Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/b64e42-b9de-4c66-9ed9-6fe34805a6c6/1/v59PD8Qs0RQ7PSBSQRODz7kQf64.roa
File:                     v59PD8Qs0RQ7PSBSQRODz7kQf64.roa (raw, json)
Hash identifier:          2mj0HrIa8lwzTenwcNDwtJslztodHwqrl1m+7Y3XJtA=
Subject key identifier:   BF:9F:4F:0F:C4:2C:D1:14:3B:3D:20:52:41:13:83:CF:B9:10:7F:AE
Certificate issuer:       /CN=ffc381f53f25dbc2a0efabf889fca32419958dd0
Certificate serial:       0190C5411249895011A9102DD8C95F4A1DE9
Authority key identifier: FF:C3:81:F5:3F:25:DB:C2:A0:EF:AB:F8:89:FC:A3:24:19:95:8D:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_8OB9T8l28Kg76v4ifyjJBmVjdA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/b64e42-b9de-4c66-9ed9-6fe34805a6c6/1/v59PD8Qs0RQ7PSBSQRODz7kQf64.roa
Signing time:             Thu 18 Jul 2024 09:51:34 +0000
ROA not before:           Thu 18 Jul 2024 09:51:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13213
IP address blocks:        46.28.48.0/21 maxlen: 24
                          185.80.220.0/22 maxlen: 24
                          212.78.64.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/b64e42-b9de-4c66-9ed9-6fe34805a6c6/1/_8OB9T8l28Kg76v4ifyjJBmVjdA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/b64e42-b9de-4c66-9ed9-6fe34805a6c6/1/_8OB9T8l28Kg76v4ifyjJBmVjdA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_8OB9T8l28Kg76v4ifyjJBmVjdA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:c5:41:12:49:89:50:11:a9:10:2d:d8:c9:5f:4a:1d:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffc381f53f25dbc2a0efabf889fca32419958dd0
        Validity
            Not Before: Jul 18 09:51:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf9f4f0fc42cd1143b3d2052411383cfb9107fae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:05:6c:ed:86:69:ec:07:3e:2f:12:d8:b2:8d:
                    12:70:e4:7d:96:c8:4a:37:45:82:2b:9a:f6:17:79:
                    7a:42:ea:9c:e0:2a:51:30:a1:17:39:3e:02:c3:fa:
                    f9:94:4a:a5:f5:4f:0b:79:a2:aa:08:d8:60:3b:7f:
                    25:c3:7c:b9:73:d1:f8:41:8b:42:1a:ad:57:d4:e9:
                    ed:fc:76:66:87:cd:30:5d:5f:c5:31:c1:09:6b:ef:
                    6d:21:88:69:e7:7e:66:1a:ce:65:b3:99:e9:db:58:
                    c0:82:9b:4e:c9:1d:43:72:ba:79:a3:fb:98:98:42:
                    ab:9f:ad:1e:68:02:13:7e:55:b0:2f:78:34:4b:6b:
                    ed:bd:07:50:2b:27:99:f4:28:c2:de:6e:76:5b:35:
                    81:69:db:96:eb:f3:0d:86:75:42:b7:45:9e:72:87:
                    6d:9a:e0:60:23:f1:88:b7:78:fd:b4:5c:d5:c2:33:
                    92:70:3e:5f:03:bc:d0:3a:91:fc:36:e4:b2:50:6a:
                    8e:86:b5:1f:0c:f1:87:31:0b:93:d4:e4:76:d1:42:
                    c2:c7:2f:46:ed:78:b2:0b:52:9f:75:f5:f7:d4:9e:
                    c6:7b:b7:a4:7f:79:e7:7f:06:e8:ef:5b:d6:1e:eb:
                    8a:aa:de:85:6a:5c:fe:fa:11:2e:06:4a:a1:d7:95:
                    e7:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:9F:4F:0F:C4:2C:D1:14:3B:3D:20:52:41:13:83:CF:B9:10:7F:AE
            X509v3 Authority Key Identifier:
                keyid:FF:C3:81:F5:3F:25:DB:C2:A0:EF:AB:F8:89:FC:A3:24:19:95:8D:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_8OB9T8l28Kg76v4ifyjJBmVjdA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/b64e42-b9de-4c66-9ed9-6fe34805a6c6/1/v59PD8Qs0RQ7PSBSQRODz7kQf64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/b64e42-b9de-4c66-9ed9-6fe34805a6c6/1/_8OB9T8l28Kg76v4ifyjJBmVjdA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.28.48.0/21
                  185.80.220.0/22
                  212.78.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         47:fb:27:4f:dc:58:43:a1:61:f3:4f:45:66:04:82:7e:a9:8e:
         f8:7b:c3:cf:73:4f:c7:e3:a3:d0:50:2a:3a:d0:9f:da:47:c5:
         49:17:e7:a8:d0:1e:6c:0f:32:7d:b6:ac:c4:54:5b:43:32:a6:
         59:66:dd:89:6b:c4:4a:a7:73:cd:33:13:8f:da:ba:17:a4:27:
         b6:85:e6:be:56:ae:ac:49:bc:bf:df:c4:f2:62:82:2a:1b:47:
         7d:a8:1b:ce:5a:a9:85:72:b7:45:39:90:cf:3c:1d:ed:13:14:
         e0:e6:9f:61:b1:f7:a8:57:6f:57:4d:d0:31:0d:3d:b9:0a:f8:
         1f:f7:e7:66:ac:42:d1:77:20:e4:09:5f:64:6e:27:aa:7c:8f:
         7c:19:33:af:59:3c:44:ad:69:32:8e:3d:c9:bd:c7:d6:2f:aa:
         20:ae:38:02:6e:ce:8a:4b:57:3c:c4:d1:b6:4f:15:c0:25:89:
         4f:44:78:41:ec:a8:bf:90:de:9e:f0:df:1c:1b:bf:b8:1e:87:
         d7:ae:f9:d7:bc:70:2c:37:9d:50:ae:9b:de:e0:50:64:87:f7:
         55:fe:be:0e:b8:2e:4f:6c:ae:4d:b4:8e:52:2d:7e:9c:03:97:
         4c:bb:8a:48:ef:ec:e9:a5:db:e6:a5:9b:44:48:76:b4:db:07:
         f7:84:eb:7e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZDFQRJJiVARqRAt2MlfSh3pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYzM4MWY1M2YyNWRiYzJhMGVmYWJmODg5ZmNhMzI0MTk5
NThkZDAwHhcNMjQwNzE4MDk1MTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjlmNGYwZmM0MmNkMTE0M2IzZDIwNTI0MTEzODNjZmI5MTA3ZmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgVs7YZp7Ac+LxLYso0ScOR9lshK
N0WCK5r2F3l6Quqc4CpRMKEXOT4Cw/r5lEql9U8LeaKqCNhgO38lw3y5c9H4QYtC
Gq1X1Ont/HZmh80wXV/FMcEJa+9tIYhp535mGs5ls5np21jAgptOyR1Dcrp5o/uY
mEKrn60eaAITflWwL3g0S2vtvQdQKyeZ9CjC3m52WzWBaduW6/MNhnVCt0Wecodt
muBgI/GIt3j9tFzVwjOScD5fA7zQOpH8NuSyUGqOhrUfDPGHMQuT1OR20ULCxy9G
7XiyC1KfdfX31J7Ge7ekf3nnfwbo71vWHuuKqt6Falz++hEuBkqh15XnrQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFL+fTw/ELNEUOz0gUkETg8+5EH+uMB8GA1UdIwQY
MBaAFP/DgfU/JdvCoO+r+In8oyQZlY3QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzhPQjlUOGwyOEtnNzZ2NGlmeWpKQm1WamRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9iNjRlNDItYjlkZS00YzY2LTllZDkt
NmZlMzQ4MDVhNmM2LzEvdjU5UEQ4UXMwUlE3UFNCU1FST0R6N2tRZjY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9iNjRlNDItYjlkZS00YzY2LTllZDktNmZlMzQ4MDVhNmM2
LzEvXzhPQjlUOGwyOEtnNzZ2NGlmeWpKQm1WamRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDLhwwAwQC
uVDcAwQF1E5AMA0GCSqGSIb3DQEBCwUAA4IBAQBH+ydP3FhDoWHzT0VmBIJ+qY74
e8PPc0/H46PQUCo60J/aR8VJF+eo0B5sDzJ9tqzEVFtDMqZZZt2Ja8RKp3PNMxOP
2roXpCe2hea+Vq6sSby/38TyYoIqG0d9qBvOWqmFcrdFOZDPPB3tExTg5p9hsfeo
V29XTdAxDT25Cvgf9+dmrELRdyDkCV9kbieqfI98GTOvWTxErWkyjj3JvcfWL6og
rjgCbs6KS1c8xNG2TxXAJYlPRHhB7Ki/kN6e8N8cG7+4HofXrvnXvHAsN51Qrpve
4FBkh/dV/r4OuC5PbK5NtI5SLX6cA5dMu4pI7+zppdvmpZtESHa02wf3hOt+
-----END CERTIFICATE-----