Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/9qoftOkUQubHrr_5Y0O0OEB0jsk.roa
File:                     9qoftOkUQubHrr_5Y0O0OEB0jsk.roa (raw, json)
Hash identifier:          NpXUbKfrAE82THRrSEt65m3odGmwe5q6Rv8hzF4EGTU=
Subject key identifier:   F6:AA:1F:B4:E9:14:42:E6:C7:AE:BF:F9:63:43:B4:38:40:74:8E:C9
Certificate issuer:       /CN=2909fffcd81a66bc98b629d4c0579247645f0fe4
Certificate serial:       019421440D3D0B74DFF05491735476F965B4
Authority key identifier: 29:09:FF:FC:D8:1A:66:BC:98:B6:29:D4:C0:57:92:47:64:5F:0F:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/9qoftOkUQubHrr_5Y0O0OEB0jsk.roa
Signing time:             Wed 01 Jan 2025 09:48:15 +0000
ROA not before:           Wed 01 Jan 2025 09:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211993
IP address blocks:        2.57.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 06:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:0d:3d:0b:74:df:f0:54:91:73:54:76:f9:65:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2909fffcd81a66bc98b629d4c0579247645f0fe4
        Validity
            Not Before: Jan  1 09:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f6aa1fb4e91442e6c7aebff96343b43840748ec9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:6a:6a:57:09:17:a8:41:54:07:db:ad:d9:95:
                    3c:41:e4:d2:8d:12:44:63:3c:e7:57:60:5e:5d:e0:
                    22:d9:07:1b:84:37:3a:b4:f2:1e:30:db:05:b2:06:
                    ed:4c:9a:bc:8e:23:ab:a7:4d:43:8c:a9:e5:7d:12:
                    72:01:46:8e:d0:40:3b:76:e2:44:f7:ff:4d:b0:fb:
                    c8:af:dd:35:af:82:b9:a7:1d:31:7b:20:1e:4c:60:
                    f7:13:f6:42:0d:a3:cf:cf:fa:1f:ae:96:c6:bf:dc:
                    7d:2c:22:ca:6c:bf:d0:49:e6:97:e2:7a:f8:98:ac:
                    85:34:f2:bd:3b:01:66:71:94:a1:be:c3:f9:33:0d:
                    b6:cd:f0:c3:39:6d:07:eb:80:00:31:9e:a9:b7:40:
                    98:d4:fd:f3:19:9f:62:24:ea:a5:e8:46:84:a1:32:
                    3b:9c:a0:cd:2e:d8:da:5f:ec:e8:2f:e7:ca:86:8a:
                    b9:3b:94:6f:92:ec:39:f0:b3:80:67:b7:45:9c:b6:
                    c7:7f:41:46:c1:1c:15:1f:0a:73:26:e3:9c:b3:c2:
                    5e:bd:8f:39:54:e2:e1:11:af:08:4e:dc:35:22:7a:
                    c6:9a:29:1f:3d:fb:9c:7a:d1:6e:19:e3:e1:bd:ec:
                    3c:3b:5a:a2:bf:39:07:9f:03:ae:56:fb:7b:ca:e9:
                    3c:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:AA:1F:B4:E9:14:42:E6:C7:AE:BF:F9:63:43:B4:38:40:74:8E:C9
            X509v3 Authority Key Identifier:
                keyid:29:09:FF:FC:D8:1A:66:BC:98:B6:29:D4:C0:57:92:47:64:5F:0F:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/9qoftOkUQubHrr_5Y0O0OEB0jsk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:e6:44:8f:82:79:6b:b4:6b:dd:da:3c:fa:67:3b:db:ee:24:
         de:9f:70:0b:fb:00:77:0c:34:08:a8:ea:02:24:20:8b:df:57:
         28:3b:e0:66:e1:2e:11:55:2c:27:42:e4:b9:ba:ea:ec:7b:86:
         9c:a8:e7:0f:be:91:15:cb:27:1e:06:bd:de:c5:d9:45:18:82:
         b8:3e:27:ec:9e:1d:10:cc:05:59:50:c7:73:0f:72:08:7f:10:
         db:ad:0e:b7:ad:cd:2c:9e:56:5f:cd:5b:bc:8e:b7:4d:6d:f7:
         29:15:08:08:a3:e8:c7:ed:06:77:ff:2b:80:3b:de:9e:64:2a:
         5f:cd:c5:e8:3a:b1:31:55:c3:4a:2a:a7:f0:43:89:92:54:8a:
         c1:d4:e0:8f:94:d0:40:ba:03:de:7f:07:7a:52:e9:4b:7d:be:
         4a:de:5d:c5:e3:5b:e0:39:81:17:52:c3:f1:36:c2:9e:b1:a2:
         c2:76:c1:f3:57:75:e2:a0:a4:27:3d:82:fd:d9:00:77:9d:41:
         18:b6:fd:ee:0a:20:0a:c7:cf:2b:6f:40:a5:28:c2:fd:ef:e3:
         79:1e:8b:40:10:21:8e:8c:f6:4f:8f:04:c1:23:da:50:b9:77:
         f2:71:67:03:26:69:2a:81:3e:3b:d8:4f:95:9e:73:8e:bd:fb:
         c7:08:ad:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRA09C3Tf8FSRc1R2+WW0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MDlmZmZjZDgxYTY2YmM5OGI2MjlkNGMwNTc5MjQ3NjQ1
ZjBmZTQwHhcNMjUwMTAxMDk0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmFhMWZiNGU5MTQ0MmU2YzdhZWJmZjk2MzQzYjQzODQwNzQ4ZWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy2pqVwkXqEFUB9ut2ZU8QeTSjRJE
YzznV2BeXeAi2QcbhDc6tPIeMNsFsgbtTJq8jiOrp01DjKnlfRJyAUaO0EA7duJE
9/9NsPvIr901r4K5px0xeyAeTGD3E/ZCDaPPz/ofrpbGv9x9LCLKbL/QSeaX4nr4
mKyFNPK9OwFmcZShvsP5Mw22zfDDOW0H64AAMZ6pt0CY1P3zGZ9iJOql6EaEoTI7
nKDNLtjaX+zoL+fKhoq5O5Rvkuw58LOAZ7dFnLbHf0FGwRwVHwpzJuOcs8JevY85
VOLhEa8ITtw1InrGmikfPfucetFuGePhvew8O1qivzkHnwOuVvt7yuk8ewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPaqH7TpFELmx66/+WNDtDhAdI7JMB8GA1UdIwQY
MBaAFCkJ//zYGma8mLYp1MBXkkdkXw/kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1FuX19OZ2FacnlZdGluVXdGZVNSMlJmRC1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9kZTMwNDEtOTUzNi00OTJlLWE5Y2Qt
ZjJhZTdiYzdlY2M1LzEvOXFvZnRPa1VRdWJIcnJfNVkwTzBPRUIwanNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9kZTMwNDEtOTUzNi00OTJlLWE5Y2QtZjJhZTdiYzdlY2M1
LzEvS1FuX19OZ2FacnlZdGluVXdGZVNSMlJmRC1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjk6MA0G
CSqGSIb3DQEBCwUAA4IBAQBA5kSPgnlrtGvd2jz6Zzvb7iTen3AL+wB3DDQIqOoC
JCCL31coO+Bm4S4RVSwnQuS5uurse4acqOcPvpEVyyceBr3exdlFGIK4Pifsnh0Q
zAVZUMdzD3IIfxDbrQ63rc0snlZfzVu8jrdNbfcpFQgIo+jH7QZ3/yuAO96eZCpf
zcXoOrExVcNKKqfwQ4mSVIrB1OCPlNBAugPefwd6UulLfb5K3l3F41vgOYEXUsPx
NsKesaLCdsHzV3XioKQnPYL92QB3nUEYtv3uCiAKx88rb0ClKML97+N5HotAECGO
jPZPjwTBI9pQuXfycWcDJmkqgT472E+VnnOOvfvHCK0+
-----END CERTIFICATE-----