Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/tfCWIL7F0EEF1TAaj0pmQ-rkJqU.roa
File:                     tfCWIL7F0EEF1TAaj0pmQ-rkJqU.roa (raw, json)
Hash identifier:          bVu2Y3qZpDEobxqQj5wLwm7CxOjCXJUGb9cu2x9veHI=
Subject key identifier:   B5:F0:96:20:BE:C5:D0:41:05:D5:30:1A:8F:4A:66:43:EA:E4:26:A5
Certificate issuer:       /CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
Certificate serial:       01941F8C991FEA91F81E98C4B79ECE02A5B5
Authority key identifier: B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/tfCWIL7F0EEF1TAaj0pmQ-rkJqU.roa
Signing time:             Wed 01 Jan 2025 01:48:15 +0000
ROA not before:           Wed 01 Jan 2025 01:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207369
IP address blocks:        5.59.230.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:99:1f:ea:91:f8:1e:98:c4:b7:9e:ce:02:a5:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9481119afe1bff229facd4ef9c8c61b0fabeaf2
        Validity
            Not Before: Jan  1 01:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b5f09620bec5d04105d5301a8f4a6643eae426a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:4d:a9:d1:21:a9:fb:be:70:de:51:44:e0:f3:
                    97:a6:c9:d4:5d:99:b2:18:ad:be:77:93:b2:29:49:
                    0f:40:82:46:62:b1:bc:49:88:d7:98:f9:1b:75:96:
                    c0:80:3b:b5:28:80:1e:73:ec:7c:3e:ca:75:90:dd:
                    5b:49:bd:14:74:28:e3:0b:10:4a:39:e0:ef:e7:b1:
                    ff:10:9d:3e:ee:8c:3c:d3:ef:eb:9d:21:29:68:d0:
                    0e:7d:aa:4f:f5:31:86:06:bc:33:0a:27:f7:3b:5c:
                    50:08:54:00:60:1c:f1:2d:ec:ac:91:15:89:bc:9d:
                    71:34:f4:bc:a9:37:83:ad:59:1d:16:a7:7f:dd:b5:
                    0b:6c:4d:2c:de:a9:f9:25:4e:be:30:39:0a:09:34:
                    db:c3:dd:fb:71:39:24:13:fe:47:31:1c:35:e2:fe:
                    2e:26:b7:2f:bb:10:46:fe:f8:9a:bc:e3:24:90:d3:
                    5d:7f:30:6d:e2:19:64:c5:9e:9a:99:85:c3:21:8e:
                    8e:0e:a8:a3:cb:30:29:00:7d:09:b0:7d:6e:9a:e9:
                    00:04:20:67:ca:59:09:0e:24:59:30:ab:5c:81:71:
                    c0:b5:76:ac:b9:78:fb:31:1a:58:16:d3:9d:0f:5c:
                    cc:8b:b2:46:ef:7a:5c:ff:0f:21:aa:eb:a3:e6:6c:
                    bd:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:F0:96:20:BE:C5:D0:41:05:D5:30:1A:8F:4A:66:43:EA:E4:26:A5
            X509v3 Authority Key Identifier:
                keyid:B9:48:11:19:AF:E1:BF:F2:29:FA:CD:4E:F9:C8:C6:1B:0F:AB:EA:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/tfCWIL7F0EEF1TAaj0pmQ-rkJqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/cb0007-3ea9-4759-8d70-9b9bce15e0c6/1/uUgRGa_hv_Ip-s1O-cjGGw-r6vI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.59.230.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7e:24:5f:9a:93:cc:8f:ad:be:91:d7:88:e1:8d:84:57:ce:70:
         ed:4d:54:cb:69:2f:8c:f3:0e:50:7f:40:18:c2:3a:0a:8a:15:
         b1:9d:79:f2:d1:14:05:48:5f:a9:32:7d:c1:cb:88:41:3f:6b:
         f2:d1:6d:c4:1a:a8:df:33:8f:7f:78:55:06:df:11:d8:64:da:
         71:72:c6:2f:07:71:ca:27:60:47:4f:54:6b:a6:cb:ac:9c:ac:
         c9:9b:37:94:4b:cf:b6:ff:74:99:76:19:21:96:d4:7a:24:6e:
         8b:eb:77:2b:ad:f4:a7:a9:c7:b8:ba:8a:79:ea:59:11:5c:4d:
         15:8f:1f:a1:1e:f3:9a:1f:2f:43:02:cb:2d:23:cf:85:ae:ad:
         8f:c5:95:6c:c7:9a:1a:ae:e1:ea:aa:76:71:ad:57:cc:14:eb:
         63:e6:66:4a:6a:f8:92:38:a7:1d:6b:ae:f0:a2:63:ce:fa:29:
         8b:d4:87:1f:73:12:4f:c6:64:61:6e:b9:87:d0:e6:8f:7d:62:
         80:d1:58:32:b4:e2:4b:a9:0f:c4:d8:68:58:80:09:a4:69:53:
         95:14:f8:af:ed:97:03:30:68:d2:97:90:c6:09:c1:f0:dd:a6:
         19:b3:7b:02:fd:7e:3a:1e:9c:c2:34:ae:cb:5b:d0:ec:e7:a8:
         64:14:6a:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjJkf6pH4HpjEt57OAqW1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NDgxMTE5YWZlMWJmZjIyOWZhY2Q0ZWY5YzhjNjFiMGZh
YmVhZjIwHhcNMjUwMTAxMDE0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWYwOTYyMGJlYzVkMDQxMDVkNTMwMWE4ZjRhNjY0M2VhZTQyNmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApE2p0SGp+75w3lFE4POXpsnUXZmy
GK2+d5OyKUkPQIJGYrG8SYjXmPkbdZbAgDu1KIAec+x8Psp1kN1bSb0UdCjjCxBK
OeDv57H/EJ0+7ow80+/rnSEpaNAOfapP9TGGBrwzCif3O1xQCFQAYBzxLeyskRWJ
vJ1xNPS8qTeDrVkdFqd/3bULbE0s3qn5JU6+MDkKCTTbw937cTkkE/5HMRw14v4u
JrcvuxBG/viavOMkkNNdfzBt4hlkxZ6amYXDIY6ODqijyzApAH0JsH1umukABCBn
ylkJDiRZMKtcgXHAtXasuXj7MRpYFtOdD1zMi7JG73pc/w8hquuj5my9ewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLXwliC+xdBBBdUwGo9KZkPq5CalMB8GA1UdIwQY
MBaAFLlIERmv4b/yKfrNTvnIxhsPq+ryMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAt
OWI5YmNlMTVlMGM2LzEvdGZDV0lMN0YwRUVGMVRBYWowcG1RLXJrSnFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9jYjAwMDctM2VhOS00NzU5LThkNzAtOWI5YmNlMTVlMGM2
LzEvdVVnUkdhX2h2X0lwLXMxTy1jakdHdy1yNnZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBBTvmMA0G
CSqGSIb3DQEBCwUAA4IBAQB+JF+ak8yPrb6R14jhjYRXznDtTVTLaS+M8w5Qf0AY
wjoKihWxnXny0RQFSF+pMn3By4hBP2vy0W3EGqjfM49/eFUG3xHYZNpxcsYvB3HK
J2BHT1RrpsusnKzJmzeUS8+2/3SZdhkhltR6JG6L63crrfSnqce4uop56lkRXE0V
jx+hHvOaHy9DAsstI8+Frq2PxZVsx5oaruHqqnZxrVfMFOtj5mZKaviSOKcda67w
omPO+imL1IcfcxJPxmRhbrmH0OaPfWKA0VgytOJLqQ/E2GhYgAmkaVOVFPiv7ZcD
MGjSl5DGCcHw3aYZs3sC/X46HpzCNK7LW9Ds56hkFGoI
-----END CERTIFICATE-----