Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/ZKG3OtEyiiDnDN4ki3no1psHAd4.roa
File:                     ZKG3OtEyiiDnDN4ki3no1psHAd4.roa (raw, json)
Hash identifier:          NZ4ei4ePNcjuIhXAkfBppanf+sCEHIfefkwDxR4juDQ=
Subject key identifier:   64:A1:B7:3A:D1:32:8A:20:E7:0C:DE:24:8B:79:E8:D6:9B:07:01:DE
Certificate issuer:       /CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
Certificate serial:       018CC7945A4B98F778D78BCB90CACC9ABA4E
Authority key identifier: B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/ZKG3OtEyiiDnDN4ki3no1psHAd4.roa
Signing time:             Tue 02 Jan 2024 00:30:37 +0000
ROA not before:           Tue 02 Jan 2024 00:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44837
IP address blocks:        5.59.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 28 Jun 2024 22:02:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:5a:4b:98:f7:78:d7:8b:cb:90:ca:cc:9a:ba:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
        Validity
            Not Before: Jan  2 00:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=64a1b73ad1328a20e70cde248b79e8d69b0701de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:c4:e0:f1:55:0b:f7:74:2d:b3:39:52:19:82:
                    40:2b:f4:e8:5e:01:01:4b:7e:e2:52:9b:1a:eb:23:
                    f5:ab:2c:bf:75:46:d7:a4:fa:2a:56:8c:3c:8f:46:
                    7a:60:44:11:ab:e8:7a:b9:be:3c:3f:12:7c:cf:4b:
                    46:d2:ad:fd:ab:14:f8:e2:2e:b0:f4:b0:df:b0:d7:
                    5e:08:95:90:75:e4:ab:61:e9:82:87:f0:27:6f:b9:
                    f4:95:e5:67:7e:2c:9e:f1:20:3a:10:bc:59:03:21:
                    da:fe:27:4a:d7:2a:95:51:2a:57:87:bf:ba:61:4d:
                    f1:3f:ed:a5:7b:72:c9:fe:68:04:f8:33:29:5a:76:
                    bf:1f:a8:5f:2e:f7:d7:bc:5a:33:72:6b:30:ee:2c:
                    0e:5a:5b:ac:ab:4b:7b:b3:86:b0:30:87:8b:e3:8e:
                    12:7d:c8:05:23:ee:52:7f:39:62:de:9d:fb:7b:86:
                    c1:ea:7b:31:c4:69:32:0f:48:45:fd:c0:4e:b4:3f:
                    1e:6f:94:8d:72:34:90:be:e0:96:1f:6c:02:5e:5c:
                    d0:53:08:38:6e:f2:c6:1c:f7:89:c9:30:f7:0a:9d:
                    20:c2:36:22:0a:e8:2b:eb:c1:81:c2:51:ca:f2:f1:
                    84:81:1c:45:9b:9c:36:17:7f:fc:ca:4b:70:e9:49:
                    ab:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:A1:B7:3A:D1:32:8A:20:E7:0C:DE:24:8B:79:E8:D6:9B:07:01:DE
            X509v3 Authority Key Identifier:
                keyid:B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/ZKG3OtEyiiDnDN4ki3no1psHAd4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.59.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:2a:2b:92:d1:3e:29:f1:c8:cd:cc:62:1c:02:f6:07:3f:f0:
         88:26:9d:d6:bd:18:b8:97:1c:65:b4:34:54:cf:c3:28:51:05:
         d8:ee:23:6f:e5:6a:97:4d:55:65:ad:c0:54:f5:6f:00:ec:f0:
         67:01:ee:a6:0a:c0:f9:f6:c3:b4:f8:cc:e9:87:d4:e2:0d:0d:
         de:6c:46:56:24:48:4f:39:84:6a:ce:df:62:f5:7e:44:da:2c:
         4e:f5:80:75:6a:99:c9:b0:11:34:a8:44:27:47:65:8f:4d:fb:
         10:fc:37:f7:8c:22:61:15:10:db:c1:86:c7:14:f3:af:0f:69:
         53:51:01:02:65:5f:ae:73:ab:08:ce:b0:03:46:f5:c9:88:60:
         89:9b:95:3f:07:7a:c5:c1:be:76:5c:32:fa:ce:bb:1b:b4:bb:
         a4:fa:10:34:28:58:fd:51:3e:fc:b7:b2:28:3a:3e:73:c6:7d:
         1f:11:06:fb:bc:6d:f4:f6:35:2b:87:1f:af:c1:8b:26:61:9e:
         e2:1b:30:1e:a6:e1:4c:71:03:ac:3d:ff:d9:e7:86:71:ee:00:
         a3:c0:d2:b8:9c:aa:65:b8:d2:53:2d:c5:45:e4:67:81:63:70:
         e7:48:38:9c:11:da:99:23:0c:85:8b:a4:16:4f:45:98:fa:54:
         5c:40:a5:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlFpLmPd414vLkMrMmrpOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NDgxMTE5YWZlMWJmZjIyOWZhY2Q0ZWY5YzhjNjFiMGZh
YmVhZjIwHhcNMjQwMTAyMDAzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGExYjczYWQxMzI4YTIwZTcwY2RlMjQ4Yjc5ZThkNjliMDcwMWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAisTg8VUL93QtszlSGYJAK/ToXgEB
S37iUpsa6yP1qyy/dUbXpPoqVow8j0Z6YEQRq+h6ub48PxJ8z0tG0q39qxT44i6w
9LDfsNdeCJWQdeSrYemCh/Anb7n0leVnfiye8SA6ELxZAyHa/idK1yqVUSpXh7+6
YU3xP+2le3LJ/mgE+DMpWna/H6hfLvfXvFozcmsw7iwOWlusq0t7s4awMIeL444S
fcgFI+5Sfzli3p37e4bB6nsxxGkyD0hF/cBOtD8eb5SNcjSQvuCWH2wCXlzQUwg4
bvLGHPeJyTD3Cp0gwjYiCugr68GBwlHK8vGEgRxFm5w2F3/8yktw6UmrUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGShtzrRMoog5wzeJIt56NabBwHeMB8GA1UdIwQY
MBaAFLlIERmv4b/yKfrNTvnIxhsPq+ryMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAt
OWI5YmNlMTVlMGM2LzEvWktHM090RXlpaURuRE40a2kzbm8xcHNIQWQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAtOWI5YmNlMTVlMGM2
LzEvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABTvzMA0G
CSqGSIb3DQEBCwUAA4IBAQC7KiuS0T4p8cjNzGIcAvYHP/CIJp3WvRi4lxxltDRU
z8MoUQXY7iNv5WqXTVVlrcBU9W8A7PBnAe6mCsD59sO0+Mzph9TiDQ3ebEZWJEhP
OYRqzt9i9X5E2ixO9YB1apnJsBE0qEQnR2WPTfsQ/Df3jCJhFRDbwYbHFPOvD2lT
UQECZV+uc6sIzrADRvXJiGCJm5U/B3rFwb52XDL6zrsbtLuk+hA0KFj9UT78t7Io
Oj5zxn0fEQb7vG309jUrhx+vwYsmYZ7iGzAepuFMcQOsPf/Z54Zx7gCjwNK4nKpl
uNJTLcVF5GeBY3DnSDicEdqZIwyFi6QWT0WY+lRcQKVn
-----END CERTIFICATE-----