Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/bea14a-0d32-4aa7-b898-d60b3b6cca6e/1/_58tlOgGUPTvXTFMQMQSXfSTrks.roa
File:                     _58tlOgGUPTvXTFMQMQSXfSTrks.roa (raw, json)
Hash identifier:          hRt3W9FN30zREWKxR63+fItQVvACM/WE13kR5SFZ56Y=
Subject key identifier:   FF:9F:2D:94:E8:06:50:F4:EF:5D:31:4C:40:C4:12:5D:F4:93:AE:4B
Certificate issuer:       /CN=5a939b0ced38d75cc63ed50d6e5ce72bbb5b4b10
Certificate serial:       018FA0065E3B28A99CF27FC8EA5F2860B078
Authority key identifier: 5A:93:9B:0C:ED:38:D7:5C:C6:3E:D5:0D:6E:5C:E7:2B:BB:5B:4B:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WpObDO0411zGPtUNblznK7tbSxA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/bea14a-0d32-4aa7-b898-d60b3b6cca6e/1/_58tlOgGUPTvXTFMQMQSXfSTrks.roa
Signing time:             Wed 22 May 2024 11:18:42 +0000
ROA not before:           Wed 22 May 2024 11:18:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203709
IP address blocks:        185.214.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/bea14a-0d32-4aa7-b898-d60b3b6cca6e/1/WpObDO0411zGPtUNblznK7tbSxA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/bea14a-0d32-4aa7-b898-d60b3b6cca6e/1/WpObDO0411zGPtUNblznK7tbSxA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WpObDO0411zGPtUNblznK7tbSxA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 23:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a0:06:5e:3b:28:a9:9c:f2:7f:c8:ea:5f:28:60:b0:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a939b0ced38d75cc63ed50d6e5ce72bbb5b4b10
        Validity
            Not Before: May 22 11:18:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff9f2d94e80650f4ef5d314c40c4125df493ae4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:25:0e:3f:0a:cb:57:97:af:79:3d:aa:b6:63:
                    6c:19:28:b6:4d:23:f1:5a:c3:79:c0:39:13:2d:40:
                    03:42:a0:55:db:c1:97:d5:83:94:39:ca:fa:e2:cd:
                    34:9c:7b:8f:1f:6e:f0:a1:ab:3c:c9:bd:46:a7:af:
                    70:77:04:2c:34:cb:6d:ec:37:51:7d:b2:b6:db:7e:
                    c2:ad:60:fd:5c:e3:6b:c3:7e:b2:a7:bc:d2:9b:c1:
                    83:82:7d:a3:ab:f1:4a:24:36:22:92:e7:ee:fe:11:
                    05:e1:be:10:eb:53:da:6b:51:fe:be:82:6e:1b:ac:
                    b1:a4:c6:9e:89:b1:5d:92:e3:85:f7:67:6a:e0:56:
                    fc:69:50:5c:65:24:4f:1d:6d:3f:6e:ee:82:b7:a3:
                    d0:cf:e2:bc:7f:73:54:28:c3:8d:a9:fc:b5:b4:44:
                    01:75:6e:1e:eb:8f:96:1f:e4:e3:e7:c9:7a:66:07:
                    11:3e:15:35:d5:03:2f:77:31:1b:45:17:31:37:57:
                    db:ce:b2:f1:f4:bd:c0:10:fb:72:bb:ed:9c:80:b6:
                    69:4d:fb:62:8a:e6:bf:6c:84:dc:67:bb:9f:7a:75:
                    bc:51:96:1e:8b:d9:84:b0:1e:25:13:1d:e2:c5:36:
                    e6:c7:9d:95:4b:06:fc:c2:70:45:d0:53:2b:2e:3e:
                    71:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:9F:2D:94:E8:06:50:F4:EF:5D:31:4C:40:C4:12:5D:F4:93:AE:4B
            X509v3 Authority Key Identifier:
                keyid:5A:93:9B:0C:ED:38:D7:5C:C6:3E:D5:0D:6E:5C:E7:2B:BB:5B:4B:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WpObDO0411zGPtUNblznK7tbSxA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/bea14a-0d32-4aa7-b898-d60b3b6cca6e/1/_58tlOgGUPTvXTFMQMQSXfSTrks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/bea14a-0d32-4aa7-b898-d60b3b6cca6e/1/WpObDO0411zGPtUNblznK7tbSxA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.214.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:9b:22:93:ea:5d:da:ee:23:b8:b3:23:49:a9:ca:a4:8a:c3:
         08:3f:53:94:dc:19:26:3f:2d:13:7b:a7:69:7a:b4:02:d1:9f:
         2a:8d:44:c8:a0:5b:c8:74:26:d7:c2:44:72:1c:76:73:04:da:
         5e:8e:d0:3a:70:f4:d3:05:40:1e:3b:97:b6:b4:a6:fa:fc:91:
         8f:96:f5:8a:e8:98:75:40:5e:49:24:44:ba:8b:af:f6:9f:06:
         2c:cc:97:d0:2e:5c:55:ae:8a:d1:ab:a4:40:4a:c9:9e:aa:77:
         2a:37:7c:2b:a0:f0:93:08:b7:14:c9:38:54:2b:c7:0b:ad:d4:
         53:c7:dd:1b:cb:95:cd:e5:dc:eb:6d:7f:bd:22:cb:b2:a6:cb:
         7b:b9:8e:bc:de:a7:b0:64:0e:02:e3:c2:49:1d:a0:6f:a1:2e:
         13:2e:a7:a7:33:df:b6:b5:b1:de:d5:5f:a1:2c:c9:62:12:16:
         ed:d8:95:c5:59:54:f3:3b:4b:94:89:67:a1:f4:6d:ea:7a:a4:
         94:67:b1:b6:3a:63:08:6c:67:24:4a:69:3d:6f:7b:82:a3:39:
         1a:04:2c:0b:9c:d2:ac:86:32:15:93:8e:c5:54:45:f8:7a:17:
         46:c2:d6:45:03:ca:70:f9:ef:ce:25:82:fe:50:5a:d0:a5:a0:
         10:e1:19:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+gBl47KKmc8n/I6l8oYLB4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhOTM5YjBjZWQzOGQ3NWNjNjNlZDUwZDZlNWNlNzJiYmI1
YjRiMTAwHhcNMjQwNTIyMTExODQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjlmMmQ5NGU4MDY1MGY0ZWY1ZDMxNGM0MGM0MTI1ZGY0OTNhZTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtiUOPwrLV5eveT2qtmNsGSi2TSPx
WsN5wDkTLUADQqBV28GX1YOUOcr64s00nHuPH27woas8yb1Gp69wdwQsNMtt7DdR
fbK2237CrWD9XONrw36yp7zSm8GDgn2jq/FKJDYikufu/hEF4b4Q61Paa1H+voJu
G6yxpMaeibFdkuOF92dq4Fb8aVBcZSRPHW0/bu6Ct6PQz+K8f3NUKMONqfy1tEQB
dW4e64+WH+Tj58l6ZgcRPhU11QMvdzEbRRcxN1fbzrLx9L3AEPtyu+2cgLZpTfti
iua/bITcZ7ufenW8UZYei9mEsB4lEx3ixTbmx52VSwb8wnBF0FMrLj5xAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP+fLZToBlD0710xTEDEEl30k65LMB8GA1UdIwQY
MBaAFFqTmwztONdcxj7VDW5c5yu7W0sQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3BPYkRPMDQxMXpHUHRVTmJsem5LN3RiU3hBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9iZWExNGEtMGQzMi00YWE3LWI4OTgt
ZDYwYjNiNmNjYTZlLzEvXzU4dGxPZ0dVUFR2WFRGTVFNUVNYZlNUcmtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9iZWExNGEtMGQzMi00YWE3LWI4OTgtZDYwYjNiNmNjYTZl
LzEvV3BPYkRPMDQxMXpHUHRVTmJsem5LN3RiU3hBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudaKMA0G
CSqGSIb3DQEBCwUAA4IBAQComyKT6l3a7iO4syNJqcqkisMIP1OU3BkmPy0Te6dp
erQC0Z8qjUTIoFvIdCbXwkRyHHZzBNpejtA6cPTTBUAeO5e2tKb6/JGPlvWK6Jh1
QF5JJES6i6/2nwYszJfQLlxVrorRq6RASsmeqncqN3wroPCTCLcUyThUK8cLrdRT
x90by5XN5dzrbX+9Isuypst7uY683qewZA4C48JJHaBvoS4TLqenM9+2tbHe1V+h
LMliEhbt2JXFWVTzO0uUiWeh9G3qeqSUZ7G2OmMIbGckSmk9b3uCozkaBCwLnNKs
hjIVk47FVEX4ehdGwtZFA8pw+e/OJYL+UFrQpaAQ4Rl9
-----END CERTIFICATE-----