Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/erIxiRyrCq4VZ_4JtiVJ89zap6M.roa
File:                     erIxiRyrCq4VZ_4JtiVJ89zap6M.roa (raw, json)
Hash identifier:          Zk6wb1beSmE1dghO9HQ9J61wdrjrx/zDA+0dbQ3GYHU=
Subject key identifier:   7A:B2:31:89:1C:AB:0A:AE:15:67:FE:09:B6:25:49:F3:DC:DA:A7:A3
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       019427488CDA77134F9957DEF8CC29308B23
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/erIxiRyrCq4VZ_4JtiVJ89zap6M.roa
Signing time:             Thu 02 Jan 2025 13:50:53 +0000
ROA not before:           Thu 02 Jan 2025 13:50:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52073
IP address blocks:        2.58.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:8c:da:77:13:4f:99:57:de:f8:cc:29:30:8b:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 13:50:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7ab231891cab0aae1567fe09b62549f3dcdaa7a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:02:d3:22:8c:ee:6d:7c:33:b8:ba:fc:55:58:
                    a2:ea:a8:18:3b:e5:b3:3b:26:fa:6e:16:d6:95:4b:
                    1f:d3:b1:58:ca:6f:cb:10:43:67:1c:3d:0c:d4:19:
                    66:b1:50:14:86:51:1c:b8:a0:00:56:57:c4:24:24:
                    dc:a6:96:75:4f:f0:f6:9c:f0:d2:e3:5b:6c:5a:8a:
                    e8:48:03:2c:f5:8a:e1:05:8e:3e:a8:bc:cb:f6:06:
                    e8:4b:92:a0:bf:a2:2f:c0:dd:6b:49:2e:23:22:d1:
                    d4:32:f3:71:b9:13:b8:06:30:df:5f:43:3b:27:12:
                    f1:29:6a:e3:b7:0a:18:17:a4:11:49:9c:f1:6a:79:
                    be:d4:26:7f:4d:ad:4e:2d:c2:6a:f1:fa:d1:5e:2e:
                    c6:f2:49:11:c1:fb:02:11:98:3d:b5:1f:e1:d8:94:
                    6e:f5:2b:36:c0:70:22:2d:98:fa:35:a2:70:9f:0b:
                    e5:82:b5:c5:f4:90:42:c8:65:db:e7:0d:85:f7:90:
                    c4:17:45:81:c7:e1:bd:7b:84:7b:e5:6a:65:83:b1:
                    13:e3:a3:6a:11:cc:32:71:44:33:0a:54:4a:84:bf:
                    9f:ba:5f:60:32:67:53:97:d5:97:db:c1:51:53:9a:
                    de:8e:95:e5:c9:70:88:5d:35:38:09:a3:bc:4b:11:
                    80:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:B2:31:89:1C:AB:0A:AE:15:67:FE:09:B6:25:49:F3:DC:DA:A7:A3
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/erIxiRyrCq4VZ_4JtiVJ89zap6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:90:cd:5b:a9:79:aa:61:80:8a:87:8f:0e:49:f4:71:cc:bc:
         83:fd:59:f2:38:f3:07:47:68:a5:f7:5f:4b:57:39:16:c1:24:
         48:b7:4e:b2:cc:91:81:9e:7d:86:a2:95:26:3c:f3:04:98:13:
         20:a7:fc:6f:36:54:b8:5b:71:f8:eb:5d:81:4c:f3:81:ca:3d:
         c0:52:df:86:2b:bb:45:69:80:a0:62:9a:27:ed:22:7c:c2:98:
         5b:0a:34:19:4d:cc:0e:7d:3b:96:f0:7a:55:d5:ac:d7:00:39:
         3d:93:7c:01:87:29:98:fe:4a:30:ed:fc:4e:d6:fd:75:01:af:
         5e:c1:07:a8:51:47:d3:ec:b7:ba:04:19:72:ce:cf:6d:5e:97:
         cc:f9:71:5f:cd:eb:22:54:85:0a:76:4a:f6:39:ab:0d:d7:fc:
         a5:00:cf:b7:24:14:0e:9e:da:bd:6f:db:36:e6:68:64:7f:9b:
         9e:30:3c:56:ea:4c:6e:f6:24:1a:bc:5a:a4:79:d1:1a:03:35:
         f6:4c:b2:26:24:fa:9f:09:06:11:af:3c:9c:2f:be:ca:44:99:
         86:2e:b7:30:7b:b4:06:cd:ee:df:74:b4:23:5b:26:56:9e:21:
         b1:b4:86:5f:d3:9d:44:b6:4e:28:c3:b9:a9:32:ed:2c:0c:24:
         49:3a:c5:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSIzadxNPmVfe+MwpMIsjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjUwMTAyMTM1MDUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWIyMzE4OTFjYWIwYWFlMTU2N2ZlMDliNjI1NDlmM2RjZGFhN2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQLTIozubXwzuLr8VVii6qgYO+Wz
Oyb6bhbWlUsf07FYym/LEENnHD0M1BlmsVAUhlEcuKAAVlfEJCTcppZ1T/D2nPDS
41tsWoroSAMs9YrhBY4+qLzL9gboS5Kgv6IvwN1rSS4jItHUMvNxuRO4BjDfX0M7
JxLxKWrjtwoYF6QRSZzxanm+1CZ/Ta1OLcJq8frRXi7G8kkRwfsCEZg9tR/h2JRu
9Ss2wHAiLZj6NaJwnwvlgrXF9JBCyGXb5w2F95DEF0WBx+G9e4R75Wplg7ET46Nq
EcwycUQzClRKhL+ful9gMmdTl9WX28FRU5rejpXlyXCIXTU4CaO8SxGAHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHqyMYkcqwquFWf+CbYlSfPc2qejMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvZXJJeGlSeXJDcTRWWl80SnRpVko4OXphcDZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjrGMA0G
CSqGSIb3DQEBCwUAA4IBAQBAkM1bqXmqYYCKh48OSfRxzLyD/VnyOPMHR2il919L
VzkWwSRIt06yzJGBnn2GopUmPPMEmBMgp/xvNlS4W3H4612BTPOByj3AUt+GK7tF
aYCgYpon7SJ8wphbCjQZTcwOfTuW8HpV1azXADk9k3wBhymY/kow7fxO1v11Aa9e
wQeoUUfT7Le6BBlyzs9tXpfM+XFfzesiVIUKdkr2OasN1/ylAM+3JBQOntq9b9s2
5mhkf5ueMDxW6kxu9iQavFqkedEaAzX2TLImJPqfCQYRrzycL77KRJmGLrcwe7QG
ze7fdLQjWyZWniGxtIZf051Etk4ow7mpMu0sDCRJOsWz
-----END CERTIFICATE-----