Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/5c5e22-e4f9-4986-a055-0475d13f463c/1/spxBFrRTXksX8fvfc0dXhGkhiwE.roa
File:                     spxBFrRTXksX8fvfc0dXhGkhiwE.roa (raw, json)
Hash identifier:          n9jU/0B6fjkLFx2dvO1H12A4sA1hG6j4sPdVGTQx1Ss=
Subject key identifier:   B2:9C:41:16:B4:53:5E:4B:17:F1:FB:DF:73:47:57:84:69:21:8B:01
Certificate issuer:       /CN=f4f7760940800b86f8086e209edd1a85bac0f5dc
Certificate serial:       018CC7949550A393238EC138BA91063B147F
Authority key identifier: F4:F7:76:09:40:80:0B:86:F8:08:6E:20:9E:DD:1A:85:BA:C0:F5:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9Pd2CUCAC4b4CG4gnt0ahbrA9dw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/5c5e22-e4f9-4986-a055-0475d13f463c/1/spxBFrRTXksX8fvfc0dXhGkhiwE.roa
Signing time:             Tue 02 Jan 2024 00:30:52 +0000
ROA not before:           Tue 02 Jan 2024 00:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9678
IP address blocks:        2.58.240.0/24 maxlen: 24
                          2.58.243.0/24 maxlen: 24
                          2.58.242.0/24 maxlen: 24
                          2.58.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/5c5e22-e4f9-4986-a055-0475d13f463c/1/9Pd2CUCAC4b4CG4gnt0ahbrA9dw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/5c5e22-e4f9-4986-a055-0475d13f463c/1/9Pd2CUCAC4b4CG4gnt0ahbrA9dw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9Pd2CUCAC4b4CG4gnt0ahbrA9dw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:95:50:a3:93:23:8e:c1:38:ba:91:06:3b:14:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4f7760940800b86f8086e209edd1a85bac0f5dc
        Validity
            Not Before: Jan  2 00:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b29c4116b4535e4b17f1fbdf7347578469218b01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:2d:7f:5a:19:e6:fa:18:df:25:3f:4d:8a:d2:
                    ba:d2:cf:c0:81:7e:31:74:3d:0a:9d:fb:e4:e7:fc:
                    ac:e5:0b:3e:c6:ba:91:20:97:8e:63:f0:cb:a2:5b:
                    5d:c9:68:93:1c:7f:ed:1d:91:72:d8:92:f8:2a:ea:
                    80:35:86:14:2c:e8:83:f9:3a:2f:78:39:8c:c1:af:
                    73:27:30:55:73:64:0b:94:00:32:e7:59:d1:6d:90:
                    08:27:cf:db:f8:99:56:7a:44:da:04:8f:df:79:0f:
                    85:04:a6:7b:98:77:22:41:0a:bb:17:50:08:3d:af:
                    49:13:53:c1:b5:a7:f7:1c:8d:3b:15:dc:02:b2:bf:
                    86:e5:55:6d:b2:86:aa:05:d0:b8:71:d1:17:c3:47:
                    00:cc:95:33:c8:88:96:73:85:3c:57:80:ee:82:b6:
                    e9:a3:4c:be:b4:30:c8:d3:4e:9d:c7:b7:bc:a3:d4:
                    d9:b5:be:23:08:d7:ed:00:7e:3a:18:a1:0a:29:a4:
                    17:f9:01:71:6c:1a:cc:cd:9f:d6:9e:9a:9b:b4:9d:
                    b5:1b:aa:7e:3d:55:5d:cd:ad:b9:a9:0b:8b:a4:36:
                    db:c4:aa:b6:17:2f:fe:a5:5f:0d:32:fe:e7:35:03:
                    46:85:e0:55:20:b5:47:a5:27:78:b3:01:8b:ec:4e:
                    21:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:9C:41:16:B4:53:5E:4B:17:F1:FB:DF:73:47:57:84:69:21:8B:01
            X509v3 Authority Key Identifier:
                keyid:F4:F7:76:09:40:80:0B:86:F8:08:6E:20:9E:DD:1A:85:BA:C0:F5:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9Pd2CUCAC4b4CG4gnt0ahbrA9dw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/5c5e22-e4f9-4986-a055-0475d13f463c/1/spxBFrRTXksX8fvfc0dXhGkhiwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/5c5e22-e4f9-4986-a055-0475d13f463c/1/9Pd2CUCAC4b4CG4gnt0ahbrA9dw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a1:d1:41:a4:ee:b6:4d:5e:81:c0:e4:bf:c6:a5:57:8b:30:33:
         cd:9b:0d:08:83:31:95:6f:7a:ee:27:bf:f5:5d:6a:8e:83:81:
         27:5c:b8:dd:5a:95:cb:ed:4f:c2:84:5b:eb:8d:b7:b6:45:1a:
         73:dd:a6:4a:2c:7d:2f:08:34:5c:68:e6:ba:60:ae:c8:7c:26:
         4e:ee:ae:10:93:64:f2:56:d0:14:a6:cd:78:d3:82:f4:7f:96:
         57:4d:6a:7e:16:35:2a:5f:bd:90:18:98:e2:13:4e:f5:f7:b3:
         c7:27:c9:b0:cf:09:c9:86:54:f1:5f:4c:43:fb:b4:44:7f:b7:
         d3:81:54:a5:b2:1a:b9:cd:e2:9f:b7:08:ef:bd:af:8f:f9:92:
         85:d2:0e:25:fc:4f:fb:cb:a1:cb:79:f0:03:2c:80:cb:9d:93:
         05:bc:a1:f7:f7:0a:e7:cf:3b:8a:86:b3:27:2e:19:3e:9b:fe:
         53:7a:22:4b:3e:27:62:3a:26:15:ed:bf:41:6c:ca:f4:46:ec:
         af:21:97:46:f6:e0:be:0d:41:7c:75:47:80:ac:d6:c4:09:60:
         0c:d8:cc:ed:c7:4d:ed:fe:b2:a1:1d:b0:e3:28:fd:97:80:8a:
         f8:ae:77:5a:37:39:d0:f0:9d:6e:2c:56:97:4d:f6:27:36:d6:
         18:9f:da:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlJVQo5MjjsE4upEGOxR/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0Zjc3NjA5NDA4MDBiODZmODA4NmUyMDllZGQxYTg1YmFj
MGY1ZGMwHhcNMjQwMTAyMDAzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjljNDExNmI0NTM1ZTRiMTdmMWZiZGY3MzQ3NTc4NDY5MjE4YjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAki1/Whnm+hjfJT9NitK60s/AgX4x
dD0Knfvk5/ys5Qs+xrqRIJeOY/DLoltdyWiTHH/tHZFy2JL4KuqANYYULOiD+Tov
eDmMwa9zJzBVc2QLlAAy51nRbZAIJ8/b+JlWekTaBI/feQ+FBKZ7mHciQQq7F1AI
Pa9JE1PBtaf3HI07FdwCsr+G5VVtsoaqBdC4cdEXw0cAzJUzyIiWc4U8V4Dugrbp
o0y+tDDI006dx7e8o9TZtb4jCNftAH46GKEKKaQX+QFxbBrMzZ/WnpqbtJ21G6p+
PVVdza25qQuLpDbbxKq2Fy/+pV8NMv7nNQNGheBVILVHpSd4swGL7E4hAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLKcQRa0U15LF/H733NHV4RpIYsBMB8GA1UdIwQY
MBaAFPT3dglAgAuG+AhuIJ7dGoW6wPXcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVBkMkNVQ0FDNGI0Q0c0Z250MGFoYnJBOWR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy81YzVlMjItZTRmOS00OTg2LWEwNTUt
MDQ3NWQxM2Y0NjNjLzEvc3B4QkZyUlRYa3NYOGZ2ZmMwZFhoR2toaXdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy81YzVlMjItZTRmOS00OTg2LWEwNTUtMDQ3NWQxM2Y0NjNj
LzEvOVBkMkNVQ0FDNGI0Q0c0Z250MGFoYnJBOWR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCAjrwMA0G
CSqGSIb3DQEBCwUAA4IBAQCh0UGk7rZNXoHA5L/GpVeLMDPNmw0IgzGVb3ruJ7/1
XWqOg4EnXLjdWpXL7U/ChFvrjbe2RRpz3aZKLH0vCDRcaOa6YK7IfCZO7q4Qk2Ty
VtAUps1404L0f5ZXTWp+FjUqX72QGJjiE07197PHJ8mwzwnJhlTxX0xD+7REf7fT
gVSlshq5zeKftwjvva+P+ZKF0g4l/E/7y6HLefADLIDLnZMFvKH39wrnzzuKhrMn
Lhk+m/5TeiJLPidiOiYV7b9BbMr0RuyvIZdG9uC+DUF8dUeArNbECWAM2Mztx03t
/rKhHbDjKP2XgIr4rndaNznQ8J1uLFaXTfYnNtYYn9ow
-----END CERTIFICATE-----