Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/cltpjyxfVDsZPJ7goWiiUitZx2o.roa
File:                     cltpjyxfVDsZPJ7goWiiUitZx2o.roa (raw, json)
Hash identifier:          v1XPd8dWfW9jy01aqivndbzv1o1R7mLTrfy82vUrs9w=
Subject key identifier:   72:5B:69:8F:2C:5F:54:3B:19:3C:9E:E0:A1:68:A2:52:2B:59:C7:6A
Certificate issuer:       /CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
Certificate serial:       01941F8C9897639F45833432774DD420DA61
Authority key identifier: B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/cltpjyxfVDsZPJ7goWiiUitZx2o.roa
Signing time:             Wed 01 Jan 2025 01:48:15 +0000
ROA not before:           Wed 01 Jan 2025 01:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204958
IP address blocks:        5.59.55.0/24 maxlen: 24
                          5.59.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 20:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:98:97:63:9f:45:83:34:32:77:4d:d4:20:da:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
        Validity
            Not Before: Jan  1 01:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=725b698f2c5f543b193c9ee0a168a2522b59c76a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:20:9d:9a:3a:e7:e5:03:92:2b:8e:c1:69:fa:
                    c9:3a:7a:8e:da:b6:27:99:a7:b0:18:19:f2:33:09:
                    cb:f1:79:44:24:4a:50:fc:e4:d5:b6:13:eb:e3:c2:
                    b4:f5:8a:41:06:66:e3:41:5c:73:89:50:37:d7:a5:
                    3d:55:9f:49:4a:e4:d2:39:ae:fa:84:ed:da:2a:a3:
                    c0:e6:c5:ec:ef:7c:c3:e1:2a:1a:ac:c8:83:23:03:
                    cb:1e:c7:e5:8c:e3:80:b6:d2:61:08:da:f2:0f:eb:
                    30:da:5d:99:0c:31:12:9c:73:89:83:97:9f:7c:2a:
                    00:05:7d:43:2d:6e:6a:e0:43:e6:73:72:77:6e:05:
                    7a:b2:cf:b5:cc:0a:6f:4f:c6:4d:b0:84:1e:a7:b5:
                    f6:a2:4a:3a:a7:19:e8:99:41:20:80:0a:6f:7f:fa:
                    ea:91:b1:3d:87:c9:47:1e:29:3a:0e:8c:b1:32:b7:
                    b9:0a:82:6b:36:8b:51:4c:b7:f5:86:e4:a6:dc:e1:
                    15:ed:98:d8:ee:c2:b9:33:23:35:82:2d:e0:63:7b:
                    e1:8a:ac:e9:b1:c4:3d:da:87:2a:6b:d9:a8:8c:4f:
                    e5:cd:9b:57:1a:8d:09:83:ac:55:a0:44:a6:46:f4:
                    a9:07:9d:17:27:80:ca:90:f0:a6:60:1c:fc:e8:43:
                    10:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:5B:69:8F:2C:5F:54:3B:19:3C:9E:E0:A1:68:A2:52:2B:59:C7:6A
            X509v3 Authority Key Identifier:
                keyid:B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/cltpjyxfVDsZPJ7goWiiUitZx2o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.59.55.0/24
                  5.59.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:8d:5e:80:77:b5:23:3c:28:4c:e3:7a:e3:90:a6:1b:52:56:
         3a:03:f4:70:1a:d9:50:54:55:6f:2d:70:af:da:65:10:c8:73:
         e6:cb:58:dc:ea:43:92:36:c6:70:5b:2a:aa:ad:24:e5:58:e9:
         c2:2d:c3:42:b6:2a:26:14:e3:9c:6b:c7:69:e1:a4:3f:fe:71:
         f7:f6:8e:22:d8:57:c3:c6:4b:05:c1:58:63:c0:83:6e:74:b3:
         33:9a:2d:13:fc:f6:65:fa:9b:5c:9b:ba:69:5a:24:7e:ab:af:
         d2:b3:46:51:04:15:d3:34:77:af:dc:a7:c6:d5:22:42:c1:4e:
         88:78:4c:67:7e:e4:eb:9a:50:4d:33:d5:ae:6f:4d:03:0a:76:
         a2:02:c1:bc:18:d7:fc:9c:22:93:0d:75:54:85:77:22:45:03:
         a1:26:a2:bc:05:64:a2:c5:4d:66:2d:e4:85:89:79:e5:45:f9:
         28:cb:a4:13:6a:e5:0b:3f:f5:d2:df:05:02:fd:3d:ef:3d:76:
         6a:e1:22:68:c5:73:c0:08:64:76:8e:10:17:86:5c:6c:19:00:
         3e:f9:d0:2e:48:eb:39:d6:ea:e5:43:a6:e1:24:f8:e6:95:71:
         2c:d4:96:9e:88:04:2f:fd:07:09:49:12:e4:68:72:a2:e9:33:
         3e:34:ca:3b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQfjJiXY59FgzQyd03UINphMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NDgxMTE5YWZlMWJmZjIyOWZhY2Q0ZWY5YzhjNjFiMGZh
YmVhZjIwHhcNMjUwMTAxMDE0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjViNjk4ZjJjNWY1NDNiMTkzYzllZTBhMTY4YTI1MjJiNTljNzZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmCCdmjrn5QOSK47BafrJOnqO2rYn
maewGBnyMwnL8XlEJEpQ/OTVthPr48K09YpBBmbjQVxziVA316U9VZ9JSuTSOa76
hO3aKqPA5sXs73zD4SoarMiDIwPLHsfljOOAttJhCNryD+sw2l2ZDDESnHOJg5ef
fCoABX1DLW5q4EPmc3J3bgV6ss+1zApvT8ZNsIQep7X2oko6pxnomUEggApvf/rq
kbE9h8lHHik6DoyxMre5CoJrNotRTLf1huSm3OEV7ZjY7sK5MyM1gi3gY3vhiqzp
scQ92ocqa9mojE/lzZtXGo0Jg6xVoESmRvSpB50XJ4DKkPCmYBz86EMQ3QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHJbaY8sX1Q7GTye4KFoolIrWcdqMB8GA1UdIwQY
MBaAFLlIERmv4b/yKfrNTvnIxhsPq+ryMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAt
OWI5YmNlMTVlMGM2LzEvY2x0cGp5eGZWRHNaUEo3Z29XaWlVaXRaeDJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAtOWI5YmNlMTVlMGM2
LzEvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABTs3AwQA
BTv5MA0GCSqGSIb3DQEBCwUAA4IBAQBLjV6Ad7UjPChM43rjkKYbUlY6A/RwGtlQ
VFVvLXCv2mUQyHPmy1jc6kOSNsZwWyqqrSTlWOnCLcNCtiomFOOca8dp4aQ//nH3
9o4i2FfDxksFwVhjwINudLMzmi0T/PZl+ptcm7ppWiR+q6/Ss0ZRBBXTNHev3KfG
1SJCwU6IeExnfuTrmlBNM9Wub00DCnaiAsG8GNf8nCKTDXVUhXciRQOhJqK8BWSi
xU1mLeSFiXnlRfkoy6QTauULP/XS3wUC/T3vPXZq4SJoxXPACGR2jhAXhlxsGQA+
+dAuSOs51urlQ6bhJPjmlXEs1JaeiAQv/QcJSRLkaHKi6TM+NMo7
-----END CERTIFICATE-----