Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/hMn6D80mnauByg9v07iIBDS0wzc.roa
File:                     hMn6D80mnauByg9v07iIBDS0wzc.roa (raw, json)
Hash identifier:          JScqqeKHh0gWodr5KFGH6FMuSuCQRExkAMta1dv1+Y8=
Subject key identifier:   84:C9:FA:0F:CD:26:9D:AB:81:CA:0F:6F:D3:B8:88:04:34:B4:C3:37
Certificate issuer:       /CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
Certificate serial:       01941F8C9A5C4AA807B650A3157458F826A3
Authority key identifier: B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/hMn6D80mnauByg9v07iIBDS0wzc.roa
Signing time:             Wed 01 Jan 2025 01:48:15 +0000
ROA not before:           Wed 01 Jan 2025 01:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212097
IP address blocks:        5.59.234.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 07:26:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:9a:5c:4a:a8:07:b6:50:a3:15:74:58:f8:26:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
        Validity
            Not Before: Jan  1 01:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=84c9fa0fcd269dab81ca0f6fd3b8880434b4c337
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:12:85:20:7a:cc:70:37:7d:4a:71:24:6b:b6:
                    8b:42:97:6e:26:62:10:e1:f0:80:b5:72:44:7a:4f:
                    6a:d2:26:95:4f:f4:44:b2:8f:8a:ec:5d:9f:ac:e9:
                    16:62:c2:fd:66:2f:ae:f4:ce:63:b8:8b:e6:16:c6:
                    3a:82:70:4a:51:49:f4:fb:d0:75:c2:91:f2:83:98:
                    4a:3a:aa:1d:e7:a7:b8:7e:ef:f8:d0:b8:c8:da:f2:
                    ee:37:21:63:8d:e4:1d:51:5d:7b:54:55:74:3f:48:
                    2e:59:c6:ff:ce:9d:48:7a:c0:77:35:db:b5:c9:8e:
                    ba:43:fc:45:54:0c:5b:8d:7e:01:d1:8b:c9:e3:61:
                    99:ec:27:9c:c7:f9:87:81:e4:c6:55:0f:25:27:0c:
                    04:63:ab:56:a6:0d:8d:3e:20:91:42:7c:3a:5f:9d:
                    2c:00:ee:2f:78:07:3b:39:8d:9e:ae:13:35:8e:0e:
                    73:ef:a3:ba:70:6b:86:a7:e8:e4:f6:2f:13:3b:c7:
                    69:8d:8e:dc:09:4c:77:97:b4:2e:2a:1e:f5:3d:1e:
                    1f:58:7c:b7:01:3e:39:15:50:08:bb:a4:2d:07:16:
                    4d:7f:59:bf:00:4e:62:16:15:bb:fb:f0:ea:18:43:
                    3e:33:9b:cf:d8:76:d0:8e:d5:e9:6a:26:98:63:30:
                    43:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:C9:FA:0F:CD:26:9D:AB:81:CA:0F:6F:D3:B8:88:04:34:B4:C3:37
            X509v3 Authority Key Identifier:
                keyid:B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/hMn6D80mnauByg9v07iIBDS0wzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.59.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         93:16:89:9f:78:b2:ee:22:48:32:16:46:da:e4:24:23:96:c0:
         2c:65:63:a3:48:1a:c7:ef:9f:f0:db:39:09:15:b4:13:d6:4e:
         a4:75:6a:af:99:66:56:79:79:f3:e2:c2:33:9b:a7:18:94:e0:
         2a:9c:4d:8f:29:ab:e5:8a:cb:ff:e5:dd:10:ec:f0:fa:cc:2d:
         6f:cd:92:84:34:25:ec:f6:2b:5c:3a:ca:c6:0d:b5:f6:0b:4c:
         17:64:9d:cb:2e:6c:60:ea:4f:65:12:33:9e:32:ca:8e:bf:a9:
         5a:82:e2:28:69:f4:96:da:05:35:30:f6:90:62:0a:99:27:e1:
         12:f1:81:51:fe:af:15:10:72:2e:da:6e:c9:36:06:dd:01:4e:
         ff:fa:6d:ce:94:1e:e1:33:be:7f:5f:55:38:89:7b:bc:bc:b1:
         f6:e6:27:18:d5:d2:7c:a4:90:9e:e1:4d:6e:d7:02:ca:f6:cc:
         af:64:f2:46:f9:1a:72:1d:b2:71:3b:7f:58:81:36:ff:86:6e:
         0f:62:a6:79:36:aa:bd:ae:fb:4b:94:78:7a:23:70:e4:d6:5c:
         01:7f:13:b5:53:50:7f:95:c2:de:a7:87:a7:82:3d:5c:c6:46:
         ff:61:0b:f8:48:2b:d1:25:92:70:d3:75:4b:aa:bb:54:7e:14:
         62:af:9a:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjJpcSqgHtlCjFXRY+CajMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NDgxMTE5YWZlMWJmZjIyOWZhY2Q0ZWY5YzhjNjFiMGZh
YmVhZjIwHhcNMjUwMTAxMDE0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGM5ZmEwZmNkMjY5ZGFiODFjYTBmNmZkM2I4ODgwNDM0YjRjMzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhKFIHrMcDd9SnEka7aLQpduJmIQ
4fCAtXJEek9q0iaVT/REso+K7F2frOkWYsL9Zi+u9M5juIvmFsY6gnBKUUn0+9B1
wpHyg5hKOqod56e4fu/40LjI2vLuNyFjjeQdUV17VFV0P0guWcb/zp1IesB3Ndu1
yY66Q/xFVAxbjX4B0YvJ42GZ7Cecx/mHgeTGVQ8lJwwEY6tWpg2NPiCRQnw6X50s
AO4veAc7OY2erhM1jg5z76O6cGuGp+jk9i8TO8dpjY7cCUx3l7QuKh71PR4fWHy3
AT45FVAIu6QtBxZNf1m/AE5iFhW7+/DqGEM+M5vP2HbQjtXpaiaYYzBD3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFITJ+g/NJp2rgcoPb9O4iAQ0tMM3MB8GA1UdIwQY
MBaAFLlIERmv4b/yKfrNTvnIxhsPq+ryMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAt
OWI5YmNlMTVlMGM2LzEvaE1uNkQ4MG1uYXVCeWc5djA3aUlCRFMwd3pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAtOWI5YmNlMTVlMGM2
LzEvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBTvqMA0G
CSqGSIb3DQEBCwUAA4IBAQCTFomfeLLuIkgyFkba5CQjlsAsZWOjSBrH75/w2zkJ
FbQT1k6kdWqvmWZWeXnz4sIzm6cYlOAqnE2PKavlisv/5d0Q7PD6zC1vzZKENCXs
9itcOsrGDbX2C0wXZJ3LLmxg6k9lEjOeMsqOv6laguIoafSW2gU1MPaQYgqZJ+ES
8YFR/q8VEHIu2m7JNgbdAU7/+m3OlB7hM75/X1U4iXu8vLH25icY1dJ8pJCe4U1u
1wLK9syvZPJG+RpyHbJxO39YgTb/hm4PYqZ5Nqq9rvtLlHh6I3Dk1lwBfxO1U1B/
lcLep4engj1cxkb/YQv4SCvRJZJw03VLqrtUfhRir5p7
-----END CERTIFICATE-----