Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/yz0WJeZSwSNEReHFxbKILy2guec.roa
File:                     yz0WJeZSwSNEReHFxbKILy2guec.roa (raw, json)
Hash identifier:          VbDBSADcc/m7m3eGUJys9MzJTM598l22kLKkOt7R3DY=
Subject key identifier:   CB:3D:16:25:E6:52:C1:23:44:45:E1:C5:C5:B2:88:2F:2D:A0:B9:E7
Certificate issuer:       /CN=fb987244611b5230536744b6a89f044f32f462ea
Certificate serial:       018CC794246D516223F338F3D3DBEC175B4A
Authority key identifier: FB:98:72:44:61:1B:52:30:53:67:44:B6:A8:9F:04:4F:32:F4:62:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/yz0WJeZSwSNEReHFxbKILy2guec.roa
Signing time:             Tue 02 Jan 2024 00:30:23 +0000
ROA not before:           Tue 02 Jan 2024 00:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60121
IP address blocks:        212.59.16.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:24:6d:51:62:23:f3:38:f3:d3:db:ec:17:5b:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb987244611b5230536744b6a89f044f32f462ea
        Validity
            Not Before: Jan  2 00:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb3d1625e652c1234445e1c5c5b2882f2da0b9e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:7a:88:19:14:0f:a2:5b:2a:d9:c1:3f:22:e4:
                    41:a7:66:a4:e4:ce:25:6a:97:f0:07:c6:2d:a0:4b:
                    06:53:6e:86:d8:f3:96:b2:39:46:8b:01:74:2f:c1:
                    58:3a:e4:07:a7:dc:1d:5b:dc:e4:5f:d6:cd:e6:0e:
                    31:75:b2:83:6f:b0:6d:05:68:10:03:15:96:d3:17:
                    58:be:a7:5e:2e:83:02:e9:62:9b:f3:3b:7b:40:cf:
                    a1:40:ed:ab:e4:4a:f0:52:b1:7b:c9:51:a4:29:ee:
                    e0:52:fe:f6:81:4e:42:4b:94:3d:80:43:07:53:d4:
                    37:4f:f4:f7:ec:68:8e:fe:e3:db:6f:3e:ec:bd:97:
                    25:f3:d3:9a:83:50:d0:31:9c:95:b5:4d:b6:4b:aa:
                    ce:b5:9e:f0:33:b7:8f:66:90:85:49:4d:63:d6:c2:
                    65:ea:37:d2:55:7e:31:a4:98:dd:1d:33:f6:e2:6c:
                    6f:b3:03:de:4b:2d:08:d1:5d:47:5e:72:e4:dd:04:
                    92:3e:03:ea:a6:ef:7c:92:a7:cd:49:0a:3a:8b:20:
                    8a:81:89:d3:9e:6d:a8:a0:f5:d9:1b:70:3f:4b:6b:
                    85:ac:1b:a8:75:27:58:85:c5:53:42:e0:80:8a:d7:
                    62:45:2a:4f:4f:4c:98:4c:79:28:be:3a:c5:be:0c:
                    83:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:3D:16:25:E6:52:C1:23:44:45:E1:C5:C5:B2:88:2F:2D:A0:B9:E7
            X509v3 Authority Key Identifier:
                keyid:FB:98:72:44:61:1B:52:30:53:67:44:B6:A8:9F:04:4F:32:F4:62:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/yz0WJeZSwSNEReHFxbKILy2guec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.59.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:b5:9f:97:17:c0:62:67:01:d7:65:ba:9c:b4:08:81:2d:b9:
         04:05:05:ad:1b:75:db:1d:bb:ee:4b:4e:48:a9:22:ab:eb:c4:
         25:fa:b5:3d:36:44:a5:a5:5e:7a:73:35:be:a0:43:b5:a7:fc:
         51:a2:bd:6c:ca:d5:20:19:a8:65:c9:9e:5f:60:77:aa:fd:cc:
         6b:fe:61:68:6a:0f:cc:c2:16:d7:fc:31:6f:86:a6:55:3c:70:
         d7:dc:c4:77:90:03:62:58:4f:e9:74:99:c3:70:ca:c8:26:54:
         89:0d:be:9f:9d:27:e9:3a:79:0b:84:cb:a2:2e:35:81:23:c1:
         d2:aa:06:db:25:a2:e4:1d:b8:2b:3d:1c:e9:ea:1d:7d:38:5e:
         26:71:ae:32:93:92:32:88:cc:0a:bf:8c:78:9c:1f:b9:91:7e:
         55:9f:39:e3:a6:c0:03:0a:d5:cf:c8:00:0e:eb:30:e3:30:a1:
         f2:44:26:d3:ce:d5:d8:76:25:20:f7:04:aa:ab:ed:67:24:71:
         93:9f:5e:dc:96:7f:0d:2b:d4:f9:76:5c:75:8b:49:86:09:d2:
         6c:9f:29:d5:d3:7e:b5:03:1c:a2:d4:be:21:34:6e:37:01:fe:
         a5:1c:8d:a7:cf:28:9d:7f:ae:c6:3b:4b:e6:43:77:60:19:51:
         9d:d1:c5:2c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlCRtUWIj8zjz09vsF1tKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiOTg3MjQ0NjExYjUyMzA1MzY3NDRiNmE4OWYwNDRmMzJm
NDYyZWEwHhcNMjQwMTAyMDAzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjNkMTYyNWU2NTJjMTIzNDQ0NWUxYzVjNWIyODgyZjJkYTBiOWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunqIGRQPolsq2cE/IuRBp2ak5M4l
apfwB8YtoEsGU26G2POWsjlGiwF0L8FYOuQHp9wdW9zkX9bN5g4xdbKDb7BtBWgQ
AxWW0xdYvqdeLoMC6WKb8zt7QM+hQO2r5ErwUrF7yVGkKe7gUv72gU5CS5Q9gEMH
U9Q3T/T37GiO/uPbbz7svZcl89Oag1DQMZyVtU22S6rOtZ7wM7ePZpCFSU1j1sJl
6jfSVX4xpJjdHTP24mxvswPeSy0I0V1HXnLk3QSSPgPqpu98kqfNSQo6iyCKgYnT
nm2ooPXZG3A/S2uFrBuodSdYhcVTQuCAitdiRSpPT0yYTHkovjrFvgyDQQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMs9FiXmUsEjREXhxcWyiC8toLnnMB8GA1UdIwQY
MBaAFPuYckRhG1IwU2dEtqifBE8y9GLqMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS01aHlSR0ViVWpCVFowUzJxSjhFVHpMMFl1by5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDQvMzE5ZDdjLTdlNzYtNDMwOC1iYzAw
LWJlNTgzMmQ1ZjdhYS8xL3l6MFdKZVpTd1NORVJlSEZ4YktJTHkyZ3VlYy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDQvMzE5ZDdjLTdlNzYtNDMwOC1iYzAwLWJlNTgzMmQ1Zjdh
YS8xLzEtNWh5UkdFYlVqQlRaMFMycUo4RVR6TDBZdW8uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADUOxAw
DQYJKoZIhvcNAQELBQADggEBABq1n5cXwGJnAddlupy0CIEtuQQFBa0bddsdu+5L
TkipIqvrxCX6tT02RKWlXnpzNb6gQ7Wn/FGivWzK1SAZqGXJnl9gd6r9zGv+YWhq
D8zCFtf8MW+GplU8cNfcxHeQA2JYT+l0mcNwysgmVIkNvp+dJ+k6eQuEy6IuNYEj
wdKqBtslouQduCs9HOnqHX04XiZxrjKTkjKIzAq/jHicH7mRflWfOeOmwAMK1c/I
AA7rMOMwofJEJtPO1dh2JSD3BKqr7WckcZOfXtyWfw0r1Pl2XHWLSYYJ0myfKdXT
frUDHKLUviE0bjcB/qUcjafPKJ1/rsY7S+ZDd2AZUZ3RxSw=
-----END CERTIFICATE-----