Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/5czits5-llQ2oT56LXRPODsKNo0.roa
File:                     5czits5-llQ2oT56LXRPODsKNo0.roa (raw, json)
Hash identifier:          +eTRCYPrCS78mU7jz4q9oawHIZODKAuD/5xunfeC1YQ=
Subject key identifier:   E5:CC:E2:B6:CE:7E:96:54:36:A1:3E:7A:2D:74:4F:38:3B:0A:36:8D
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018CC8DCED38780B832FB9DB611E6B51A001
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/5czits5-llQ2oT56LXRPODsKNo0.roa
Signing time:             Tue 02 Jan 2024 06:29:30 +0000
ROA not before:           Tue 02 Jan 2024 06:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50580
IP address blocks:        2.58.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 20:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:ed:38:78:0b:83:2f:b9:db:61:1e:6b:51:a0:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 06:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5cce2b6ce7e965436a13e7a2d744f383b0a368d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:f9:57:33:56:02:c6:81:9f:26:7d:ef:09:24:
                    65:6f:d1:63:78:9f:fd:d4:47:e3:f1:f3:83:a0:82:
                    e0:09:f3:02:43:fb:47:f8:50:3a:af:86:51:04:79:
                    e2:bb:86:c9:89:f7:cc:eb:40:b1:52:dd:1b:60:a2:
                    9c:f8:69:01:66:ec:6d:a4:a3:b0:3d:8c:41:0d:77:
                    5f:6f:9e:0b:fe:12:bc:0c:ca:eb:ec:ae:01:af:14:
                    25:bf:02:54:a8:0b:54:52:30:e5:be:ca:7b:cf:d1:
                    c0:ec:64:79:80:c7:73:6a:86:9d:30:c7:ce:c8:9c:
                    0a:5e:b1:c3:f4:12:af:de:e3:6b:a7:e7:5b:94:c7:
                    8b:1c:1e:55:24:0c:7a:c7:1b:63:cc:86:60:b0:14:
                    b4:b8:ae:5b:67:bf:74:3f:1a:e7:ef:25:3c:02:00:
                    a3:3b:61:87:01:a2:4f:fc:06:c9:b7:38:05:cb:de:
                    72:35:66:f4:87:18:4d:d5:90:40:4a:5a:22:3a:dd:
                    3f:0b:78:b6:6d:42:c5:52:08:f5:1b:4d:07:49:3d:
                    cd:42:4d:56:43:db:f1:2d:e8:9d:56:95:1c:92:d9:
                    7f:45:3b:7c:be:67:1d:d7:2e:85:67:0c:9e:aa:06:
                    0b:51:6a:cd:c5:33:44:37:84:4f:6d:12:46:45:45:
                    53:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:CC:E2:B6:CE:7E:96:54:36:A1:3E:7A:2D:74:4F:38:3B:0A:36:8D
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/5czits5-llQ2oT56LXRPODsKNo0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:e2:0a:28:48:c8:70:c9:63:1c:26:97:5d:7c:cd:be:f2:b1:
         a0:0c:03:e9:09:02:6d:44:35:1a:8b:de:3f:7c:25:2e:e4:85:
         c5:04:95:a0:45:d2:26:7f:d5:2b:71:7e:92:c0:75:86:5a:af:
         5d:74:c0:0c:7d:ba:cc:75:b2:14:ac:bc:85:d3:7f:c8:9d:86:
         e0:18:f6:2d:cc:81:e8:bb:b4:bd:6c:51:46:5f:dc:da:1c:42:
         cc:7e:5d:d5:4d:87:c3:42:b2:1b:6b:fd:f2:a4:0c:93:32:f2:
         62:b4:d9:89:b9:46:2f:2e:bf:11:8a:05:c8:3a:de:16:1a:da:
         6f:67:a2:3b:59:af:5a:bc:2c:eb:0f:c3:d3:c0:5e:0e:cb:25:
         2c:e4:55:9b:22:65:ee:eb:7e:76:ee:1c:97:35:96:fc:f7:1e:
         62:6d:35:c0:af:9a:2f:4d:7b:3e:87:29:21:f4:f9:11:9a:28:
         d9:c2:76:b3:f3:4d:c2:ea:21:10:34:63:be:d8:2d:f6:f3:72:
         c0:74:a4:70:b1:3d:40:9e:39:da:a1:f5:cc:41:10:93:18:b1:
         4d:f0:2a:88:1b:a2:8d:fa:6a:5c:53:2e:e0:6c:bf:61:be:20:
         48:2d:6f:d0:2b:bc:3b:1a:90:72:14:26:4b:49:81:b9:1b:73:
         75:86:f8:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3O04eAuDL7nbYR5rUaABMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWNjZTJiNmNlN2U5NjU0MzZhMTNlN2EyZDc0NGYzODNiMGEzNjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPlXM1YCxoGfJn3vCSRlb9FjeJ/9
1Efj8fODoILgCfMCQ/tH+FA6r4ZRBHniu4bJiffM60CxUt0bYKKc+GkBZuxtpKOw
PYxBDXdfb54L/hK8DMrr7K4BrxQlvwJUqAtUUjDlvsp7z9HA7GR5gMdzaoadMMfO
yJwKXrHD9BKv3uNrp+dblMeLHB5VJAx6xxtjzIZgsBS0uK5bZ790Pxrn7yU8AgCj
O2GHAaJP/AbJtzgFy95yNWb0hxhN1ZBASloiOt0/C3i2bULFUgj1G00HST3NQk1W
Q9vxLeidVpUcktl/RTt8vmcd1y6FZwyeqgYLUWrNxTNEN4RPbRJGRUVTvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOXM4rbOfpZUNqE+ei10Tzg7CjaNMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvNWN6aXRzNS1sbFEyb1Q1NkxYUlBPRHNLTm8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjpfMA0G
CSqGSIb3DQEBCwUAA4IBAQBI4gooSMhwyWMcJpddfM2+8rGgDAPpCQJtRDUai94/
fCUu5IXFBJWgRdImf9UrcX6SwHWGWq9ddMAMfbrMdbIUrLyF03/InYbgGPYtzIHo
u7S9bFFGX9zaHELMfl3VTYfDQrIba/3ypAyTMvJitNmJuUYvLr8RigXIOt4WGtpv
Z6I7Wa9avCzrD8PTwF4OyyUs5FWbImXu63527hyXNZb89x5ibTXAr5ovTXs+hykh
9PkRmijZwnaz803C6iEQNGO+2C3283LAdKRwsT1AnjnaofXMQRCTGLFN8CqIG6KN
+mpcUy7gbL9hviBILW/QK7w7GpByFCZLSYG5G3N1hvhL
-----END CERTIFICATE-----