Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/5Afnqe-V8QM6BLtzahH67LJI6Uw.roa
File:                     5Afnqe-V8QM6BLtzahH67LJI6Uw.roa (raw, json)
Hash identifier:          K85/5i207Ydh1RfncEIsPBatnHgYHky93VYmcIEAjys=
Subject key identifier:   E4:07:E7:A9:EF:95:F1:03:3A:04:BB:73:6A:11:FA:EC:B2:48:E9:4C
Certificate issuer:       /CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
Certificate serial:       018CC7946060BCBB64A53C0B3D5526FE5C25
Authority key identifier: B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/5Afnqe-V8QM6BLtzahH67LJI6Uw.roa
Signing time:             Tue 02 Jan 2024 00:30:39 +0000
ROA not before:           Tue 02 Jan 2024 00:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212271
IP address blocks:        5.59.248.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 28 Jun 2024 22:02:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:60:60:bc:bb:64:a5:3c:0b:3d:55:26:fe:5c:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
        Validity
            Not Before: Jan  2 00:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e407e7a9ef95f1033a04bb736a11faecb248e94c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:07:df:b5:39:a9:41:8a:c9:21:27:59:96:11:
                    db:9c:d1:f1:11:b1:6e:61:4e:09:1a:ee:82:5f:11:
                    fb:69:02:38:55:ac:98:0d:b3:c9:d9:e1:f8:f4:f7:
                    59:78:87:c9:b9:4b:07:2e:64:41:46:ae:1a:f3:c3:
                    b8:81:7a:f6:32:a0:49:6a:86:0b:08:51:17:64:93:
                    1c:3b:4d:29:3a:e7:cd:6f:30:5e:6d:de:28:96:51:
                    8a:e6:40:e9:a7:f0:a8:ee:e6:b3:0b:e8:8c:12:e9:
                    af:8a:25:19:13:58:1f:08:41:e4:3e:8f:16:fd:1b:
                    2c:fd:45:09:59:4b:d9:ab:d6:66:0a:31:b7:2d:f4:
                    56:13:d4:b3:65:27:cf:2e:ba:53:aa:92:92:66:4f:
                    c8:fd:a5:89:ca:0e:92:be:43:f2:b6:26:37:23:b5:
                    69:6d:3b:a1:db:c3:d9:d1:70:d8:79:d4:21:93:6f:
                    ff:58:8c:30:14:b6:59:e3:30:b2:be:a9:66:6d:f2:
                    1e:71:bd:8a:01:6b:ee:21:b5:ba:53:2b:ee:66:26:
                    c7:7a:e0:6c:69:d6:1d:cf:1a:ab:20:d5:28:8d:04:
                    cc:a8:24:5e:6e:e2:9d:6e:f2:36:fa:be:ae:c6:4a:
                    de:c9:ed:64:07:fa:24:62:a5:3e:a8:16:de:41:00:
                    fc:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:07:E7:A9:EF:95:F1:03:3A:04:BB:73:6A:11:FA:EC:B2:48:E9:4C
            X509v3 Authority Key Identifier:
                keyid:B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/5Afnqe-V8QM6BLtzahH67LJI6Uw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.59.248.0/21

    Signature Algorithm: sha256WithRSAEncryption
         9b:98:57:5b:01:75:c4:ec:1f:cf:1a:cc:fb:59:45:a9:e5:32:
         d8:26:14:13:b0:e8:bd:ca:06:30:17:be:e6:e6:c2:83:f1:04:
         a1:14:0d:08:19:e5:b8:ab:5c:14:86:00:5e:80:e4:fb:ca:1d:
         3d:60:10:4b:c7:aa:03:99:4c:f8:e8:3b:3a:85:ff:43:71:89:
         f2:9e:ee:b0:2b:7b:a6:73:3a:64:40:1a:33:fc:ac:1e:44:3b:
         9e:9f:92:27:b2:6c:b6:0b:05:c4:d8:18:81:d4:8a:e4:82:1e:
         05:5b:74:32:a8:d6:3e:a6:0b:df:3e:6a:89:99:70:0d:3f:47:
         19:3f:04:f6:f8:fe:0a:7f:7f:c9:76:38:b1:6b:dc:37:27:a5:
         92:eb:d4:b2:5e:89:0c:81:7b:b8:77:04:aa:8f:8e:6b:bb:e1:
         7b:fa:3a:b8:73:07:d8:a1:03:fd:e7:bf:4f:98:a0:02:57:0c:
         5f:8d:a2:c4:fd:2f:17:f9:26:fa:b6:81:16:4e:52:08:75:5b:
         8f:f1:7e:92:a5:9a:4f:5d:f4:ce:00:1f:82:07:41:fc:1c:2c:
         13:8c:75:ed:c6:dc:bd:dc:c6:13:1f:00:0a:b2:3b:f0:7f:46:
         58:e5:2c:30:1e:58:1e:63:61:7a:7e:83:a6:80:bc:83:67:34:
         af:97:c5:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlGBgvLtkpTwLPVUm/lwlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NDgxMTE5YWZlMWJmZjIyOWZhY2Q0ZWY5YzhjNjFiMGZh
YmVhZjIwHhcNMjQwMTAyMDAzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDA3ZTdhOWVmOTVmMTAzM2EwNGJiNzM2YTExZmFlY2IyNDhlOTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzgfftTmpQYrJISdZlhHbnNHxEbFu
YU4JGu6CXxH7aQI4VayYDbPJ2eH49PdZeIfJuUsHLmRBRq4a88O4gXr2MqBJaoYL
CFEXZJMcO00pOufNbzBebd4ollGK5kDpp/Co7uazC+iMEumviiUZE1gfCEHkPo8W
/Rss/UUJWUvZq9ZmCjG3LfRWE9SzZSfPLrpTqpKSZk/I/aWJyg6SvkPytiY3I7Vp
bTuh28PZ0XDYedQhk2//WIwwFLZZ4zCyvqlmbfIecb2KAWvuIbW6UyvuZibHeuBs
adYdzxqrINUojQTMqCRebuKdbvI2+r6uxkreye1kB/okYqU+qBbeQQD8fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOQH56nvlfEDOgS7c2oR+uyySOlMMB8GA1UdIwQY
MBaAFLlIERmv4b/yKfrNTvnIxhsPq+ryMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAt
OWI5YmNlMTVlMGM2LzEvNUFmbnFlLVY4UU02Qkx0emFoSDY3TEpJNlV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAtOWI5YmNlMTVlMGM2
LzEvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDBTv4MA0G
CSqGSIb3DQEBCwUAA4IBAQCbmFdbAXXE7B/PGsz7WUWp5TLYJhQTsOi9ygYwF77m
5sKD8QShFA0IGeW4q1wUhgBegOT7yh09YBBLx6oDmUz46Ds6hf9DcYnynu6wK3um
czpkQBoz/KweRDuen5Insmy2CwXE2BiB1Irkgh4FW3QyqNY+pgvfPmqJmXANP0cZ
PwT2+P4Kf3/Jdjixa9w3J6WS69SyXokMgXu4dwSqj45ru+F7+jq4cwfYoQP9579P
mKACVwxfjaLE/S8X+Sb6toEWTlIIdVuP8X6SpZpPXfTOAB+CB0H8HCwTjHXtxty9
3MYTHwAKsjvwf0ZY5SwwHlgeY2F6foOmgLyDZzSvl8WG
-----END CERTIFICATE-----