Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/lAzC_Q4Z_z1BEoalQsAt6AslH5M.roa
File:                     lAzC_Q4Z_z1BEoalQsAt6AslH5M.roa (raw, json)
Hash identifier:          XLRqc/dv/HyrLlDUN2v0/XtfwPAPeDvGGISIzZJuJ2U=
Subject key identifier:   94:0C:C2:FD:0E:19:FF:3D:41:12:86:A5:42:C0:2D:E8:0B:25:1F:93
Certificate issuer:       /CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
Certificate serial:       019006EAE02AED6124CC6E68C512582924E0
Authority key identifier: B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/lAzC_Q4Z_z1BEoalQsAt6AslH5M.roa
Signing time:             Tue 11 Jun 2024 10:49:34 +0000
ROA not before:           Tue 11 Jun 2024 10:49:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204958
IP address blocks:        5.59.55.0/24 maxlen: 24
                          5.59.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:06:ea:e0:2a:ed:61:24:cc:6e:68:c5:12:58:29:24:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
        Validity
            Not Before: Jun 11 10:49:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=940cc2fd0e19ff3d411286a542c02de80b251f93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:c6:b1:51:9f:09:8e:a1:db:f9:eb:1f:d5:4d:
                    dd:e4:1f:82:c5:09:e4:ab:a0:39:03:4e:a8:80:b4:
                    e2:fb:20:cf:a2:62:90:8b:81:73:41:ca:6f:ec:52:
                    84:ac:67:e5:97:9d:7f:19:4d:51:fe:e6:b6:1f:d9:
                    8f:41:a5:c1:e2:30:bd:65:7b:09:e9:b8:a6:f6:5d:
                    b4:ef:d0:3d:72:14:39:ab:36:a9:67:c6:70:5d:65:
                    07:5d:28:09:4a:ad:6c:4a:65:05:b8:e4:88:7c:4e:
                    dc:2d:cd:18:ca:b6:7d:45:6b:86:f3:78:15:73:83:
                    81:4f:34:9f:b5:5e:7b:13:1d:8c:b6:50:2f:1d:23:
                    e5:d3:78:33:08:a5:11:3d:91:ce:e5:70:0c:88:d5:
                    1f:37:9c:aa:bd:3c:65:d6:b5:e9:b6:83:45:89:c3:
                    df:2d:2e:ed:5c:a3:ae:c8:6f:1c:6a:5f:69:f5:54:
                    cf:22:e0:ce:50:ed:04:be:14:fb:58:1d:3a:12:9b:
                    41:bd:86:83:8e:95:64:08:74:ca:8e:2b:5f:03:e5:
                    89:15:54:20:5e:c8:a3:76:e6:16:ae:a9:91:a5:0d:
                    e2:b3:cc:48:f2:fe:da:69:51:e4:a2:96:74:7e:4f:
                    47:d5:d2:7c:86:37:54:c0:15:00:d7:dd:f0:94:c3:
                    e8:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:0C:C2:FD:0E:19:FF:3D:41:12:86:A5:42:C0:2D:E8:0B:25:1F:93
            X509v3 Authority Key Identifier:
                keyid:B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/lAzC_Q4Z_z1BEoalQsAt6AslH5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.59.55.0/24
                  5.59.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:f4:69:4f:78:97:0c:8d:5a:0d:a4:31:46:de:ba:bc:91:c1:
         55:ed:b7:f3:90:db:f8:70:dd:69:e1:95:72:c7:0c:5f:1c:70:
         21:53:88:e1:4c:e0:d8:0a:87:99:12:ee:21:be:3c:04:f2:7f:
         7a:1e:bf:03:79:8f:9d:b1:c4:5f:3c:77:d3:32:ee:65:46:bf:
         32:e9:a6:87:f6:a0:9a:33:ea:ec:5f:ac:61:99:b7:62:fe:76:
         d9:7b:f2:6e:57:14:2b:30:7e:7d:1b:69:45:2f:4f:95:0d:17:
         a8:10:cd:6b:e5:79:c9:55:0c:22:b7:9a:9d:31:4d:2a:5d:9a:
         a3:be:83:3c:1b:dd:81:5c:53:3a:c6:d1:77:df:02:9c:f3:a8:
         fc:7f:f7:08:5a:4b:a3:ec:a6:62:50:64:e5:ba:e9:c4:cc:73:
         cc:12:d8:16:6e:20:d0:94:03:96:c0:cf:ce:25:76:cb:26:9a:
         88:59:03:28:01:01:d5:b8:5b:49:70:a1:3a:6a:36:e6:42:27:
         d7:86:73:ad:ef:36:93:b7:b7:2b:24:a3:09:11:8b:70:ef:66:
         5d:33:93:c8:3e:0c:55:74:e5:38:87:eb:fe:e4:ea:f4:a1:70:
         9a:5e:c2:39:02:87:79:c9:f4:55:63:51:24:62:6d:e0:ab:84:
         73:96:a2:ab
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZAG6uAq7WEkzG5oxRJYKSTgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NDgxMTE5YWZlMWJmZjIyOWZhY2Q0ZWY5YzhjNjFiMGZh
YmVhZjIwHhcNMjQwNjExMTA0OTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDBjYzJmZDBlMTlmZjNkNDExMjg2YTU0MmMwMmRlODBiMjUxZjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1MaxUZ8JjqHb+esf1U3d5B+CxQnk
q6A5A06ogLTi+yDPomKQi4FzQcpv7FKErGfll51/GU1R/ua2H9mPQaXB4jC9ZXsJ
6bim9l2079A9chQ5qzapZ8ZwXWUHXSgJSq1sSmUFuOSIfE7cLc0YyrZ9RWuG83gV
c4OBTzSftV57Ex2MtlAvHSPl03gzCKURPZHO5XAMiNUfN5yqvTxl1rXptoNFicPf
LS7tXKOuyG8cal9p9VTPIuDOUO0EvhT7WB06EptBvYaDjpVkCHTKjitfA+WJFVQg
XsijduYWrqmRpQ3is8xI8v7aaVHkopZ0fk9H1dJ8hjdUwBUA193wlMPoEwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJQMwv0OGf89QRKGpULALegLJR+TMB8GA1UdIwQY
MBaAFLlIERmv4b/yKfrNTvnIxhsPq+ryMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAt
OWI5YmNlMTVlMGM2LzEvbEF6Q19RNFpfejFCRW9hbFFzQXQ2QXNsSDVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAtOWI5YmNlMTVlMGM2
LzEvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABTs3AwQA
BTv5MA0GCSqGSIb3DQEBCwUAA4IBAQBk9GlPeJcMjVoNpDFG3rq8kcFV7bfzkNv4
cN1p4ZVyxwxfHHAhU4jhTODYCoeZEu4hvjwE8n96Hr8DeY+dscRfPHfTMu5lRr8y
6aaH9qCaM+rsX6xhmbdi/nbZe/JuVxQrMH59G2lFL0+VDReoEM1r5XnJVQwit5qd
MU0qXZqjvoM8G92BXFM6xtF33wKc86j8f/cIWkuj7KZiUGTluunEzHPMEtgWbiDQ
lAOWwM/OJXbLJpqIWQMoAQHVuFtJcKE6ajbmQifXhnOt7zaTt7crJKMJEYtw72Zd
M5PIPgxVdOU4h+v+5Or0oXCaXsI5Aod5yfRVY1EkYm3gq4RzlqKr
-----END CERTIFICATE-----