Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/98b2f5-75e1-4245-976d-0150c94f940d/1/SYp0J36rQZqtkqdTrXU5Svx2UXM.roa
File:                     SYp0J36rQZqtkqdTrXU5Svx2UXM.roa (raw, json)
Hash identifier:          wOazDhLny4+Be8h/EYc6lqyAvxDId4sPK6NfRj7zydY=
Subject key identifier:   49:8A:74:27:7E:AB:41:9A:AD:92:A7:53:AD:75:39:4A:FC:76:51:73
Certificate issuer:       /CN=3aebf22e86444255fdf78a30c4cb0b2d91e5b757
Certificate serial:       018CC50125FD059421AD39C81F39549F9A25
Authority key identifier: 3A:EB:F2:2E:86:44:42:55:FD:F7:8A:30:C4:CB:0B:2D:91:E5:B7:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OuvyLoZEQlX994owxMsLLZHlt1c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/98b2f5-75e1-4245-976d-0150c94f940d/1/SYp0J36rQZqtkqdTrXU5Svx2UXM.roa
Signing time:             Mon 01 Jan 2024 12:30:35 +0000
ROA not before:           Mon 01 Jan 2024 12:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3170
IP address blocks:        194.0.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/98b2f5-75e1-4245-976d-0150c94f940d/1/OuvyLoZEQlX994owxMsLLZHlt1c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/98b2f5-75e1-4245-976d-0150c94f940d/1/OuvyLoZEQlX994owxMsLLZHlt1c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OuvyLoZEQlX994owxMsLLZHlt1c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:25:fd:05:94:21:ad:39:c8:1f:39:54:9f:9a:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aebf22e86444255fdf78a30c4cb0b2d91e5b757
        Validity
            Not Before: Jan  1 12:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=498a74277eab419aad92a753ad75394afc765173
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:5f:d8:48:5d:9b:aa:d9:1d:b1:cf:2f:87:94:
                    f3:92:10:5f:54:63:fa:a6:62:e4:96:64:c9:46:d4:
                    59:16:d3:9e:78:1f:91:e0:e7:ee:d3:18:89:0a:2b:
                    04:3e:3d:77:c1:e6:a5:cf:b3:84:f9:8c:66:76:db:
                    92:1e:72:0e:69:ee:21:9a:dc:3b:11:79:e2:67:d1:
                    43:53:b9:9d:8d:84:52:4f:43:ee:b9:bc:74:aa:ff:
                    82:18:5e:f2:6e:27:08:d5:e2:cd:ae:c8:22:3b:58:
                    9a:47:6b:d7:5d:60:b4:cf:13:f5:b1:ac:26:13:1f:
                    8d:00:f2:31:a7:3e:82:12:45:6c:84:17:ca:e8:fa:
                    1f:21:f4:a4:5e:c2:c3:df:95:3b:ee:d0:88:2a:83:
                    b8:e0:20:09:9a:6a:f5:d4:f1:55:85:ee:5e:9c:56:
                    99:8c:cf:71:a4:40:cc:93:d5:56:e2:15:e3:59:06:
                    a1:8f:2e:ea:23:81:0d:cd:18:87:09:16:6b:89:8b:
                    66:93:f7:c9:8a:df:22:78:76:58:af:66:ac:5d:ac:
                    07:92:d3:89:f0:70:20:2d:c6:20:7b:b6:8d:e6:69:
                    04:85:76:4e:9f:80:80:ef:a9:31:d8:78:33:27:01:
                    1b:9e:6b:19:80:ca:06:a0:f0:1d:b3:3e:00:7f:4b:
                    73:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:8A:74:27:7E:AB:41:9A:AD:92:A7:53:AD:75:39:4A:FC:76:51:73
            X509v3 Authority Key Identifier:
                keyid:3A:EB:F2:2E:86:44:42:55:FD:F7:8A:30:C4:CB:0B:2D:91:E5:B7:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OuvyLoZEQlX994owxMsLLZHlt1c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/98b2f5-75e1-4245-976d-0150c94f940d/1/SYp0J36rQZqtkqdTrXU5Svx2UXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/98b2f5-75e1-4245-976d-0150c94f940d/1/OuvyLoZEQlX994owxMsLLZHlt1c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:6a:0c:1d:42:6e:d3:b2:0d:66:a3:c9:81:15:ae:a8:85:c2:
         d3:2f:e8:53:5f:09:84:20:37:f5:e2:b0:83:b5:21:86:69:43:
         7c:c0:d5:a9:28:1b:02:b5:cc:e2:90:61:24:7e:41:16:3f:53:
         b7:09:aa:37:54:0c:61:d9:1d:e6:36:96:3d:ec:a6:f4:c4:9b:
         fd:3d:bb:ed:e2:89:1e:57:f6:63:a9:a2:e2:9f:e3:8f:a3:01:
         9d:31:22:89:b4:a8:3a:c0:59:de:4b:07:5c:e1:f0:a2:8e:62:
         89:c9:59:7d:48:bc:7d:9a:b6:c0:29:0c:ba:1d:eb:6c:ea:aa:
         3e:47:3d:96:60:e7:2b:33:c1:71:3b:02:04:57:df:be:6c:67:
         0c:ea:33:47:89:ab:cd:39:56:59:57:5a:1d:d9:40:d3:df:95:
         29:2a:f1:be:68:f2:ab:54:89:bf:e4:16:81:0d:00:dd:9d:74:
         ef:88:79:0a:49:bf:28:a7:f3:d6:c5:a5:ac:d1:a8:a8:c6:e6:
         67:26:79:88:f9:bf:e7:88:00:80:c1:c8:d2:05:5f:9d:9e:ec:
         89:a3:65:fb:1e:fb:18:24:51:00:da:d6:b5:e4:a3:29:a9:b1:
         50:5c:5c:ff:09:62:93:4b:0c:6c:4f:04:86:29:43:e2:c6:93:
         8a:4a:8d:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFASX9BZQhrTnIHzlUn5olMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZWJmMjJlODY0NDQyNTVmZGY3OGEzMGM0Y2IwYjJkOTFl
NWI3NTcwHhcNMjQwMTAxMTIzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OThhNzQyNzdlYWI0MTlhYWQ5MmE3NTNhZDc1Mzk0YWZjNzY1MTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAil/YSF2bqtkdsc8vh5TzkhBfVGP6
pmLklmTJRtRZFtOeeB+R4Ofu0xiJCisEPj13wealz7OE+YxmdtuSHnIOae4hmtw7
EXniZ9FDU7mdjYRST0Puubx0qv+CGF7ybicI1eLNrsgiO1iaR2vXXWC0zxP1sawm
Ex+NAPIxpz6CEkVshBfK6PofIfSkXsLD35U77tCIKoO44CAJmmr11PFVhe5enFaZ
jM9xpEDMk9VW4hXjWQahjy7qI4ENzRiHCRZriYtmk/fJit8ieHZYr2asXawHktOJ
8HAgLcYge7aN5mkEhXZOn4CA76kx2HgzJwEbnmsZgMoGoPAdsz4Af0tzJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEmKdCd+q0GarZKnU611OUr8dlFzMB8GA1UdIwQY
MBaAFDrr8i6GREJV/feKMMTLCy2R5bdXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3V2eUxvWkVRbFg5OTRvd3hNc0xMWkhsdDFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC85OGIyZjUtNzVlMS00MjQ1LTk3NmQt
MDE1MGM5NGY5NDBkLzEvU1lwMEozNnJRWnF0a3FkVHJYVTVTdngyVVhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC85OGIyZjUtNzVlMS00MjQ1LTk3NmQtMDE1MGM5NGY5NDBk
LzEvT3V2eUxvWkVRbFg5OTRvd3hNc0xMWkhsdDFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgA6MA0G
CSqGSIb3DQEBCwUAA4IBAQBBagwdQm7Tsg1mo8mBFa6ohcLTL+hTXwmEIDf14rCD
tSGGaUN8wNWpKBsCtczikGEkfkEWP1O3Cao3VAxh2R3mNpY97Kb0xJv9Pbvt4oke
V/ZjqaLin+OPowGdMSKJtKg6wFneSwdc4fCijmKJyVl9SLx9mrbAKQy6Hets6qo+
Rz2WYOcrM8FxOwIEV9++bGcM6jNHiavNOVZZV1od2UDT35UpKvG+aPKrVIm/5BaB
DQDdnXTviHkKSb8op/PWxaWs0aioxuZnJnmI+b/niACAwcjSBV+dnuyJo2X7HvsY
JFEA2ta15KMpqbFQXFz/CWKTSwxsTwSGKUPixpOKSo1Z
-----END CERTIFICATE-----