Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/800161-cb62-4b7c-ac7c-4d3b6c1f3a89/1/Cb3iCmSyTi57Hr9wgt7-XKl22eM.roa
File:                     Cb3iCmSyTi57Hr9wgt7-XKl22eM.roa (raw, json)
Hash identifier:          KWc0sd0YcpuWSqdNBF0A6JkpNXMWTuayHXK6TkwuLFE=
Subject key identifier:   09:BD:E2:0A:64:B2:4E:2E:7B:1E:BF:70:82:DE:FE:5C:A9:76:D9:E3
Certificate issuer:       /CN=8c029fb18e19c5677244057eda38c63dc18da12a
Certificate serial:       0194A26A9281A0177CA90E4EE40E38843BB8
Authority key identifier: 8C:02:9F:B1:8E:19:C5:67:72:44:05:7E:DA:38:C6:3D:C1:8D:A1:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jAKfsY4ZxWdyRAV-2jjGPcGNoSo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/800161-cb62-4b7c-ac7c-4d3b6c1f3a89/1/Cb3iCmSyTi57Hr9wgt7-XKl22eM.roa
Signing time:             Sun 26 Jan 2025 11:41:20 +0000
ROA not before:           Sun 26 Jan 2025 11:41:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213527
IP address blocks:        2.58.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/800161-cb62-4b7c-ac7c-4d3b6c1f3a89/1/jAKfsY4ZxWdyRAV-2jjGPcGNoSo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/800161-cb62-4b7c-ac7c-4d3b6c1f3a89/1/jAKfsY4ZxWdyRAV-2jjGPcGNoSo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jAKfsY4ZxWdyRAV-2jjGPcGNoSo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:a2:6a:92:81:a0:17:7c:a9:0e:4e:e4:0e:38:84:3b:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c029fb18e19c5677244057eda38c63dc18da12a
        Validity
            Not Before: Jan 26 11:41:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=09bde20a64b24e2e7b1ebf7082defe5ca976d9e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f1:cd:9f:94:38:1f:02:4c:36:bd:9e:db:d6:
                    83:a7:f7:3b:4d:27:8e:4e:b3:12:00:f6:f6:b8:96:
                    9f:e6:72:c2:9e:e5:9b:a9:ad:bb:a3:17:c9:64:a7:
                    c6:31:5e:b9:5f:f2:22:d0:f2:81:04:c0:26:69:5b:
                    f8:34:b5:d1:c2:83:37:3b:f9:59:56:0c:83:fb:d2:
                    26:36:58:c0:d9:c0:d7:3c:fd:3d:b2:95:c1:b5:6a:
                    52:00:2b:d6:69:97:fa:83:30:de:43:29:90:1e:97:
                    f5:ef:2b:06:1c:10:e7:eb:88:d1:a9:8b:61:5d:fd:
                    98:55:9b:de:26:bd:17:71:07:4a:37:1d:86:1d:b1:
                    08:1e:e0:30:aa:46:99:ad:ec:52:d7:30:7e:9b:28:
                    80:a2:7d:1d:a0:b2:f6:19:a7:3d:95:54:3f:62:69:
                    2f:37:57:11:71:d3:8e:92:ef:12:d4:cc:6a:70:c8:
                    b7:b5:c8:fc:f3:62:fe:17:02:7e:d7:d8:f4:81:bd:
                    66:cc:56:47:2b:42:5a:0a:3a:d0:3a:1f:b0:49:9f:
                    d5:42:28:86:29:13:c0:a7:73:82:e8:e9:40:e7:0d:
                    f7:ba:48:62:84:58:df:05:23:b9:92:f6:06:27:bd:
                    b4:19:48:5d:b0:d7:1f:bd:8d:bc:49:5c:38:bd:cd:
                    ff:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:BD:E2:0A:64:B2:4E:2E:7B:1E:BF:70:82:DE:FE:5C:A9:76:D9:E3
            X509v3 Authority Key Identifier:
                keyid:8C:02:9F:B1:8E:19:C5:67:72:44:05:7E:DA:38:C6:3D:C1:8D:A1:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jAKfsY4ZxWdyRAV-2jjGPcGNoSo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/800161-cb62-4b7c-ac7c-4d3b6c1f3a89/1/Cb3iCmSyTi57Hr9wgt7-XKl22eM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/800161-cb62-4b7c-ac7c-4d3b6c1f3a89/1/jAKfsY4ZxWdyRAV-2jjGPcGNoSo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:a8:c9:c9:0d:e8:68:d3:4c:fb:90:b1:02:44:6c:e1:1b:b8:
         87:e2:f8:f8:7e:cb:e1:d2:45:0d:08:5e:bf:70:cf:26:02:31:
         02:f1:12:0b:b8:5d:de:74:db:55:7d:d1:bc:a8:fe:b8:d3:35:
         c1:2b:e8:b0:03:31:2e:3a:e0:f7:fb:08:e2:b0:99:13:15:ac:
         aa:6f:ac:8a:da:62:6d:67:fe:0b:c4:c8:71:8a:b1:66:5c:00:
         a1:72:a6:9b:eb:c4:61:96:f6:ba:90:5f:c7:d7:92:ce:1c:d0:
         8d:14:a7:3b:ad:87:60:af:b4:14:b5:c9:93:0f:13:71:03:b4:
         8a:ed:ef:88:51:30:41:f0:5f:0e:c6:20:cc:81:79:73:58:b6:
         98:4d:dd:54:e2:8f:f6:ed:f9:ff:05:45:90:83:cb:40:5d:b0:
         65:26:49:38:eb:cd:30:7d:c6:0f:7c:04:c2:4b:97:d9:c6:9f:
         51:20:5a:d2:85:5f:ec:82:bc:08:c5:7d:5c:94:49:b2:04:1d:
         ea:c4:a1:00:d1:12:91:35:fb:d6:02:08:21:0e:16:88:24:08:
         7b:8b:90:5e:59:31:12:d3:79:da:d0:e5:ad:00:8f:1c:e8:1d:
         69:71:74:d1:42:39:e4:54:95:e7:37:db:fd:98:cb:43:1e:77:
         63:a7:4e:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSiapKBoBd8qQ5O5A44hDu4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjMDI5ZmIxOGUxOWM1Njc3MjQ0MDU3ZWRhMzhjNjNkYzE4
ZGExMmEwHhcNMjUwMTI2MTE0MTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWJkZTIwYTY0YjI0ZTJlN2IxZWJmNzA4MmRlZmU1Y2E5NzZkOWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvHNn5Q4HwJMNr2e29aDp/c7TSeO
TrMSAPb2uJaf5nLCnuWbqa27oxfJZKfGMV65X/Ii0PKBBMAmaVv4NLXRwoM3O/lZ
VgyD+9ImNljA2cDXPP09spXBtWpSACvWaZf6gzDeQymQHpf17ysGHBDn64jRqYth
Xf2YVZveJr0XcQdKNx2GHbEIHuAwqkaZrexS1zB+myiAon0doLL2Gac9lVQ/Ymkv
N1cRcdOOku8S1MxqcMi3tcj882L+FwJ+19j0gb1mzFZHK0JaCjrQOh+wSZ/VQiiG
KRPAp3OC6OlA5w33ukhihFjfBSO5kvYGJ720GUhdsNcfvY28SVw4vc3/+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAm94gpksk4uex6/cILe/lypdtnjMB8GA1UdIwQY
MBaAFIwCn7GOGcVnckQFfto4xj3BjaEqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakFLZnNZNFp4V2R5UkFWLTJqakdQY0dOb1NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My84MDAxNjEtY2I2Mi00YjdjLWFjN2Mt
NGQzYjZjMWYzYTg5LzEvQ2IzaUNtU3lUaTU3SHI5d2d0Ny1YS2wyMmVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My84MDAxNjEtY2I2Mi00YjdjLWFjN2MtNGQzYjZjMWYzYTg5
LzEvakFLZnNZNFp4V2R5UkFWLTJqakdQY0dOb1NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjrWMA0G
CSqGSIb3DQEBCwUAA4IBAQBHqMnJDeho00z7kLECRGzhG7iH4vj4fsvh0kUNCF6/
cM8mAjEC8RILuF3edNtVfdG8qP640zXBK+iwAzEuOuD3+wjisJkTFayqb6yK2mJt
Z/4LxMhxirFmXAChcqab68Rhlva6kF/H15LOHNCNFKc7rYdgr7QUtcmTDxNxA7SK
7e+IUTBB8F8OxiDMgXlzWLaYTd1U4o/27fn/BUWQg8tAXbBlJkk4680wfcYPfATC
S5fZxp9RIFrShV/sgrwIxX1clEmyBB3qxKEA0RKRNfvWAgghDhaIJAh7i5BeWTES
03na0OWtAI8c6B1pcXTRQjnkVJXnN9v9mMtDHndjp04y
-----END CERTIFICATE-----