Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/ZvB06N0vMjyGmi2CyoEd7M6z57o.roa
File:                     ZvB06N0vMjyGmi2CyoEd7M6z57o.roa (raw, json)
Hash identifier:          Cb3RYNyewzLG3mO8jt7qOeIRaYZStDfsraJkS7aUMhc=
Subject key identifier:   66:F0:74:E8:DD:2F:32:3C:86:9A:2D:82:CA:81:1D:EC:CE:B3:E7:BA
Certificate issuer:       /CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
Certificate serial:       0190E026D2EAAB85B61F6A5828EA9FBAFCF2
Authority key identifier: B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/ZvB06N0vMjyGmi2CyoEd7M6z57o.roa
Signing time:             Tue 23 Jul 2024 15:12:39 +0000
ROA not before:           Tue 23 Jul 2024 15:12:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202813
IP address blocks:        5.59.60.0/22 maxlen: 24
                          5.59.64.0/22 maxlen: 24
                          5.59.172.0/24 maxlen: 24
                          5.59.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:e0:26:d2:ea:ab:85:b6:1f:6a:58:28:ea:9f:ba:fc:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
        Validity
            Not Before: Jul 23 15:12:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66f074e8dd2f323c869a2d82ca811decceb3e7ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:49:e2:af:25:2d:6d:12:4b:d6:37:72:6c:f9:
                    ec:b8:48:dd:48:3c:c6:20:e7:ae:9d:d4:7f:7b:a8:
                    f8:5a:38:04:a5:4d:06:63:78:07:92:d7:2e:b9:83:
                    aa:64:cb:1f:a7:30:bc:16:7b:32:18:62:ff:65:67:
                    a4:70:f4:fa:8c:a2:8d:8e:c7:51:80:77:88:a8:0d:
                    4c:ff:9c:fb:73:78:51:3e:37:11:c8:a4:b2:d2:2b:
                    cc:9b:1a:b6:b3:d0:be:79:b1:a4:4d:6a:e2:df:81:
                    12:43:f0:fc:50:bb:45:c0:15:b7:01:98:a3:49:1c:
                    25:b5:0e:25:dc:b6:a8:74:35:b9:12:a5:ba:0e:6f:
                    74:bb:b8:52:c4:d9:4d:d5:f2:b9:44:97:26:ba:02:
                    30:24:ea:e1:64:83:cd:1a:41:34:5e:10:2c:be:52:
                    b1:89:d0:87:53:82:45:24:97:70:7a:f8:0e:0a:5b:
                    b4:70:5e:dd:f4:fc:e5:12:0c:89:e2:6a:67:99:dd:
                    5b:4c:e4:a7:2b:de:34:ce:b5:2d:fc:f2:58:fe:ab:
                    ed:da:f1:6b:6f:47:a5:ca:bd:98:bf:ab:7e:ec:5d:
                    77:d1:0a:a7:07:e8:b1:7c:38:43:27:76:39:a0:82:
                    ff:3e:aa:81:f5:29:30:27:e8:34:28:49:d8:7e:10:
                    4a:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:F0:74:E8:DD:2F:32:3C:86:9A:2D:82:CA:81:1D:EC:CE:B3:E7:BA
            X509v3 Authority Key Identifier:
                keyid:B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/ZvB06N0vMjyGmi2CyoEd7M6z57o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.59.60.0-5.59.67.255
                  5.59.172.0/23

    Signature Algorithm: sha256WithRSAEncryption
         55:17:d6:42:1f:ef:d5:64:49:62:e2:40:f8:89:99:6d:3a:5c:
         a5:fc:d5:27:53:cd:7f:a6:bb:4b:2c:85:37:02:63:ab:f1:b6:
         4b:b1:5f:02:cf:d1:bb:ec:86:a0:6f:f7:4d:ec:cf:0c:78:87:
         b2:21:ad:d6:be:3d:df:4e:7f:2c:09:4b:8f:b0:c8:a5:97:0a:
         c7:08:43:f3:61:a6:ec:26:c7:64:fe:27:9c:26:a8:3c:e6:c7:
         8d:b9:9c:dd:3e:47:57:fe:88:e5:f4:d9:00:3c:34:06:f5:85:
         03:45:e0:f3:e9:b9:99:88:ba:6a:ca:1b:19:75:d2:1e:4a:d3:
         79:ec:16:67:7b:08:18:22:3a:f9:c7:f5:d8:43:43:57:49:bb:
         45:9d:55:2a:db:ee:6d:1f:0a:60:a2:c4:5a:63:cb:09:20:b7:
         ec:96:e0:b2:01:9e:87:b5:12:a6:5f:17:1e:cb:43:e7:42:4e:
         74:fe:ae:f3:74:59:6c:81:32:ac:40:fc:cc:74:c9:51:b3:51:
         d7:6a:65:14:83:ec:f0:bc:47:7c:50:06:1b:fb:73:ed:b0:7d:
         c3:6f:e2:a4:10:d8:48:dc:41:9e:5d:74:4b:dd:df:fe:41:85:
         ab:cc:e4:02:31:c6:be:67:3f:33:cf:4b:cf:e5:31:02:ac:4f:
         a1:08:26:0f
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZDgJtLqq4W2H2pYKOqfuvzyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NDgxMTE5YWZlMWJmZjIyOWZhY2Q0ZWY5YzhjNjFiMGZh
YmVhZjIwHhcNMjQwNzIzMTUxMjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmYwNzRlOGRkMmYzMjNjODY5YTJkODJjYTgxMWRlY2NlYjNlN2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEniryUtbRJL1jdybPnsuEjdSDzG
IOeundR/e6j4WjgEpU0GY3gHktcuuYOqZMsfpzC8FnsyGGL/ZWekcPT6jKKNjsdR
gHeIqA1M/5z7c3hRPjcRyKSy0ivMmxq2s9C+ebGkTWri34ESQ/D8ULtFwBW3AZij
SRwltQ4l3LaodDW5EqW6Dm90u7hSxNlN1fK5RJcmugIwJOrhZIPNGkE0XhAsvlKx
idCHU4JFJJdwevgOClu0cF7d9PzlEgyJ4mpnmd1bTOSnK940zrUt/PJY/qvt2vFr
b0elyr2Yv6t+7F130QqnB+ixfDhDJ3Y5oIL/PqqB9SkwJ+g0KEnYfhBKwwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFGbwdOjdLzI8hpotgsqBHezOs+e6MB8GA1UdIwQY
MBaAFLlIERmv4b/yKfrNTvnIxhsPq+ryMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAt
OWI5YmNlMTVlMGM2LzEvWnZCMDZOMHZNanlHbWkyQ3lvRWQ3TTZ6NTdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAtOWI5YmNlMTVlMGM2
LzEvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAIFOzwD
BAIFO0ADBAEFO6wwDQYJKoZIhvcNAQELBQADggEBAFUX1kIf79VkSWLiQPiJmW06
XKX81SdTzX+mu0sshTcCY6vxtkuxXwLP0bvshqBv903szwx4h7Ihrda+Pd9OfywJ
S4+wyKWXCscIQ/Nhpuwmx2T+J5wmqDzmx425nN0+R1f+iOX02QA8NAb1hQNF4PPp
uZmIumrKGxl10h5K03nsFmd7CBgiOvnH9dhDQ1dJu0WdVSrb7m0fCmCixFpjywkg
t+yW4LIBnoe1EqZfFx7LQ+dCTnT+rvN0WWyBMqxA/Mx0yVGzUddqZRSD7PC8R3xQ
Bhv7c+2wfcNv4qQQ2EjcQZ5ddEvd3/5BhavM5AIxxr5nPzPPS8/lMQKsT6EIJg8=
-----END CERTIFICATE-----