Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/lyBdAJqjcuhgjGkSJK0TIlxjW1k.roa
File:                     lyBdAJqjcuhgjGkSJK0TIlxjW1k.roa (raw, json)
Hash identifier:          aVmUNc4Vy7hht19sHF/VVQ9HN0PZq7fRNTCuTR8dwOM=
Subject key identifier:   97:20:5D:00:9A:A3:72:E8:60:8C:69:12:24:AD:13:22:5C:63:5B:59
Certificate issuer:       /CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
Certificate serial:       01941F8C9AFE9D8A55FB1AC00124F4C8AC46
Authority key identifier: B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/lyBdAJqjcuhgjGkSJK0TIlxjW1k.roa
Signing time:             Wed 01 Jan 2025 01:48:15 +0000
ROA not before:           Wed 01 Jan 2025 01:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212271
IP address blocks:        5.59.248.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:9a:fe:9d:8a:55:fb:1a:c0:01:24:f4:c8:ac:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
        Validity
            Not Before: Jan  1 01:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=97205d009aa372e8608c691224ad13225c635b59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:cd:20:f0:1b:6a:be:da:ef:09:ee:e8:51:e9:
                    f5:00:52:c8:79:c7:e5:79:52:fe:6f:ed:7b:a3:dd:
                    42:19:88:fe:68:48:18:cb:3e:8f:cb:f4:7c:61:de:
                    29:63:d3:66:0d:a6:59:42:9a:89:05:7b:30:fb:28:
                    d7:30:e8:72:cd:73:f8:af:a5:e8:a0:3c:54:ee:6f:
                    10:ec:66:56:76:50:26:e6:44:fc:42:1e:3d:11:88:
                    fe:84:9f:a7:37:a3:ec:1e:b1:6b:27:5a:e3:89:a6:
                    af:ae:d0:c6:e7:9b:fb:a7:ae:2b:25:e2:db:2b:2a:
                    59:97:70:37:62:98:c4:d6:43:13:9a:e3:3b:26:03:
                    6c:a8:c3:94:5f:7e:4c:03:79:5d:70:67:3f:49:13:
                    f2:d0:46:e9:aa:03:89:24:a8:e2:f1:be:a5:9c:8f:
                    34:d4:66:60:2b:75:01:0d:4a:b2:4c:35:f1:a2:db:
                    f2:46:f7:58:79:46:56:7f:b6:1e:fb:2b:9f:7d:38:
                    1f:70:65:d4:85:2d:25:d7:af:e3:1b:7f:cf:d7:11:
                    d1:8d:51:7e:55:4c:52:b8:c0:9e:f6:df:02:c1:9a:
                    b3:05:5a:8d:53:76:7a:3e:45:a3:39:59:9d:cb:2f:
                    ef:8b:36:b8:40:1c:29:2a:24:e6:a6:95:d3:95:a2:
                    91:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:20:5D:00:9A:A3:72:E8:60:8C:69:12:24:AD:13:22:5C:63:5B:59
            X509v3 Authority Key Identifier:
                keyid:B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/lyBdAJqjcuhgjGkSJK0TIlxjW1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.59.248.0/21

    Signature Algorithm: sha256WithRSAEncryption
         9b:0a:74:46:05:f8:13:44:b0:e6:2a:8e:ff:67:38:a5:c6:cb:
         dd:47:7e:0e:2e:7c:e0:1f:2a:84:0a:c8:36:47:80:c7:d9:9c:
         89:3e:e5:de:91:a0:a5:5e:53:3e:7f:b3:f3:11:af:bb:6f:50:
         ce:e3:78:d4:69:4c:31:9a:95:d7:67:d0:ad:af:12:3b:8a:d7:
         43:23:95:92:5e:52:be:28:ba:7c:0f:4f:c1:f3:66:2f:fd:bd:
         61:5c:c0:08:e6:68:5d:7d:f6:2e:03:03:06:05:94:c8:11:cb:
         2f:62:dc:e0:19:49:f4:31:42:0d:d2:34:70:18:a9:d8:ad:fe:
         f1:1a:98:2e:5f:34:51:e6:d9:79:b2:c3:91:ae:90:a6:8d:9a:
         5e:c8:38:f6:94:2b:3e:6b:1f:63:3d:93:8b:5e:ed:47:33:0e:
         e3:1b:73:25:c3:76:f1:35:ee:26:6a:64:09:34:de:e7:41:bf:
         fd:63:42:a7:15:ec:0c:2c:7a:79:fe:f4:01:e2:7d:73:29:1e:
         13:43:f7:30:78:b2:40:25:a5:13:3a:7d:18:0e:68:a7:fa:1f:
         1a:90:56:8c:b3:7e:7c:42:96:8d:68:8d:de:d6:16:c0:48:61:
         b5:3a:11:ee:9b:08:19:b5:04:79:92:d6:46:e8:0e:f1:8f:32:
         55:a9:60:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjJr+nYpV+xrAAST0yKxGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NDgxMTE5YWZlMWJmZjIyOWZhY2Q0ZWY5YzhjNjFiMGZh
YmVhZjIwHhcNMjUwMTAxMDE0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzIwNWQwMDlhYTM3MmU4NjA4YzY5MTIyNGFkMTMyMjVjNjM1YjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxc0g8BtqvtrvCe7oUen1AFLIecfl
eVL+b+17o91CGYj+aEgYyz6Py/R8Yd4pY9NmDaZZQpqJBXsw+yjXMOhyzXP4r6Xo
oDxU7m8Q7GZWdlAm5kT8Qh49EYj+hJ+nN6PsHrFrJ1rjiaavrtDG55v7p64rJeLb
KypZl3A3YpjE1kMTmuM7JgNsqMOUX35MA3ldcGc/SRPy0EbpqgOJJKji8b6lnI80
1GZgK3UBDUqyTDXxotvyRvdYeUZWf7Ye+yuffTgfcGXUhS0l16/jG3/P1xHRjVF+
VUxSuMCe9t8CwZqzBVqNU3Z6PkWjOVmdyy/viza4QBwpKiTmppXTlaKRTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJcgXQCao3LoYIxpEiStEyJcY1tZMB8GA1UdIwQY
MBaAFLlIERmv4b/yKfrNTvnIxhsPq+ryMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAt
OWI5YmNlMTVlMGM2LzEvbHlCZEFKcWpjdWhnakdrU0pLMFRJbHhqVzFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAtOWI5YmNlMTVlMGM2
LzEvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDBTv4MA0G
CSqGSIb3DQEBCwUAA4IBAQCbCnRGBfgTRLDmKo7/ZzilxsvdR34OLnzgHyqECsg2
R4DH2ZyJPuXekaClXlM+f7PzEa+7b1DO43jUaUwxmpXXZ9CtrxI7itdDI5WSXlK+
KLp8D0/B82Yv/b1hXMAI5mhdffYuAwMGBZTIEcsvYtzgGUn0MUIN0jRwGKnYrf7x
GpguXzRR5tl5ssORrpCmjZpeyDj2lCs+ax9jPZOLXu1HMw7jG3Mlw3bxNe4mamQJ
NN7nQb/9Y0KnFewMLHp5/vQB4n1zKR4TQ/cweLJAJaUTOn0YDmin+h8akFaMs358
QpaNaI3e1hbASGG1OhHumwgZtQR5ktZG6A7xjzJVqWDf
-----END CERTIFICATE-----