Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/8b162c-4e35-4061-81be-79d42882c8c0/1/bB-xewlNjaKj2ZirZItuBwQNaE8.roa
File:                     bB-xewlNjaKj2ZirZItuBwQNaE8.roa (raw, json)
Hash identifier:          DESK6LtKWyYOBqm/sucP+kTgBKDnTF1t+us6QZuXFnU=
Subject key identifier:   6C:1F:B1:7B:09:4D:8D:A2:A3:D9:98:AB:64:8B:6E:07:04:0D:68:4F
Certificate issuer:       /CN=b7dc936a7f6ba5078224f801736fdeb0dae8a9fb
Certificate serial:       018CC94D2EE00D8C71D0F432D12E3B66E333
Authority key identifier: B7:DC:93:6A:7F:6B:A5:07:82:24:F8:01:73:6F:DE:B0:DA:E8:A9:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t9yTan9rpQeCJPgBc2_esNroqfs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/8b162c-4e35-4061-81be-79d42882c8c0/1/bB-xewlNjaKj2ZirZItuBwQNaE8.roa
Signing time:             Tue 02 Jan 2024 08:32:07 +0000
ROA not before:           Tue 02 Jan 2024 08:32:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64421
IP address blocks:        2.58.16.0/22 maxlen: 22
                          195.26.20.0/23 maxlen: 23
                          2a09:e0c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/8b162c-4e35-4061-81be-79d42882c8c0/1/t9yTan9rpQeCJPgBc2_esNroqfs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/8b162c-4e35-4061-81be-79d42882c8c0/1/t9yTan9rpQeCJPgBc2_esNroqfs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t9yTan9rpQeCJPgBc2_esNroqfs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:2e:e0:0d:8c:71:d0:f4:32:d1:2e:3b:66:e3:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b7dc936a7f6ba5078224f801736fdeb0dae8a9fb
        Validity
            Not Before: Jan  2 08:32:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c1fb17b094d8da2a3d998ab648b6e07040d684f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:e1:0f:ef:0b:a8:ec:e4:32:8b:6e:f7:9d:58:
                    40:d6:6a:88:7c:33:b0:4f:83:1b:00:9e:39:0a:06:
                    43:68:87:6c:2a:68:cd:8a:12:e1:ae:2f:bd:56:98:
                    6c:e1:32:81:e6:11:ee:3c:d6:fc:74:f0:77:98:eb:
                    86:ee:18:6f:e7:2a:a2:a3:39:ab:af:49:b8:a2:67:
                    a4:40:ce:b7:1e:5f:4e:c5:d6:5f:9d:45:5a:9c:a7:
                    13:39:9e:b3:79:02:d3:ce:27:47:d1:5b:32:2d:91:
                    84:94:01:06:9b:fd:40:e7:9f:cc:db:cd:d6:e5:c0:
                    03:bb:39:db:96:2f:b7:8b:bc:86:77:32:b9:65:a3:
                    26:ab:22:f9:1e:7c:34:45:0b:5a:03:61:8f:06:88:
                    eb:ca:ce:c3:1d:9d:ae:86:63:18:41:63:2c:7a:e6:
                    b2:e1:37:48:84:93:27:40:dd:0b:15:79:8b:3b:bb:
                    57:7e:0b:ff:39:c0:07:46:eb:a0:85:4a:0a:72:fa:
                    e6:22:2e:a0:ff:6f:af:7a:6f:95:4c:ac:ec:60:d2:
                    e2:4b:52:a8:d0:ab:14:ae:2c:40:44:56:c5:88:27:
                    e0:45:97:77:0d:cb:c9:e1:d2:a1:55:92:b4:c6:da:
                    7d:72:f7:ab:bf:3c:60:3b:85:ac:c4:65:52:8a:d7:
                    6d:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:1F:B1:7B:09:4D:8D:A2:A3:D9:98:AB:64:8B:6E:07:04:0D:68:4F
            X509v3 Authority Key Identifier:
                keyid:B7:DC:93:6A:7F:6B:A5:07:82:24:F8:01:73:6F:DE:B0:DA:E8:A9:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t9yTan9rpQeCJPgBc2_esNroqfs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/8b162c-4e35-4061-81be-79d42882c8c0/1/bB-xewlNjaKj2ZirZItuBwQNaE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/8b162c-4e35-4061-81be-79d42882c8c0/1/t9yTan9rpQeCJPgBc2_esNroqfs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.16.0/22
                  195.26.20.0/23
                IPv6:
                  2a09:e0c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         9b:25:67:95:54:e5:41:d8:72:7c:46:1c:cf:5b:a0:5d:18:36:
         c1:88:7b:ed:61:5b:e8:63:d3:07:70:53:57:09:f2:91:3c:19:
         49:fb:a0:f6:f0:ce:21:64:53:69:97:90:ef:29:55:59:7f:c8:
         20:d2:c0:f5:57:d5:5a:ff:23:ad:c2:de:2f:d9:0c:9f:b8:49:
         c6:50:db:29:d4:70:f1:e6:d8:8f:74:ff:13:47:18:8c:66:9b:
         34:f6:ca:2b:a5:ae:31:22:02:67:40:f7:98:a2:7a:e6:43:79:
         b0:eb:be:a9:12:19:a6:0a:d0:e1:f0:5d:03:e8:f8:40:ae:2a:
         75:ad:5e:b5:90:ec:4e:9b:cf:f1:5d:b7:f7:b0:b0:c3:9b:55:
         c0:22:6a:27:8b:23:11:76:1e:cf:ac:8c:3f:30:85:a0:78:a0:
         15:0f:0d:fb:9f:19:be:97:47:e1:57:29:f6:c3:7d:3a:e4:07:
         d4:99:11:d9:d6:f1:e5:8f:b0:54:e1:84:93:11:13:2b:b9:c8:
         cd:8b:c1:47:3e:06:e9:4b:94:b4:71:90:ac:cc:c4:e5:0a:0a:
         d0:16:a6:80:f0:8d:54:78:25:d6:78:8e:56:4f:3d:cc:5d:54:
         e8:79:57:8e:61:7f:04:b9:9e:ed:59:d0:13:2b:6e:12:3d:fe:
         4b:8e:40:d5
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzJTS7gDYxx0PQy0S47ZuMzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3ZGM5MzZhN2Y2YmE1MDc4MjI0ZjgwMTczNmZkZWIwZGFl
OGE5ZmIwHhcNMjQwMTAyMDgzMjA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzFmYjE3YjA5NGQ4ZGEyYTNkOTk4YWI2NDhiNmUwNzA0MGQ2ODRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjeEP7wuo7OQyi273nVhA1mqIfDOw
T4MbAJ45CgZDaIdsKmjNihLhri+9Vphs4TKB5hHuPNb8dPB3mOuG7hhv5yqiozmr
r0m4omekQM63Hl9OxdZfnUVanKcTOZ6zeQLTzidH0VsyLZGElAEGm/1A55/M283W
5cADuznbli+3i7yGdzK5ZaMmqyL5Hnw0RQtaA2GPBojrys7DHZ2uhmMYQWMseuay
4TdIhJMnQN0LFXmLO7tXfgv/OcAHRuughUoKcvrmIi6g/2+vem+VTKzsYNLiS1Ko
0KsUrixARFbFiCfgRZd3DcvJ4dKhVZK0xtp9cvervzxgO4WsxGVSitdtOQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGwfsXsJTY2io9mYq2SLbgcEDWhPMB8GA1UdIwQY
MBaAFLfck2p/a6UHgiT4AXNv3rDa6Kn7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDl5VGFuOXJwUWVDSlBnQmMyX2VzTnJvcWZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC84YjE2MmMtNGUzNS00MDYxLTgxYmUt
NzlkNDI4ODJjOGMwLzEvYkIteGV3bE5qYUtqMlppclpJdHVCd1FOYUU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC84YjE2MmMtNGUzNS00MDYxLTgxYmUtNzlkNDI4ODJjOGMw
LzEvdDl5VGFuOXJwUWVDSlBnQmMyX2VzTnJvcWZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCAjoQAwQB
wxoUMA0EAgACMAcDBQMqCeDAMA0GCSqGSIb3DQEBCwUAA4IBAQCbJWeVVOVB2HJ8
RhzPW6BdGDbBiHvtYVvoY9MHcFNXCfKRPBlJ+6D28M4hZFNpl5DvKVVZf8gg0sD1
V9Va/yOtwt4v2QyfuEnGUNsp1HDx5tiPdP8TRxiMZps09sorpa4xIgJnQPeYonrm
Q3mw676pEhmmCtDh8F0D6PhArip1rV61kOxOm8/xXbf3sLDDm1XAImoniyMRdh7P
rIw/MIWgeKAVDw37nxm+l0fhVyn2w3065AfUmRHZ1vHlj7BU4YSTERMrucjNi8FH
PgbpS5S0cZCszMTlCgrQFqaA8I1UeCXWeI5WTz3MXVToeVeOYX8EuZ7tWdATK24S
Pf5LjkDV
-----END CERTIFICATE-----