Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/34bd6e-79a7-4126-8a32-2fd280e0d54a/1/x5rquIVhJ13GXmSiEvGgLAga1-w.roa
File:                     x5rquIVhJ13GXmSiEvGgLAga1-w.roa (raw, json)
Hash identifier:          89X00FnyaHqizMTzCA2kNKHXqUvFiwqZlo80Pxfjk08=
Subject key identifier:   C7:9A:EA:B8:85:61:27:5D:C6:5E:64:A2:12:F1:A0:2C:08:1A:D7:EC
Certificate issuer:       /CN=58f75ef0d630e1d086790ca0b78e7eef8e2acfbb
Certificate serial:       0194266BC90C4D83C2F90EFCD7EF74C56BEC
Authority key identifier: 58:F7:5E:F0:D6:30:E1:D0:86:79:0C:A0:B7:8E:7E:EF:8E:2A:CF:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WPde8NYw4dCGeQygt45-744qz7s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/34bd6e-79a7-4126-8a32-2fd280e0d54a/1/x5rquIVhJ13GXmSiEvGgLAga1-w.roa
Signing time:             Thu 02 Jan 2025 09:49:45 +0000
ROA not before:           Thu 02 Jan 2025 09:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196725
IP address blocks:        151.252.96.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/34bd6e-79a7-4126-8a32-2fd280e0d54a/1/WPde8NYw4dCGeQygt45-744qz7s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/34bd6e-79a7-4126-8a32-2fd280e0d54a/1/WPde8NYw4dCGeQygt45-744qz7s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WPde8NYw4dCGeQygt45-744qz7s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:c9:0c:4d:83:c2:f9:0e:fc:d7:ef:74:c5:6b:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58f75ef0d630e1d086790ca0b78e7eef8e2acfbb
        Validity
            Not Before: Jan  2 09:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c79aeab88561275dc65e64a212f1a02c081ad7ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:0f:f5:91:77:0a:52:8f:38:22:37:0a:7c:cc:
                    c9:52:5e:5d:45:1d:7e:5b:33:50:2a:3b:be:67:f6:
                    f7:59:e9:6b:8c:74:10:66:9a:e2:c0:d2:74:53:66:
                    96:8e:7f:46:31:3f:60:2b:fc:32:d4:7d:f5:a1:0f:
                    5b:aa:18:ff:55:e7:b9:db:7d:f6:da:f4:3d:89:e1:
                    e9:97:a4:65:31:1e:3e:d4:67:ea:53:07:59:64:72:
                    b0:86:7c:fe:9d:ee:a4:37:47:9d:8f:01:73:02:78:
                    a5:7d:c6:ed:4f:87:99:22:1a:9d:ae:e3:ab:c3:76:
                    55:75:c4:8b:ee:bf:b5:94:c2:9b:e3:82:6c:8a:a4:
                    72:12:10:2a:72:02:47:56:c3:b5:16:5c:3e:3f:83:
                    d3:e9:38:49:22:98:98:2f:1c:bc:19:90:a8:70:f3:
                    c3:c5:9c:45:88:12:4b:d9:79:59:eb:be:0b:44:3c:
                    cb:1c:38:96:67:c6:9e:54:1d:ed:c7:ac:37:18:cf:
                    7f:8b:e4:23:72:49:6a:65:25:37:c1:30:3f:5a:d0:
                    f0:fa:b2:10:98:3a:fd:e5:f1:27:ca:52:76:4a:97:
                    fc:30:6a:3b:9d:96:eb:81:4f:05:d5:9f:d9:7e:a1:
                    9c:61:be:b2:2e:65:41:e4:8d:ce:c5:18:58:39:4c:
                    4f:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:9A:EA:B8:85:61:27:5D:C6:5E:64:A2:12:F1:A0:2C:08:1A:D7:EC
            X509v3 Authority Key Identifier:
                keyid:58:F7:5E:F0:D6:30:E1:D0:86:79:0C:A0:B7:8E:7E:EF:8E:2A:CF:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WPde8NYw4dCGeQygt45-744qz7s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/34bd6e-79a7-4126-8a32-2fd280e0d54a/1/x5rquIVhJ13GXmSiEvGgLAga1-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/34bd6e-79a7-4126-8a32-2fd280e0d54a/1/WPde8NYw4dCGeQygt45-744qz7s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.252.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         02:e7:0a:15:67:16:0d:61:76:cb:ee:d7:b0:b4:41:46:71:60:
         55:36:35:fd:46:a7:19:10:bb:9a:53:48:35:58:08:38:98:2c:
         41:ef:b6:d3:87:2a:7e:b8:56:d4:3a:7a:36:8d:a7:8b:1b:04:
         b9:e6:d9:f6:57:4d:3a:43:1d:7d:0b:b3:be:0f:91:05:dc:93:
         04:8a:85:6e:e5:75:79:32:7e:08:a8:3e:c5:18:84:02:78:d9:
         7a:d6:41:a1:65:4e:0b:ee:0c:8d:60:79:b3:bf:0a:0e:f0:c2:
         69:05:80:fd:6f:b0:21:4a:16:5a:2e:ee:c6:6e:53:8f:e4:f8:
         b1:8c:65:7b:04:bd:6c:ae:40:da:aa:c5:63:13:c1:9f:10:a3:
         8c:41:4e:68:4b:7a:60:44:81:c1:3a:a9:ce:bb:46:9c:6e:b0:
         5e:bd:b5:94:cb:e9:08:48:ee:8d:bd:9f:c8:d2:36:91:4d:92:
         4d:a9:1b:2f:8b:57:5e:0c:8c:43:e5:a9:5f:8b:70:cc:9b:14:
         f3:b3:67:d9:63:fa:eb:e0:8c:4b:c2:39:4b:3d:26:70:99:ad:
         2b:10:96:a5:62:90:b1:b9:6a:28:f7:53:ce:1e:30:2b:4f:ed:
         39:15:98:a2:80:26:10:10:e0:13:7a:78:6d:ef:f9:6d:df:32:
         74:2b:26:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma8kMTYPC+Q781+90xWvsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4Zjc1ZWYwZDYzMGUxZDA4Njc5MGNhMGI3OGU3ZWVmOGUy
YWNmYmIwHhcNMjUwMTAyMDk0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzlhZWFiODg1NjEyNzVkYzY1ZTY0YTIxMmYxYTAyYzA4MWFkN2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxg/1kXcKUo84IjcKfMzJUl5dRR1+
WzNQKju+Z/b3WelrjHQQZpriwNJ0U2aWjn9GMT9gK/wy1H31oQ9bqhj/Vee52332
2vQ9ieHpl6RlMR4+1GfqUwdZZHKwhnz+ne6kN0edjwFzAnilfcbtT4eZIhqdruOr
w3ZVdcSL7r+1lMKb44JsiqRyEhAqcgJHVsO1Flw+P4PT6ThJIpiYLxy8GZCocPPD
xZxFiBJL2XlZ674LRDzLHDiWZ8aeVB3tx6w3GM9/i+QjcklqZSU3wTA/WtDw+rIQ
mDr95fEnylJ2Spf8MGo7nZbrgU8F1Z/ZfqGcYb6yLmVB5I3OxRhYOUxPEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMea6riFYSddxl5kohLxoCwIGtfsMB8GA1UdIwQY
MBaAFFj3XvDWMOHQhnkMoLeOfu+OKs+7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1BkZThOWXc0ZENHZVF5Z3Q0NS03NDRxejdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi8zNGJkNmUtNzlhNy00MTI2LThhMzIt
MmZkMjgwZTBkNTRhLzEveDVycXVJVmhKMTNHWG1TaUV2R2dMQWdhMS13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi8zNGJkNmUtNzlhNy00MTI2LThhMzItMmZkMjgwZTBkNTRh
LzEvV1BkZThOWXc0ZENHZVF5Z3Q0NS03NDRxejdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDl/xgMA0G
CSqGSIb3DQEBCwUAA4IBAQAC5woVZxYNYXbL7tewtEFGcWBVNjX9RqcZELuaU0g1
WAg4mCxB77bThyp+uFbUOno2jaeLGwS55tn2V006Qx19C7O+D5EF3JMEioVu5XV5
Mn4IqD7FGIQCeNl61kGhZU4L7gyNYHmzvwoO8MJpBYD9b7AhShZaLu7GblOP5Pix
jGV7BL1srkDaqsVjE8GfEKOMQU5oS3pgRIHBOqnOu0acbrBevbWUy+kISO6NvZ/I
0jaRTZJNqRsvi1deDIxD5alfi3DMmxTzs2fZY/rr4IxLwjlLPSZwma0rEJalYpCx
uWoo91POHjArT+05FZiigCYQEOATenht7/lt3zJ0Kyb/
-----END CERTIFICATE-----