Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/f7f0f2-479e-4f03-baa2-061ed9371475/1/59Mn6Fq_ztW3ZpObO3_epXiDhpk.roa
File:                     59Mn6Fq_ztW3ZpObO3_epXiDhpk.roa (raw, json)
Hash identifier:          cp+rR6j5Vo4FlHwAzBmhQ3KTx+zcyZnQHkQLzqefDBI=
Subject key identifier:   E7:D3:27:E8:5A:BF:CE:D5:B7:66:93:9B:3B:7F:DE:A5:78:83:86:99
Certificate issuer:       /CN=7575d53db822d25db827d0377cbeb06d2ca41acb
Certificate serial:       019427B53BC61BB434085DA3B58FE6E25F04
Authority key identifier: 75:75:D5:3D:B8:22:D2:5D:B8:27:D0:37:7C:BE:B0:6D:2C:A4:1A:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dXXVPbgi0l24J9A3fL6wbSykGss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/f7f0f2-479e-4f03-baa2-061ed9371475/1/59Mn6Fq_ztW3ZpObO3_epXiDhpk.roa
Signing time:             Thu 02 Jan 2025 15:49:36 +0000
ROA not before:           Thu 02 Jan 2025 15:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214812
IP address blocks:        212.5.58.0/24 maxlen: 24
                          2a13:a2c0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/f7f0f2-479e-4f03-baa2-061ed9371475/1/dXXVPbgi0l24J9A3fL6wbSykGss.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/f7f0f2-479e-4f03-baa2-061ed9371475/1/dXXVPbgi0l24J9A3fL6wbSykGss.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dXXVPbgi0l24J9A3fL6wbSykGss.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:3b:c6:1b:b4:34:08:5d:a3:b5:8f:e6:e2:5f:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7575d53db822d25db827d0377cbeb06d2ca41acb
        Validity
            Not Before: Jan  2 15:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e7d327e85abfced5b766939b3b7fdea578838699
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:a2:51:84:42:83:f3:97:ee:d5:88:e4:80:21:
                    cb:d6:81:c8:03:2b:c3:ca:d1:d8:e4:ae:f1:a7:e8:
                    1d:4e:8d:53:be:4e:b4:f2:6e:6c:2b:85:c8:bc:3e:
                    15:70:b7:93:5e:b8:63:6e:f8:29:41:3e:57:56:49:
                    86:3e:95:1a:d5:c3:17:86:43:0c:d7:e8:b0:80:cc:
                    29:17:57:6f:34:3c:90:21:ba:41:83:d9:1d:0c:e5:
                    4a:80:42:6d:0a:1a:43:af:d4:16:4d:b9:50:6c:0d:
                    04:fb:2b:1e:bb:27:62:ba:2b:73:d2:5c:ec:3c:65:
                    49:29:df:10:b4:28:f9:d7:f0:9c:cd:77:cf:2a:05:
                    b6:3f:be:90:c0:3f:91:f4:dc:d6:d5:dd:b8:b6:10:
                    af:a8:4e:b2:a3:76:d4:75:7e:a4:23:04:ab:b9:87:
                    30:20:43:bf:93:2f:7c:76:4b:ac:50:6e:cf:52:78:
                    77:6a:e7:e6:b8:8a:e2:1e:65:31:d1:be:6c:3b:42:
                    84:15:0b:99:87:ff:a5:81:6e:9d:ad:b2:c1:1d:14:
                    13:16:b7:f4:dc:9c:06:39:ec:4e:80:fb:f1:9f:d2:
                    52:6e:5f:4a:e5:05:f7:4b:2c:44:93:90:ff:7e:5f:
                    fb:79:a2:96:47:76:2e:cf:59:04:e5:fa:bc:ef:75:
                    16:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:D3:27:E8:5A:BF:CE:D5:B7:66:93:9B:3B:7F:DE:A5:78:83:86:99
            X509v3 Authority Key Identifier:
                keyid:75:75:D5:3D:B8:22:D2:5D:B8:27:D0:37:7C:BE:B0:6D:2C:A4:1A:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dXXVPbgi0l24J9A3fL6wbSykGss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/f7f0f2-479e-4f03-baa2-061ed9371475/1/59Mn6Fq_ztW3ZpObO3_epXiDhpk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/f7f0f2-479e-4f03-baa2-061ed9371475/1/dXXVPbgi0l24J9A3fL6wbSykGss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.5.58.0/24
                IPv6:
                  2a13:a2c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         4e:7e:e0:50:50:35:a0:ef:bf:0f:c9:fb:c1:8b:7e:7e:4f:db:
         1b:42:45:46:d8:cc:85:1e:7a:5b:39:03:60:9e:3a:66:37:58:
         27:de:c7:e7:a7:d1:cc:b9:df:f4:3c:60:d0:9d:02:68:ab:10:
         cb:33:53:37:1a:2a:b9:65:f9:5e:f2:5a:2f:87:1f:7b:04:c6:
         70:ea:c5:36:83:8b:e3:00:8c:30:c4:38:1d:65:86:5b:c3:07:
         0a:88:6e:b9:8f:32:7d:94:18:77:e1:06:15:9a:59:5c:73:49:
         21:ac:61:87:99:16:b6:8a:b0:01:97:68:a1:9b:24:52:05:67:
         23:72:85:3b:22:a1:ac:42:2d:54:7e:ee:96:5d:39:30:55:b5:
         20:55:3c:02:59:49:6d:96:38:95:aa:2a:bf:1b:4c:78:da:1b:
         14:ec:94:4e:9f:b8:f7:79:cd:37:e2:5e:41:af:69:1a:70:25:
         2a:7e:51:0d:8a:8a:1f:56:41:18:93:ee:e0:4a:ee:0a:7d:7f:
         27:8b:9b:63:cd:6f:49:a1:c4:ba:a5:71:da:6c:43:b4:9e:6a:
         8a:46:d6:60:07:0b:f2:83:76:ba:6e:4b:60:1b:9e:0f:24:e0:
         f8:13:61:cd:47:7d:69:66:b1:78:94:84:bf:d0:3e:9b:46:a5:
         6e:88:89:7d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQntTvGG7Q0CF2jtY/m4l8EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1NzVkNTNkYjgyMmQyNWRiODI3ZDAzNzdjYmViMDZkMmNh
NDFhY2IwHhcNMjUwMTAyMTU0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2QzMjdlODVhYmZjZWQ1Yjc2NjkzOWIzYjdmZGVhNTc4ODM4Njk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6JRhEKD85fu1YjkgCHL1oHIAyvD
ytHY5K7xp+gdTo1Tvk608m5sK4XIvD4VcLeTXrhjbvgpQT5XVkmGPpUa1cMXhkMM
1+iwgMwpF1dvNDyQIbpBg9kdDOVKgEJtChpDr9QWTblQbA0E+yseuydiuitz0lzs
PGVJKd8QtCj51/CczXfPKgW2P76QwD+R9NzW1d24thCvqE6yo3bUdX6kIwSruYcw
IEO/ky98dkusUG7PUnh3aufmuIriHmUx0b5sO0KEFQuZh/+lgW6drbLBHRQTFrf0
3JwGOexOgPvxn9JSbl9K5QX3SyxEk5D/fl/7eaKWR3Yuz1kE5fq873UWUwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOfTJ+hav87Vt2aTmzt/3qV4g4aZMB8GA1UdIwQY
MBaAFHV11T24ItJduCfQN3y+sG0spBrLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFhYVlBiZ2kwbDI0SjlBM2ZMNndiU3lrR3NzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9mN2YwZjItNDc5ZS00ZjAzLWJhYTIt
MDYxZWQ5MzcxNDc1LzEvNTlNbjZGcV96dFczWnBPYk8zX2VwWGlEaHBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9mN2YwZjItNDc5ZS00ZjAzLWJhYTItMDYxZWQ5MzcxNDc1
LzEvZFhYVlBiZ2kwbDI0SjlBM2ZMNndiU3lrR3NzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA1AU6MA0E
AgACMAcDBQMqE6LAMA0GCSqGSIb3DQEBCwUAA4IBAQBOfuBQUDWg778PyfvBi35+
T9sbQkVG2MyFHnpbOQNgnjpmN1gn3sfnp9HMud/0PGDQnQJoqxDLM1M3Giq5Zfle
8lovhx97BMZw6sU2g4vjAIwwxDgdZYZbwwcKiG65jzJ9lBh34QYVmllcc0khrGGH
mRa2irABl2ihmyRSBWcjcoU7IqGsQi1Ufu6WXTkwVbUgVTwCWUltljiVqiq/G0x4
2hsU7JROn7j3ec034l5Br2kacCUqflENioofVkEYk+7gSu4KfX8ni5tjzW9JocS6
pXHabEO0nmqKRtZgBwvyg3a6bktgG54PJOD4E2HNR31pZrF4lIS/0D6bRqVuiIl9
-----END CERTIFICATE-----