Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/b178bd-b6a5-4610-8c6a-abf4840ea607/1/58adO5UB1FKlEoStUB0aT9zK1OU.roa
File:                     58adO5UB1FKlEoStUB0aT9zK1OU.roa (raw, json)
Hash identifier:          VcDtIG0g4QLm3R4L3wJoUxzRN4qEZkuyhBUiyX4ea8Q=
Subject key identifier:   E7:C6:9D:3B:95:01:D4:52:A5:12:84:AD:50:1D:1A:4F:DC:CA:D4:E5
Certificate issuer:       /CN=c76bf6b781bcf8c28008a8e8fdde60e7ae3122aa
Certificate serial:       01942144475A1124BC5FB3B4820CE3920F49
Authority key identifier: C7:6B:F6:B7:81:BC:F8:C2:80:08:A8:E8:FD:DE:60:E7:AE:31:22:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x2v2t4G8-MKACKjo_d5g564xIqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/b178bd-b6a5-4610-8c6a-abf4840ea607/1/58adO5UB1FKlEoStUB0aT9zK1OU.roa
Signing time:             Wed 01 Jan 2025 09:48:30 +0000
ROA not before:           Wed 01 Jan 2025 09:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60597
IP address blocks:        185.14.200.0/24 maxlen: 24
                          185.14.201.0/24 maxlen: 24
                          185.14.202.0/24 maxlen: 24
                          185.14.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/b178bd-b6a5-4610-8c6a-abf4840ea607/1/x2v2t4G8-MKACKjo_d5g564xIqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/b178bd-b6a5-4610-8c6a-abf4840ea607/1/x2v2t4G8-MKACKjo_d5g564xIqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x2v2t4G8-MKACKjo_d5g564xIqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:47:5a:11:24:bc:5f:b3:b4:82:0c:e3:92:0f:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c76bf6b781bcf8c28008a8e8fdde60e7ae3122aa
        Validity
            Not Before: Jan  1 09:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e7c69d3b9501d452a51284ad501d1a4fdccad4e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:94:20:64:cb:ac:df:d5:20:eb:be:8a:41:5a:
                    18:5d:54:43:63:b5:49:b9:64:4b:ba:59:78:c1:ac:
                    65:d2:14:f6:30:47:f8:e5:8b:54:54:8f:89:fe:4d:
                    f7:64:e9:bd:00:f6:48:3e:61:b9:21:41:7f:be:80:
                    62:a4:6a:44:09:06:70:79:db:f4:3b:93:cb:ed:26:
                    65:9b:38:cc:4b:eb:a2:a7:ad:9b:f0:90:cd:2b:13:
                    14:a9:eb:bf:7e:a4:30:23:55:8b:83:59:54:e9:0b:
                    1d:b1:5c:b4:cf:d6:cb:bd:86:fc:c3:e1:7f:d1:05:
                    03:7f:0b:12:ab:0e:1d:cd:60:e9:0c:dd:0b:e0:a8:
                    99:28:1d:83:ab:4f:bd:f2:8d:b0:2b:74:54:f6:99:
                    c2:28:43:2a:3a:d3:b9:51:e6:65:d8:4b:33:42:3a:
                    a2:eb:e8:2a:c1:c2:86:b1:c8:c6:b3:d4:da:4d:88:
                    4f:16:9d:31:4d:71:e5:ac:8a:b9:19:e2:6c:37:31:
                    74:ec:64:ec:61:e9:b5:c4:8e:1f:f9:98:28:b6:35:
                    72:f8:7b:cc:57:b2:3f:12:43:f3:b8:d6:c1:7c:de:
                    c7:91:1e:5f:4b:47:00:a9:72:5f:bd:c7:95:6a:6b:
                    75:d6:5d:0c:5f:25:13:e8:ab:db:10:f8:a5:22:c3:
                    ad:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:C6:9D:3B:95:01:D4:52:A5:12:84:AD:50:1D:1A:4F:DC:CA:D4:E5
            X509v3 Authority Key Identifier:
                keyid:C7:6B:F6:B7:81:BC:F8:C2:80:08:A8:E8:FD:DE:60:E7:AE:31:22:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x2v2t4G8-MKACKjo_d5g564xIqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b178bd-b6a5-4610-8c6a-abf4840ea607/1/58adO5UB1FKlEoStUB0aT9zK1OU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/b178bd-b6a5-4610-8c6a-abf4840ea607/1/x2v2t4G8-MKACKjo_d5g564xIqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         94:64:3c:a0:7a:bc:5f:4d:68:17:62:ba:33:93:a1:e5:9b:52:
         cf:1f:1d:60:02:4d:45:36:64:46:b5:84:ab:a7:c3:22:3f:08:
         38:ed:5f:3f:dd:a7:27:d3:7f:7a:0e:9e:a7:16:19:19:c8:1a:
         3d:9d:f9:2f:30:4d:d9:3d:24:a3:f7:02:0d:db:fb:04:be:e4:
         6e:91:6f:dd:c0:84:b4:1e:cc:fd:32:64:88:21:e1:1c:5c:1d:
         79:4c:82:ad:53:d7:78:da:3f:00:19:ae:55:80:91:05:8b:c8:
         4b:3b:18:4d:bb:8f:1d:8f:c2:89:bf:d1:65:b8:de:53:3f:1c:
         55:4a:1e:1d:08:64:ae:6e:0c:9f:e9:07:bd:8e:c8:f8:c0:62:
         46:63:bb:c3:26:03:6e:04:eb:d1:3e:7f:56:57:71:67:63:f1:
         2a:98:ed:18:c9:88:35:c7:a9:3d:36:48:f9:a2:2a:6b:cb:29:
         96:ef:9e:6e:51:c4:1d:dc:57:5d:70:b5:4e:66:c2:1d:fa:69:
         08:ee:2e:ff:6a:7c:39:2e:eb:bb:cc:c2:b0:4c:14:62:43:3f:
         53:6e:da:7d:5c:1c:d4:bb:63:6f:ac:c7:66:d3:5e:6a:16:fa:
         a0:b0:ea:9c:e2:97:38:67:7f:17:20:33:32:53:bc:35:23:98:
         a9:d8:b9:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhREdaESS8X7O0ggzjkg9JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NmJmNmI3ODFiY2Y4YzI4MDA4YThlOGZkZGU2MGU3YWUz
MTIyYWEwHhcNMjUwMTAxMDk0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2M2OWQzYjk1MDFkNDUyYTUxMjg0YWQ1MDFkMWE0ZmRjY2FkNGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpQgZMus39Ug676KQVoYXVRDY7VJ
uWRLull4waxl0hT2MEf45YtUVI+J/k33ZOm9APZIPmG5IUF/voBipGpECQZwedv0
O5PL7SZlmzjMS+uip62b8JDNKxMUqeu/fqQwI1WLg1lU6QsdsVy0z9bLvYb8w+F/
0QUDfwsSqw4dzWDpDN0L4KiZKB2Dq0+98o2wK3RU9pnCKEMqOtO5UeZl2EszQjqi
6+gqwcKGscjGs9TaTYhPFp0xTXHlrIq5GeJsNzF07GTsYem1xI4f+ZgotjVy+HvM
V7I/EkPzuNbBfN7HkR5fS0cAqXJfvceVamt11l0MXyUT6KvbEPilIsOtjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOfGnTuVAdRSpRKErVAdGk/cytTlMB8GA1UdIwQY
MBaAFMdr9reBvPjCgAio6P3eYOeuMSKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDJ2MnQ0RzgtTUtBQ0tqb19kNWc1NjR4SXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9iMTc4YmQtYjZhNS00NjEwLThjNmEt
YWJmNDg0MGVhNjA3LzEvNThhZE81VUIxRktsRW9TdFVCMGFUOXpLMU9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9iMTc4YmQtYjZhNS00NjEwLThjNmEtYWJmNDg0MGVhNjA3
LzEveDJ2MnQ0RzgtTUtBQ0tqb19kNWc1NjR4SXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQ7IMA0G
CSqGSIb3DQEBCwUAA4IBAQCUZDygerxfTWgXYrozk6Hlm1LPHx1gAk1FNmRGtYSr
p8MiPwg47V8/3acn0396Dp6nFhkZyBo9nfkvME3ZPSSj9wIN2/sEvuRukW/dwIS0
Hsz9MmSIIeEcXB15TIKtU9d42j8AGa5VgJEFi8hLOxhNu48dj8KJv9FluN5TPxxV
Sh4dCGSubgyf6Qe9jsj4wGJGY7vDJgNuBOvRPn9WV3FnY/EqmO0YyYg1x6k9Nkj5
oipryymW755uUcQd3FddcLVOZsId+mkI7i7/anw5Luu7zMKwTBRiQz9Tbtp9XBzU
u2NvrMdm015qFvqgsOqc4pc4Z38XIDMyU7w1I5ip2LlG
-----END CERTIFICATE-----