Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/Um4E5fVDXPSksIgkdnUaTYvxVPw.roa
File:                     Um4E5fVDXPSksIgkdnUaTYvxVPw.roa (raw, json)
Hash identifier:          QAvSlHJxAKMsSGQIKpSBD9FFIF7ceO/AR925Jh1iukM=
Subject key identifier:   52:6E:04:E5:F5:43:5C:F4:A4:B0:88:24:76:75:1A:4D:8B:F1:54:FC
Certificate issuer:       /CN=28fd66e43a104633b27bac539b98bdf8ebfac9ae
Certificate serial:       018CD16CF85AD79D6C03185E463971FBD779
Authority key identifier: 28:FD:66:E4:3A:10:46:33:B2:7B:AC:53:9B:98:BD:F8:EB:FA:C9:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/Um4E5fVDXPSksIgkdnUaTYvxVPw.roa
Signing time:             Wed 03 Jan 2024 22:23:48 +0000
ROA not before:           Wed 03 Jan 2024 22:23:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212219
IP address blocks:        2.59.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/KP1m5DoQRjOye6xTm5i9-Ov6ya4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/KP1m5DoQRjOye6xTm5i9-Ov6ya4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d1:6c:f8:5a:d7:9d:6c:03:18:5e:46:39:71:fb:d7:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28fd66e43a104633b27bac539b98bdf8ebfac9ae
        Validity
            Not Before: Jan  3 22:23:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=526e04e5f5435cf4a4b0882476751a4d8bf154fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:f4:96:9f:9f:ce:00:fe:38:fc:b9:18:5f:fa:
                    16:55:da:b6:a1:df:5a:be:51:d5:95:2a:60:0d:4c:
                    7f:13:59:38:4c:f1:c2:78:67:14:87:15:e6:51:93:
                    57:ae:4c:c4:d5:e5:67:0d:ea:89:95:cb:3c:60:aa:
                    a0:fb:22:24:a4:fb:71:58:8b:0f:f0:4c:d0:1a:b7:
                    87:ae:b6:ea:6a:6c:5a:d0:d4:27:2a:7d:22:53:da:
                    fc:b1:eb:ea:91:be:a1:44:e3:51:4c:ed:8c:28:af:
                    cf:81:13:63:cf:9c:eb:10:ad:8a:7b:95:3e:43:51:
                    30:2c:7a:65:ae:db:b8:cc:1a:04:b8:b9:db:a5:94:
                    b1:2d:5f:49:87:35:72:af:3b:24:a1:90:1c:5d:5c:
                    67:fe:36:a3:d0:b5:d2:5b:65:69:94:3e:57:e5:c5:
                    cf:66:e6:20:c6:ee:86:21:45:a9:80:9a:a4:ea:4f:
                    3d:1f:27:a1:59:c5:a2:e8:da:a3:18:83:43:98:cd:
                    50:a8:d4:29:21:5b:e3:0f:74:35:e1:9f:2b:ab:6e:
                    78:8f:7b:00:ae:b3:81:a4:a3:a5:9b:30:d5:5c:b7:
                    99:89:cb:56:c2:b6:21:2b:c7:88:b9:92:4f:3c:cf:
                    11:f4:aa:c6:af:48:a2:5d:e0:90:21:c6:7f:8e:78:
                    92:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:6E:04:E5:F5:43:5C:F4:A4:B0:88:24:76:75:1A:4D:8B:F1:54:FC
            X509v3 Authority Key Identifier:
                keyid:28:FD:66:E4:3A:10:46:33:B2:7B:AC:53:9B:98:BD:F8:EB:FA:C9:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KP1m5DoQRjOye6xTm5i9-Ov6ya4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/Um4E5fVDXPSksIgkdnUaTYvxVPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/8ed3b7-bb2d-4f4d-9db6-267669f35648/1/KP1m5DoQRjOye6xTm5i9-Ov6ya4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:b3:92:8a:9e:c2:27:b3:f3:33:e6:82:29:0d:63:49:51:df:
         98:20:41:f5:30:b8:64:0a:36:80:e0:a5:f1:f2:fb:8f:28:43:
         40:ca:92:5e:36:b9:7a:72:5e:02:e1:89:20:34:6b:ff:c4:b6:
         d3:31:5f:e1:3c:30:15:8c:b4:5d:e1:29:d2:9a:4c:8a:0d:90:
         92:c3:4d:89:02:83:e2:9b:21:5f:78:03:1c:3c:ca:5e:25:64:
         0f:6e:77:99:26:98:51:24:ef:5f:2d:1f:f8:25:43:88:3e:55:
         44:95:4a:81:c6:f0:0f:7f:93:8b:9d:31:27:f6:ec:e8:c5:b5:
         33:60:51:4b:51:24:eb:54:0a:3f:a4:6a:f1:7e:22:ed:4a:8e:
         7a:04:48:9b:14:ad:07:e0:ec:fd:e2:cb:6b:1f:b3:39:73:c4:
         c7:05:21:48:8f:22:51:cc:5a:27:b9:db:db:d2:f9:82:7a:68:
         65:ba:6d:7b:05:a6:e2:04:d3:19:4a:ee:fe:9b:cc:fe:b2:01:
         51:7b:16:2a:df:71:12:02:9b:be:96:85:08:09:d0:2f:88:13:
         04:d3:dc:d6:10:c9:e8:71:40:f6:5a:86:62:c5:7e:d3:55:c8:
         a7:40:69:78:1a:95:70:a3:7b:bf:15:a4:0b:8f:7a:1e:dc:46:
         d0:d2:29:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzRbPha151sAxheRjlx+9d5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4ZmQ2NmU0M2ExMDQ2MzNiMjdiYWM1MzliOThiZGY4ZWJm
YWM5YWUwHhcNMjQwMTAzMjIyMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjZlMDRlNWY1NDM1Y2Y0YTRiMDg4MjQ3Njc1MWE0ZDhiZjE1NGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvSWn5/OAP44/LkYX/oWVdq2od9a
vlHVlSpgDUx/E1k4TPHCeGcUhxXmUZNXrkzE1eVnDeqJlcs8YKqg+yIkpPtxWIsP
8EzQGreHrrbqamxa0NQnKn0iU9r8sevqkb6hRONRTO2MKK/PgRNjz5zrEK2Ke5U+
Q1EwLHplrtu4zBoEuLnbpZSxLV9JhzVyrzskoZAcXVxn/jaj0LXSW2VplD5X5cXP
ZuYgxu6GIUWpgJqk6k89HyehWcWi6NqjGINDmM1QqNQpIVvjD3Q14Z8rq254j3sA
rrOBpKOlmzDVXLeZictWwrYhK8eIuZJPPM8R9KrGr0iiXeCQIcZ/jniSewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFJuBOX1Q1z0pLCIJHZ1Gk2L8VT8MB8GA1UdIwQY
MBaAFCj9ZuQ6EEYzsnusU5uYvfjr+smuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1AxbTVEb1FSak95ZTZ4VG01aTktT3Y2eWE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi84ZWQzYjctYmIyZC00ZjRkLTlkYjYt
MjY3NjY5ZjM1NjQ4LzEvVW00RTVmVkRYUFNrc0lna2RuVWFUWXZ4VlB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi84ZWQzYjctYmIyZC00ZjRkLTlkYjYtMjY3NjY5ZjM1NjQ4
LzEvS1AxbTVEb1FSak95ZTZ4VG01aTktT3Y2eWE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjt3MA0G
CSqGSIb3DQEBCwUAA4IBAQAJs5KKnsIns/Mz5oIpDWNJUd+YIEH1MLhkCjaA4KXx
8vuPKENAypJeNrl6cl4C4YkgNGv/xLbTMV/hPDAVjLRd4SnSmkyKDZCSw02JAoPi
myFfeAMcPMpeJWQPbneZJphRJO9fLR/4JUOIPlVElUqBxvAPf5OLnTEn9uzoxbUz
YFFLUSTrVAo/pGrxfiLtSo56BEibFK0H4Oz94strH7M5c8THBSFIjyJRzFonudvb
0vmCemhlum17BabiBNMZSu7+m8z+sgFRexYq33ESApu+loUICdAviBME09zWEMno
cUD2WoZixX7TVcinQGl4GpVwo3u/FaQLj3oe3EbQ0ilL
-----END CERTIFICATE-----