Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/cpGkUuu02vbBEqy-HWJv4pun5iQ.roa
File:                     cpGkUuu02vbBEqy-HWJv4pun5iQ.roa (raw, json)
Hash identifier:          eSZ+y8j+lfv3Z9lB8oOfnlskEltoCgzj/98pLtSYH+Q=
Subject key identifier:   72:91:A4:52:EB:B4:DA:F6:C1:12:AC:BE:1D:62:6F:E2:9B:A7:E6:24
Certificate issuer:       /CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
Certificate serial:       018CC7945B94A3F1CADE532B5EB81DC82239
Authority key identifier: B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/cpGkUuu02vbBEqy-HWJv4pun5iQ.roa
Signing time:             Tue 02 Jan 2024 00:30:37 +0000
ROA not before:           Tue 02 Jan 2024 00:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57707
IP address blocks:        5.59.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 20:34:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:5b:94:a3:f1:ca:de:53:2b:5e:b8:1d:c8:22:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
        Validity
            Not Before: Jan  2 00:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7291a452ebb4daf6c112acbe1d626fe29ba7e624
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:87:4b:78:97:c5:ee:d1:3a:66:fd:79:45:ea:
                    c1:cc:b2:67:4c:06:32:d6:63:68:02:b7:e0:5a:bd:
                    2c:2a:76:74:1d:ef:79:30:0c:25:15:68:78:e0:bb:
                    43:19:27:e3:d7:ac:f0:ff:e8:27:dc:e5:24:f6:29:
                    11:a4:eb:6c:f6:ca:9f:3f:9d:53:13:0d:14:9c:5c:
                    0d:78:15:27:b3:6a:b2:56:e7:e2:e5:e6:5a:4a:be:
                    12:86:a1:60:70:ed:c7:9a:b5:bf:2e:fa:63:f4:e4:
                    cb:d0:80:d0:34:ec:89:8f:2e:69:27:72:ed:be:fd:
                    2a:0f:2d:a5:b3:31:b6:08:23:be:74:59:83:0b:05:
                    b1:e8:9a:db:e9:d1:71:75:b1:78:e7:eb:c5:ad:39:
                    62:b7:d9:b4:97:b7:e2:37:49:d7:91:ff:1b:9e:64:
                    1c:d5:eb:83:36:3f:de:0a:46:a3:0a:85:6b:0a:6d:
                    32:23:04:da:89:b7:e9:e0:50:6a:9c:a9:33:d7:19:
                    8e:6b:42:ac:37:9c:ae:96:f4:f4:50:6e:08:aa:c7:
                    90:49:e4:0c:55:1c:0c:5a:4e:99:41:23:cb:bf:37:
                    ef:80:88:98:59:c4:e8:9d:31:66:24:62:82:5b:71:
                    53:c4:05:e2:72:77:79:c3:31:6f:34:14:d0:d2:bf:
                    24:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:91:A4:52:EB:B4:DA:F6:C1:12:AC:BE:1D:62:6F:E2:9B:A7:E6:24
            X509v3 Authority Key Identifier:
                keyid:B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/cpGkUuu02vbBEqy-HWJv4pun5iQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.59.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:63:b9:23:31:79:14:e8:77:25:63:39:85:1c:1d:d4:fc:56:
         d0:d9:17:5b:c5:59:93:24:41:71:b6:dd:c8:89:d9:20:48:c1:
         3e:58:5c:b3:55:a8:7a:49:cc:45:bc:f3:f3:3d:16:4e:ae:7e:
         c4:36:d5:de:8b:66:bd:c0:c8:5a:fc:0a:70:02:0e:79:80:cb:
         f5:0e:b9:d1:ba:53:92:0a:2c:49:c1:a0:6b:5d:e9:95:e4:cc:
         3a:7c:bd:f4:cc:d4:6c:56:dd:5a:d7:65:a6:0b:56:12:b9:7d:
         4e:b1:df:2a:e0:eb:ca:01:77:c4:d5:09:65:b7:6f:29:17:ca:
         86:d5:9f:ca:13:db:5a:4a:e0:71:e2:0c:78:de:e0:d1:97:fc:
         f8:29:61:a3:73:d1:f0:8d:26:71:fc:b4:ee:63:d6:fb:ea:f1:
         81:6c:17:e6:56:19:62:8e:7b:f5:f5:ac:76:15:d2:80:c7:c3:
         4d:d6:4c:c8:21:b4:69:1e:aa:ed:90:fe:44:23:3a:f3:e9:ec:
         e3:d0:8f:f7:3f:48:04:25:e7:62:1a:d7:d8:00:87:fb:42:5a:
         f0:81:7e:7c:a5:57:2d:07:8d:74:46:f9:b0:7d:35:1b:46:46:
         e2:21:e6:85:bb:00:ec:9e:fc:6f:9b:76:df:83:a7:b4:d3:f1:
         26:55:9a:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlFuUo/HK3lMrXrgdyCI5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NDgxMTE5YWZlMWJmZjIyOWZhY2Q0ZWY5YzhjNjFiMGZh
YmVhZjIwHhcNMjQwMTAyMDAzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjkxYTQ1MmViYjRkYWY2YzExMmFjYmUxZDYyNmZlMjliYTdlNjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIdLeJfF7tE6Zv15RerBzLJnTAYy
1mNoArfgWr0sKnZ0He95MAwlFWh44LtDGSfj16zw/+gn3OUk9ikRpOts9sqfP51T
Ew0UnFwNeBUns2qyVufi5eZaSr4ShqFgcO3HmrW/Lvpj9OTL0IDQNOyJjy5pJ3Lt
vv0qDy2lszG2CCO+dFmDCwWx6Jrb6dFxdbF45+vFrTlit9m0l7fiN0nXkf8bnmQc
1euDNj/eCkajCoVrCm0yIwTaibfp4FBqnKkz1xmOa0KsN5yulvT0UG4IqseQSeQM
VRwMWk6ZQSPLvzfvgIiYWcTonTFmJGKCW3FTxAXicnd5wzFvNBTQ0r8kyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHKRpFLrtNr2wRKsvh1ib+Kbp+YkMB8GA1UdIwQY
MBaAFLlIERmv4b/yKfrNTvnIxhsPq+ryMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAt
OWI5YmNlMTVlMGM2LzEvY3BHa1V1dTAydmJCRXF5LUhXSnY0cHVuNWlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAtOWI5YmNlMTVlMGM2
LzEvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABTthMA0G
CSqGSIb3DQEBCwUAA4IBAQCTY7kjMXkU6HclYzmFHB3U/FbQ2RdbxVmTJEFxtt3I
idkgSME+WFyzVah6ScxFvPPzPRZOrn7ENtXei2a9wMha/ApwAg55gMv1DrnRulOS
CixJwaBrXemV5Mw6fL30zNRsVt1a12WmC1YSuX1Osd8q4OvKAXfE1Qllt28pF8qG
1Z/KE9taSuBx4gx43uDRl/z4KWGjc9HwjSZx/LTuY9b76vGBbBfmVhlijnv19ax2
FdKAx8NN1kzIIbRpHqrtkP5EIzrz6ezj0I/3P0gEJediGtfYAIf7QlrwgX58pVct
B410RvmwfTUbRkbiIeaFuwDsnvxvm3bfg6e00/EmVZoC
-----END CERTIFICATE-----