Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/34cc12-c824-4499-a5af-29ef17540222/1/b9ZgMy28CrUavpsUC51ipp99pU4.roa
File:                     b9ZgMy28CrUavpsUC51ipp99pU4.roa (raw, json)
Hash identifier:          aDjcqnwu/I+YtMR/qhn056GNbIKbYEcMvmF1Zw2CaXE=
Subject key identifier:   6F:D6:60:33:2D:BC:0A:B5:1A:BE:9B:14:0B:9D:62:A6:9F:7D:A5:4E
Certificate issuer:       /CN=fbb0a25810d02646656f909c44eb2ba939d23209
Certificate serial:       018CC795592EC6E059324BCCF171577FA109
Authority key identifier: FB:B0:A2:58:10:D0:26:46:65:6F:90:9C:44:EB:2B:A9:39:D2:32:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-7CiWBDQJkZlb5CcROsrqTnSMgk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/34cc12-c824-4499-a5af-29ef17540222/1/b9ZgMy28CrUavpsUC51ipp99pU4.roa
Signing time:             Tue 02 Jan 2024 00:31:42 +0000
ROA not before:           Tue 02 Jan 2024 00:31:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209171
IP address blocks:        2.58.140.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/34cc12-c824-4499-a5af-29ef17540222/1/1-7CiWBDQJkZlb5CcROsrqTnSMgk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/34cc12-c824-4499-a5af-29ef17540222/1/1-7CiWBDQJkZlb5CcROsrqTnSMgk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-7CiWBDQJkZlb5CcROsrqTnSMgk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:59:2e:c6:e0:59:32:4b:cc:f1:71:57:7f:a1:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbb0a25810d02646656f909c44eb2ba939d23209
        Validity
            Not Before: Jan  2 00:31:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6fd660332dbc0ab51abe9b140b9d62a69f7da54e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f5:1d:0a:45:e5:b9:dd:bc:61:c0:1c:63:63:
                    15:c0:23:d0:7c:84:97:84:bb:6f:f0:f4:82:a9:72:
                    55:9a:31:ed:78:0c:fc:68:87:20:ca:88:4b:d9:f3:
                    01:46:6a:28:91:98:1f:0f:8f:ab:79:fa:18:62:68:
                    3e:cf:f8:96:c6:50:d5:07:d3:2f:40:3c:a1:fd:34:
                    70:f7:89:f6:dd:6c:c7:23:0e:7f:8b:33:7d:62:15:
                    e0:6e:c2:03:54:6e:d9:d6:e7:63:67:1f:76:84:e5:
                    da:33:dc:06:fa:51:f4:5f:e1:18:c9:5f:5f:1d:92:
                    bd:a3:33:ae:41:1e:24:7f:5a:b3:99:48:95:de:16:
                    8d:a9:c6:ab:ac:9b:7e:bf:1f:fb:0f:7f:60:c3:74:
                    74:3d:30:a6:e0:1e:a1:c4:be:6c:36:d8:71:9a:46:
                    7e:d6:64:b0:37:f0:b8:e7:b9:47:3a:ff:13:6e:c5:
                    e8:8c:fc:a9:d5:da:ac:25:5f:d0:96:85:47:01:18:
                    05:11:a8:71:b1:8b:f9:38:22:1f:92:e4:92:96:9a:
                    bf:34:4d:68:10:22:e7:4d:e1:3b:b1:8c:d9:6e:54:
                    9d:48:e9:42:11:26:ce:93:c2:90:88:35:15:0a:f6:
                    a1:1e:cc:47:31:d3:bf:b6:b1:e0:bf:17:22:20:97:
                    03:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:D6:60:33:2D:BC:0A:B5:1A:BE:9B:14:0B:9D:62:A6:9F:7D:A5:4E
            X509v3 Authority Key Identifier:
                keyid:FB:B0:A2:58:10:D0:26:46:65:6F:90:9C:44:EB:2B:A9:39:D2:32:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-7CiWBDQJkZlb5CcROsrqTnSMgk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/34cc12-c824-4499-a5af-29ef17540222/1/b9ZgMy28CrUavpsUC51ipp99pU4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/34cc12-c824-4499-a5af-29ef17540222/1/1-7CiWBDQJkZlb5CcROsrqTnSMgk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         17:f0:03:a7:0a:f3:9e:13:27:a9:29:2b:c2:4c:31:b2:e0:94:
         4d:79:9a:48:fc:4b:ea:a0:68:8e:03:f3:cb:61:a2:04:1f:5d:
         9e:09:34:e1:d4:c3:ce:b8:e0:5e:a4:47:be:61:22:bb:2a:3e:
         a9:d8:68:c9:22:39:11:8e:01:e7:96:62:b3:d6:da:33:21:f9:
         f3:1b:32:27:8a:0a:50:a0:73:e0:db:9a:eb:14:25:05:81:0d:
         4a:8d:af:2a:9e:b2:d4:ca:7d:9c:04:a4:02:31:9c:ec:0d:1d:
         96:c9:de:28:60:f1:7f:c8:1a:81:a4:dd:19:cc:b9:40:82:90:
         34:31:cc:a4:ab:dd:9e:75:5c:3b:ec:6e:76:9c:0a:b9:b7:40:
         b7:71:b2:63:32:0e:9b:c7:c8:0d:e1:bd:6c:53:c9:59:80:fd:
         d7:3e:5b:af:13:11:52:d7:8b:91:4c:2e:06:16:45:f3:de:d8:
         02:ec:c0:dc:1d:7c:ee:b8:ed:b4:d5:8a:85:51:3e:29:77:6a:
         73:b3:6b:93:76:5d:28:bf:2c:aa:6f:57:6a:a8:45:b2:ad:79:
         58:53:91:62:a1:c4:fe:73:39:ef:d6:a2:aa:52:3f:27:55:16:
         34:2e:5b:7d:9b:ab:cd:b0:4e:a6:ac:99:76:5d:94:f1:8b:98:
         d7:a6:2e:06
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlVkuxuBZMkvM8XFXf6EJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiYjBhMjU4MTBkMDI2NDY2NTZmOTA5YzQ0ZWIyYmE5Mzlk
MjMyMDkwHhcNMjQwMTAyMDAzMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmQ2NjAzMzJkYmMwYWI1MWFiZTliMTQwYjlkNjJhNjlmN2RhNTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfUdCkXlud28YcAcY2MVwCPQfISX
hLtv8PSCqXJVmjHteAz8aIcgyohL2fMBRmookZgfD4+refoYYmg+z/iWxlDVB9Mv
QDyh/TRw94n23WzHIw5/izN9YhXgbsIDVG7Z1udjZx92hOXaM9wG+lH0X+EYyV9f
HZK9ozOuQR4kf1qzmUiV3haNqcarrJt+vx/7D39gw3R0PTCm4B6hxL5sNthxmkZ+
1mSwN/C457lHOv8TbsXojPyp1dqsJV/QloVHARgFEahxsYv5OCIfkuSSlpq/NE1o
ECLnTeE7sYzZblSdSOlCESbOk8KQiDUVCvahHsxHMdO/trHgvxciIJcDAQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFG/WYDMtvAq1Gr6bFAudYqaffaVOMB8GA1UdIwQY
MBaAFPuwolgQ0CZGZW+QnETrK6k50jIJMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS03Q2lXQkRRSmtabGI1Q2NST3NycVRuU01nay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODYvMzRjYzEyLWM4MjQtNDQ5OS1hNWFm
LTI5ZWYxNzU0MDIyMi8xL2I5WmdNeTI4Q3JVYXZwc1VDNTFpcHA5OXBVNC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODYvMzRjYzEyLWM4MjQtNDQ5OS1hNWFmLTI5ZWYxNzU0MDIy
Mi8xLzEtN0NpV0JEUUprWmxiNUNjUk9zcnFUblNNZ2suY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAICOoww
DQYJKoZIhvcNAQELBQADggEBABfwA6cK854TJ6kpK8JMMbLglE15mkj8S+qgaI4D
88thogQfXZ4JNOHUw8644F6kR75hIrsqPqnYaMkiORGOAeeWYrPW2jMh+fMbMieK
ClCgc+DbmusUJQWBDUqNryqestTKfZwEpAIxnOwNHZbJ3ihg8X/IGoGk3RnMuUCC
kDQxzKSr3Z51XDvsbnacCrm3QLdxsmMyDpvHyA3hvWxTyVmA/dc+W68TEVLXi5FM
LgYWRfPe2ALswNwdfO647bTVioVRPil3anOza5N2XSi/LKpvV2qoRbKteVhTkWKh
xP5zOe/WoqpSPydVFjQuW32bq82wTqasmXZdlPGLmNemLgY=
-----END CERTIFICATE-----