Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/qSIAX3usM3vTu_Mzg0wG4YFraSo.roa
File:                     qSIAX3usM3vTu_Mzg0wG4YFraSo.roa (raw, json)
Hash identifier:          h9UpaxGZqz2GqVQUtMJUxZZArOxE/sr4/i/AizRtr+Y=
Subject key identifier:   A9:22:00:5F:7B:AC:33:7B:D3:BB:F3:33:83:4C:06:E1:81:6B:69:2A
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       019427B5B392C3F679FF0825A208973C2274
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/qSIAX3usM3vTu_Mzg0wG4YFraSo.roa
Signing time:             Thu 02 Jan 2025 15:50:06 +0000
ROA not before:           Thu 02 Jan 2025 15:50:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205701
IP address blocks:        5.8.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 18:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:b3:92:c3:f6:79:ff:08:25:a2:08:97:3c:22:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  2 15:50:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a922005f7bac337bd3bbf333834c06e1816b692a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f3:75:18:2f:e2:bb:bb:c2:b1:e0:cb:4a:90:
                    be:15:f3:cc:e3:ef:c9:40:c6:c2:40:2e:05:8a:87:
                    69:de:58:3b:93:da:a1:48:6e:cc:ad:b2:bc:d9:9f:
                    6e:38:81:09:56:11:54:24:65:d5:e6:ef:69:6d:dd:
                    01:d1:8b:5c:85:bb:6a:12:5b:48:40:87:71:96:b6:
                    9c:bc:cf:14:3f:52:52:12:94:26:5a:e5:72:c9:28:
                    0f:49:4d:67:1c:15:97:0e:3d:b2:81:df:23:a0:f8:
                    86:bf:2f:28:a8:4c:ac:74:ce:f8:ed:dd:3d:61:83:
                    02:16:92:35:10:ce:6e:6e:d3:cc:f1:ad:41:bb:62:
                    1a:b7:75:52:33:10:1e:ff:11:81:94:82:bf:69:e1:
                    4f:8c:2f:72:25:de:7e:b1:e8:d6:be:3d:df:28:dd:
                    a4:81:28:62:5b:ea:d1:5f:e2:f6:91:2c:07:5d:c3:
                    c5:45:4f:7e:fb:0a:e7:16:6f:2a:9a:8f:73:66:b6:
                    9b:f3:ee:85:96:48:8e:40:bd:14:c6:d9:75:39:66:
                    d8:5e:cf:9c:46:e7:fb:c8:27:35:ee:fd:6b:ae:9f:
                    90:05:fc:59:aa:68:b1:2e:e0:03:00:f5:35:1a:da:
                    da:56:63:c2:1c:71:c6:f0:31:1f:3e:d3:0b:78:91:
                    20:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:22:00:5F:7B:AC:33:7B:D3:BB:F3:33:83:4C:06:E1:81:6B:69:2A
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/qSIAX3usM3vTu_Mzg0wG4YFraSo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.8.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:55:f1:67:80:19:ad:55:39:57:cd:c2:13:0a:4c:99:23:8f:
         7c:f6:6f:e5:2a:f0:7c:9b:4f:05:0b:8a:7b:29:5e:c8:48:2f:
         5b:9a:3d:3a:c9:22:6a:ad:b0:5a:64:70:c6:d8:e1:f0:93:7d:
         ba:13:21:71:0b:53:9c:76:29:58:60:0d:f1:18:e0:1c:86:8f:
         34:09:5d:17:ef:d5:85:7e:ef:90:54:89:88:b0:4e:f1:f6:3e:
         c7:35:40:3e:8d:20:53:9e:b0:56:6b:3d:23:4b:7c:5d:fc:66:
         30:04:c3:71:71:ac:29:6f:53:01:8f:43:53:5a:bb:1d:55:04:
         73:53:05:9d:6f:84:24:a9:e3:91:83:42:d7:19:75:5e:a5:bc:
         fb:91:c9:66:35:36:c0:17:74:06:c6:e3:6d:71:b0:b9:47:69:
         43:ca:c4:a8:36:0c:ae:b7:d2:1a:84:46:42:c4:a1:94:2f:cc:
         f3:46:08:7d:c0:35:2e:56:48:3c:f9:37:99:64:71:c8:e3:43:
         f6:56:1e:f0:d3:63:d0:ad:a2:02:5e:bb:b8:3b:d4:e0:24:6c:
         82:bf:dd:18:49:53:c3:9b:23:83:c3:67:47:12:ff:85:f2:88:
         d7:9f:21:12:1c:fa:dc:56:0d:e8:c7:6b:6a:29:53:41:51:c3:
         4b:9d:24:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntbOSw/Z5/wglogiXPCJ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjUwMTAyMTU1MDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTIyMDA1ZjdiYWMzMzdiZDNiYmYzMzM4MzRjMDZlMTgxNmI2OTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvN1GC/iu7vCseDLSpC+FfPM4+/J
QMbCQC4Fiodp3lg7k9qhSG7MrbK82Z9uOIEJVhFUJGXV5u9pbd0B0YtchbtqEltI
QIdxlracvM8UP1JSEpQmWuVyySgPSU1nHBWXDj2ygd8joPiGvy8oqEysdM747d09
YYMCFpI1EM5ubtPM8a1Bu2Iat3VSMxAe/xGBlIK/aeFPjC9yJd5+sejWvj3fKN2k
gShiW+rRX+L2kSwHXcPFRU9++wrnFm8qmo9zZrab8+6FlkiOQL0Uxtl1OWbYXs+c
Ruf7yCc17v1rrp+QBfxZqmixLuADAPU1GtraVmPCHHHG8DEfPtMLeJEg5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKkiAF97rDN707vzM4NMBuGBa2kqMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvcVNJQVgzdXNNM3ZUdV9Nemcwd0c0WUZyYVNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABQg6MA0G
CSqGSIb3DQEBCwUAA4IBAQAdVfFngBmtVTlXzcITCkyZI4989m/lKvB8m08FC4p7
KV7ISC9bmj06ySJqrbBaZHDG2OHwk326EyFxC1OcdilYYA3xGOAcho80CV0X79WF
fu+QVImIsE7x9j7HNUA+jSBTnrBWaz0jS3xd/GYwBMNxcawpb1MBj0NTWrsdVQRz
UwWdb4QkqeORg0LXGXVepbz7kclmNTbAF3QGxuNtcbC5R2lDysSoNgyut9IahEZC
xKGUL8zzRgh9wDUuVkg8+TeZZHHI40P2Vh7w02PQraICXru4O9TgJGyCv90YSVPD
myODw2dHEv+F8ojXnyESHPrcVg3ox2tqKVNBUcNLnSRa
-----END CERTIFICATE-----