Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/87d48a-fa27-4b93-b4e8-b539d6cea6e1/1/IG7gdaBOFfdP9w3uDMOBfYAgXps.roa
File:                     IG7gdaBOFfdP9w3uDMOBfYAgXps.roa (raw, json)
Hash identifier:          iNF7ztfkPQlvzxToDebAWUsl73wJn88ghjj5Ced0anQ=
Subject key identifier:   20:6E:E0:75:A0:4E:15:F7:4F:F7:0D:EE:0C:C3:81:7D:80:20:5E:9B
Certificate issuer:       /CN=bf7a0258a521e99d213fb30e79667e584e37c7db
Certificate serial:       018E3DA8D77C68D77C6AAF704A144B98E328
Authority key identifier: BF:7A:02:58:A5:21:E9:9D:21:3F:B3:0E:79:66:7E:58:4E:37:C7:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v3oCWKUh6Z0hP7MOeWZ-WE43x9s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/87d48a-fa27-4b93-b4e8-b539d6cea6e1/1/IG7gdaBOFfdP9w3uDMOBfYAgXps.roa
Signing time:             Thu 14 Mar 2024 15:50:59 +0000
ROA not before:           Thu 14 Mar 2024 15:50:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12480
IP address blocks:        194.172.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/87d48a-fa27-4b93-b4e8-b539d6cea6e1/1/v3oCWKUh6Z0hP7MOeWZ-WE43x9s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/87d48a-fa27-4b93-b4e8-b539d6cea6e1/1/v3oCWKUh6Z0hP7MOeWZ-WE43x9s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v3oCWKUh6Z0hP7MOeWZ-WE43x9s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:3d:a8:d7:7c:68:d7:7c:6a:af:70:4a:14:4b:98:e3:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf7a0258a521e99d213fb30e79667e584e37c7db
        Validity
            Not Before: Mar 14 15:50:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=206ee075a04e15f74ff70dee0cc3817d80205e9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:fb:af:fe:5f:f8:c9:68:f2:3c:bb:bd:6b:45:
                    14:46:ff:c1:23:e5:6f:31:f2:d5:18:40:72:46:24:
                    68:3f:10:41:3c:f6:25:8c:1f:3b:b3:ac:79:f1:96:
                    07:0b:83:25:6d:6f:e5:23:7b:4d:54:25:12:87:ce:
                    e3:ff:de:6c:1b:8c:ee:c4:25:c7:a4:f1:52:15:6f:
                    7d:fb:4c:fa:b7:c2:9f:e9:af:4f:60:cb:81:f8:f5:
                    d5:81:a6:ef:db:6d:79:fb:fa:19:21:32:65:a1:3e:
                    a9:82:1b:3c:3e:2a:e6:90:21:62:dc:ae:93:7f:4d:
                    fe:c0:a1:39:14:66:b2:bb:e9:c9:3e:d6:d0:8d:33:
                    95:e7:14:4c:82:63:45:84:72:15:c1:34:9e:21:30:
                    97:f7:dd:61:44:6b:5f:3e:58:0e:8e:37:6b:13:59:
                    74:3f:30:02:d9:15:00:7d:b6:85:74:c8:ad:ea:50:
                    2d:c1:39:aa:5c:0b:ab:a0:d6:57:65:1e:89:d0:bb:
                    09:02:c8:b6:ec:a2:35:ea:22:fd:09:07:73:25:4d:
                    88:1c:af:23:a4:6d:97:d8:e1:78:d7:55:2f:56:34:
                    05:d8:98:c3:3c:12:b3:e4:11:59:8d:fd:68:19:67:
                    d8:47:8f:15:1a:2b:8e:45:c3:d1:e5:26:17:ea:ea:
                    ee:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:6E:E0:75:A0:4E:15:F7:4F:F7:0D:EE:0C:C3:81:7D:80:20:5E:9B
            X509v3 Authority Key Identifier:
                keyid:BF:7A:02:58:A5:21:E9:9D:21:3F:B3:0E:79:66:7E:58:4E:37:C7:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v3oCWKUh6Z0hP7MOeWZ-WE43x9s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/87d48a-fa27-4b93-b4e8-b539d6cea6e1/1/IG7gdaBOFfdP9w3uDMOBfYAgXps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/87d48a-fa27-4b93-b4e8-b539d6cea6e1/1/v3oCWKUh6Z0hP7MOeWZ-WE43x9s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.172.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:c9:0c:e7:9f:44:05:2e:70:19:79:65:eb:6d:eb:65:f7:53:
         29:d7:62:58:f2:ba:63:e9:8d:e3:20:54:7d:02:8c:e1:fd:33:
         9f:2e:01:0e:9a:9a:a0:e3:4d:35:ce:aa:d8:b0:9d:c2:de:17:
         cd:2b:76:17:a4:a2:cf:fa:a8:68:c6:33:e1:0c:ba:d1:12:0d:
         22:a9:47:e5:22:95:8d:ae:8f:92:8b:23:4d:a8:5e:37:bd:ac:
         ce:bd:f5:09:8c:1d:7a:3c:45:e6:3a:2f:c1:ae:3f:0f:0b:36:
         1f:fa:ba:e7:ac:dd:8c:d6:6f:2a:a1:a2:ea:d7:86:08:e3:8e:
         b0:6a:49:60:0e:8e:fb:bd:47:69:c2:22:e3:4e:e8:84:bc:1c:
         fe:31:45:5f:7a:db:d1:dd:97:b9:91:20:43:df:84:9d:d1:7e:
         61:8f:da:5a:9f:6d:05:b0:26:3b:36:78:f7:83:ad:3e:d4:46:
         21:ed:58:57:52:36:62:02:03:e6:d0:90:3b:6a:dd:7f:92:0c:
         fd:63:b4:f5:90:78:50:cc:32:3a:6f:2e:e4:57:e0:ea:fc:23:
         94:03:ce:ae:1b:8b:61:16:e3:8b:d8:d4:4d:26:f3:3a:0c:fa:
         82:66:2a:8b:05:d9:63:00:5f:d0:ef:38:0a:c2:17:4d:c1:38:
         45:d8:f4:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY49qNd8aNd8aq9wShRLmOMoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmN2EwMjU4YTUyMWU5OWQyMTNmYjMwZTc5NjY3ZTU4NGUz
N2M3ZGIwHhcNMjQwMzE0MTU1MDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDZlZTA3NWEwNGUxNWY3NGZmNzBkZWUwY2MzODE3ZDgwMjA1ZTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjfuv/l/4yWjyPLu9a0UURv/BI+Vv
MfLVGEByRiRoPxBBPPYljB87s6x58ZYHC4MlbW/lI3tNVCUSh87j/95sG4zuxCXH
pPFSFW99+0z6t8Kf6a9PYMuB+PXVgabv2215+/oZITJloT6pghs8PirmkCFi3K6T
f03+wKE5FGayu+nJPtbQjTOV5xRMgmNFhHIVwTSeITCX991hRGtfPlgOjjdrE1l0
PzAC2RUAfbaFdMit6lAtwTmqXAuroNZXZR6J0LsJAsi27KI16iL9CQdzJU2IHK8j
pG2X2OF411UvVjQF2JjDPBKz5BFZjf1oGWfYR48VGiuORcPR5SYX6uruDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCBu4HWgThX3T/cN7gzDgX2AIF6bMB8GA1UdIwQY
MBaAFL96AlilIemdIT+zDnlmflhON8fbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjNvQ1dLVWg2WjBoUDdNT2VXWi1XRTQzeDlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC84N2Q0OGEtZmEyNy00YjkzLWI0ZTgt
YjUzOWQ2Y2VhNmUxLzEvSUc3Z2RhQk9GZmRQOXczdURNT0JmWUFnWHBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC84N2Q0OGEtZmEyNy00YjkzLWI0ZTgtYjUzOWQ2Y2VhNmUx
LzEvdjNvQ1dLVWg2WjBoUDdNT2VXWi1XRTQzeDlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqw6MA0G
CSqGSIb3DQEBCwUAA4IBAQASyQznn0QFLnAZeWXrbetl91Mp12JY8rpj6Y3jIFR9
Aozh/TOfLgEOmpqg4001zqrYsJ3C3hfNK3YXpKLP+qhoxjPhDLrREg0iqUflIpWN
ro+SiyNNqF43vazOvfUJjB16PEXmOi/Brj8PCzYf+rrnrN2M1m8qoaLq14YI446w
aklgDo77vUdpwiLjTuiEvBz+MUVfetvR3Ze5kSBD34Sd0X5hj9pan20FsCY7Nnj3
g60+1EYh7VhXUjZiAgPm0JA7at1/kgz9Y7T1kHhQzDI6by7kV+Dq/COUA86uG4th
FuOL2NRNJvM6DPqCZiqLBdljAF/Q7zgKwhdNwThF2PRs
-----END CERTIFICATE-----