Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/087513-d2d6-43c6-9b79-22f0aaa81327/1/QbMtJCyeS1UwQoNdxpT73PMGteE.roa
File:                     QbMtJCyeS1UwQoNdxpT73PMGteE.roa (raw, json)
Hash identifier:          KMhN38u0GEau5JeuxrI2EEIJMxGmIw0+9n/GLuFP0so=
Subject key identifier:   41:B3:2D:24:2C:9E:4B:55:30:42:83:5D:C6:94:FB:DC:F3:06:B5:E1
Certificate issuer:       /CN=6eef3973d6e07681419bae867bd514545e7df5da
Certificate serial:       0194221F83B2C71C4F074A56FF935B7BCD91
Authority key identifier: 6E:EF:39:73:D6:E0:76:81:41:9B:AE:86:7B:D5:14:54:5E:7D:F5:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bu85c9bgdoFBm66Ge9UUVF599do.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/087513-d2d6-43c6-9b79-22f0aaa81327/1/QbMtJCyeS1UwQoNdxpT73PMGteE.roa
Signing time:             Wed 01 Jan 2025 13:47:58 +0000
ROA not before:           Wed 01 Jan 2025 13:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        2.58.100.0/24 maxlen: 24
                          2.58.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/087513-d2d6-43c6-9b79-22f0aaa81327/1/bu85c9bgdoFBm66Ge9UUVF599do.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/087513-d2d6-43c6-9b79-22f0aaa81327/1/bu85c9bgdoFBm66Ge9UUVF599do.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bu85c9bgdoFBm66Ge9UUVF599do.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:83:b2:c7:1c:4f:07:4a:56:ff:93:5b:7b:cd:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6eef3973d6e07681419bae867bd514545e7df5da
        Validity
            Not Before: Jan  1 13:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41b32d242c9e4b553042835dc694fbdcf306b5e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:90:11:11:b5:18:4f:5b:1a:28:ed:5f:3c:a2:
                    bd:67:0e:99:7d:2a:dd:05:f8:29:54:b9:5e:79:35:
                    8d:da:65:43:db:95:4c:4a:a6:23:e9:86:5d:f9:d3:
                    51:97:4d:e9:de:e4:05:93:b5:a7:e2:fb:8c:64:a2:
                    08:8f:83:7b:6f:bc:e9:c6:4c:b5:dc:24:cb:ac:e5:
                    99:62:24:96:a4:ef:91:27:91:9b:bb:6e:b0:98:63:
                    7a:5d:94:6f:e4:1b:2c:31:d6:9d:7b:58:a3:ae:87:
                    12:6c:bc:c5:d3:f9:b8:de:d8:ea:12:47:8b:04:31:
                    f1:3a:3c:15:6b:d0:ed:7b:ee:15:27:fa:59:e2:da:
                    55:40:20:c8:3b:99:18:7f:80:1d:04:88:b0:a2:10:
                    0a:7f:9a:18:3b:3e:b1:f9:68:0a:db:a6:28:00:72:
                    4b:45:ed:da:b7:96:0c:82:d9:35:37:00:6f:03:ee:
                    23:d5:e0:2a:28:3e:99:04:fc:92:1d:ad:bd:77:6a:
                    84:c2:46:c7:b4:a3:fd:21:e0:b0:8c:76:68:47:f9:
                    30:eb:d1:c6:1e:d2:71:06:0f:02:55:27:19:f1:98:
                    d1:36:a9:41:24:1e:34:f0:50:e4:dd:94:c9:98:f5:
                    ba:b2:88:e8:3f:a2:06:3a:83:9a:b6:dd:f7:77:18:
                    82:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:B3:2D:24:2C:9E:4B:55:30:42:83:5D:C6:94:FB:DC:F3:06:B5:E1
            X509v3 Authority Key Identifier:
                keyid:6E:EF:39:73:D6:E0:76:81:41:9B:AE:86:7B:D5:14:54:5E:7D:F5:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bu85c9bgdoFBm66Ge9UUVF599do.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/087513-d2d6-43c6-9b79-22f0aaa81327/1/QbMtJCyeS1UwQoNdxpT73PMGteE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/087513-d2d6-43c6-9b79-22f0aaa81327/1/bu85c9bgdoFBm66Ge9UUVF599do.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.100.0/24
                  2.58.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:88:e4:0c:28:42:e3:ee:ce:9a:9d:3c:6b:65:3a:1b:e6:b7:
         4c:a8:a0:5c:1a:8f:30:28:3f:cb:ea:34:55:a4:eb:e1:57:73:
         3c:0d:22:45:15:2a:ea:60:eb:56:d6:42:ef:8e:60:70:49:f7:
         e0:ac:e9:7a:a5:4b:db:86:c9:9c:59:df:37:6e:7a:7c:bf:97:
         2a:ce:2e:6f:e6:5f:aa:53:12:11:70:77:b4:bb:56:c1:09:a3:
         a7:e8:c6:76:91:6a:05:00:e4:9f:96:6a:01:20:43:5d:e9:8c:
         bf:eb:04:bc:39:4c:1a:59:3d:db:25:ac:0c:20:e8:c5:27:fe:
         c2:5c:82:14:52:8a:27:4f:d1:9e:27:62:36:65:b5:f6:eb:6f:
         ec:7e:54:28:83:42:0c:3a:6b:80:5a:72:2b:f4:0c:fb:4f:8a:
         96:ff:76:a0:5c:98:20:7c:0b:fe:a6:29:40:e9:08:cd:bc:4d:
         89:93:d8:f7:5f:09:80:b7:19:71:44:4d:92:2f:82:48:d1:f3:
         bc:27:2e:b1:14:1a:0b:ea:a9:e5:61:1b:a0:9b:77:38:6c:c5:
         4b:4b:38:1c:94:da:aa:b5:fd:70:66:ca:1c:02:63:23:99:d1:
         cf:dd:10:d6:e8:fd:bf:68:f9:2f:29:db:3c:0d:fb:b7:e6:95:
         ec:f8:96:44
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiH4OyxxxPB0pW/5Nbe82RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlZWYzOTczZDZlMDc2ODE0MTliYWU4NjdiZDUxNDU0NWU3
ZGY1ZGEwHhcNMjUwMTAxMTM0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWIzMmQyNDJjOWU0YjU1MzA0MjgzNWRjNjk0ZmJkY2YzMDZiNWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA45AREbUYT1saKO1fPKK9Zw6ZfSrd
BfgpVLleeTWN2mVD25VMSqYj6YZd+dNRl03p3uQFk7Wn4vuMZKIIj4N7b7zpxky1
3CTLrOWZYiSWpO+RJ5Gbu26wmGN6XZRv5BssMdade1ijrocSbLzF0/m43tjqEkeL
BDHxOjwVa9Dte+4VJ/pZ4tpVQCDIO5kYf4AdBIiwohAKf5oYOz6x+WgK26YoAHJL
Re3at5YMgtk1NwBvA+4j1eAqKD6ZBPySHa29d2qEwkbHtKP9IeCwjHZoR/kw69HG
HtJxBg8CVScZ8ZjRNqlBJB408FDk3ZTJmPW6sojoP6IGOoOatt33dxiC1wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEGzLSQsnktVMEKDXcaU+9zzBrXhMB8GA1UdIwQY
MBaAFG7vOXPW4HaBQZuuhnvVFFReffXaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnU4NWM5Ymdkb0ZCbTY2R2U5VVVWRjU5OWRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS8wODc1MTMtZDJkNi00M2M2LTliNzkt
MjJmMGFhYTgxMzI3LzEvUWJNdEpDeWVTMVV3UW9OZHhwVDczUE1HdGVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS8wODc1MTMtZDJkNi00M2M2LTliNzktMjJmMGFhYTgxMzI3
LzEvYnU4NWM5Ymdkb0ZCbTY2R2U5VVVWRjU5OWRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAjpkAwQA
AjpmMA0GCSqGSIb3DQEBCwUAA4IBAQCviOQMKELj7s6anTxrZTob5rdMqKBcGo8w
KD/L6jRVpOvhV3M8DSJFFSrqYOtW1kLvjmBwSffgrOl6pUvbhsmcWd83bnp8v5cq
zi5v5l+qUxIRcHe0u1bBCaOn6MZ2kWoFAOSflmoBIENd6Yy/6wS8OUwaWT3bJawM
IOjFJ/7CXIIUUoonT9GeJ2I2ZbX262/sflQog0IMOmuAWnIr9Az7T4qW/3agXJgg
fAv+pilA6QjNvE2Jk9j3XwmAtxlxRE2SL4JI0fO8Jy6xFBoL6qnlYRugm3c4bMVL
SzgclNqqtf1wZsocAmMjmdHP3RDW6P2/aPkvKds8Dfu35pXs+JZE
-----END CERTIFICATE-----