Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/fs3SjiK6HIQ0YIMFxasyPupjRJs.roa
File:                     fs3SjiK6HIQ0YIMFxasyPupjRJs.roa (raw, json)
Hash identifier:          nrFmw9jQGmV9vcKROE3MjvFrXZVEwFwyNObBoIkFs6Q=
Subject key identifier:   7E:CD:D2:8E:22:BA:1C:84:34:60:83:05:C5:AB:32:3E:EA:63:44:9B
Certificate issuer:       /CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
Certificate serial:       01941F8C9AAD3CBE78B504E6F5E98396E1F3
Authority key identifier: B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/fs3SjiK6HIQ0YIMFxasyPupjRJs.roa
Signing time:             Wed 01 Jan 2025 01:48:15 +0000
ROA not before:           Wed 01 Jan 2025 01:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212109
IP address blocks:        5.59.182.0/24 maxlen: 24
                          5.59.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 01:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:9a:ad:3c:be:78:b5:04:e6:f5:e9:83:96:e1:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
        Validity
            Not Before: Jan  1 01:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7ecdd28e22ba1c8434608305c5ab323eea63449b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:c0:f9:96:c9:32:f1:5c:40:90:60:f4:17:8a:
                    c7:52:ea:2b:88:93:54:bf:8a:9e:6e:4d:84:c0:fb:
                    4c:e8:64:65:81:0b:4f:b2:32:74:8c:5f:b9:49:a7:
                    58:21:41:e2:f8:1b:e1:3d:e8:46:99:c9:18:c1:84:
                    03:48:9d:40:48:89:5e:7a:e1:7a:86:20:66:3b:a8:
                    a5:41:0a:14:96:3e:bf:e4:23:fb:a2:8e:20:04:5a:
                    31:e4:94:29:2c:ad:1e:bf:1c:fe:6d:c4:71:42:34:
                    d8:ed:12:86:7b:42:4e:87:6b:58:41:64:60:8c:6f:
                    12:05:24:a1:cc:23:b0:b6:aa:72:a2:d6:50:d4:7f:
                    ce:69:8d:0d:93:51:02:c0:1e:04:26:3d:e1:cb:b4:
                    73:8a:a7:01:17:bc:eb:22:93:10:f4:df:be:d2:fb:
                    f7:a3:50:83:7c:4e:25:d7:b1:e7:60:7a:c0:78:85:
                    0e:dc:4b:4b:b7:26:65:8f:83:eb:51:a1:ba:0d:cd:
                    dc:d2:3f:b8:35:b9:47:da:e3:c5:40:71:50:88:90:
                    78:66:a4:14:e5:6d:93:8c:e4:69:ef:7e:70:d2:a4:
                    e8:19:b9:da:a0:35:64:f8:17:6b:38:8b:7d:e9:ee:
                    d6:b3:51:43:d0:18:97:ee:24:24:4d:0e:13:13:76:
                    44:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:CD:D2:8E:22:BA:1C:84:34:60:83:05:C5:AB:32:3E:EA:63:44:9B
            X509v3 Authority Key Identifier:
                keyid:B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/fs3SjiK6HIQ0YIMFxasyPupjRJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.59.182.0/24
                  5.59.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:d4:20:b2:ad:4d:1c:df:7b:ad:e5:e2:46:93:9f:5c:fe:96:
         61:52:b7:5c:88:ee:a7:ec:26:5d:ee:9c:3a:f2:0f:b0:24:6d:
         88:51:e8:08:47:0f:e2:82:fa:2b:70:a8:bf:b9:43:b1:43:61:
         82:14:44:4c:1a:6a:4e:93:06:ce:01:20:0b:62:f4:26:22:29:
         10:75:f8:a8:43:3d:18:7c:bc:e2:9e:45:e8:8d:54:f7:4b:ba:
         9f:60:77:4b:03:ed:ef:6f:c4:67:ea:2c:43:b0:59:04:5d:85:
         30:51:d1:43:29:1d:36:12:29:bb:63:9b:33:64:a9:2a:41:ae:
         19:37:7e:54:ef:85:86:ee:d6:29:ae:c6:32:c6:3e:66:fb:cb:
         79:1a:64:17:a9:b5:44:1e:49:7b:9b:3a:64:e0:95:20:e0:be:
         35:04:cf:11:a6:60:1b:6a:cf:c2:6f:fc:56:d6:86:03:36:8a:
         77:4b:dd:5b:6b:b9:d0:30:ea:f8:07:9b:4b:13:38:21:20:76:
         45:14:4f:ad:a0:62:21:df:98:56:a9:21:04:e0:fc:af:3d:c2:
         6e:58:47:cf:aa:a4:66:bf:dc:f7:c0:e2:39:aa:41:3c:39:ea:
         89:4a:fb:ee:0e:b5:b7:34:69:4c:22:c8:20:98:e6:6b:45:9e:
         0f:ba:fe:ad
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQfjJqtPL54tQTm9emDluHzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NDgxMTE5YWZlMWJmZjIyOWZhY2Q0ZWY5YzhjNjFiMGZh
YmVhZjIwHhcNMjUwMTAxMDE0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWNkZDI4ZTIyYmExYzg0MzQ2MDgzMDVjNWFiMzIzZWVhNjM0NDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmsD5lsky8VxAkGD0F4rHUuoriJNU
v4qebk2EwPtM6GRlgQtPsjJ0jF+5SadYIUHi+BvhPehGmckYwYQDSJ1ASIleeuF6
hiBmO6ilQQoUlj6/5CP7oo4gBFox5JQpLK0evxz+bcRxQjTY7RKGe0JOh2tYQWRg
jG8SBSShzCOwtqpyotZQ1H/OaY0Nk1ECwB4EJj3hy7RziqcBF7zrIpMQ9N++0vv3
o1CDfE4l17HnYHrAeIUO3EtLtyZlj4PrUaG6Dc3c0j+4NblH2uPFQHFQiJB4ZqQU
5W2TjORp735w0qToGbnaoDVk+BdrOIt96e7Ws1FD0BiX7iQkTQ4TE3ZEzwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH7N0o4iuhyENGCDBcWrMj7qY0SbMB8GA1UdIwQY
MBaAFLlIERmv4b/yKfrNTvnIxhsPq+ryMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAt
OWI5YmNlMTVlMGM2LzEvZnMzU2ppSzZISVEwWUlNRnhhc3lQdXBqUkpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAtOWI5YmNlMTVlMGM2
LzEvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABTu2AwQA
BTvxMA0GCSqGSIb3DQEBCwUAA4IBAQCp1CCyrU0c33ut5eJGk59c/pZhUrdciO6n
7CZd7pw68g+wJG2IUegIRw/igvorcKi/uUOxQ2GCFERMGmpOkwbOASALYvQmIikQ
dfioQz0YfLzinkXojVT3S7qfYHdLA+3vb8Rn6ixDsFkEXYUwUdFDKR02Eim7Y5sz
ZKkqQa4ZN35U74WG7tYprsYyxj5m+8t5GmQXqbVEHkl7mzpk4JUg4L41BM8RpmAb
as/Cb/xW1oYDNop3S91ba7nQMOr4B5tLEzghIHZFFE+toGIh35hWqSEE4PyvPcJu
WEfPqqRmv9z3wOI5qkE8OeqJSvvuDrW3NGlMIsggmOZrRZ4Puv6t
-----END CERTIFICATE-----