Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/LusgUTMBlKjPlf0aa0rq6509mQ0.roa
File:                     LusgUTMBlKjPlf0aa0rq6509mQ0.roa (raw, json)
Hash identifier:          l4oP8NI1GMgRXQChnOmed86aewX2GDLNrj7VIkVyJvI=
Subject key identifier:   2E:EB:20:51:33:01:94:A8:CF:95:FD:1A:6B:4A:EA:EB:9D:3D:99:0D
Certificate issuer:       /CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
Certificate serial:       018CC7945CEB9AD30B9F9C2B03F5BBF4C7AA
Authority key identifier: B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/LusgUTMBlKjPlf0aa0rq6509mQ0.roa
Signing time:             Tue 02 Jan 2024 00:30:38 +0000
ROA not before:           Tue 02 Jan 2024 00:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202564
IP address blocks:        5.59.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:5c:eb:9a:d3:0b:9f:9c:2b:03:f5:bb:f4:c7:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
        Validity
            Not Before: Jan  2 00:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2eeb2051330194a8cf95fd1a6b4aeaeb9d3d990d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:ee:37:d5:f3:ef:47:4b:ba:95:07:ba:37:25:
                    00:5f:a7:b4:9d:f5:12:fe:2e:be:63:4b:a8:8e:c5:
                    e1:98:ad:16:aa:9b:10:a3:f7:e4:bf:79:cb:50:98:
                    25:64:85:00:48:03:3a:81:fa:aa:2e:e1:0a:68:67:
                    2f:c6:3c:39:60:d3:c8:8a:a4:88:34:a9:20:b5:53:
                    27:6a:bc:27:78:07:1a:d1:dd:77:58:34:e6:f6:e1:
                    96:df:6b:ad:64:35:82:09:ba:2b:eb:11:dd:43:50:
                    32:3a:ba:1d:5b:a1:47:e9:1d:33:66:e7:5b:e8:49:
                    ce:e1:70:51:ca:64:6a:a4:6f:42:a6:c9:71:4c:16:
                    ba:cd:5c:4a:5d:79:00:ca:a9:e6:e9:0f:ca:f2:04:
                    0b:c2:2c:5d:a3:91:ff:1c:6f:6c:cc:c6:fb:d8:5a:
                    99:d4:b5:47:15:de:3d:15:57:b5:97:41:4a:fb:71:
                    fc:2a:bb:d0:84:7b:ac:e3:09:f6:37:09:2d:b0:38:
                    9e:fb:c3:12:9a:74:e2:25:9b:c0:99:c2:6a:93:9d:
                    54:8b:e5:a1:ce:d5:52:4e:0e:50:77:80:12:e0:b5:
                    33:e7:7a:72:5d:ce:79:1b:ef:78:4d:18:61:74:70:
                    93:65:0e:02:26:c9:49:20:1c:4b:10:ac:6d:46:cd:
                    04:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:EB:20:51:33:01:94:A8:CF:95:FD:1A:6B:4A:EA:EB:9D:3D:99:0D
            X509v3 Authority Key Identifier:
                keyid:B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/LusgUTMBlKjPlf0aa0rq6509mQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.59.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:c7:54:7b:e0:ae:8e:05:b8:a5:9f:7d:6a:ac:72:aa:ad:67:
         38:1d:47:2f:e9:aa:9a:08:b5:8b:51:2b:4a:b5:53:e3:4e:cd:
         63:7a:7b:32:36:9b:c4:16:6c:be:d6:1e:74:b9:86:87:1d:51:
         d5:89:ff:a9:65:11:d0:97:98:d6:e3:ea:96:d2:1c:76:09:c8:
         c8:c1:1e:23:b6:08:9c:a4:b0:45:75:e0:c7:6e:20:4b:ab:32:
         cc:34:ed:25:f2:13:e1:ca:e2:0e:b3:09:bc:e3:30:2d:8b:8f:
         b4:5f:84:1e:a5:67:2f:74:3d:c6:66:1e:50:b9:c0:ce:b9:7a:
         60:8d:4d:01:d2:9e:5b:6a:9d:5b:14:9e:b8:39:9c:54:9c:c6:
         33:72:f1:22:bd:d6:87:26:c1:8b:49:9b:cc:7f:38:4d:9d:61:
         d9:8f:6c:a5:37:55:d3:f5:f3:29:3f:f6:51:8c:ab:91:a9:18:
         3b:a5:fa:b6:4b:5f:eb:b2:fc:44:1a:2c:bd:a3:30:5b:73:ed:
         f9:c6:73:28:3e:e9:2f:50:38:32:ab:a7:2d:1d:6e:5a:03:80:
         ef:1d:5a:87:f4:0e:78:af:62:44:34:40:ba:20:3b:a8:d6:5e:
         17:06:d1:e3:8f:6b:b3:7b:ef:21:0d:99:14:44:03:b3:64:13:
         40:22:75:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlFzrmtMLn5wrA/W79MeqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NDgxMTE5YWZlMWJmZjIyOWZhY2Q0ZWY5YzhjNjFiMGZh
YmVhZjIwHhcNMjQwMTAyMDAzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWViMjA1MTMzMDE5NGE4Y2Y5NWZkMWE2YjRhZWFlYjlkM2Q5OTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhO431fPvR0u6lQe6NyUAX6e0nfUS
/i6+Y0uojsXhmK0WqpsQo/fkv3nLUJglZIUASAM6gfqqLuEKaGcvxjw5YNPIiqSI
NKkgtVMnarwneAca0d13WDTm9uGW32utZDWCCbor6xHdQ1AyOrodW6FH6R0zZudb
6EnO4XBRymRqpG9CpslxTBa6zVxKXXkAyqnm6Q/K8gQLwixdo5H/HG9szMb72FqZ
1LVHFd49FVe1l0FK+3H8KrvQhHus4wn2NwktsDie+8MSmnTiJZvAmcJqk51Ui+Wh
ztVSTg5Qd4AS4LUz53pyXc55G+94TRhhdHCTZQ4CJslJIBxLEKxtRs0ERwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC7rIFEzAZSoz5X9GmtK6uudPZkNMB8GA1UdIwQY
MBaAFLlIERmv4b/yKfrNTvnIxhsPq+ryMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAt
OWI5YmNlMTVlMGM2LzEvTHVzZ1VUTUJsS2pQbGYwYWEwcnE2NTA5bVEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAtOWI5YmNlMTVlMGM2
LzEvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABTsKMA0G
CSqGSIb3DQEBCwUAA4IBAQBAx1R74K6OBbiln31qrHKqrWc4HUcv6aqaCLWLUStK
tVPjTs1jensyNpvEFmy+1h50uYaHHVHVif+pZRHQl5jW4+qW0hx2CcjIwR4jtgic
pLBFdeDHbiBLqzLMNO0l8hPhyuIOswm84zAti4+0X4QepWcvdD3GZh5QucDOuXpg
jU0B0p5bap1bFJ64OZxUnMYzcvEivdaHJsGLSZvMfzhNnWHZj2ylN1XT9fMpP/ZR
jKuRqRg7pfq2S1/rsvxEGiy9ozBbc+35xnMoPukvUDgyq6ctHW5aA4DvHVqH9A54
r2JENEC6IDuo1l4XBtHjj2uze+8hDZkURAOzZBNAInUJ
-----END CERTIFICATE-----