:df:5b:50:46:2b:f5:
                    55:24:ee:72:e5:bc:78:df:f0:34:64:07:54:fd:f2:
                    11:32:22:c1:f0:fa:3d:75:31:1f:b1:68:14:9e:63:
                    4f:c5:98:47:82:68:51:59:aa:31:4d:75:c1:da:53:
                    07:69:21:02:50:f6:55:e5:5a:4d:19:c2:c8:4e:a8:
                    47:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:9A:D8:69:D3:52:62:60:BB:CA:B3:26:23:E7:68:87:C2:72:49:26
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/k5rYadNSYmC7yrMmI-doh8JySSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.230.55.0/24
                  194.26.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:58:1c:cd:de:0d:8c:33:91:8e:fa:72:90:41:ea:13:a0:04:
         a4:71:7e:03:29:25:b9:ca:64:04:78:e7:62:78:9e:4b:3a:18:
         d3:e4:3f:74:3f:28:ea:ae:02:ee:3e:8f:e8:1f:8d:c1:1f:59:
         00:0c:c4:41:bd:29:58:71:7d:0f:01:75:69:32:de:8c:45:23:
         c1:8d:a3:72:e9:22:67:28:66:7a:41:bb:82:cf:db:06:12:a0:
         ed:4d:38:0a:35:b3:fc:7a:63:06:1f:fb:ea:ab:26:ff:d6:c7:
         6d:2f:a4:4f:34:52:7d:d2:10:79:bf:73:fa:17:bd:4f:10:3c:
         ac:67:45:e6:6e:1c:6b:bc:82:5a:07:8a:82:54:a8:ac:3d:14:
         6d:4b:c9:93:69:73:55:c8:8d:d3:b5:90:ba:9d:cf:8c:e6:77:
         0a:54:e0:e7:c8:61:9e:fa:0e:4f:4b:1b:c0:1a:cf:3d:85:f7:
         8a:6e:7c:26:f3:10:44:84:4b:95:28:51:6c:d8:a4:f2:15:12:
         71:41:78:d3:2a:c5:97:c2:c2:0a:c6:d7:bc:32:1a:a8:77:f2:
         8f:1d:d0:d1:28:7f:ae:9e:cd:11:0d:21:89:cd:a9:92:21:4f:
         83:ba:05:e1:bd:61:74:b4:55:04:bf:bb:2f:24:1f:b0:cd:f7:
         bd:e1:44:76
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAobphbpjhL0vLdaaR/UmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzlhZDg2OWQzNTI2MjYwYmJjYWIzMjYyM2U3Njg4N2MyNzI0OTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6z6ZJjQ1Ec19fmSLMEU3EDLSscKk
z/qJ65QTwemHf0AhyDkvqHwDjn2CepauSjnS5yer/OxOwdwCTtOAj8VWOboDv7cK
yVHtfniziGRyFFH8mteP2MynmHW1mxQJAAiQkTLaimPb25JRlK8nQ3LXSzahn6Qn
cLRqzabcTkE6GuEg37YZP75X1ihNi3Vr1tbjwcWpLXsmdK8DCFsDa0BG5YgnzNPM
RZKY8W6egv2BhhxQaxEFgRPmogP4/XrfW1BGK/VVJO5y5bx43/A0ZAdU/fIRMiLB
8Po9dTEfsWgUnmNPxZhHgmhRWaoxTXXB2lMHaSECUPZV5VpNGcLITqhHrQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJOa2GnTUmJgu8qzJiPnaIfCckkmMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvazVyWWFkTlNZbUM3eXJNbUktZG9oOEp5U1NZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAueY3AwQA
whpkMA0GCSqGSIb3DQEBCwUAA4IBAQAeWBzN3g2MM5GO+nKQQeoToASkcX4DKSW5
ymQEeOdieJ5LOhjT5D90PyjqrgLuPo/oH43BH1kADMRBvSlYcX0PAXVpMt6MRSPB
jaNy6SJnKGZ6QbuCz9sGEqDtTTgKNbP8emMGH/vqqyb/1sdtL6RPNFJ90hB5v3P6
F71PEDysZ0XmbhxrvIJaB4qCVKisPRRtS8mTaXNVyI3TtZC6nc+M5ncKVODnyGGe
+g5PSxvAGs89hfeKbnwm8xBEhEuVKFFs2KTyFRJxQXjTKsWXwsIKxte8Mhqod/KP
HdDRKH+uns0RDSGJzamSIU+DugXhvWF0tFUEv7svJB+wzfe94UR2
-----END CERTIFICATE-----