Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/cde757-7672-4720-8ce1-6e26b91f6910/1/CGy_yaeSngUeL8lGolgNc8H4cio.roa
File:                     CGy_yaeSngUeL8lGolgNc8H4cio.roa (raw, json)
Hash identifier:          +sM7aP15rbRfFfw0Qy1Xlm4ZdDi1EZioqu9QFvDdmLU=
Subject key identifier:   08:6C:BF:C9:A7:92:9E:05:1E:2F:C9:46:A2:58:0D:73:C1:F8:72:2A
Certificate issuer:       /CN=d94bddafb5df098419020a8fbc7a90b16e341d63
Certificate serial:       018CCA2A312E615E12968F40D0DCD18F5315
Authority key identifier: D9:4B:DD:AF:B5:DF:09:84:19:02:0A:8F:BC:7A:90:B1:6E:34:1D:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2Uvdr7XfCYQZAgqPvHqQsW40HWM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/cde757-7672-4720-8ce1-6e26b91f6910/1/CGy_yaeSngUeL8lGolgNc8H4cio.roa
Signing time:             Tue 02 Jan 2024 12:33:31 +0000
ROA not before:           Tue 02 Jan 2024 12:33:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24875
IP address blocks:        2.58.21.0/24 maxlen: 24
                          2.58.22.0/24 maxlen: 24
                          46.182.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/cde757-7672-4720-8ce1-6e26b91f6910/1/2Uvdr7XfCYQZAgqPvHqQsW40HWM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/cde757-7672-4720-8ce1-6e26b91f6910/1/2Uvdr7XfCYQZAgqPvHqQsW40HWM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2Uvdr7XfCYQZAgqPvHqQsW40HWM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:31:2e:61:5e:12:96:8f:40:d0:dc:d1:8f:53:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d94bddafb5df098419020a8fbc7a90b16e341d63
        Validity
            Not Before: Jan  2 12:33:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=086cbfc9a7929e051e2fc946a2580d73c1f8722a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:3b:97:3b:5c:8d:07:e8:cc:25:12:5f:b4:ef:
                    41:51:b9:f9:a7:22:fa:13:d1:00:83:a3:3a:9a:51:
                    9c:06:7f:b4:e5:c1:50:93:0b:10:ac:df:b1:67:84:
                    44:e8:e7:41:65:6e:69:b5:5e:f8:6c:79:f1:ec:1f:
                    42:ae:a0:02:15:6f:5f:c0:89:48:b6:2c:5a:f0:82:
                    cb:5c:96:62:a0:49:35:48:7b:d9:dc:01:3e:85:3f:
                    80:72:98:f9:f9:b1:17:93:25:f1:38:1c:e8:70:03:
                    06:2c:36:0f:3b:9e:0b:85:23:d0:56:e8:f2:aa:14:
                    3d:31:30:b2:1c:da:26:a2:fc:28:db:db:ec:2e:f6:
                    0e:38:7e:9c:81:cc:aa:28:43:eb:6d:48:93:b9:35:
                    ff:b8:02:08:14:bf:9e:aa:1c:2d:7d:ad:db:aa:ee:
                    83:f7:76:be:91:3e:8f:06:06:c2:ea:06:c3:99:6c:
                    6e:5f:65:5c:6e:30:0f:60:37:f4:91:0b:29:f4:02:
                    0e:84:ea:0c:69:5e:54:b5:86:66:b0:fd:c4:ee:e8:
                    2d:5e:9f:fb:0c:52:bb:f8:03:e7:fa:ca:ea:cb:97:
                    10:b4:76:94:f5:6c:6a:cc:73:58:ad:ef:64:93:92:
                    6d:88:28:d4:a7:30:d4:29:e4:8e:d8:c9:49:73:63:
                    89:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:6C:BF:C9:A7:92:9E:05:1E:2F:C9:46:A2:58:0D:73:C1:F8:72:2A
            X509v3 Authority Key Identifier:
                keyid:D9:4B:DD:AF:B5:DF:09:84:19:02:0A:8F:BC:7A:90:B1:6E:34:1D:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2Uvdr7XfCYQZAgqPvHqQsW40HWM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/cde757-7672-4720-8ce1-6e26b91f6910/1/CGy_yaeSngUeL8lGolgNc8H4cio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/cde757-7672-4720-8ce1-6e26b91f6910/1/2Uvdr7XfCYQZAgqPvHqQsW40HWM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.21.0-2.58.22.255
                  46.182.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:e4:b9:6f:ef:09:6a:2e:27:b9:34:9d:76:05:6c:54:ee:3f:
         56:00:6a:af:a6:29:28:f5:17:44:ed:08:66:9a:ad:a1:ad:77:
         58:c8:34:e8:d1:5b:67:4d:1a:8d:c9:c6:e1:23:12:e8:85:9f:
         5b:29:09:b0:73:21:c6:fe:c5:03:92:36:83:6e:d7:0f:f9:59:
         56:7f:86:2a:b9:d0:f5:59:ab:f1:5b:b5:15:f1:68:b1:78:3d:
         4e:ab:87:1f:3e:c9:6b:74:f6:51:e4:c8:ba:40:da:5c:e5:5a:
         15:b5:ed:e7:a6:04:c0:47:67:43:83:85:63:a5:9f:e5:74:bf:
         97:75:c0:e7:38:00:1c:62:5b:df:7b:72:7d:7b:e0:fc:28:5d:
         fa:0f:c7:d5:c5:63:d2:84:42:6b:1a:20:63:1e:19:1e:b0:07:
         24:7f:3d:b9:34:56:6d:72:10:9d:88:a1:db:94:8f:78:01:ee:
         59:ed:bd:d7:bf:17:10:42:c4:f9:26:12:c9:f4:6e:b8:f8:4b:
         e0:da:4a:eb:51:62:b8:aa:03:cd:f5:33:d1:d2:a9:2d:b3:dc:
         c6:5f:dc:a2:f8:b0:75:7f:b7:97:25:69:8d:26:15:f0:ec:1f:
         9f:82:6a:9e:b7:5b:a6:69:0b:1b:35:e2:f6:5b:c4:28:d5:00:
         e9:29:37:49
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzKKjEuYV4Slo9A0NzRj1MVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5NGJkZGFmYjVkZjA5ODQxOTAyMGE4ZmJjN2E5MGIxNmUz
NDFkNjMwHhcNMjQwMTAyMTIzMzMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODZjYmZjOWE3OTI5ZTA1MWUyZmM5NDZhMjU4MGQ3M2MxZjg3MjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgzuXO1yNB+jMJRJftO9BUbn5pyL6
E9EAg6M6mlGcBn+05cFQkwsQrN+xZ4RE6OdBZW5ptV74bHnx7B9CrqACFW9fwIlI
tixa8ILLXJZioEk1SHvZ3AE+hT+Acpj5+bEXkyXxOBzocAMGLDYPO54LhSPQVujy
qhQ9MTCyHNomovwo29vsLvYOOH6cgcyqKEPrbUiTuTX/uAIIFL+eqhwtfa3bqu6D
93a+kT6PBgbC6gbDmWxuX2VcbjAPYDf0kQsp9AIOhOoMaV5UtYZmsP3E7ugtXp/7
DFK7+APn+srqy5cQtHaU9WxqzHNYre9kk5JtiCjUpzDUKeSO2MlJc2OJIwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFAhsv8mnkp4FHi/JRqJYDXPB+HIqMB8GA1UdIwQY
MBaAFNlL3a+13wmEGQIKj7x6kLFuNB1jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlV2ZHI3WGZDWVFaQWdxUHZIcVFzVzQwSFdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jZGU3NTctNzY3Mi00NzIwLThjZTEt
NmUyNmI5MWY2OTEwLzEvQ0d5X3lhZVNuZ1VlTDhsR29sZ05jOEg0Y2lvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jZGU3NTctNzY3Mi00NzIwLThjZTEtNmUyNmI5MWY2OTEw
LzEvMlV2ZHI3WGZDWVFaQWdxUHZIcVFzVzQwSFdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAACOhUD
BAACOhYDBAAutmwwDQYJKoZIhvcNAQELBQADggEBAIDkuW/vCWouJ7k0nXYFbFTu
P1YAaq+mKSj1F0TtCGaaraGtd1jINOjRW2dNGo3JxuEjEuiFn1spCbBzIcb+xQOS
NoNu1w/5WVZ/hiq50PVZq/FbtRXxaLF4PU6rhx8+yWt09lHkyLpA2lzlWhW17eem
BMBHZ0ODhWOln+V0v5d1wOc4ABxiW997cn174PwoXfoPx9XFY9KEQmsaIGMeGR6w
ByR/Pbk0Vm1yEJ2IoduUj3gB7lntvde/FxBCxPkmEsn0brj4S+DaSutRYriqA831
M9HSqS2z3MZf3KL4sHV/t5claY0mFfDsH5+Cap63W6ZpCxs14vZbxCjVAOkpN0k=
-----END CERTIFICATE-----