Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/g0-ZqV6AIKQ7OhGE3nGFXTVEt8E.roa
File:                     g0-ZqV6AIKQ7OhGE3nGFXTVEt8E.roa (raw, json)
Hash identifier:          AQSIytLC5Vkdxofnxnk+pTWjv0+FgeMo6wh2SeysvZg=
Subject key identifier:   83:4F:99:A9:5E:80:20:A4:3B:3A:11:84:DE:71:85:5D:35:44:B7:C1
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018E64C6AB3BBBDD0730E14E14E9E5F12414
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/g0-ZqV6AIKQ7OhGE3nGFXTVEt8E.roa
Signing time:             Fri 22 Mar 2024 06:08:45 +0000
ROA not before:           Fri 22 Mar 2024 06:08:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21738
IP address blocks:        2.59.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:64:c6:ab:3b:bb:dd:07:30:e1:4e:14:e9:e5:f1:24:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar 22 06:08:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=834f99a95e8020a43b3a1184de71855d3544b7c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:48:ac:4d:3b:ce:19:64:ea:3a:20:49:7b:98:
                    8f:3f:4b:bd:4b:66:83:9e:7e:72:97:23:47:8e:5b:
                    88:c9:2e:83:ff:c3:e4:d1:a1:f1:29:a4:0f:84:fc:
                    77:0a:de:28:d1:a1:53:59:9f:3b:35:a1:0d:69:89:
                    21:49:06:0b:9c:81:72:e8:ef:e6:72:62:88:54:27:
                    75:4e:e8:88:06:86:cb:ad:00:6e:cd:ea:56:5d:9e:
                    7b:f5:e4:2c:c6:8d:4b:b0:2d:e6:ff:fb:be:c3:d9:
                    81:ec:69:71:cd:66:7c:b7:93:f9:1a:aa:a6:ae:03:
                    7c:50:ab:dc:a1:da:54:ee:12:61:b6:ed:49:12:23:
                    eb:a6:ae:73:af:3c:7f:10:af:f6:eb:ae:ef:1a:45:
                    e7:52:64:9d:32:32:e0:a7:ae:d8:1a:71:6f:7e:81:
                    31:3b:47:ba:0e:e3:3c:89:97:5c:04:7f:8b:ef:20:
                    5c:3d:47:09:05:b9:b5:3b:3c:f0:9b:e3:7d:6a:db:
                    5b:f1:94:e6:12:5d:9b:68:f9:73:27:9c:79:0f:83:
                    e4:bb:48:17:b1:9e:11:ef:fc:ab:2b:06:a1:c8:8a:
                    66:71:60:11:59:fb:92:ee:a4:bf:3e:8f:ed:2d:03:
                    58:11:b3:a6:58:f6:66:1e:09:69:22:04:8e:09:7b:
                    4d:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:4F:99:A9:5E:80:20:A4:3B:3A:11:84:DE:71:85:5D:35:44:B7:C1
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/g0-ZqV6AIKQ7OhGE3nGFXTVEt8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:01:d2:6e:c5:30:a4:be:5c:20:89:37:8a:83:28:30:d5:b7:
         32:39:48:ba:b3:3e:a0:6e:2c:e1:9b:29:df:90:cf:9f:d8:5a:
         80:06:23:84:a1:8d:b1:df:fe:c9:b9:49:25:c7:d9:36:89:72:
         63:50:87:56:c2:eb:08:eb:a4:57:4a:cd:24:c1:97:66:54:24:
         88:5d:9b:f9:71:76:79:31:49:33:fc:52:24:5b:04:e3:61:43:
         ef:d2:2d:ce:5c:e6:9d:45:d9:d6:df:ae:83:1a:0f:73:69:c8:
         84:48:00:30:9e:45:04:d7:43:20:94:7c:8b:a1:9c:ed:94:6e:
         fb:12:42:ed:72:10:9e:b2:35:9f:7f:ae:61:87:55:9d:cd:f1:
         78:c3:8b:03:64:37:45:83:13:f2:22:49:36:f1:2f:c0:8d:2f:
         4c:f7:14:29:fe:12:2f:9a:c7:4e:1d:3e:ad:29:8b:09:79:32:
         da:a8:b3:94:07:05:3c:3f:d4:ef:ea:4e:88:4a:dd:76:13:a2:
         54:a0:85:60:9d:86:36:5c:11:f5:f9:c2:20:d9:c1:1e:fc:3a:
         67:7d:3a:c8:2f:43:19:86:76:ef:b8:ea:83:e8:ba:a9:94:64:
         86:28:91:f9:ad:2e:e9:05:7f:6b:10:71:04:0d:0c:a4:b4:95:
         dc:51:a7:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5kxqs7u90HMOFOFOnl8SQUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMzIyMDYwODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzRmOTlhOTVlODAyMGE0M2IzYTExODRkZTcxODU1ZDM1NDRiN2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0isTTvOGWTqOiBJe5iPP0u9S2aD
nn5ylyNHjluIyS6D/8Pk0aHxKaQPhPx3Ct4o0aFTWZ87NaENaYkhSQYLnIFy6O/m
cmKIVCd1TuiIBobLrQBuzepWXZ579eQsxo1LsC3m//u+w9mB7GlxzWZ8t5P5Gqqm
rgN8UKvcodpU7hJhtu1JEiPrpq5zrzx/EK/2667vGkXnUmSdMjLgp67YGnFvfoEx
O0e6DuM8iZdcBH+L7yBcPUcJBbm1Ozzwm+N9attb8ZTmEl2baPlzJ5x5D4Pku0gX
sZ4R7/yrKwahyIpmcWARWfuS7qS/Po/tLQNYEbOmWPZmHglpIgSOCXtNxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFINPmalegCCkOzoRhN5xhV01RLfBMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvZzAtWnFWNkFJS1E3T2hHRTNuR0ZYVFZFdDhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjv/MA0G
CSqGSIb3DQEBCwUAA4IBAQBPAdJuxTCkvlwgiTeKgygw1bcyOUi6sz6gbizhmynf
kM+f2FqABiOEoY2x3/7JuUklx9k2iXJjUIdWwusI66RXSs0kwZdmVCSIXZv5cXZ5
MUkz/FIkWwTjYUPv0i3OXOadRdnW366DGg9zaciESAAwnkUE10MglHyLoZztlG77
EkLtchCesjWff65hh1WdzfF4w4sDZDdFgxPyIkk28S/AjS9M9xQp/hIvmsdOHT6t
KYsJeTLaqLOUBwU8P9Tv6k6ISt12E6JUoIVgnYY2XBH1+cIg2cEe/DpnfTrIL0MZ
hnbvuOqD6LqplGSGKJH5rS7pBX9rEHEEDQyktJXcUaeO
-----END CERTIFICATE-----