Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/f0o_vNUk-VsR4sRFlrYuTKg3DrQ.roa
File:                     f0o_vNUk-VsR4sRFlrYuTKg3DrQ.roa (raw, json)
Hash identifier:          pFkXizT3M97booOEztnmmASpAlByK8PPUxPtAxNd8Nw=
Subject key identifier:   7F:4A:3F:BC:D5:24:F9:5B:11:E2:C4:45:96:B6:2E:4C:A8:37:0E:B4
Certificate issuer:       /CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
Certificate serial:       018CC7945E7CC11FCD6D08FFF0DD403D8FA4
Authority key identifier: B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/f0o_vNUk-VsR4sRFlrYuTKg3DrQ.roa
Signing time:             Tue 02 Jan 2024 00:30:38 +0000
ROA not before:           Tue 02 Jan 2024 00:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205645
IP address blocks:        5.59.68.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 20:34:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:5e:7c:c1:1f:cd:6d:08:ff:f0:dd:40:3d:8f:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
        Validity
            Not Before: Jan  2 00:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f4a3fbcd524f95b11e2c44596b62e4ca8370eb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:78:af:49:05:8a:fd:df:a7:3f:2a:7f:15:ed:
                    64:d5:85:14:ff:b1:46:88:ef:83:9c:3f:8e:3e:fa:
                    b7:27:9d:1b:36:ec:5f:ef:a1:a3:e7:14:e4:15:62:
                    72:53:91:f8:51:fe:de:16:4f:08:77:3c:a1:1f:27:
                    6f:1f:d0:29:a4:46:41:09:7b:e6:92:b0:c3:7e:bb:
                    d5:db:9d:5b:49:28:de:af:be:a0:6d:df:be:da:ba:
                    65:f2:44:4b:97:93:f8:97:b3:dd:8d:bd:26:3e:50:
                    97:d1:30:34:a1:a2:27:7d:9c:b6:87:97:6d:39:d0:
                    bf:63:f5:db:9e:71:d1:84:56:b9:67:67:76:93:47:
                    8f:a9:29:10:02:7c:06:04:55:d3:8f:13:88:92:a9:
                    2e:24:09:71:ee:25:c7:75:8c:8c:12:d4:05:96:f8:
                    34:da:ec:23:ee:6b:11:73:ea:55:4b:cd:92:8f:f3:
                    eb:b0:f2:d9:92:5b:9b:15:ed:a3:9f:91:84:74:b4:
                    c7:de:13:29:2b:5d:59:53:8c:6b:75:30:98:73:b6:
                    3e:31:01:09:51:d0:e7:1f:e1:33:cd:71:9e:fd:be:
                    21:8b:e8:a4:e9:ff:62:ef:ff:30:ab:6f:a4:76:56:
                    e9:af:fe:a3:4e:26:5a:cb:99:ce:b4:6d:71:4a:21:
                    92:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:4A:3F:BC:D5:24:F9:5B:11:E2:C4:45:96:B6:2E:4C:A8:37:0E:B4
            X509v3 Authority Key Identifier:
                keyid:B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/f0o_vNUk-VsR4sRFlrYuTKg3DrQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.59.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         84:1c:b3:0a:0d:be:2b:95:21:c3:09:b0:7f:39:3e:6a:0e:ce:
         46:e9:90:3c:67:96:01:dd:77:0d:67:90:f2:54:4f:ec:48:98:
         9f:97:38:f2:93:d7:37:39:53:ba:05:42:12:b7:94:97:29:41:
         71:92:f1:27:fa:f2:1e:59:f2:81:e0:19:f8:bb:3b:f7:c3:92:
         ec:6b:14:5f:18:d6:e4:a5:27:01:b2:42:c3:6f:fe:89:4c:55:
         96:1c:32:72:36:58:19:6e:35:e9:f2:78:64:db:36:ac:40:7a:
         be:cb:82:ec:30:96:54:2d:b6:4d:88:fe:fc:44:32:37:aa:1f:
         bc:76:36:f6:e1:3b:1e:b5:c0:de:26:04:0f:1f:a1:40:16:7a:
         f8:30:73:d6:72:e4:d8:42:2e:9e:50:9f:14:ae:7c:0b:db:a6:
         51:3f:fb:b0:fb:8c:b3:a2:a9:f3:4f:69:48:d2:11:db:c7:ad:
         bf:68:4d:3c:6f:6b:17:1d:a3:05:29:81:cd:fa:1b:51:08:e9:
         ed:8e:92:1a:39:8e:64:35:cc:2e:3c:ef:fd:68:d4:32:68:df:
         13:e2:10:e6:2b:e4:16:43:aa:39:c3:1e:2a:75:57:24:7d:a9:
         cb:e5:ab:ba:f8:4f:ac:c5:40:5c:ad:33:17:93:03:97:f7:f5:
         8a:a5:44:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlF58wR/NbQj/8N1APY+kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NDgxMTE5YWZlMWJmZjIyOWZhY2Q0ZWY5YzhjNjFiMGZh
YmVhZjIwHhcNMjQwMTAyMDAzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjRhM2ZiY2Q1MjRmOTViMTFlMmM0NDU5NmI2MmU0Y2E4MzcwZWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkHivSQWK/d+nPyp/Fe1k1YUU/7FG
iO+DnD+OPvq3J50bNuxf76Gj5xTkFWJyU5H4Uf7eFk8IdzyhHydvH9AppEZBCXvm
krDDfrvV251bSSjer76gbd++2rpl8kRLl5P4l7Pdjb0mPlCX0TA0oaInfZy2h5dt
OdC/Y/XbnnHRhFa5Z2d2k0ePqSkQAnwGBFXTjxOIkqkuJAlx7iXHdYyMEtQFlvg0
2uwj7msRc+pVS82Sj/PrsPLZklubFe2jn5GEdLTH3hMpK11ZU4xrdTCYc7Y+MQEJ
UdDnH+EzzXGe/b4hi+ik6f9i7/8wq2+kdlbpr/6jTiZay5nOtG1xSiGSKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH9KP7zVJPlbEeLERZa2LkyoNw60MB8GA1UdIwQY
MBaAFLlIERmv4b/yKfrNTvnIxhsPq+ryMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAt
OWI5YmNlMTVlMGM2LzEvZjBvX3ZOVWstVnNSNHNSRmxyWXVUS2czRHJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAtOWI5YmNlMTVlMGM2
LzEvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBTtEMA0G
CSqGSIb3DQEBCwUAA4IBAQCEHLMKDb4rlSHDCbB/OT5qDs5G6ZA8Z5YB3XcNZ5Dy
VE/sSJiflzjyk9c3OVO6BUISt5SXKUFxkvEn+vIeWfKB4Bn4uzv3w5LsaxRfGNbk
pScBskLDb/6JTFWWHDJyNlgZbjXp8nhk2zasQHq+y4LsMJZULbZNiP78RDI3qh+8
djb24TsetcDeJgQPH6FAFnr4MHPWcuTYQi6eUJ8UrnwL26ZRP/uw+4yzoqnzT2lI
0hHbx62/aE08b2sXHaMFKYHN+htRCOntjpIaOY5kNcwuPO/9aNQyaN8T4hDmK+QW
Q6o5wx4qdVckfanL5au6+E+sxUBcrTMXkwOX9/WKpUTU
-----END CERTIFICATE-----