Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/dbXMfojmqh3s4jYSz9HaLsZDte0.roa
File:                     dbXMfojmqh3s4jYSz9HaLsZDte0.roa (raw, json)
Hash identifier:          U5IS5TfQBgr0+IeToRf9OCsehA8gEhWHJifWz4e159g=
Subject key identifier:   75:B5:CC:7E:88:E6:AA:1D:EC:E2:36:12:CF:D1:DA:2E:C6:43:B5:ED
Certificate issuer:       /CN=9ba94bc14937bb0b3632374355a446724104a981
Certificate serial:       01931BCEAED310C1039D94D6C90D170AC12F
Authority key identifier: 9B:A9:4B:C1:49:37:BB:0B:36:32:37:43:55:A4:46:72:41:04:A9:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m6lLwUk3uws2MjdDVaRGckEEqYE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/dbXMfojmqh3s4jYSz9HaLsZDte0.roa
Signing time:             Mon 11 Nov 2024 15:19:10 +0000
ROA not before:           Mon 11 Nov 2024 15:19:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        185.59.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/m6lLwUk3uws2MjdDVaRGckEEqYE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/m6lLwUk3uws2MjdDVaRGckEEqYE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m6lLwUk3uws2MjdDVaRGckEEqYE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:1b:ce:ae:d3:10:c1:03:9d:94:d6:c9:0d:17:0a:c1:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ba94bc14937bb0b3632374355a446724104a981
        Validity
            Not Before: Nov 11 15:19:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75b5cc7e88e6aa1dece23612cfd1da2ec643b5ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:2f:ae:f1:d0:cb:0d:97:e7:3b:20:3a:4e:8f:
                    38:dc:fe:16:d3:74:85:af:d4:11:0e:af:23:18:05:
                    b3:89:09:0d:c8:f5:aa:a2:fb:94:2b:e2:55:e7:4e:
                    18:96:e5:28:c1:a8:f9:cf:a7:04:71:16:89:8d:ea:
                    15:75:59:10:41:79:08:69:eb:b0:54:cd:ea:fc:2d:
                    c8:f2:23:3a:8a:57:e6:db:76:28:da:93:51:3b:89:
                    6a:1d:31:bc:f9:9f:20:7d:99:93:ae:66:3e:93:ae:
                    6b:69:04:2b:05:89:20:fe:24:6e:ea:12:dc:28:a9:
                    61:b2:a7:4b:ce:fa:07:4a:c1:d2:69:11:9a:21:a9:
                    2c:9a:b7:53:7a:dd:d7:14:b0:ac:f7:85:5f:c9:7d:
                    f9:47:92:af:d9:a7:8d:2a:9b:49:98:53:a1:27:2d:
                    ef:45:62:18:97:0d:61:2a:dd:67:a9:57:ed:64:fe:
                    74:ea:3b:f4:f0:3f:0f:9d:75:05:ba:12:5b:d9:24:
                    5f:86:15:d1:78:ec:60:0e:20:ee:9f:2c:7b:84:3d:
                    39:be:c6:30:c2:75:11:1c:23:fc:1c:14:18:d5:55:
                    47:9a:94:a9:bf:3d:ea:6c:e3:0b:5e:ad:46:fd:4f:
                    02:f6:f1:7e:c4:5d:e1:03:59:64:30:24:b1:70:bb:
                    8b:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:B5:CC:7E:88:E6:AA:1D:EC:E2:36:12:CF:D1:DA:2E:C6:43:B5:ED
            X509v3 Authority Key Identifier:
                keyid:9B:A9:4B:C1:49:37:BB:0B:36:32:37:43:55:A4:46:72:41:04:A9:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m6lLwUk3uws2MjdDVaRGckEEqYE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/dbXMfojmqh3s4jYSz9HaLsZDte0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/cc7843-d136-4ffb-8b99-836c312ac8c2/1/m6lLwUk3uws2MjdDVaRGckEEqYE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.59.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:14:4e:73:8a:ae:86:74:91:3b:a6:ad:65:80:f1:6d:c4:10:
         e9:8a:c2:9b:0c:e8:a3:24:c4:0a:a2:10:96:de:05:f0:ef:4c:
         58:0d:a4:2e:86:8b:ec:44:71:3c:48:8e:a3:08:a4:b8:8f:9a:
         8a:78:ff:5d:5d:84:77:22:c2:28:d8:07:f9:22:11:5e:a0:3a:
         35:f4:06:53:9c:02:fb:d7:f8:7c:20:d7:e9:05:3a:e9:e0:dc:
         3b:36:a8:84:94:09:69:6f:a9:8e:20:0c:94:e4:85:73:dd:3f:
         0c:fc:0b:de:d3:f3:ce:ad:48:73:d2:b1:9f:41:61:1b:9b:ad:
         15:fd:43:90:de:73:5e:dd:e7:f2:f4:22:d4:43:f0:75:da:66:
         8c:d9:ff:fa:8a:8a:e9:2c:b1:ab:db:9a:7d:c5:cd:a1:cf:c3:
         df:ba:ad:18:00:95:91:4e:dd:71:ad:3e:58:1a:87:e5:9e:0c:
         34:0e:1e:ee:7c:38:b0:76:b0:d7:73:75:47:1e:33:97:ca:62:
         f7:97:ca:d1:ff:b8:f4:11:58:88:f1:da:14:1d:9d:c8:89:ed:
         e2:7c:7f:f8:0e:fc:f7:86:07:8e:84:b6:c6:9c:2f:f0:aa:07:
         0d:6f:17:a0:d3:6d:16:55:89:36:69:a8:b3:43:de:9d:f7:33:
         5b:8c:1a:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMbzq7TEMEDnZTWyQ0XCsEvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliYTk0YmMxNDkzN2JiMGIzNjMyMzc0MzU1YTQ0NjcyNDEw
NGE5ODEwHhcNMjQxMTExMTUxOTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWI1Y2M3ZTg4ZTZhYTFkZWNlMjM2MTJjZmQxZGEyZWM2NDNiNWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2C+u8dDLDZfnOyA6To843P4W03SF
r9QRDq8jGAWziQkNyPWqovuUK+JV504YluUowaj5z6cEcRaJjeoVdVkQQXkIaeuw
VM3q/C3I8iM6ilfm23Yo2pNRO4lqHTG8+Z8gfZmTrmY+k65raQQrBYkg/iRu6hLc
KKlhsqdLzvoHSsHSaRGaIaksmrdTet3XFLCs94VfyX35R5Kv2aeNKptJmFOhJy3v
RWIYlw1hKt1nqVftZP506jv08D8PnXUFuhJb2SRfhhXReOxgDiDunyx7hD05vsYw
wnURHCP8HBQY1VVHmpSpvz3qbOMLXq1G/U8C9vF+xF3hA1lkMCSxcLuL1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHW1zH6I5qod7OI2Es/R2i7GQ7XtMB8GA1UdIwQY
MBaAFJupS8FJN7sLNjI3Q1WkRnJBBKmBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTZsTHdVazN1d3MyTWpkRFZhUkdja0VFcVlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9jYzc4NDMtZDEzNi00ZmZiLThiOTkt
ODM2YzMxMmFjOGMyLzEvZGJYTWZvam1xaDNzNGpZU3o5SGFMc1pEdGUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9jYzc4NDMtZDEzNi00ZmZiLThiOTktODM2YzMxMmFjOGMy
LzEvbTZsTHdVazN1d3MyTWpkRFZhUkdja0VFcVlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTuIMA0G
CSqGSIb3DQEBCwUAA4IBAQBhFE5ziq6GdJE7pq1lgPFtxBDpisKbDOijJMQKohCW
3gXw70xYDaQuhovsRHE8SI6jCKS4j5qKeP9dXYR3IsIo2Af5IhFeoDo19AZTnAL7
1/h8INfpBTrp4Nw7NqiElAlpb6mOIAyU5IVz3T8M/Ave0/POrUhz0rGfQWEbm60V
/UOQ3nNe3efy9CLUQ/B12maM2f/6iorpLLGr25p9xc2hz8Pfuq0YAJWRTt1xrT5Y
Goflngw0Dh7ufDiwdrDXc3VHHjOXymL3l8rR/7j0EViI8doUHZ3Iie3ifH/4Dvz3
hgeOhLbGnC/wqgcNbxeg020WVYk2aaizQ96d9zNbjBok
-----END CERTIFICATE-----