Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/58xiAdrs6ETLav0FryLnmTCVEdU.roa
File:                     58xiAdrs6ETLav0FryLnmTCVEdU.roa (raw, json)
Hash identifier:          XNxWlWq1mgieuQ/et37me3ig8nRm5KbSrGeybmi48TM=
Subject key identifier:   E7:CC:62:01:DA:EC:E8:44:CB:6A:FD:05:AF:22:E7:99:30:95:11:D5
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019170523B048961133625064CE9DBEEBBF4
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/58xiAdrs6ETLav0FryLnmTCVEdU.roa
Signing time:             Tue 20 Aug 2024 15:05:22 +0000
ROA not before:           Tue 20 Aug 2024 15:05:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215998
IP address blocks:        193.25.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:70:52:3b:04:89:61:13:36:25:06:4c:e9:db:ee:bb:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Aug 20 15:05:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7cc6201daece844cb6afd05af22e799309511d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:f8:f1:04:32:47:04:8c:ba:3e:9d:4b:83:7a:
                    b4:5d:83:97:84:d8:4e:94:06:1e:a3:d5:8f:3d:d3:
                    a7:7e:c8:b5:59:8f:a1:2c:d1:eb:77:91:21:db:ef:
                    b2:07:91:91:15:e1:47:10:3e:31:48:25:43:9d:30:
                    1f:45:9b:12:c0:d8:23:0c:48:f2:6f:3b:6b:fc:99:
                    80:9d:72:5b:ca:e1:fa:d1:df:50:98:63:90:0c:73:
                    37:5e:5e:1e:31:8b:af:ec:09:a4:51:26:0c:57:f0:
                    fe:a4:46:fa:d6:7a:c2:fa:97:68:dd:f6:20:8a:10:
                    fd:45:8a:bf:3a:53:07:c7:cf:64:e7:73:a5:07:28:
                    66:c1:18:27:de:75:e9:56:65:61:41:f5:51:8c:00:
                    fa:ff:5b:1f:38:95:cc:c8:73:55:48:6c:f3:8a:e9:
                    6b:06:a6:01:dc:88:65:f7:b1:51:0a:9b:35:57:1f:
                    d8:ab:d5:7a:ee:17:e8:68:cb:58:a1:b0:01:90:c6:
                    a0:09:6e:d1:0c:e4:9f:04:9e:6e:4b:23:18:7e:9e:
                    31:4c:89:4d:8e:a5:eb:d2:ad:26:0e:3f:60:a1:2e:
                    96:01:de:19:c1:1c:e7:75:06:50:97:c1:ee:54:f1:
                    34:cb:13:aa:31:57:7f:bd:86:ea:1a:6e:76:69:fb:
                    e1:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:CC:62:01:DA:EC:E8:44:CB:6A:FD:05:AF:22:E7:99:30:95:11:D5
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/58xiAdrs6ETLav0FryLnmTCVEdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.25.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:86:2a:61:8c:7a:a2:81:1f:02:01:85:58:b5:86:3d:05:a0:
         c5:77:30:54:35:24:e1:e8:36:07:e5:48:23:a7:5d:98:9a:6d:
         01:be:28:74:37:02:bd:6b:69:95:a6:34:88:f3:1b:7a:31:dc:
         b3:10:94:a2:8a:27:f9:e7:86:6a:9e:33:13:9d:d4:2d:62:6f:
         d0:a6:30:55:82:48:e7:44:c2:ee:65:60:31:d7:d9:dc:e1:6e:
         f6:0f:8c:3f:c3:62:c8:52:a7:08:6a:ad:87:34:1e:fe:07:6a:
         17:8c:7b:ce:1b:a1:21:39:10:c7:f9:ef:f8:11:ff:a3:44:73:
         12:e4:bf:be:8c:b9:39:a4:16:ab:f9:15:cd:9b:76:85:b3:db:
         fc:fc:f4:d1:23:30:a4:fb:0f:b5:1f:82:8e:03:31:65:e2:f5:
         69:a8:b8:d2:26:70:b7:03:93:7d:e2:cf:34:77:fa:15:16:0a:
         a6:b0:2d:30:0a:75:07:43:48:a5:24:79:ae:64:87:7b:1c:4a:
         93:6b:fe:a6:18:ea:99:3e:c9:e2:f7:d8:88:a4:39:75:5d:f2:
         a1:68:e8:24:85:db:c5:5e:ce:ba:a2:c7:ca:f8:2b:7b:6f:ec:
         7a:37:74:d3:bf:cf:1e:99:3d:bf:51:f5:10:42:73:c4:6f:bd:
         3a:50:8c:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFwUjsEiWETNiUGTOnb7rv0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwODIwMTUwNTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2NjNjIwMWRhZWNlODQ0Y2I2YWZkMDVhZjIyZTc5OTMwOTUxMWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuPjxBDJHBIy6Pp1Lg3q0XYOXhNhO
lAYeo9WPPdOnfsi1WY+hLNHrd5Eh2++yB5GRFeFHED4xSCVDnTAfRZsSwNgjDEjy
bztr/JmAnXJbyuH60d9QmGOQDHM3Xl4eMYuv7AmkUSYMV/D+pEb61nrC+pdo3fYg
ihD9RYq/OlMHx89k53OlByhmwRgn3nXpVmVhQfVRjAD6/1sfOJXMyHNVSGzziulr
BqYB3Ihl97FRCps1Vx/Yq9V67hfoaMtYobABkMagCW7RDOSfBJ5uSyMYfp4xTIlN
jqXr0q0mDj9goS6WAd4ZwRzndQZQl8HuVPE0yxOqMVd/vYbqGm52afvhEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOfMYgHa7OhEy2r9Ba8i55kwlRHVMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvNTh4aUFkcnM2RVRMYXYwRnJ5TG5tVENWRWRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRnYMA0G
CSqGSIb3DQEBCwUAA4IBAQADhiphjHqigR8CAYVYtYY9BaDFdzBUNSTh6DYH5Ugj
p12Ymm0Bvih0NwK9a2mVpjSI8xt6MdyzEJSiiif554ZqnjMTndQtYm/QpjBVgkjn
RMLuZWAx19nc4W72D4w/w2LIUqcIaq2HNB7+B2oXjHvOG6EhORDH+e/4Ef+jRHMS
5L++jLk5pBar+RXNm3aFs9v8/PTRIzCk+w+1H4KOAzFl4vVpqLjSJnC3A5N94s80
d/oVFgqmsC0wCnUHQ0ilJHmuZId7HEqTa/6mGOqZPsni99iIpDl1XfKhaOgkhdvF
Xs66osfK+Ct7b+x6N3TTv88emT2/UfUQQnPEb706UIy+
-----END CERTIFICATE-----