Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/73beeb-6a05-4cca-86be-acfc3d2c2522/1/G7X7b_-2524mL2utRjqA_p3x1ko.roa
File:                     G7X7b_-2524mL2utRjqA_p3x1ko.roa (raw, json)
Hash identifier:          eNBADPehKuBiSWTNdfZV2c/hvceCYObCQ47OijZj/IM=
Subject key identifier:   1B:B5:FB:6F:FF:B6:E7:6E:26:2F:6B:AD:46:3A:80:FE:9D:F1:D6:4A
Certificate issuer:       /CN=b6c167dfa9882b2aa8f84595f58a97c305ca43c5
Certificate serial:       0194258FB6444A87C50558BBEBA47E9C628C
Authority key identifier: B6:C1:67:DF:A9:88:2B:2A:A8:F8:45:95:F5:8A:97:C3:05:CA:43:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tsFn36mIKyqo-EWV9YqXwwXKQ8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/73beeb-6a05-4cca-86be-acfc3d2c2522/1/G7X7b_-2524mL2utRjqA_p3x1ko.roa
Signing time:             Thu 02 Jan 2025 05:49:22 +0000
ROA not before:           Thu 02 Jan 2025 05:49:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48732
IP address blocks:        158.58.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/73beeb-6a05-4cca-86be-acfc3d2c2522/1/tsFn36mIKyqo-EWV9YqXwwXKQ8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/73beeb-6a05-4cca-86be-acfc3d2c2522/1/tsFn36mIKyqo-EWV9YqXwwXKQ8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tsFn36mIKyqo-EWV9YqXwwXKQ8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 23:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:b6:44:4a:87:c5:05:58:bb:eb:a4:7e:9c:62:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6c167dfa9882b2aa8f84595f58a97c305ca43c5
        Validity
            Not Before: Jan  2 05:49:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1bb5fb6fffb6e76e262f6bad463a80fe9df1d64a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:8f:17:2c:f0:0a:32:a8:84:2a:c2:a6:7b:38:
                    54:04:78:b1:ec:6c:60:9a:3b:0a:5f:11:b4:9c:4a:
                    6a:01:ab:59:58:3a:81:46:3f:81:ca:46:55:d9:2b:
                    91:99:d8:dc:a8:48:ff:4e:9b:e9:d3:11:cb:f4:5c:
                    d1:89:c1:db:7a:aa:30:b9:dc:88:bf:81:14:fb:d9:
                    44:26:32:8f:0c:67:f0:ab:7d:1c:0d:30:a2:b7:70:
                    a7:df:e4:09:4b:bb:c2:8c:93:d1:1a:f8:0f:f9:b0:
                    ee:51:e5:a2:f4:e6:cf:4a:74:cf:79:95:9a:bd:2d:
                    9b:82:0f:29:df:da:9f:90:b9:6b:3a:65:a8:8f:6f:
                    bd:a7:ae:0b:ca:55:b9:57:de:be:32:a1:38:cf:7d:
                    3a:44:d3:90:cd:54:72:fb:1c:17:08:ed:00:32:a6:
                    ab:20:86:ba:af:4b:a3:17:dc:c0:8b:f5:60:8b:be:
                    b5:3e:b5:e3:9a:0c:3f:f8:a2:c6:bc:49:06:b8:fe:
                    9d:b6:3c:cb:ea:8f:ab:15:de:55:36:87:50:2f:9d:
                    3c:2b:cf:ed:16:d9:c8:e8:45:1c:53:d0:4b:dd:24:
                    e3:a0:72:76:cb:62:9b:7a:69:e0:5e:98:c0:f8:ed:
                    f0:09:b8:96:f5:f9:20:85:7e:ac:4d:f7:08:8f:5f:
                    cc:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:B5:FB:6F:FF:B6:E7:6E:26:2F:6B:AD:46:3A:80:FE:9D:F1:D6:4A
            X509v3 Authority Key Identifier:
                keyid:B6:C1:67:DF:A9:88:2B:2A:A8:F8:45:95:F5:8A:97:C3:05:CA:43:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tsFn36mIKyqo-EWV9YqXwwXKQ8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/73beeb-6a05-4cca-86be-acfc3d2c2522/1/G7X7b_-2524mL2utRjqA_p3x1ko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/73beeb-6a05-4cca-86be-acfc3d2c2522/1/tsFn36mIKyqo-EWV9YqXwwXKQ8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.58.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:5c:d4:f4:7d:6f:0d:d7:38:88:44:6a:9e:88:f4:9f:90:27:
         2c:57:01:53:4e:53:ee:05:e7:0f:63:53:5a:26:b4:72:66:a8:
         41:17:e8:a3:3c:0a:0b:63:8e:91:92:3f:d4:42:85:e3:a8:a2:
         68:46:40:5e:06:d3:e0:5a:a7:91:2e:81:24:3d:03:cb:59:36:
         7d:dd:97:55:71:5e:07:6e:e9:ef:5c:4f:c0:7e:2d:bf:09:70:
         91:f9:8c:57:de:34:50:da:34:c3:56:ec:62:c3:5a:77:c8:55:
         0b:77:5b:4f:0f:5c:6d:a6:46:39:a7:1b:b7:1b:4d:f6:ca:5c:
         25:38:26:10:c1:77:bf:fe:b9:06:bf:af:30:a1:f6:07:e5:e6:
         c9:7b:7f:e0:7d:bd:67:bc:be:40:15:5f:6f:9b:a9:d8:09:77:
         0e:75:74:9e:b2:5f:39:c4:58:47:c8:83:c6:d7:95:bd:25:62:
         8c:6b:f3:be:18:34:c8:c7:a9:cd:76:ef:ae:8b:f6:6a:35:7a:
         ee:b4:45:e4:e3:ad:50:ad:6c:26:17:10:88:da:00:ed:c8:79:
         e3:86:50:e9:ef:ed:a6:e4:47:47:97:1e:d5:00:9c:38:99:48:
         74:5f:04:74:d2:ec:95:ee:13:a6:2d:78:fb:4c:08:1f:06:4d:
         66:48:9a:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj7ZESofFBVi766R+nGKMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2YzE2N2RmYTk4ODJiMmFhOGY4NDU5NWY1OGE5N2MzMDVj
YTQzYzUwHhcNMjUwMTAyMDU0OTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmI1ZmI2ZmZmYjZlNzZlMjYyZjZiYWQ0NjNhODBmZTlkZjFkNjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuY8XLPAKMqiEKsKmezhUBHix7Gxg
mjsKXxG0nEpqAatZWDqBRj+BykZV2SuRmdjcqEj/Tpvp0xHL9FzRicHbeqowudyI
v4EU+9lEJjKPDGfwq30cDTCit3Cn3+QJS7vCjJPRGvgP+bDuUeWi9ObPSnTPeZWa
vS2bgg8p39qfkLlrOmWoj2+9p64LylW5V96+MqE4z306RNOQzVRy+xwXCO0AMqar
IIa6r0ujF9zAi/Vgi761PrXjmgw/+KLGvEkGuP6dtjzL6o+rFd5VNodQL508K8/t
FtnI6EUcU9BL3STjoHJ2y2KbemngXpjA+O3wCbiW9fkghX6sTfcIj1/M5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBu1+2//tuduJi9rrUY6gP6d8dZKMB8GA1UdIwQY
MBaAFLbBZ9+piCsqqPhFlfWKl8MFykPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHNGbjM2bUlLeXFvLUVXVjlZcVh3d1hLUThVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy83M2JlZWItNmEwNS00Y2NhLTg2YmUt
YWNmYzNkMmMyNTIyLzEvRzdYN2JfLTI1MjRtTDJ1dFJqcUFfcDN4MWtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy83M2JlZWItNmEwNS00Y2NhLTg2YmUtYWNmYzNkMmMyNTIy
LzEvdHNGbjM2bUlLeXFvLUVXVjlZcVh3d1hLUThVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnjq7MA0G
CSqGSIb3DQEBCwUAA4IBAQBuXNT0fW8N1ziIRGqeiPSfkCcsVwFTTlPuBecPY1Na
JrRyZqhBF+ijPAoLY46Rkj/UQoXjqKJoRkBeBtPgWqeRLoEkPQPLWTZ93ZdVcV4H
bunvXE/Afi2/CXCR+YxX3jRQ2jTDVuxiw1p3yFULd1tPD1xtpkY5pxu3G032ylwl
OCYQwXe//rkGv68wofYH5ebJe3/gfb1nvL5AFV9vm6nYCXcOdXSesl85xFhHyIPG
15W9JWKMa/O+GDTIx6nNdu+ui/ZqNXrutEXk461QrWwmFxCI2gDtyHnjhlDp7+2m
5EdHlx7VAJw4mUh0XwR00uyV7hOmLXj7TAgfBk1mSJog
-----END CERTIFICATE-----