Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/b41d13-cc7a-49d6-91c4-70aa645ecc29/1/w3ygjB50ZRx92w3E54KyIR8KqJ8.roa
File:                     w3ygjB50ZRx92w3E54KyIR8KqJ8.roa (raw, json)
Hash identifier:          cXhal8oweMGLldAVM2weLR4PJghtsshTj6l0MVxO5bg=
Subject key identifier:   C3:7C:A0:8C:1E:74:65:1C:7D:DB:0D:C4:E7:82:B2:21:1F:0A:A8:9F
Certificate issuer:       /CN=e544eb328591184b3faf9e71a931cb325dcb11a8
Certificate serial:       0196D3D58FEAF9C90CCA333FCEC70972B567
Authority key identifier: E5:44:EB:32:85:91:18:4B:3F:AF:9E:71:A9:31:CB:32:5D:CB:11:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5UTrMoWRGEs_r55xqTHLMl3LEag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/b41d13-cc7a-49d6-91c4-70aa645ecc29/1/w3ygjB50ZRx92w3E54KyIR8KqJ8.roa
Signing time:             Thu 15 May 2025 12:05:10 +0000
ROA not before:           Thu 15 May 2025 12:05:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209203
IP address blocks:        2.59.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/b41d13-cc7a-49d6-91c4-70aa645ecc29/1/5UTrMoWRGEs_r55xqTHLMl3LEag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/b41d13-cc7a-49d6-91c4-70aa645ecc29/1/5UTrMoWRGEs_r55xqTHLMl3LEag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5UTrMoWRGEs_r55xqTHLMl3LEag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 11:24:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:d3:d5:8f:ea:f9:c9:0c:ca:33:3f:ce:c7:09:72:b5:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e544eb328591184b3faf9e71a931cb325dcb11a8
        Validity
            Not Before: May 15 12:05:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c37ca08c1e74651c7ddb0dc4e782b2211f0aa89f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:a6:b3:37:dc:33:d3:64:5b:05:e7:4e:54:bd:
                    53:55:74:f2:f8:19:e0:98:9e:95:ae:09:a9:64:c5:
                    5d:6d:9c:af:fb:66:60:f4:45:98:eb:d5:92:83:07:
                    b2:51:4a:7c:77:3c:72:f3:07:c9:5c:55:cf:e3:85:
                    d9:b5:d8:38:13:e9:5a:49:27:f5:9e:58:9b:4c:f0:
                    5a:41:d9:fb:a0:9f:38:e3:01:7d:63:81:46:1f:74:
                    3f:dd:17:e9:e3:c4:08:f1:b7:99:ee:38:05:7b:e0:
                    3b:66:99:e6:bf:f3:a6:6c:0b:1b:42:87:dd:54:1f:
                    c8:ee:fe:05:63:ff:fb:c9:2c:7b:58:95:5e:75:e4:
                    2f:87:51:d0:29:d3:5a:cf:48:78:61:05:79:14:4d:
                    95:2b:c8:39:66:c7:d8:c8:f0:40:4b:a4:94:14:93:
                    43:a0:dd:0f:5e:2f:1d:72:b0:38:4c:3f:9f:2d:6b:
                    f4:06:19:55:c9:da:5d:38:50:d7:1b:25:b9:36:f4:
                    bc:f6:c4:26:58:f7:27:e0:29:a2:5b:e4:ef:fc:04:
                    e0:49:0f:02:16:0a:60:96:40:c0:c0:82:d4:32:95:
                    5c:50:f8:33:ff:9b:67:8a:71:85:c7:73:17:3a:11:
                    73:36:b4:ef:38:82:1b:04:ff:31:91:78:0f:f8:a2:
                    1a:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:7C:A0:8C:1E:74:65:1C:7D:DB:0D:C4:E7:82:B2:21:1F:0A:A8:9F
            X509v3 Authority Key Identifier:
                keyid:E5:44:EB:32:85:91:18:4B:3F:AF:9E:71:A9:31:CB:32:5D:CB:11:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5UTrMoWRGEs_r55xqTHLMl3LEag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b41d13-cc7a-49d6-91c4-70aa645ecc29/1/w3ygjB50ZRx92w3E54KyIR8KqJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b41d13-cc7a-49d6-91c4-70aa645ecc29/1/5UTrMoWRGEs_r55xqTHLMl3LEag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:bf:5e:a2:47:cb:13:47:ff:42:87:c3:db:50:76:97:4b:4a:
         75:bb:d3:6b:02:02:d8:d2:11:10:8a:c4:2b:39:86:59:a6:77:
         a0:33:7c:0e:a7:ed:d9:7e:0d:77:d3:f1:30:1b:6d:93:8b:5d:
         5d:91:34:75:7a:ec:b2:58:60:29:a9:54:4d:98:f2:73:1e:ab:
         a2:60:d0:6b:fd:53:71:2b:6a:57:49:d8:16:9f:41:59:23:6c:
         72:ed:b7:4e:d2:1c:c2:a1:af:87:47:3d:7f:8c:fd:6a:fb:ed:
         a1:7d:4b:50:02:6e:36:26:8e:9d:8e:a3:bb:35:81:8e:9e:c7:
         4f:a5:2a:0f:7b:22:05:79:52:97:23:23:71:0d:99:85:a3:0d:
         b6:f9:05:82:75:7f:59:bb:13:a8:b4:ef:de:b5:62:b9:05:d6:
         3b:77:40:4c:7e:31:eb:03:dc:80:6d:d0:4d:b4:40:4f:41:50:
         55:85:8d:2c:b7:32:d3:ab:2c:76:dc:48:f4:5f:21:c1:0d:c3:
         51:fb:f0:bd:bb:1c:f7:a2:a6:27:f1:1b:d4:af:eb:58:31:77:
         a0:4d:74:7f:f8:90:dc:ad:a1:74:40:8d:4b:88:c8:76:4b:55:
         e4:30:63:9e:ba:34:52:13:54:37:ec:b0:16:e3:e6:ff:38:55:
         64:e8:28:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbT1Y/q+ckMyjM/zscJcrVnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1NDRlYjMyODU5MTE4NGIzZmFmOWU3MWE5MzFjYjMyNWRj
YjExYTgwHhcNMjUwNTE1MTIwNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzdjYTA4YzFlNzQ2NTFjN2RkYjBkYzRlNzgyYjIyMTFmMGFhODlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6azN9wz02RbBedOVL1TVXTy+Bng
mJ6VrgmpZMVdbZyv+2Zg9EWY69WSgweyUUp8dzxy8wfJXFXP44XZtdg4E+laSSf1
nlibTPBaQdn7oJ844wF9Y4FGH3Q/3Rfp48QI8beZ7jgFe+A7Zpnmv/OmbAsbQofd
VB/I7v4FY//7ySx7WJVedeQvh1HQKdNaz0h4YQV5FE2VK8g5ZsfYyPBAS6SUFJND
oN0PXi8dcrA4TD+fLWv0BhlVydpdOFDXGyW5NvS89sQmWPcn4CmiW+Tv/ATgSQ8C
FgpglkDAwILUMpVcUPgz/5tninGFx3MXOhFzNrTvOIIbBP8xkXgP+KIa3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMN8oIwedGUcfdsNxOeCsiEfCqifMB8GA1UdIwQY
MBaAFOVE6zKFkRhLP6+ecakxyzJdyxGoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVVUck1vV1JHRXNfcjU1eHFUSExNbDNMRWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9iNDFkMTMtY2M3YS00OWQ2LTkxYzQt
NzBhYTY0NWVjYzI5LzEvdzN5Z2pCNTBaUng5MnczRTU0S3lJUjhLcUo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9iNDFkMTMtY2M3YS00OWQ2LTkxYzQtNzBhYTY0NWVjYzI5
LzEvNVVUck1vV1JHRXNfcjU1eHFUSExNbDNMRWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjtBMA0G
CSqGSIb3DQEBCwUAA4IBAQAsv16iR8sTR/9Ch8PbUHaXS0p1u9NrAgLY0hEQisQr
OYZZpnegM3wOp+3Zfg130/EwG22Ti11dkTR1euyyWGApqVRNmPJzHquiYNBr/VNx
K2pXSdgWn0FZI2xy7bdO0hzCoa+HRz1/jP1q++2hfUtQAm42Jo6djqO7NYGOnsdP
pSoPeyIFeVKXIyNxDZmFow22+QWCdX9ZuxOotO/etWK5BdY7d0BMfjHrA9yAbdBN
tEBPQVBVhY0stzLTqyx23Ej0XyHBDcNR+/C9uxz3oqYn8RvUr+tYMXegTXR/+JDc
raF0QI1LiMh2S1XkMGOeujRSE1Q37LAW4+b/OFVk6Cgm
-----END CERTIFICATE-----