Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/Xk3N1kVjMOkE69wnh8OERL9pI1w.roa
File:                     Xk3N1kVjMOkE69wnh8OERL9pI1w.roa (raw, json)
Hash identifier:          IhgWVldXAT9IdtTrCzrXLSbXUDJ4yBXq6xcY1WIQZRg=
Subject key identifier:   5E:4D:CD:D6:45:63:30:E9:04:EB:DC:27:87:C3:84:44:BF:69:23:5C
Certificate issuer:       /CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
Certificate serial:       018CC7945F97F8E29207D65E89F087068A76
Authority key identifier: B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/Xk3N1kVjMOkE69wnh8OERL9pI1w.roa
Signing time:             Tue 02 Jan 2024 00:30:38 +0000
ROA not before:           Tue 02 Jan 2024 00:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212097
IP address blocks:        5.59.234.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 05:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:5f:97:f8:e2:92:07:d6:5e:89:f0:87:06:8a:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
        Validity
            Not Before: Jan  2 00:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e4dcdd6456330e904ebdc2787c38444bf69235c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:51:46:70:d7:7b:cf:3d:5a:5a:6a:64:7e:d2:
                    7f:93:4c:b7:50:81:f4:e9:70:80:ec:3e:89:13:ca:
                    df:ea:04:ff:ee:25:a9:8c:3e:f0:cd:61:9e:33:8f:
                    1c:73:bb:0c:9a:68:15:67:d7:ff:b5:f7:d2:d5:74:
                    78:ba:74:b2:0b:67:da:af:da:a4:40:96:c5:ee:af:
                    77:ed:cc:11:c0:42:88:a3:00:b8:d8:76:e9:7b:2d:
                    00:d9:53:d9:ca:f6:36:c9:ce:62:a7:36:fa:f2:56:
                    27:c9:9a:36:f9:fe:c2:c2:f3:75:58:ee:4a:82:bf:
                    a6:ad:07:7e:c4:a0:dd:a8:4e:63:38:56:a9:f1:f4:
                    5b:1e:6c:7f:14:a5:05:5c:21:c7:7b:b6:14:27:ed:
                    77:52:e9:ad:4c:42:ce:f9:64:a2:77:4f:29:8f:1e:
                    16:fc:ff:40:52:37:bb:1a:73:f2:3b:8b:98:d3:86:
                    b6:25:e3:09:d1:c2:04:98:68:4a:95:9e:45:0c:17:
                    d2:7a:df:1b:c4:4f:7d:8b:fc:28:69:0d:ef:de:47:
                    1f:69:ae:0c:f0:00:b2:28:26:86:52:3b:1f:88:f3:
                    52:73:51:e3:83:ce:c0:10:0b:26:fd:d2:6d:ee:5b:
                    54:e8:17:51:b2:87:9d:28:03:bf:e3:ab:f4:b8:e4:
                    b8:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:4D:CD:D6:45:63:30:E9:04:EB:DC:27:87:C3:84:44:BF:69:23:5C
            X509v3 Authority Key Identifier:
                keyid:B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/Xk3N1kVjMOkE69wnh8OERL9pI1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.59.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         60:15:3a:e2:ac:ca:7d:12:48:35:21:0a:c2:27:a1:fe:1e:e1:
         96:69:d8:62:9a:59:47:73:66:f3:ad:2a:04:bc:3a:d0:1d:cf:
         d0:6f:b6:25:f0:69:fe:e6:34:7a:a9:98:ed:0a:01:05:d3:b4:
         1e:ac:d2:75:30:38:35:72:09:5d:71:18:fd:74:bc:46:4c:03:
         f9:57:25:59:15:de:b8:c5:10:87:a6:a8:d5:21:ea:1b:af:01:
         61:52:55:dd:c8:be:5d:5b:a6:e4:e1:b8:dd:6f:a0:4b:6d:9d:
         a3:db:e6:1e:ed:a3:84:fc:bd:50:81:bc:6f:03:56:65:c0:1a:
         dd:da:e8:25:da:20:b5:39:ad:11:58:8b:d0:90:10:5a:20:a6:
         4f:3f:1c:bb:5f:ff:d6:7a:c5:c4:6b:2d:ab:fe:e8:b1:7f:65:
         8f:1f:96:4c:c6:84:b4:48:30:52:12:10:28:17:00:5c:90:23:
         f8:d4:c1:35:c0:87:c8:b3:1a:eb:a6:14:2f:64:7c:1c:e4:55:
         e2:13:82:da:4c:d1:fa:9b:d2:d2:7b:96:78:ff:12:08:f3:bf:
         a4:f7:66:96:22:36:76:4b:75:d6:a4:20:1e:6a:09:af:27:30:
         e5:ae:59:fc:49:e7:d7:f1:1c:c3:ad:19:ff:83:df:de:0e:c3:
         98:c8:e5:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlF+X+OKSB9ZeifCHBop2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NDgxMTE5YWZlMWJmZjIyOWZhY2Q0ZWY5YzhjNjFiMGZh
YmVhZjIwHhcNMjQwMTAyMDAzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTRkY2RkNjQ1NjMzMGU5MDRlYmRjMjc4N2MzODQ0NGJmNjkyMzVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnVFGcNd7zz1aWmpkftJ/k0y3UIH0
6XCA7D6JE8rf6gT/7iWpjD7wzWGeM48cc7sMmmgVZ9f/tffS1XR4unSyC2far9qk
QJbF7q937cwRwEKIowC42Hbpey0A2VPZyvY2yc5ipzb68lYnyZo2+f7CwvN1WO5K
gr+mrQd+xKDdqE5jOFap8fRbHmx/FKUFXCHHe7YUJ+13UumtTELO+WSid08pjx4W
/P9AUje7GnPyO4uY04a2JeMJ0cIEmGhKlZ5FDBfSet8bxE99i/woaQ3v3kcfaa4M
8ACyKCaGUjsfiPNSc1Hjg87AEAsm/dJt7ltU6BdRsoedKAO/46v0uOS4IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF5NzdZFYzDpBOvcJ4fDhES/aSNcMB8GA1UdIwQY
MBaAFLlIERmv4b/yKfrNTvnIxhsPq+ryMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAt
OWI5YmNlMTVlMGM2LzEvWGszTjFrVmpNT2tFNjl3bmg4T0VSTDlwSTF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAtOWI5YmNlMTVlMGM2
LzEvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBTvqMA0G
CSqGSIb3DQEBCwUAA4IBAQBgFTrirMp9Ekg1IQrCJ6H+HuGWadhimllHc2bzrSoE
vDrQHc/Qb7Yl8Gn+5jR6qZjtCgEF07QerNJ1MDg1cgldcRj9dLxGTAP5VyVZFd64
xRCHpqjVIeobrwFhUlXdyL5dW6bk4bjdb6BLbZ2j2+Ye7aOE/L1QgbxvA1ZlwBrd
2ugl2iC1Oa0RWIvQkBBaIKZPPxy7X//WesXEay2r/uixf2WPH5ZMxoS0SDBSEhAo
FwBckCP41ME1wIfIsxrrphQvZHwc5FXiE4LaTNH6m9LSe5Z4/xII87+k92aWIjZ2
S3XWpCAeagmvJzDlrln8SefX8RzDrRn/g9/eDsOYyOX6
-----END CERTIFICATE-----