Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/N7UsdIFvS6NDEhMQYLo-jVgQoTs.roa
File:                     N7UsdIFvS6NDEhMQYLo-jVgQoTs.roa (raw, json)
Hash identifier:          fHahTikiPKtct7lmc97CAzNpcT88x16W2AYaXno1pJE=
Subject key identifier:   37:B5:2C:74:81:6F:4B:A3:43:12:13:10:60:BA:3E:8D:58:10:A1:3B
Certificate issuer:       /CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
Certificate serial:       018CC7945B29B59540E5B07B81388F9A72F4
Authority key identifier: B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/N7UsdIFvS6NDEhMQYLo-jVgQoTs.roa
Signing time:             Tue 02 Jan 2024 00:30:37 +0000
ROA not before:           Tue 02 Jan 2024 00:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50083
IP address blocks:        5.59.224.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:5b:29:b5:95:40:e5:b0:7b:81:38:8f:9a:72:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
        Validity
            Not Before: Jan  2 00:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37b52c74816f4ba34312131060ba3e8d5810a13b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:31:39:40:dd:9e:28:f3:b5:34:3c:e7:5e:35:
                    90:29:5b:b8:1d:c8:f8:56:d6:56:b5:2e:32:5d:c3:
                    d3:b8:12:6d:07:8d:df:61:a8:c3:55:41:c2:9b:6a:
                    37:aa:80:cc:f3:34:8b:4e:b2:ff:3e:54:e2:d1:4f:
                    0d:e6:bf:86:32:38:4b:4f:c3:cb:f2:73:91:5b:a9:
                    68:1f:b1:c6:f9:00:84:d2:44:48:88:77:86:3f:03:
                    8d:cf:37:c2:f0:64:16:f6:d9:b9:5a:37:1e:04:be:
                    88:fc:d9:96:9b:72:40:5a:6e:97:89:e8:18:bc:36:
                    84:e5:af:83:88:e9:73:f6:01:d1:aa:20:1a:7e:15:
                    cd:7d:2a:ac:dc:d9:30:3d:a4:67:9a:25:4f:e3:13:
                    af:a2:2f:96:90:3e:df:d8:26:ec:d0:76:9d:e5:83:
                    ec:b5:83:b2:b5:0c:f7:9b:63:03:58:d5:c1:6c:fb:
                    28:42:ec:3f:ee:3f:3c:18:83:e7:a3:28:a5:00:e4:
                    37:8d:fd:d4:3b:fd:e2:1a:d1:17:62:eb:df:7f:47:
                    9d:8c:14:e9:42:e0:db:78:1b:26:c3:b0:6d:7e:f3:
                    2c:4b:ae:95:b9:79:ca:e6:07:88:27:b6:e6:d1:a6:
                    fb:88:d0:ea:43:ee:c7:0e:e2:da:b4:88:0f:37:f5:
                    06:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:B5:2C:74:81:6F:4B:A3:43:12:13:10:60:BA:3E:8D:58:10:A1:3B
            X509v3 Authority Key Identifier:
                keyid:B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/N7UsdIFvS6NDEhMQYLo-jVgQoTs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.59.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a7:57:73:ae:a4:39:66:15:2d:2f:ff:35:ca:83:00:8f:68:17:
         83:0c:1a:bc:88:94:81:84:25:05:07:0f:e9:f6:14:8a:c1:f1:
         a5:dc:07:bf:2d:9d:20:19:05:2b:dd:dc:ae:9f:89:d3:20:60:
         c1:64:c6:9b:3f:16:81:81:8b:07:c8:15:00:c3:f0:05:82:7b:
         91:0c:ba:9b:a5:20:32:cf:e8:cd:97:44:5a:be:62:41:71:6d:
         71:e6:8b:c7:6e:fc:ab:93:13:e5:39:84:b1:2f:1e:38:5f:85:
         b1:aa:aa:44:55:3b:21:1b:a3:8a:8e:2c:01:65:87:33:a4:84:
         6d:4d:6a:a5:f7:42:d6:b4:4d:b9:a4:9b:04:5f:99:c1:72:16:
         56:07:c3:0a:aa:f1:d1:12:fe:34:b2:26:20:8e:13:fe:09:87:
         7d:21:56:05:50:0c:5c:76:c8:4b:c4:c0:23:f6:8d:93:c4:ac:
         6a:41:c0:88:60:a4:99:33:8f:2d:61:24:e7:f7:d4:2c:bc:5c:
         ab:dc:56:3e:2b:01:01:c2:0c:6c:70:ef:6e:61:3f:59:96:ee:
         a0:8c:4d:cb:0f:e3:e9:4a:a2:84:7e:80:71:78:eb:9f:74:b9:
         27:5a:01:00:b5:9f:83:ad:1a:c2:c5:cf:25:04:ed:e7:bd:d5:
         db:f6:11:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlFsptZVA5bB7gTiPmnL0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NDgxMTE5YWZlMWJmZjIyOWZhY2Q0ZWY5YzhjNjFiMGZh
YmVhZjIwHhcNMjQwMTAyMDAzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2I1MmM3NDgxNmY0YmEzNDMxMjEzMTA2MGJhM2U4ZDU4MTBhMTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiTE5QN2eKPO1NDznXjWQKVu4Hcj4
VtZWtS4yXcPTuBJtB43fYajDVUHCm2o3qoDM8zSLTrL/PlTi0U8N5r+GMjhLT8PL
8nORW6loH7HG+QCE0kRIiHeGPwONzzfC8GQW9tm5WjceBL6I/NmWm3JAWm6XiegY
vDaE5a+DiOlz9gHRqiAafhXNfSqs3NkwPaRnmiVP4xOvoi+WkD7f2Cbs0Had5YPs
tYOytQz3m2MDWNXBbPsoQuw/7j88GIPnoyilAOQ3jf3UO/3iGtEXYuvff0edjBTp
QuDbeBsmw7BtfvMsS66VuXnK5geIJ7bm0ab7iNDqQ+7HDuLatIgPN/UG1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDe1LHSBb0ujQxITEGC6Po1YEKE7MB8GA1UdIwQY
MBaAFLlIERmv4b/yKfrNTvnIxhsPq+ryMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAt
OWI5YmNlMTVlMGM2LzEvTjdVc2RJRnZTNk5ERWhNUVlMby1qVmdRb1RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAtOWI5YmNlMTVlMGM2
LzEvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBTvgMA0G
CSqGSIb3DQEBCwUAA4IBAQCnV3OupDlmFS0v/zXKgwCPaBeDDBq8iJSBhCUFBw/p
9hSKwfGl3Ae/LZ0gGQUr3dyun4nTIGDBZMabPxaBgYsHyBUAw/AFgnuRDLqbpSAy
z+jNl0RavmJBcW1x5ovHbvyrkxPlOYSxLx44X4WxqqpEVTshG6OKjiwBZYczpIRt
TWql90LWtE25pJsEX5nBchZWB8MKqvHREv40siYgjhP+CYd9IVYFUAxcdshLxMAj
9o2TxKxqQcCIYKSZM48tYSTn99QsvFyr3FY+KwEBwgxscO9uYT9Zlu6gjE3LD+Pp
SqKEfoBxeOufdLknWgEAtZ+DrRrCxc8lBO3nvdXb9hGf
-----END CERTIFICATE-----