Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/87d48a-fa27-4b93-b4e8-b539d6cea6e1/1/bE_NJ1O4li4w5jwL1p9Rzj6psYs.roa
File:                     bE_NJ1O4li4w5jwL1p9Rzj6psYs.roa (raw, json)
Hash identifier:          kKa0W4IHbF8D6GG7pogePLVv7EcTQEGkGc0M7Xs7J84=
Subject key identifier:   6C:4F:CD:27:53:B8:96:2E:30:E6:3C:0B:D6:9F:51:CE:3E:A9:B1:8B
Certificate issuer:       /CN=bf7a0258a521e99d213fb30e79667e584e37c7db
Certificate serial:       019423D6DE1D277E0B4FC9211A6FCAC1A0F1
Authority key identifier: BF:7A:02:58:A5:21:E9:9D:21:3F:B3:0E:79:66:7E:58:4E:37:C7:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v3oCWKUh6Z0hP7MOeWZ-WE43x9s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/87d48a-fa27-4b93-b4e8-b539d6cea6e1/1/bE_NJ1O4li4w5jwL1p9Rzj6psYs.roa
Signing time:             Wed 01 Jan 2025 21:47:51 +0000
ROA not before:           Wed 01 Jan 2025 21:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12480
IP address blocks:        194.172.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/87d48a-fa27-4b93-b4e8-b539d6cea6e1/1/v3oCWKUh6Z0hP7MOeWZ-WE43x9s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/87d48a-fa27-4b93-b4e8-b539d6cea6e1/1/v3oCWKUh6Z0hP7MOeWZ-WE43x9s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v3oCWKUh6Z0hP7MOeWZ-WE43x9s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 09:02:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:de:1d:27:7e:0b:4f:c9:21:1a:6f:ca:c1:a0:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf7a0258a521e99d213fb30e79667e584e37c7db
        Validity
            Not Before: Jan  1 21:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6c4fcd2753b8962e30e63c0bd69f51ce3ea9b18b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:5a:ce:63:cd:4a:3d:40:f1:a0:c8:5e:c5:1f:
                    22:3e:42:3c:87:ec:53:e6:28:fa:a9:3d:a5:3e:5e:
                    71:ae:64:28:86:e1:73:bf:0e:5b:c2:2e:7b:32:4f:
                    e2:08:60:72:00:fd:fa:b3:3e:31:ec:60:35:8e:e3:
                    ca:f6:0a:ec:1d:bf:f0:9a:18:92:87:b9:bd:0d:ee:
                    99:45:0d:7a:11:6c:e5:cf:24:86:a2:1e:5a:9d:7a:
                    f6:59:06:1f:9a:48:26:58:14:f2:d6:54:fe:f7:e8:
                    ca:8a:da:73:33:6b:52:e1:e2:62:26:af:d8:f7:0d:
                    45:a9:4f:24:30:9b:69:e7:f3:04:45:f4:46:53:f2:
                    0a:4e:a0:32:98:28:b2:f9:5f:0f:e9:b9:64:7e:bd:
                    c5:86:75:9d:a1:6a:40:ea:9a:73:d9:88:a9:07:62:
                    b7:02:f7:05:37:a2:3a:61:88:09:49:03:c0:b2:5b:
                    ec:3a:76:a8:db:77:bf:f0:e1:c4:f5:99:65:6c:d6:
                    e1:c0:99:46:a2:73:5e:82:4b:b1:c2:50:0e:91:d2:
                    32:9c:ab:92:b6:df:91:8a:35:7e:59:7c:09:f4:e0:
                    1c:05:52:6f:f6:32:eb:1b:99:66:a7:fd:c3:d4:fb:
                    28:5c:d8:8e:22:b9:e0:90:69:bb:97:11:b3:74:08:
                    6f:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:4F:CD:27:53:B8:96:2E:30:E6:3C:0B:D6:9F:51:CE:3E:A9:B1:8B
            X509v3 Authority Key Identifier:
                keyid:BF:7A:02:58:A5:21:E9:9D:21:3F:B3:0E:79:66:7E:58:4E:37:C7:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v3oCWKUh6Z0hP7MOeWZ-WE43x9s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/87d48a-fa27-4b93-b4e8-b539d6cea6e1/1/bE_NJ1O4li4w5jwL1p9Rzj6psYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/87d48a-fa27-4b93-b4e8-b539d6cea6e1/1/v3oCWKUh6Z0hP7MOeWZ-WE43x9s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.172.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:ff:7f:98:17:c9:b3:24:e5:d0:95:af:1e:92:60:e4:e9:0b:
         5b:52:9e:29:ea:f9:4b:96:1f:06:28:a3:5d:86:cb:d2:78:78:
         0b:9c:fd:97:e3:44:66:00:51:b8:c1:77:22:d7:ff:fb:9c:ba:
         5d:92:92:bf:52:13:e9:0a:49:b5:de:66:82:ac:0d:ee:c8:d5:
         91:de:ed:9f:c3:6b:f5:f0:69:bf:f1:47:1a:1b:39:3b:d3:0c:
         c0:c6:ee:90:f7:d8:fa:20:d1:e8:f3:00:e9:f2:43:2f:42:a3:
         0c:8a:55:28:45:06:84:02:6d:1a:11:ba:28:73:ad:e1:54:3c:
         69:99:4c:3a:9a:50:44:1c:f4:e6:08:a5:01:c0:67:23:88:73:
         2e:ae:13:26:d3:93:d6:87:7f:f7:00:45:2f:ad:f5:fa:8f:d3:
         e3:ac:04:81:1e:b0:ad:5e:29:0d:58:d4:0f:d3:7e:bc:4a:c5:
         73:d7:3a:ea:5f:37:eb:ad:58:48:44:fa:d4:b1:fe:9e:54:00:
         0a:72:8c:6e:30:d6:45:6d:c1:85:e9:a4:55:7a:b0:96:6c:7d:
         c9:af:45:b6:41:2c:2a:6e:78:9e:25:12:b5:ae:6a:c6:87:64:
         63:6c:8f:f3:ad:e1:19:8c:09:3b:f7:e4:5e:29:e4:a7:24:f4:
         98:71:9b:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1t4dJ34LT8khGm/KwaDxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmN2EwMjU4YTUyMWU5OWQyMTNmYjMwZTc5NjY3ZTU4NGUz
N2M3ZGIwHhcNMjUwMTAxMjE0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzRmY2QyNzUzYjg5NjJlMzBlNjNjMGJkNjlmNTFjZTNlYTliMThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAllrOY81KPUDxoMhexR8iPkI8h+xT
5ij6qT2lPl5xrmQohuFzvw5bwi57Mk/iCGByAP36sz4x7GA1juPK9grsHb/wmhiS
h7m9De6ZRQ16EWzlzySGoh5anXr2WQYfmkgmWBTy1lT+9+jKitpzM2tS4eJiJq/Y
9w1FqU8kMJtp5/MERfRGU/IKTqAymCiy+V8P6blkfr3FhnWdoWpA6ppz2YipB2K3
AvcFN6I6YYgJSQPAslvsOnao23e/8OHE9ZllbNbhwJlGonNegkuxwlAOkdIynKuS
tt+RijV+WXwJ9OAcBVJv9jLrG5lmp/3D1PsoXNiOIrngkGm7lxGzdAhvowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGxPzSdTuJYuMOY8C9afUc4+qbGLMB8GA1UdIwQY
MBaAFL96AlilIemdIT+zDnlmflhON8fbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjNvQ1dLVWg2WjBoUDdNT2VXWi1XRTQzeDlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC84N2Q0OGEtZmEyNy00YjkzLWI0ZTgt
YjUzOWQ2Y2VhNmUxLzEvYkVfTkoxTzRsaTR3NWp3TDFwOVJ6ajZwc1lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC84N2Q0OGEtZmEyNy00YjkzLWI0ZTgtYjUzOWQ2Y2VhNmUx
LzEvdjNvQ1dLVWg2WjBoUDdNT2VXWi1XRTQzeDlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqw6MA0G
CSqGSIb3DQEBCwUAA4IBAQBv/3+YF8mzJOXQla8ekmDk6QtbUp4p6vlLlh8GKKNd
hsvSeHgLnP2X40RmAFG4wXci1//7nLpdkpK/UhPpCkm13maCrA3uyNWR3u2fw2v1
8Gm/8UcaGzk70wzAxu6Q99j6INHo8wDp8kMvQqMMilUoRQaEAm0aEbooc63hVDxp
mUw6mlBEHPTmCKUBwGcjiHMurhMm05PWh3/3AEUvrfX6j9PjrASBHrCtXikNWNQP
0368SsVz1zrqXzfrrVhIRPrUsf6eVAAKcoxuMNZFbcGF6aRVerCWbH3Jr0W2QSwq
bnieJRK1rmrGh2RjbI/zreEZjAk79+ReKeSnJPSYcZvZ
-----END CERTIFICATE-----