Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/hfCOBdtS6lZ7LrU3Nkqobof2sr4.roa
File:                     hfCOBdtS6lZ7LrU3Nkqobof2sr4.roa (raw, json)
Hash identifier:          fuEVBlDjwmKgM+rSVu1ewxv0azuL/JQPW3pb08C9gMo=
Subject key identifier:   85:F0:8E:05:DB:52:EA:56:7B:2E:B5:37:36:4A:A8:6E:87:F6:B2:BE
Certificate issuer:       /CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
Certificate serial:       018CC7945CB56A296C32A1E18F2B358DC50B
Authority key identifier: B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/hfCOBdtS6lZ7LrU3Nkqobof2sr4.roa
Signing time:             Tue 02 Jan 2024 00:30:38 +0000
ROA not before:           Tue 02 Jan 2024 00:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198668
IP address blocks:        5.59.194.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:5c:b5:6a:29:6c:32:a1:e1:8f:2b:35:8d:c5:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
        Validity
            Not Before: Jan  2 00:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85f08e05db52ea567b2eb537364aa86e87f6b2be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:02:05:5e:94:80:f5:07:e6:46:cf:f7:6f:72:
                    17:8a:5e:58:5a:8e:e0:af:c1:19:7d:fe:d1:b9:23:
                    1a:50:c0:e0:20:c1:10:6d:95:45:c6:80:5e:d3:34:
                    e6:c0:2c:a5:b8:fa:82:d6:e4:c8:bf:ac:08:34:f7:
                    56:44:26:2d:28:34:d5:e3:fe:e3:58:21:16:d1:b7:
                    9d:67:a8:93:38:36:38:72:19:55:29:81:15:ea:b8:
                    a4:91:38:ba:2c:44:5a:48:db:15:13:4f:c5:68:e0:
                    ca:27:b8:9f:74:83:fc:96:a6:af:c0:ff:86:55:eb:
                    58:1c:21:da:eb:d4:49:c4:3f:ee:8b:c2:57:ae:dc:
                    5e:7f:52:58:56:a3:03:88:fb:74:47:46:2a:2a:2f:
                    c9:27:20:bf:88:66:30:38:f8:9a:0d:3a:4e:0c:8a:
                    b0:bb:6a:b5:53:99:06:0b:dc:1a:4a:b2:28:d4:2d:
                    33:01:1a:1a:c5:1c:5d:1e:f0:57:b7:02:b0:8f:da:
                    38:cf:2e:19:07:05:f5:37:59:ff:e1:bf:dd:9a:e3:
                    9d:0f:78:ff:be:9c:32:1b:ae:42:83:e3:e4:13:d8:
                    22:9c:f5:c5:df:b4:36:9e:72:3c:e2:f1:5c:0d:0b:
                    57:20:4a:df:32:f8:2e:a4:f6:6f:49:2b:72:49:90:
                    87:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:F0:8E:05:DB:52:EA:56:7B:2E:B5:37:36:4A:A8:6E:87:F6:B2:BE
            X509v3 Authority Key Identifier:
                keyid:B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/hfCOBdtS6lZ7LrU3Nkqobof2sr4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.59.194.0/23

    Signature Algorithm: sha256WithRSAEncryption
         15:fc:d4:14:50:0c:85:9b:4f:20:4b:1e:6e:46:53:50:5d:ee:
         3d:a6:7e:b6:a3:eb:8d:6b:d6:85:4d:fe:2e:5b:fa:7f:82:f0:
         2e:00:48:92:04:4c:ba:0b:79:89:50:24:9f:d1:22:d0:b4:77:
         df:56:57:1f:86:1a:c1:a4:35:af:d5:fe:da:3f:80:38:d3:5e:
         2c:69:07:8c:f2:e4:d2:ce:5f:84:b4:b1:2e:15:29:55:8b:09:
         5a:05:7a:41:9c:e5:f9:e3:b2:2f:af:37:6e:9b:99:73:2e:91:
         12:47:0d:18:71:fd:d3:2f:80:1a:47:f1:9b:e4:0f:53:62:94:
         52:ec:dc:dd:ad:17:cc:15:d5:c8:db:90:f3:aa:bd:43:f8:2f:
         9f:c7:8b:10:06:93:13:04:43:ff:88:a0:75:48:b7:79:e8:38:
         37:4e:c4:25:a3:f2:a6:db:bf:2e:85:28:8b:da:35:f8:ae:58:
         de:8d:ab:0a:64:5c:2a:c1:9c:42:7a:0f:4e:9f:4c:3d:5a:e8:
         10:ab:1f:d5:5d:d1:2b:9e:6c:89:85:07:78:20:ce:9a:c0:98:
         84:16:7c:18:f2:b9:2d:2a:cb:3c:ad:1a:b1:b1:f0:ae:6c:90:
         89:ae:88:52:c1:d8:4a:4d:60:3e:59:c1:d3:74:55:56:e2:a1:
         2b:04:d6:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlFy1ailsMqHhjys1jcULMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NDgxMTE5YWZlMWJmZjIyOWZhY2Q0ZWY5YzhjNjFiMGZh
YmVhZjIwHhcNMjQwMTAyMDAzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWYwOGUwNWRiNTJlYTU2N2IyZWI1MzczNjRhYTg2ZTg3ZjZiMmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlQIFXpSA9QfmRs/3b3IXil5YWo7g
r8EZff7RuSMaUMDgIMEQbZVFxoBe0zTmwCyluPqC1uTIv6wINPdWRCYtKDTV4/7j
WCEW0bedZ6iTODY4chlVKYEV6rikkTi6LERaSNsVE0/FaODKJ7ifdIP8lqavwP+G
VetYHCHa69RJxD/ui8JXrtxef1JYVqMDiPt0R0YqKi/JJyC/iGYwOPiaDTpODIqw
u2q1U5kGC9waSrIo1C0zARoaxRxdHvBXtwKwj9o4zy4ZBwX1N1n/4b/dmuOdD3j/
vpwyG65Cg+PkE9ginPXF37Q2nnI84vFcDQtXIErfMvgupPZvSStySZCHWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIXwjgXbUupWey61NzZKqG6H9rK+MB8GA1UdIwQY
MBaAFLlIERmv4b/yKfrNTvnIxhsPq+ryMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAt
OWI5YmNlMTVlMGM2LzEvaGZDT0JkdFM2bFo3THJVM05rcW9ib2Yyc3I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAtOWI5YmNlMTVlMGM2
LzEvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBTvCMA0G
CSqGSIb3DQEBCwUAA4IBAQAV/NQUUAyFm08gSx5uRlNQXe49pn62o+uNa9aFTf4u
W/p/gvAuAEiSBEy6C3mJUCSf0SLQtHffVlcfhhrBpDWv1f7aP4A4014saQeM8uTS
zl+EtLEuFSlViwlaBXpBnOX547Ivrzdum5lzLpESRw0Ycf3TL4AaR/Gb5A9TYpRS
7NzdrRfMFdXI25Dzqr1D+C+fx4sQBpMTBEP/iKB1SLd56Dg3TsQlo/Km278uhSiL
2jX4rljejasKZFwqwZxCeg9On0w9WugQqx/VXdErnmyJhQd4IM6awJiEFnwY8rkt
Kss8rRqxsfCubJCJrohSwdhKTWA+WcHTdFVW4qErBNYz
-----END CERTIFICATE-----