Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/XK3pzRHHZQxz3p93prkQEhw0fYc.roa
File:                     XK3pzRHHZQxz3p93prkQEhw0fYc.roa (raw, json)
Hash identifier:          3KupSe+iPvI3r1sUxfuDOYnuCJy/O5OQwGKjiA7v4+A=
Subject key identifier:   5C:AD:E9:CD:11:C7:65:0C:73:DE:9F:77:A6:B9:10:12:1C:34:7D:87
Certificate issuer:       /CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
Certificate serial:       01941F8C946170A6DCA966442ADEDAD27774
Authority key identifier: B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/XK3pzRHHZQxz3p93prkQEhw0fYc.roa
Signing time:             Wed 01 Jan 2025 01:48:14 +0000
ROA not before:           Wed 01 Jan 2025 01:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57707
IP address blocks:        5.59.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:94:61:70:a6:dc:a9:66:44:2a:de:da:d2:77:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
        Validity
            Not Before: Jan  1 01:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5cade9cd11c7650c73de9f77a6b910121c347d87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:36:30:c6:e9:7d:d2:7a:e1:09:38:2a:92:31:
                    64:50:da:93:7c:a3:f5:72:02:f4:1a:2c:29:ca:83:
                    2c:13:86:8a:1f:dc:61:49:49:36:7a:09:a4:ee:17:
                    35:45:5e:dc:b2:d5:25:42:dc:6b:64:48:d8:c7:1d:
                    f8:3a:2a:c0:08:ca:46:9a:15:1b:98:d2:67:f2:91:
                    4e:bd:36:13:45:e6:95:06:38:c5:32:a6:d7:f0:9c:
                    b1:2a:87:d2:ec:85:94:c8:31:df:44:20:e1:3a:af:
                    fb:39:e4:5d:25:0d:09:6b:d7:4e:d5:41:09:61:b3:
                    20:f9:95:5d:17:32:af:6a:37:81:25:41:92:a3:40:
                    51:30:93:e8:e9:e1:c3:3c:e6:63:ac:a4:52:19:1e:
                    17:4d:ad:68:67:5b:f4:2f:6d:e8:b8:25:93:c5:01:
                    75:ec:c8:be:8a:e2:b2:6c:34:25:93:8f:31:1f:77:
                    4c:d7:8a:28:ec:b4:47:55:f1:08:47:06:ff:08:cd:
                    ba:32:05:8d:c6:ac:94:bd:9e:34:42:37:86:31:b9:
                    fd:0e:b2:19:81:fa:1f:dc:e6:57:01:1b:5a:f2:a2:
                    7c:31:57:6b:c2:55:2d:a3:47:91:29:cf:e4:5e:49:
                    1b:25:ad:ed:71:8b:e3:60:4b:64:0f:48:6e:71:f1:
                    c6:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:AD:E9:CD:11:C7:65:0C:73:DE:9F:77:A6:B9:10:12:1C:34:7D:87
            X509v3 Authority Key Identifier:
                keyid:B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/XK3pzRHHZQxz3p93prkQEhw0fYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.59.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:fc:56:3e:7c:32:d5:1c:36:76:ce:ae:25:b0:82:2d:24:59:
         d0:8d:18:a2:ff:92:ae:5e:4e:2d:97:37:85:a4:04:cd:76:47:
         c2:15:8f:b3:a8:af:a0:6c:f2:fe:09:c0:83:2d:b2:ec:2a:0c:
         b5:ab:73:dd:be:4d:8d:71:13:63:b7:fa:92:2b:25:75:1a:08:
         60:da:12:d1:bb:09:08:8b:ac:2a:27:bd:cb:6b:92:90:47:7a:
         d9:42:27:e1:10:9c:f1:2d:fe:ed:f9:ff:ea:0a:43:37:68:20:
         16:5a:62:5a:20:10:56:c0:bb:2f:58:a5:84:b7:a8:11:d3:df:
         07:9a:12:70:5c:03:50:6d:ff:a2:34:f0:ad:45:7e:db:e6:97:
         c7:d9:51:b1:3b:08:f1:e0:ad:af:7c:dd:08:92:a8:55:ad:af:
         8e:7e:a5:b7:93:7b:43:32:88:69:f5:d4:13:a8:ed:9b:f4:76:
         3a:c9:35:b1:1e:81:73:40:07:6e:5f:87:bc:3e:ae:ad:10:b3:
         40:1c:3c:ba:a7:57:98:ad:c4:0c:7a:10:cb:53:09:58:ea:cf:
         53:00:da:3b:31:43:4b:1e:fb:49:0c:d9:72:5b:07:2a:05:75:
         13:7f:ce:10:8a:50:3d:4d:f5:19:fb:c0:33:42:43:98:5c:76:
         15:cd:7c:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjJRhcKbcqWZEKt7a0nd0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NDgxMTE5YWZlMWJmZjIyOWZhY2Q0ZWY5YzhjNjFiMGZh
YmVhZjIwHhcNMjUwMTAxMDE0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2FkZTljZDExYzc2NTBjNzNkZTlmNzdhNmI5MTAxMjFjMzQ3ZDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTYwxul90nrhCTgqkjFkUNqTfKP1
cgL0GiwpyoMsE4aKH9xhSUk2egmk7hc1RV7cstUlQtxrZEjYxx34OirACMpGmhUb
mNJn8pFOvTYTReaVBjjFMqbX8JyxKofS7IWUyDHfRCDhOq/7OeRdJQ0Ja9dO1UEJ
YbMg+ZVdFzKvajeBJUGSo0BRMJPo6eHDPOZjrKRSGR4XTa1oZ1v0L23ouCWTxQF1
7Mi+iuKybDQlk48xH3dM14oo7LRHVfEIRwb/CM26MgWNxqyUvZ40QjeGMbn9DrIZ
gfof3OZXARta8qJ8MVdrwlUto0eRKc/kXkkbJa3tcYvjYEtkD0hucfHG/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFyt6c0Rx2UMc96fd6a5EBIcNH2HMB8GA1UdIwQY
MBaAFLlIERmv4b/yKfrNTvnIxhsPq+ryMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAt
OWI5YmNlMTVlMGM2LzEvWEszcHpSSEhaUXh6M3A5M3Bya1FFaHcwZlljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAtOWI5YmNlMTVlMGM2
LzEvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABTthMA0G
CSqGSIb3DQEBCwUAA4IBAQCY/FY+fDLVHDZ2zq4lsIItJFnQjRii/5KuXk4tlzeF
pATNdkfCFY+zqK+gbPL+CcCDLbLsKgy1q3Pdvk2NcRNjt/qSKyV1Gghg2hLRuwkI
i6wqJ73La5KQR3rZQifhEJzxLf7t+f/qCkM3aCAWWmJaIBBWwLsvWKWEt6gR098H
mhJwXANQbf+iNPCtRX7b5pfH2VGxOwjx4K2vfN0IkqhVra+OfqW3k3tDMohp9dQT
qO2b9HY6yTWxHoFzQAduX4e8Pq6tELNAHDy6p1eYrcQMehDLUwlY6s9TANo7MUNL
HvtJDNlyWwcqBXUTf84QilA9TfUZ+8AzQkOYXHYVzXwu
-----END CERTIFICATE-----