Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/oZNlbDtKTkCbmr73Eg_ZHIaV0bk.roa
File:                     oZNlbDtKTkCbmr73Eg_ZHIaV0bk.roa (raw, json)
Hash identifier:          USnfJ3qyQaOG+mSFZjbJRFwCfIgeE15qwnOFspEjaA0=
Subject key identifier:   A1:93:65:6C:3B:4A:4E:40:9B:9A:BE:F7:12:0F:D9:1C:86:95:D1:B9
Certificate issuer:       /CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
Certificate serial:       01941F8C975B6926BFD90027D25EA40EA099
Authority key identifier: B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/oZNlbDtKTkCbmr73Eg_ZHIaV0bk.roa
Signing time:             Wed 01 Jan 2025 01:48:14 +0000
ROA not before:           Wed 01 Jan 2025 01:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202813
IP address blocks:        5.59.60.0/22 maxlen: 24
                          5.59.64.0/22 maxlen: 24
                          5.59.172.0/24 maxlen: 24
                          5.59.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:97:5b:69:26:bf:d9:00:27:d2:5e:a4:0e:a0:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
        Validity
            Not Before: Jan  1 01:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a193656c3b4a4e409b9abef7120fd91c8695d1b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:5c:bd:ca:90:6d:73:09:da:04:6a:89:5a:c6:
                    4e:e8:3e:d9:cc:16:62:a6:f1:b2:32:cc:3e:9e:30:
                    ed:3e:58:f7:10:79:a8:46:78:70:e4:98:da:3d:88:
                    0b:df:bd:88:85:8f:b5:db:e5:d4:43:e0:29:10:31:
                    01:d2:75:df:0f:ee:8f:66:47:c0:02:ec:6f:22:1b:
                    7c:dd:06:2c:39:b6:42:93:f4:c0:00:8a:1f:ff:9b:
                    99:6d:96:f1:0b:38:a0:79:36:ee:20:f3:a4:4e:b2:
                    50:8d:65:26:e7:23:5e:f0:2d:b6:71:a8:00:1d:5c:
                    90:fc:ca:18:8b:e8:cd:39:3d:f3:a6:98:f8:e8:c3:
                    ba:ef:09:c2:9c:ed:08:98:c0:79:86:6e:fb:e6:c2:
                    cf:ce:15:b2:61:28:22:24:c7:51:de:c9:9f:7c:8c:
                    8e:d0:4b:fe:7f:f1:f4:47:be:dd:6f:79:d6:52:03:
                    e1:8e:13:ab:8d:de:21:f0:9f:ea:18:06:42:0d:75:
                    ea:30:6f:34:fc:cb:1a:1b:de:ab:55:b5:d3:5a:b6:
                    55:32:09:f0:e2:df:63:c7:4a:69:11:a0:f5:0f:da:
                    01:63:51:e3:10:35:c5:41:61:f9:92:4f:3e:53:5b:
                    26:c0:81:a7:b7:3d:7d:14:45:a3:1f:d6:04:cf:83:
                    99:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:93:65:6C:3B:4A:4E:40:9B:9A:BE:F7:12:0F:D9:1C:86:95:D1:B9
            X509v3 Authority Key Identifier:
                keyid:B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/oZNlbDtKTkCbmr73Eg_ZHIaV0bk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.59.60.0-5.59.67.255
                  5.59.172.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9b:7b:d5:da:5f:ac:fa:b8:25:04:7d:6a:56:2d:1e:9e:31:3f:
         9f:8d:dc:fd:dc:9f:9f:3f:9a:fb:4b:4a:26:ad:db:c0:78:22:
         f0:a4:32:40:67:2e:53:75:ea:0c:6b:35:8f:2b:0c:e1:f9:88:
         cf:27:69:dc:9a:47:b3:a3:13:21:06:e4:a8:0d:27:96:ec:74:
         1a:29:69:a9:07:26:fa:9a:26:ce:bf:bd:09:6f:7b:b9:d3:f1:
         bd:d2:45:8d:62:23:a7:2f:aa:5a:a4:40:82:d7:f1:e6:9e:8c:
         78:23:3c:81:26:9e:d9:6f:9a:ab:fe:e3:b0:87:e5:dd:4e:a0:
         81:7f:9e:9c:5b:63:bc:ca:24:73:62:f8:c5:31:62:9b:51:e5:
         12:18:e0:7f:2f:72:8e:e8:10:07:38:36:fa:86:52:ab:de:46:
         55:18:64:81:1f:62:32:c4:61:47:18:5b:9e:ce:b1:eb:ca:3a:
         57:e1:38:d1:a7:18:ff:71:0a:14:2c:5c:52:2a:59:f4:13:83:
         7c:4f:ab:d8:74:5e:69:9f:c4:37:9e:aa:39:35:65:73:89:9e:
         f3:ce:e9:86:19:5e:83:15:75:22:5d:26:a5:ab:c0:ed:a4:65:
         f5:e0:40:a6:48:b4:ff:7a:6a:ec:e8:0d:b1:0d:c2:b1:36:3e:
         3c:89:e3:05
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQfjJdbaSa/2QAn0l6kDqCZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NDgxMTE5YWZlMWJmZjIyOWZhY2Q0ZWY5YzhjNjFiMGZh
YmVhZjIwHhcNMjUwMTAxMDE0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTkzNjU2YzNiNGE0ZTQwOWI5YWJlZjcxMjBmZDkxYzg2OTVkMWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz1y9ypBtcwnaBGqJWsZO6D7ZzBZi
pvGyMsw+njDtPlj3EHmoRnhw5JjaPYgL372IhY+12+XUQ+ApEDEB0nXfD+6PZkfA
AuxvIht83QYsObZCk/TAAIof/5uZbZbxCzigeTbuIPOkTrJQjWUm5yNe8C22cagA
HVyQ/MoYi+jNOT3zppj46MO67wnCnO0ImMB5hm775sLPzhWyYSgiJMdR3smffIyO
0Ev+f/H0R77db3nWUgPhjhOrjd4h8J/qGAZCDXXqMG80/MsaG96rVbXTWrZVMgnw
4t9jx0ppEaD1D9oBY1HjEDXFQWH5kk8+U1smwIGntz19FEWjH9YEz4OZ4wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFKGTZWw7Sk5Am5q+9xIP2RyGldG5MB8GA1UdIwQY
MBaAFLlIERmv4b/yKfrNTvnIxhsPq+ryMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAt
OWI5YmNlMTVlMGM2LzEvb1pObGJEdEtUa0NibXI3M0VnX1pISWFWMGJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAtOWI5YmNlMTVlMGM2
LzEvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAIFOzwD
BAIFO0ADBAEFO6wwDQYJKoZIhvcNAQELBQADggEBAJt71dpfrPq4JQR9alYtHp4x
P5+N3P3cn58/mvtLSiat28B4IvCkMkBnLlN16gxrNY8rDOH5iM8nadyaR7OjEyEG
5KgNJ5bsdBopaakHJvqaJs6/vQlve7nT8b3SRY1iI6cvqlqkQILX8eaejHgjPIEm
ntlvmqv+47CH5d1OoIF/npxbY7zKJHNi+MUxYptR5RIY4H8vco7oEAc4NvqGUqve
RlUYZIEfYjLEYUcYW57OsevKOlfhONGnGP9xChQsXFIqWfQTg3xPq9h0XmmfxDee
qjk1ZXOJnvPO6YYZXoMVdSJdJqWrwO2kZfXgQKZItP96auzoDbENwrE2PjyJ4wU=
-----END CERTIFICATE-----