Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/uJ0e9CADL9JM4BsLwrY2aGR6NL0.roa
File:                     uJ0e9CADL9JM4BsLwrY2aGR6NL0.roa (raw, json)
Hash identifier:          c6Sfh2TEciSaodG5+xm8JiSr2CSdCJl1hCYg3EjegYY=
Subject key identifier:   B8:9D:1E:F4:20:03:2F:D2:4C:E0:1B:0B:C2:B6:36:68:64:7A:34:BD
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       0194274886F7B004586F90AFE62D44B55553
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/uJ0e9CADL9JM4BsLwrY2aGR6NL0.roa
Signing time:             Thu 02 Jan 2025 13:50:52 +0000
ROA not before:           Thu 02 Jan 2025 13:50:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47504
IP address blocks:        2.58.196.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:86:f7:b0:04:58:6f:90:af:e6:2d:44:b5:55:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 13:50:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b89d1ef420032fd24ce01b0bc2b63668647a34bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:31:bb:ce:e2:17:3e:55:37:22:fc:55:82:e5:
                    33:cc:34:b6:36:22:ef:4e:74:b4:39:a0:e5:76:a9:
                    ff:34:18:3e:45:6a:d1:7c:4f:51:51:f9:2c:86:cd:
                    d7:70:b9:4d:8e:53:df:8e:35:1f:6b:bb:4f:ea:d1:
                    90:77:f9:3d:c5:96:b2:f0:3d:d9:cd:74:9d:04:ac:
                    21:b3:04:f4:ae:8f:5c:d1:cd:86:da:f4:4c:90:90:
                    f7:6f:9f:56:cb:bc:1f:db:cb:57:ce:43:b3:6e:5b:
                    67:f5:10:92:d7:c0:a5:ae:db:51:74:d8:09:71:c6:
                    cc:77:c8:76:43:b8:7e:2e:73:d3:c8:5c:85:49:03:
                    13:2b:f1:dc:fe:fe:89:8e:62:1f:bf:60:3f:4f:dd:
                    f9:76:35:4d:9b:4d:56:63:65:57:0e:9b:56:36:a8:
                    0d:20:db:b6:5b:31:9a:8e:84:6c:dd:0d:d2:55:b6:
                    17:ae:0a:2e:66:5c:06:8f:b1:ed:60:96:23:8e:2a:
                    0d:3b:f9:57:c7:59:58:a9:7e:59:21:7e:7c:09:2c:
                    fb:9a:ee:be:d0:2f:91:e2:1a:f7:8f:18:6c:39:00:
                    12:31:6f:b0:4e:a4:81:ae:6e:35:53:36:e2:5b:34:
                    78:bb:50:b9:1b:0f:7f:d9:ec:70:8b:28:93:65:9d:
                    c0:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:9D:1E:F4:20:03:2F:D2:4C:E0:1B:0B:C2:B6:36:68:64:7A:34:BD
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/uJ0e9CADL9JM4BsLwrY2aGR6NL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.196.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5c:d9:e5:bc:02:e5:05:ef:54:ae:c6:42:91:8a:2a:03:d2:3f:
         87:ff:21:96:3f:ae:bb:00:54:b4:d4:cb:5a:b6:23:2b:4e:ed:
         aa:8d:69:3d:91:b0:4d:a6:03:b2:46:0f:16:bb:ef:e4:79:8b:
         c2:55:29:7d:6e:2c:73:3d:35:f4:13:55:89:f8:18:0d:fe:34:
         08:c7:e9:1c:11:69:10:91:c5:77:9e:75:42:c7:07:73:bb:e3:
         da:d3:c0:a6:43:be:6f:59:fe:6e:8a:c6:d0:3e:a7:49:dc:76:
         9c:4d:d1:87:98:67:8f:d0:8d:3a:65:05:0a:d5:79:5f:51:4f:
         49:03:b5:89:2a:c0:08:c4:3a:4b:57:45:ff:64:bd:3e:d6:c0:
         fa:6b:b0:e1:f3:35:46:a3:0d:38:1c:ab:93:0d:b9:91:3a:f3:
         df:7e:c8:51:54:d7:b7:6d:bf:59:65:03:3b:11:d3:e7:87:c0:
         47:45:81:dc:b9:06:bb:04:12:91:09:fb:1b:c3:3d:48:7a:b8:
         f0:35:cc:b3:80:fb:3a:4f:40:b9:74:33:a7:14:c4:d3:18:cc:
         37:ba:72:30:e4:36:6b:36:12:48:e7:81:75:37:8c:6c:8f:d8:
         c4:b3:73:f6:1a:44:e1:42:f2:53:4d:58:bf:46:37:54:fe:7f:
         12:1a:7c:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSIb3sARYb5Cv5i1EtVVTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjUwMTAyMTM1MDUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODlkMWVmNDIwMDMyZmQyNGNlMDFiMGJjMmI2MzY2ODY0N2EzNGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDG7zuIXPlU3IvxVguUzzDS2NiLv
TnS0OaDldqn/NBg+RWrRfE9RUfkshs3XcLlNjlPfjjUfa7tP6tGQd/k9xZay8D3Z
zXSdBKwhswT0ro9c0c2G2vRMkJD3b59Wy7wf28tXzkOzbltn9RCS18ClrttRdNgJ
ccbMd8h2Q7h+LnPTyFyFSQMTK/Hc/v6JjmIfv2A/T935djVNm01WY2VXDptWNqgN
INu2WzGajoRs3Q3SVbYXrgouZlwGj7HtYJYjjioNO/lXx1lYqX5ZIX58CSz7mu6+
0C+R4hr3jxhsOQASMW+wTqSBrm41UzbiWzR4u1C5Gw9/2exwiyiTZZ3AgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLidHvQgAy/STOAbC8K2NmhkejS9MB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvdUowZTlDQURMOUpNNEJzTHdyWTJhR1I2TkwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBAjrEMA0G
CSqGSIb3DQEBCwUAA4IBAQBc2eW8AuUF71SuxkKRiioD0j+H/yGWP667AFS01Mta
tiMrTu2qjWk9kbBNpgOyRg8Wu+/keYvCVSl9bixzPTX0E1WJ+BgN/jQIx+kcEWkQ
kcV3nnVCxwdzu+Pa08CmQ75vWf5uisbQPqdJ3HacTdGHmGeP0I06ZQUK1XlfUU9J
A7WJKsAIxDpLV0X/ZL0+1sD6a7Dh8zVGow04HKuTDbmROvPffshRVNe3bb9ZZQM7
EdPnh8BHRYHcuQa7BBKRCfsbwz1IerjwNcyzgPs6T0C5dDOnFMTTGMw3unIw5DZr
NhJI54F1N4xsj9jEs3P2GkThQvJTTVi/RjdU/n8SGnxN
-----END CERTIFICATE-----