Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS59816.roa
File:                     AS59816.roa (raw, json)
Hash identifier:          eS5fM4EAaZewGo+0S/+5F2QqzxgsMshVRZtXTuvMoSY=
Subject key identifier:   EF:6E:8A:2F:F9:D9:70:1E:58:94:5B:06:F4:A3:4B:A8:B0:FB:D0:1C
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       2350098AAD8FC90FD9CA0842B6184BE8DFC7405E
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS59816.roa
Signing time:             Wed 01 Jan 2025 08:53:50 +0000
ROA not before:           Wed 01 Jan 2025 08:48:50 +0000
ROA not after:            Wed 31 Dec 2025 08:53:50 +0000
asID:                     59816
IP address blocks:        5.252.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:50:09:8a:ad:8f:c9:0f:d9:ca:08:42:b6:18:4b:e8:df:c7:40:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan  1 08:48:50 2025 GMT
            Not After : Dec 31 08:53:50 2025 GMT
        Subject: CN=EF6E8A2FF9D9701E58945B06F4A34BA8B0FBD01C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:4d:49:f3:30:28:aa:bd:bf:fb:df:5c:d4:a1:
                    51:66:86:89:a1:a0:c0:34:72:56:e8:82:72:46:85:
                    57:18:ab:e0:11:f8:7b:45:43:70:b3:9a:48:61:02:
                    83:54:71:71:a4:bd:f3:9e:77:89:15:81:c2:a0:47:
                    c0:a0:c9:bc:95:2a:45:49:5d:09:ae:5b:02:7c:54:
                    9b:1d:10:c4:d2:6f:95:2c:ba:4f:9d:e2:8f:d5:e7:
                    98:6f:b5:a4:5f:56:89:e1:f4:73:e7:67:87:cc:6f:
                    f9:ac:bd:67:01:d4:36:eb:44:5f:7a:cd:0c:01:82:
                    b2:0a:04:ae:5f:25:0e:08:84:c5:21:fd:4c:68:bc:
                    db:63:7d:dc:72:34:c9:c8:34:d6:81:bf:bb:44:4c:
                    bf:47:6c:dd:d5:af:d2:b2:04:49:2a:cc:69:34:9a:
                    9f:70:ed:ad:f3:7f:fd:2f:c2:30:2a:f0:7e:e0:3a:
                    9c:3d:53:58:c8:36:06:1b:bd:8a:a2:bb:66:0b:e8:
                    71:1d:72:ef:30:c4:b3:fa:85:bc:18:05:ac:b6:0f:
                    fe:73:06:0e:1e:76:9e:43:66:b1:32:a7:53:ff:7c:
                    45:c3:f9:0a:7f:76:53:a5:23:15:98:5e:12:c8:d8:
                    fe:8a:04:d2:08:20:3f:ad:e0:4d:bd:10:c1:ab:76:
                    82:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:6E:8A:2F:F9:D9:70:1E:58:94:5B:06:F4:A3:4B:A8:B0:FB:D0:1C
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS59816.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:79:a8:c8:33:bb:aa:f8:51:e8:3f:4f:e1:21:b5:86:f9:cf:
         9f:e6:c4:d3:2c:fd:e9:03:1a:1f:1a:0c:1d:95:b0:0d:d3:9e:
         2f:3b:f3:64:6b:80:a2:c1:26:53:aa:c2:6d:d3:bd:8c:47:d9:
         42:8b:2e:bd:f2:81:e6:5e:df:13:53:03:be:ef:50:95:78:8e:
         9e:0b:ee:8b:69:18:fc:24:fd:cb:fe:39:30:7f:42:c9:83:12:
         9e:d6:81:c9:e5:c4:29:9f:53:eb:82:3b:ab:7f:e8:a9:b6:e2:
         d5:11:7e:7a:86:e3:5a:93:0f:b5:53:15:49:8e:73:6c:93:9a:
         9b:77:a4:04:63:bf:be:f0:64:c2:b6:bd:21:b9:b7:cb:c3:9d:
         68:8b:ab:e9:1c:31:45:48:fd:40:a6:d9:09:e6:0d:39:b0:4c:
         3a:eb:68:6b:54:6d:6a:11:a2:c4:93:b4:9f:0a:85:ff:65:f2:
         10:99:b3:6c:9b:c4:f2:0b:3b:c8:1e:c6:a5:72:c7:3b:6d:92:
         27:0e:ae:10:8f:8e:b5:06:60:40:15:70:83:91:96:21:08:51:
         46:69:7d:ed:6d:b7:a7:f7:56:f8:a9:90:3d:0b:cf:8f:c9:66:
         a2:a6:6a:ab:d7:e6:03:6b:e0:6d:84:c7:5d:ea:40:97:49:ce:
         a4:e1:33:e9
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUI1AJiq2PyQ/ZyghCthhL6N/HQF4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAxMDEwODQ4NTBaFw0yNTEyMzEwODUzNTBaMDMxMTAvBgNV
BAMTKEVGNkU4QTJGRjlEOTcwMUU1ODk0NUIwNkY0QTM0QkE4QjBGQkQwMUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZTUnzMCiqvb/731zUoVFmhomh
oMA0clbognJGhVcYq+AR+HtFQ3CzmkhhAoNUcXGkvfOed4kVgcKgR8CgybyVKkVJ
XQmuWwJ8VJsdEMTSb5Usuk+d4o/V55hvtaRfVonh9HPnZ4fMb/msvWcB1DbrRF96
zQwBgrIKBK5fJQ4IhMUh/UxovNtjfdxyNMnINNaBv7tETL9HbN3Vr9KyBEkqzGk0
mp9w7a3zf/0vwjAq8H7gOpw9U1jINgYbvYqiu2YL6HEdcu8wxLP6hbwYBay2D/5z
Bg4edp5DZrEyp1P/fEXD+Qp/dlOlIxWYXhLI2P6KBNIIID+t4E29EMGrdoI1AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU726KL/nZcB5YlFsG9KNLqLD70BwwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTk4MTYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAF/FMw
DQYJKoZIhvcNAQELBQADggEBAFl5qMgzu6r4Ueg/T+EhtYb5z5/mxNMs/ekDGh8a
DB2VsA3Tni8782RrgKLBJlOqwm3TvYxH2UKLLr3ygeZe3xNTA77vUJV4jp4L7otp
GPwk/cv+OTB/QsmDEp7WgcnlxCmfU+uCO6t/6Km24tURfnqG41qTD7VTFUmOc2yT
mpt3pARjv77wZMK2vSG5t8vDnWiLq+kcMUVI/UCm2QnmDTmwTDrraGtUbWoRosST
tJ8Khf9l8hCZs2ybxPILO8gexqVyxzttkicOrhCPjrUGYEAVcIORliEIUUZpfe1t
t6f3VvipkD0Lz4/JZqKmaqvX5gNr4G2Ex13qQJdJzqThM+k=
-----END CERTIFICATE-----