Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/c07a7d-24e6-4610-b656-c47172d5d882/1/pXH9YpU9YJCA_rF2kD4sAq3Gb8A.roa
File:                     pXH9YpU9YJCA_rF2kD4sAq3Gb8A.roa (raw, json)
Hash identifier:          T2ULJjjfs09CAUBnhR9VtzEhjC6fHO+cQ94xa8HkXMc=
Subject key identifier:   A5:71:FD:62:95:3D:60:90:80:FE:B1:76:90:3E:2C:02:AD:C6:6F:C0
Certificate issuer:       /CN=59b3e0956a9d4817cd92852c27a27b7d2f1113db
Certificate serial:       0194221FBAA7CF85B395695901A05179ABF2
Authority key identifier: 59:B3:E0:95:6A:9D:48:17:CD:92:85:2C:27:A2:7B:7D:2F:11:13:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WbPglWqdSBfNkoUsJ6J7fS8RE9s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/c07a7d-24e6-4610-b656-c47172d5d882/1/pXH9YpU9YJCA_rF2kD4sAq3Gb8A.roa
Signing time:             Wed 01 Jan 2025 13:48:12 +0000
ROA not before:           Wed 01 Jan 2025 13:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202606
IP address blocks:        185.54.216.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/c07a7d-24e6-4610-b656-c47172d5d882/1/WbPglWqdSBfNkoUsJ6J7fS8RE9s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/c07a7d-24e6-4610-b656-c47172d5d882/1/WbPglWqdSBfNkoUsJ6J7fS8RE9s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WbPglWqdSBfNkoUsJ6J7fS8RE9s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:ba:a7:cf:85:b3:95:69:59:01:a0:51:79:ab:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59b3e0956a9d4817cd92852c27a27b7d2f1113db
        Validity
            Not Before: Jan  1 13:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a571fd62953d609080feb176903e2c02adc66fc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:da:6a:b6:7b:78:35:bb:70:7e:68:47:0e:cd:
                    00:42:e3:8e:b0:09:73:69:28:ec:94:36:e4:f0:43:
                    54:bf:d3:3c:4d:f4:ad:74:c8:91:0f:01:c8:fb:a7:
                    35:9e:f9:c8:e1:1d:ef:4a:f1:b8:dd:d7:d3:36:67:
                    29:83:a5:64:1a:62:64:43:55:5b:82:23:19:b6:68:
                    4d:bc:ef:8d:b8:1c:70:60:05:e7:06:68:d1:fb:59:
                    3f:b2:27:79:5a:e7:fb:cf:95:43:ba:c8:4b:ea:d6:
                    85:8a:79:a9:92:08:04:fe:96:51:35:c9:13:41:b3:
                    08:42:00:4e:4d:18:fa:08:63:3f:35:28:bf:35:d1:
                    21:50:df:cb:b8:42:1c:9d:c7:cd:2e:44:07:14:54:
                    0e:c8:65:42:95:93:6c:40:16:8c:c7:11:6c:c5:d2:
                    a2:ac:56:30:ca:0a:4f:9f:28:30:b1:d9:91:4f:2b:
                    7d:ef:59:d6:39:b4:5f:ef:b3:5b:60:15:ad:76:88:
                    26:74:be:15:cc:f7:6f:3d:cb:18:da:90:04:e5:83:
                    39:d9:7e:27:f2:e2:81:ea:16:e3:3a:9a:26:bb:e3:
                    a2:72:df:26:e8:4a:10:72:f2:7c:f5:d0:b8:c3:50:
                    cd:86:e0:77:f8:24:cb:eb:4d:f8:6c:94:19:0e:ed:
                    eb:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:71:FD:62:95:3D:60:90:80:FE:B1:76:90:3E:2C:02:AD:C6:6F:C0
            X509v3 Authority Key Identifier:
                keyid:59:B3:E0:95:6A:9D:48:17:CD:92:85:2C:27:A2:7B:7D:2F:11:13:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WbPglWqdSBfNkoUsJ6J7fS8RE9s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/c07a7d-24e6-4610-b656-c47172d5d882/1/pXH9YpU9YJCA_rF2kD4sAq3Gb8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/c07a7d-24e6-4610-b656-c47172d5d882/1/WbPglWqdSBfNkoUsJ6J7fS8RE9s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.54.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6f:65:01:74:e4:b9:e7:45:8d:ed:9a:e8:11:3d:18:11:fa:3a:
         1a:72:d3:d6:79:8c:10:59:a7:28:d4:8d:81:64:ad:f3:72:ae:
         f9:82:ae:86:9e:78:3e:71:83:93:cb:ad:52:05:e0:7d:15:21:
         56:64:e0:8b:99:b8:a6:3a:e1:be:c2:78:cb:18:7f:82:1f:b4:
         ef:9e:cb:1b:12:45:ec:4d:bb:bb:46:9c:cd:c5:ee:45:c9:f1:
         42:7c:2e:07:95:fa:57:a5:dd:86:35:35:62:1b:2e:d4:c2:31:
         8b:d8:7b:31:f6:7c:32:0d:77:41:06:a9:93:4f:42:4b:22:97:
         e3:38:94:1e:fa:8d:09:5f:05:57:10:41:3f:4d:fb:34:ea:51:
         18:f3:c4:af:93:e8:eb:4f:33:e2:0f:79:0e:ce:7b:67:08:5a:
         34:cd:73:28:c6:f9:fb:11:91:5a:23:61:fb:ec:b8:52:8d:f4:
         a5:ea:85:2b:e1:f4:73:23:e6:ac:13:ef:3f:e1:fe:b1:15:f1:
         ad:4d:f4:d5:2a:34:97:54:5f:de:9f:52:be:ec:c5:25:db:c3:
         dc:12:c8:4f:5e:62:3b:56:74:50:9d:8e:c7:32:f1:e0:7b:bd:
         87:6f:d2:5f:3c:11:14:ad:82:a1:d5:d2:68:9f:fd:94:d5:71:
         5c:04:64:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH7qnz4WzlWlZAaBReavyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5YjNlMDk1NmE5ZDQ4MTdjZDkyODUyYzI3YTI3YjdkMmYx
MTEzZGIwHhcNMjUwMTAxMTM0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTcxZmQ2Mjk1M2Q2MDkwODBmZWIxNzY5MDNlMmMwMmFkYzY2ZmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNpqtnt4NbtwfmhHDs0AQuOOsAlz
aSjslDbk8ENUv9M8TfStdMiRDwHI+6c1nvnI4R3vSvG43dfTNmcpg6VkGmJkQ1Vb
giMZtmhNvO+NuBxwYAXnBmjR+1k/sid5Wuf7z5VDushL6taFinmpkggE/pZRNckT
QbMIQgBOTRj6CGM/NSi/NdEhUN/LuEIcncfNLkQHFFQOyGVClZNsQBaMxxFsxdKi
rFYwygpPnygwsdmRTyt971nWObRf77NbYBWtdogmdL4VzPdvPcsY2pAE5YM52X4n
8uKB6hbjOpomu+Oict8m6EoQcvJ89dC4w1DNhuB3+CTL6034bJQZDu3rewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKVx/WKVPWCQgP6xdpA+LAKtxm/AMB8GA1UdIwQY
MBaAFFmz4JVqnUgXzZKFLCeie30vERPbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2JQZ2xXcWRTQmZOa29Vc0o2SjdmUzhSRTlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS9jMDdhN2QtMjRlNi00NjEwLWI2NTYt
YzQ3MTcyZDVkODgyLzEvcFhIOVlwVTlZSkNBX3JGMmtENHNBcTNHYjhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS9jMDdhN2QtMjRlNi00NjEwLWI2NTYtYzQ3MTcyZDVkODgy
LzEvV2JQZ2xXcWRTQmZOa29Vc0o2SjdmUzhSRTlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuTbYMA0G
CSqGSIb3DQEBCwUAA4IBAQBvZQF05LnnRY3tmugRPRgR+joactPWeYwQWaco1I2B
ZK3zcq75gq6Gnng+cYOTy61SBeB9FSFWZOCLmbimOuG+wnjLGH+CH7TvnssbEkXs
Tbu7RpzNxe5FyfFCfC4HlfpXpd2GNTViGy7UwjGL2Hsx9nwyDXdBBqmTT0JLIpfj
OJQe+o0JXwVXEEE/Tfs06lEY88Svk+jrTzPiD3kOzntnCFo0zXMoxvn7EZFaI2H7
7LhSjfSl6oUr4fRzI+asE+8/4f6xFfGtTfTVKjSXVF/en1K+7MUl28PcEshPXmI7
VnRQnY7HMvHge72Hb9JfPBEUrYKh1dJon/2U1XFcBGQX
-----END CERTIFICATE-----