Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/cDrJ3QbZWZjTRkTuVjcED9-KIAI.roa
File:                     cDrJ3QbZWZjTRkTuVjcED9-KIAI.roa (raw, json)
Hash identifier:          IqF/vml7fv2WRtSbTYBa7lL5/SbvAhYKjPrXzXpC9rM=
Subject key identifier:   70:3A:C9:DD:06:D9:59:98:D3:46:44:EE:56:37:04:0F:DF:8A:20:02
Certificate issuer:       /CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
Certificate serial:       01927C2D3B248971C5C9EF9EA5E4A78F9797
Authority key identifier: B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/cDrJ3QbZWZjTRkTuVjcED9-KIAI.roa
Signing time:             Fri 11 Oct 2024 15:23:11 +0000
ROA not before:           Fri 11 Oct 2024 15:23:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207369
IP address blocks:        5.59.230.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 20:34:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:7c:2d:3b:24:89:71:c5:c9:ef:9e:a5:e4:a7:8f:97:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
        Validity
            Not Before: Oct 11 15:23:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=703ac9dd06d95998d34644ee5637040fdf8a2002
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:24:d5:65:3a:ca:4f:0c:13:7f:e9:82:85:13:
                    a6:9a:fc:f5:86:06:f7:01:4b:c6:01:2b:71:ee:1a:
                    76:a4:22:b8:47:09:9d:56:c2:93:45:da:57:93:94:
                    37:9e:28:b4:e0:8a:29:fc:d9:e7:e9:64:b0:74:e9:
                    97:fe:71:15:5a:93:8e:4b:2a:2a:87:3b:79:86:ae:
                    fd:d6:be:40:e5:f2:f0:62:de:87:f2:6d:37:1a:ab:
                    ef:3d:4b:04:3c:d6:94:53:fc:fe:77:2f:c3:f9:e6:
                    7b:e4:e2:06:2f:be:fe:68:db:1b:41:24:6e:0e:25:
                    2e:e1:4c:10:c4:9c:a9:b0:e0:f8:b5:c4:ee:94:c2:
                    68:ec:e5:3e:eb:eb:84:e9:70:80:1b:99:4b:e7:bd:
                    9b:4f:58:71:29:ec:0c:6f:18:00:1d:90:cd:a1:01:
                    b1:22:da:16:23:23:8c:83:72:cf:bc:83:68:c9:0d:
                    64:2c:80:cf:ef:92:a8:10:76:1e:77:98:58:a1:1a:
                    16:0d:ed:9e:1b:b1:43:4e:6f:95:1f:86:78:9b:15:
                    3b:62:b4:6c:c3:c1:ae:cb:a1:88:6f:19:c9:25:65:
                    ce:51:31:26:31:aa:ba:9a:02:08:a2:58:20:f3:d8:
                    66:2f:db:9e:3c:2e:a7:18:ed:c0:9a:49:d8:4b:f8:
                    20:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:3A:C9:DD:06:D9:59:98:D3:46:44:EE:56:37:04:0F:DF:8A:20:02
            X509v3 Authority Key Identifier:
                keyid:B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/cDrJ3QbZWZjTRkTuVjcED9-KIAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.59.230.0/23

    Signature Algorithm: sha256WithRSAEncryption
         07:c7:de:00:d0:88:bb:9d:cb:d3:c0:f0:74:3c:e3:bf:06:1c:
         58:b0:c8:cb:6e:11:09:d6:21:67:6e:d5:36:6d:2c:22:51:bf:
         8e:2c:46:d8:ea:1f:19:d8:cb:3c:a8:ca:fb:11:c8:80:1c:c4:
         73:b9:8a:c3:62:e1:a6:84:44:d3:26:33:c5:0d:65:00:25:16:
         4a:38:ea:8a:f7:74:02:8e:5a:30:23:43:a5:88:ac:7f:44:87:
         54:46:1a:c0:43:a2:a4:b7:20:24:95:3c:a8:87:b0:55:67:ca:
         6f:c3:f1:d8:dd:76:8e:d3:67:85:93:f1:3d:7c:53:41:59:5a:
         d6:4e:ca:5f:2a:b1:c4:c1:f9:c7:f4:da:9a:78:51:23:1f:65:
         35:7c:8c:ba:7c:67:22:bc:13:4d:16:19:59:c8:ef:f3:cc:ef:
         39:68:1c:36:61:ca:b9:8b:93:b9:61:5d:9a:dc:ea:54:f4:d4:
         1e:f7:0e:52:8f:09:95:19:7f:72:13:62:d5:5c:c8:99:64:e4:
         14:78:b2:cd:8c:00:00:bd:39:13:56:6c:c0:c6:dc:27:7a:3f:
         d4:01:70:b4:64:68:a8:7c:58:ec:8f:2b:f9:af:3d:54:60:25:
         3a:1a:a1:9f:11:64:55:18:76:00:dc:50:78:be:1d:3b:f1:1c:
         0b:b0:a8:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJ8LTskiXHFye+epeSnj5eXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NDgxMTE5YWZlMWJmZjIyOWZhY2Q0ZWY5YzhjNjFiMGZh
YmVhZjIwHhcNMjQxMDExMTUyMzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDNhYzlkZDA2ZDk1OTk4ZDM0NjQ0ZWU1NjM3MDQwZmRmOGEyMDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCTVZTrKTwwTf+mChROmmvz1hgb3
AUvGAStx7hp2pCK4RwmdVsKTRdpXk5Q3nii04Iop/Nnn6WSwdOmX/nEVWpOOSyoq
hzt5hq791r5A5fLwYt6H8m03GqvvPUsEPNaUU/z+dy/D+eZ75OIGL77+aNsbQSRu
DiUu4UwQxJypsOD4tcTulMJo7OU+6+uE6XCAG5lL572bT1hxKewMbxgAHZDNoQGx
ItoWIyOMg3LPvINoyQ1kLIDP75KoEHYed5hYoRoWDe2eG7FDTm+VH4Z4mxU7YrRs
w8Guy6GIbxnJJWXOUTEmMaq6mgIIolgg89hmL9uePC6nGO3AmknYS/ggNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHA6yd0G2VmY00ZE7lY3BA/fiiACMB8GA1UdIwQY
MBaAFLlIERmv4b/yKfrNTvnIxhsPq+ryMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAt
OWI5YmNlMTVlMGM2LzEvY0RySjNRYlpXWmpUUmtUdVZqY0VEOS1LSUFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAtOWI5YmNlMTVlMGM2
LzEvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBTvmMA0G
CSqGSIb3DQEBCwUAA4IBAQAHx94A0Ii7ncvTwPB0POO/BhxYsMjLbhEJ1iFnbtU2
bSwiUb+OLEbY6h8Z2Ms8qMr7EciAHMRzuYrDYuGmhETTJjPFDWUAJRZKOOqK93QC
jlowI0OliKx/RIdURhrAQ6KktyAklTyoh7BVZ8pvw/HY3XaO02eFk/E9fFNBWVrW
TspfKrHEwfnH9NqaeFEjH2U1fIy6fGcivBNNFhlZyO/zzO85aBw2Ycq5i5O5YV2a
3OpU9NQe9w5SjwmVGX9yE2LVXMiZZOQUeLLNjAAAvTkTVmzAxtwnej/UAXC0ZGio
fFjsjyv5rz1UYCU6GqGfEWRVGHYA3FB4vh078RwLsKgg
-----END CERTIFICATE-----