Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/13dc38-2e75-4b07-bef0-e1ea453c5257/1/X7HkSzc73grEKj4u4ebonuY_N3k.roa
File:                     X7HkSzc73grEKj4u4ebonuY_N3k.roa (raw, json)
Hash identifier:          OyEQG3xPXjnpnin1BNjI7sPjB8DI9jWlTT019Ki3K7k=
Subject key identifier:   5F:B1:E4:4B:37:3B:DE:0A:C4:2A:3E:2E:E1:E6:E8:9E:E6:3F:37:79
Certificate issuer:       /CN=5df9e856f0495c8490d5124e8cfbaf08d70dfb17
Certificate serial:       0194C1CA45D38490D6C5BE6EAC8C361E6816
Authority key identifier: 5D:F9:E8:56:F0:49:5C:84:90:D5:12:4E:8C:FB:AF:08:D7:0D:FB:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XfnoVvBJXISQ1RJOjPuvCNcN-xc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/13dc38-2e75-4b07-bef0-e1ea453c5257/1/X7HkSzc73grEKj4u4ebonuY_N3k.roa
Signing time:             Sat 01 Feb 2025 13:54:06 +0000
ROA not before:           Sat 01 Feb 2025 13:54:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209836
IP address blocks:        185.228.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/13dc38-2e75-4b07-bef0-e1ea453c5257/1/XfnoVvBJXISQ1RJOjPuvCNcN-xc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/13dc38-2e75-4b07-bef0-e1ea453c5257/1/XfnoVvBJXISQ1RJOjPuvCNcN-xc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XfnoVvBJXISQ1RJOjPuvCNcN-xc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:c1:ca:45:d3:84:90:d6:c5:be:6e:ac:8c:36:1e:68:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5df9e856f0495c8490d5124e8cfbaf08d70dfb17
        Validity
            Not Before: Feb  1 13:54:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5fb1e44b373bde0ac42a3e2ee1e6e89ee63f3779
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:15:2e:93:f3:f9:ca:03:43:63:0e:dc:f6:4a:
                    ad:bc:c3:32:6f:86:01:80:65:ed:b7:d2:7c:d4:9b:
                    ce:f3:f7:ac:35:38:67:96:d1:7f:99:b6:19:8c:5d:
                    bf:0b:76:35:fe:c6:8f:96:27:0c:71:ef:85:5d:88:
                    e9:e0:eb:6c:66:23:14:ff:23:a8:b3:f0:80:a3:dc:
                    a2:b7:71:a2:42:f2:0b:a8:c6:3a:05:d9:4b:3d:5f:
                    a0:bf:33:5b:37:fa:f0:ec:39:f5:1c:0b:13:a4:80:
                    6a:ed:dc:75:6e:0f:4a:f3:3c:1f:b8:cd:c7:b3:28:
                    d7:21:4d:2d:12:d7:92:7e:fb:42:23:f3:8c:95:4f:
                    61:d3:63:83:0a:1d:2d:5f:c8:f0:33:4d:01:a3:a9:
                    dc:85:35:1b:84:0d:23:ac:51:5b:4a:96:88:c0:08:
                    32:c0:00:cd:f3:44:e7:1e:1b:db:f6:0c:63:95:de:
                    77:71:e7:67:91:46:a3:64:b9:b2:a0:65:5c:61:46:
                    b3:0e:8f:f4:fd:d6:18:36:a8:2e:9f:6d:62:c5:d6:
                    e8:57:3f:48:b3:a5:82:11:bd:ad:18:1f:b2:39:a1:
                    fb:8b:68:07:8e:31:8f:c8:a5:ad:38:9e:cd:49:6d:
                    ed:2c:a3:00:4c:d3:b0:16:c5:00:92:63:c0:cc:ec:
                    25:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:B1:E4:4B:37:3B:DE:0A:C4:2A:3E:2E:E1:E6:E8:9E:E6:3F:37:79
            X509v3 Authority Key Identifier:
                keyid:5D:F9:E8:56:F0:49:5C:84:90:D5:12:4E:8C:FB:AF:08:D7:0D:FB:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XfnoVvBJXISQ1RJOjPuvCNcN-xc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/13dc38-2e75-4b07-bef0-e1ea453c5257/1/X7HkSzc73grEKj4u4ebonuY_N3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/13dc38-2e75-4b07-bef0-e1ea453c5257/1/XfnoVvBJXISQ1RJOjPuvCNcN-xc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:f2:6f:16:60:85:39:2a:a5:6f:d5:ec:bf:a1:bc:33:4d:47:
         53:54:16:0d:aa:4a:6a:98:0b:35:48:bf:a1:97:d4:25:f6:d8:
         ec:1a:b8:6a:2f:75:7a:57:03:e1:f7:df:47:bc:11:63:b2:fc:
         01:ae:10:5c:22:06:c3:c5:c2:7d:0f:22:f2:7a:86:5c:d1:9d:
         cd:f8:34:94:6b:90:03:20:49:dc:41:9f:23:6c:e1:52:29:37:
         5b:d8:41:db:a5:a0:0b:ad:53:48:f6:f3:7c:2c:f6:ea:44:27:
         be:5f:67:a0:d6:ee:45:f4:ed:9d:8c:a1:55:cb:72:37:76:99:
         07:db:d8:1d:e0:66:e7:01:4c:96:5c:ee:43:36:10:96:6a:08:
         ab:96:16:f0:f1:07:dd:95:03:44:a3:71:0d:cd:52:ac:3e:87:
         0d:f4:10:78:f5:56:87:e5:96:7c:ee:cb:28:40:e8:5e:3f:bf:
         7f:01:f9:a5:12:f3:de:fe:26:74:2d:f2:c8:bb:ac:48:83:18:
         f5:b4:6f:c5:97:29:b5:84:7d:99:36:3e:f0:e3:9b:7e:fe:7b:
         50:f5:52:92:af:e8:68:ce:cd:86:6a:56:52:a6:17:a4:99:33:
         c8:96:37:f5:41:13:e7:1a:36:2d:94:58:bd:91:b1:4a:5d:c2:
         91:17:51:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTBykXThJDWxb5urIw2HmgWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZjllODU2ZjA0OTVjODQ5MGQ1MTI0ZThjZmJhZjA4ZDcw
ZGZiMTcwHhcNMjUwMjAxMTM1NDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmIxZTQ0YjM3M2JkZTBhYzQyYTNlMmVlMWU2ZTg5ZWU2M2YzNzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyhUuk/P5ygNDYw7c9kqtvMMyb4YB
gGXtt9J81JvO8/esNThnltF/mbYZjF2/C3Y1/saPlicMce+FXYjp4OtsZiMU/yOo
s/CAo9yit3GiQvILqMY6BdlLPV+gvzNbN/rw7Dn1HAsTpIBq7dx1bg9K8zwfuM3H
syjXIU0tEteSfvtCI/OMlU9h02ODCh0tX8jwM00Bo6nchTUbhA0jrFFbSpaIwAgy
wADN80TnHhvb9gxjld53cednkUajZLmyoGVcYUazDo/0/dYYNqgun21ixdboVz9I
s6WCEb2tGB+yOaH7i2gHjjGPyKWtOJ7NSW3tLKMATNOwFsUAkmPAzOwlPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF+x5Es3O94KxCo+LuHm6J7mPzd5MB8GA1UdIwQY
MBaAFF356FbwSVyEkNUSToz7rwjXDfsXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGZub1Z2QkpYSVNRMVJKT2pQdXZDTmNOLXhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS8xM2RjMzgtMmU3NS00YjA3LWJlZjAt
ZTFlYTQ1M2M1MjU3LzEvWDdIa1N6YzczZ3JFS2o0dTRlYm9udVlfTjNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS8xM2RjMzgtMmU3NS00YjA3LWJlZjAtZTFlYTQ1M2M1MjU3
LzEvWGZub1Z2QkpYSVNRMVJKT2pQdXZDTmNOLXhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueQ7MA0G
CSqGSIb3DQEBCwUAA4IBAQBp8m8WYIU5KqVv1ey/obwzTUdTVBYNqkpqmAs1SL+h
l9Ql9tjsGrhqL3V6VwPh999HvBFjsvwBrhBcIgbDxcJ9DyLyeoZc0Z3N+DSUa5AD
IEncQZ8jbOFSKTdb2EHbpaALrVNI9vN8LPbqRCe+X2eg1u5F9O2djKFVy3I3dpkH
29gd4GbnAUyWXO5DNhCWagirlhbw8QfdlQNEo3ENzVKsPocN9BB49VaH5ZZ87sso
QOheP79/AfmlEvPe/iZ0LfLIu6xIgxj1tG/Flym1hH2ZNj7w45t+/ntQ9VKSr+ho
zs2GalZSphekmTPIljf1QRPnGjYtlFi9kbFKXcKRF1Ea
-----END CERTIFICATE-----