Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/087513-d2d6-43c6-9b79-22f0aaa81327/1/hpo7oeFnmhhJggIoFcu_kyxZbWE.roa
File:                     hpo7oeFnmhhJggIoFcu_kyxZbWE.roa (raw, json)
Hash identifier:          4YehPww9wTduIvbVG86ux20UtqZ5AEsD/TInZHM6PGE=
Subject key identifier:   86:9A:3B:A1:E1:67:9A:18:49:82:02:28:15:CB:BF:93:2C:59:6D:61
Certificate issuer:       /CN=6eef3973d6e07681419bae867bd514545e7df5da
Certificate serial:       018CCA996CFB8E08C8A7D28A75DB295E2BE4
Authority key identifier: 6E:EF:39:73:D6:E0:76:81:41:9B:AE:86:7B:D5:14:54:5E:7D:F5:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bu85c9bgdoFBm66Ge9UUVF599do.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/087513-d2d6-43c6-9b79-22f0aaa81327/1/hpo7oeFnmhhJggIoFcu_kyxZbWE.roa
Signing time:             Tue 02 Jan 2024 14:35:01 +0000
ROA not before:           Tue 02 Jan 2024 14:35:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        2.58.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/087513-d2d6-43c6-9b79-22f0aaa81327/1/bu85c9bgdoFBm66Ge9UUVF599do.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/087513-d2d6-43c6-9b79-22f0aaa81327/1/bu85c9bgdoFBm66Ge9UUVF599do.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bu85c9bgdoFBm66Ge9UUVF599do.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:6c:fb:8e:08:c8:a7:d2:8a:75:db:29:5e:2b:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6eef3973d6e07681419bae867bd514545e7df5da
        Validity
            Not Before: Jan  2 14:35:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=869a3ba1e1679a184982022815cbbf932c596d61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:52:38:e8:c0:9a:8c:7f:ee:9b:af:2f:da:b1:
                    d2:b9:bc:1a:d1:33:e1:b2:ea:12:4c:4e:f8:e7:f2:
                    3f:47:0a:0d:aa:66:43:a5:4d:e6:03:8c:48:af:3b:
                    12:2d:7e:0c:96:0d:fa:2a:a2:f0:70:7b:41:44:66:
                    6a:16:15:0c:bc:49:b6:d6:39:1a:d3:c7:a0:19:50:
                    3f:c3:50:0e:72:47:9d:9a:48:15:eb:e9:eb:2a:94:
                    ae:87:48:3e:91:77:7a:79:ed:bf:b8:a8:6a:75:3f:
                    12:31:c7:26:30:5c:bd:04:34:cb:08:a7:bd:7f:23:
                    62:4a:7d:e9:52:36:fe:b6:22:ea:88:8a:74:cf:59:
                    51:38:4c:22:88:73:12:a8:10:9e:8b:6f:40:6d:94:
                    2e:67:bb:a2:c4:b5:78:49:e2:b8:83:81:13:e9:5e:
                    4d:74:1a:2e:b5:0d:68:8e:44:e7:ea:79:ce:e3:ed:
                    7b:d6:fd:ca:c7:2e:fe:80:fe:2f:74:bc:ee:6b:61:
                    a3:ad:b0:f4:bc:98:24:d7:93:7c:2f:5f:7a:44:aa:
                    3f:40:72:23:28:4a:94:81:64:21:ba:4c:c2:cc:c0:
                    e2:b9:a7:ac:44:78:0e:d3:97:81:6e:21:3a:45:20:
                    15:3f:fc:b8:9c:78:c9:56:97:73:b2:0c:73:6b:1f:
                    dd:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:9A:3B:A1:E1:67:9A:18:49:82:02:28:15:CB:BF:93:2C:59:6D:61
            X509v3 Authority Key Identifier:
                keyid:6E:EF:39:73:D6:E0:76:81:41:9B:AE:86:7B:D5:14:54:5E:7D:F5:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bu85c9bgdoFBm66Ge9UUVF599do.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/087513-d2d6-43c6-9b79-22f0aaa81327/1/hpo7oeFnmhhJggIoFcu_kyxZbWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/087513-d2d6-43c6-9b79-22f0aaa81327/1/bu85c9bgdoFBm66Ge9UUVF599do.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:30:6b:3d:be:53:42:bd:34:08:bd:a8:58:a7:77:34:5f:a3:
         d8:19:2e:58:2c:0b:91:79:8d:d3:8a:ce:8b:70:da:96:25:be:
         a7:43:e6:19:8b:53:c7:34:af:b2:0f:8f:e2:e2:d4:19:f0:53:
         b4:37:f2:a9:f4:69:c9:cb:bf:54:2b:53:7a:84:f2:68:ea:1c:
         09:5f:11:56:77:33:b1:10:ed:aa:0c:06:07:6f:7e:26:0c:7a:
         52:4f:aa:c3:5a:2b:dd:1e:16:4f:88:f9:ad:a3:e0:df:79:71:
         30:0d:07:fe:65:9c:ec:ca:07:4d:63:fa:c8:0a:55:d8:b1:47:
         a6:3e:ae:1e:cc:3e:fd:2a:f9:6a:d5:e3:ef:cf:9d:25:8a:cf:
         42:c9:9e:ae:ee:c9:ac:f6:a7:c5:3f:73:25:35:6b:8f:a0:28:
         ee:7e:64:ae:d2:6c:cf:a3:68:90:da:fa:1a:1d:7d:c7:b2:3a:
         8e:57:ff:29:17:2c:c8:d2:cf:19:61:b3:fd:d1:2b:81:87:ce:
         89:f9:9d:42:b0:d7:5d:53:7a:52:f5:e3:54:8c:f3:c5:60:26:
         2f:49:9c:c7:d3:58:eb:e3:b8:84:93:8c:da:33:b3:0e:0e:61:
         9d:4f:0b:8c:14:48:9f:29:ac:1a:27:35:43:63:0e:1c:cb:39:
         d1:75:99:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmWz7jgjIp9KKddspXivkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlZWYzOTczZDZlMDc2ODE0MTliYWU4NjdiZDUxNDU0NWU3
ZGY1ZGEwHhcNMjQwMTAyMTQzNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjlhM2JhMWUxNjc5YTE4NDk4MjAyMjgxNWNiYmY5MzJjNTk2ZDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFI46MCajH/um68v2rHSubwa0TPh
suoSTE745/I/RwoNqmZDpU3mA4xIrzsSLX4Mlg36KqLwcHtBRGZqFhUMvEm21jka
08egGVA/w1AOckedmkgV6+nrKpSuh0g+kXd6ee2/uKhqdT8SMccmMFy9BDTLCKe9
fyNiSn3pUjb+tiLqiIp0z1lROEwiiHMSqBCei29AbZQuZ7uixLV4SeK4g4ET6V5N
dBoutQ1ojkTn6nnO4+171v3Kxy7+gP4vdLzua2GjrbD0vJgk15N8L196RKo/QHIj
KEqUgWQhukzCzMDiuaesRHgO05eBbiE6RSAVP/y4nHjJVpdzsgxzax/dzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIaaO6HhZ5oYSYICKBXLv5MsWW1hMB8GA1UdIwQY
MBaAFG7vOXPW4HaBQZuuhnvVFFReffXaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnU4NWM5Ymdkb0ZCbTY2R2U5VVVWRjU5OWRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS8wODc1MTMtZDJkNi00M2M2LTliNzkt
MjJmMGFhYTgxMzI3LzEvaHBvN29lRm5taGhKZ2dJb0ZjdV9reXhaYldFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS8wODc1MTMtZDJkNi00M2M2LTliNzktMjJmMGFhYTgxMzI3
LzEvYnU4NWM5Ymdkb0ZCbTY2R2U5VVVWRjU5OWRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjpmMA0G
CSqGSIb3DQEBCwUAA4IBAQA1MGs9vlNCvTQIvahYp3c0X6PYGS5YLAuReY3Tis6L
cNqWJb6nQ+YZi1PHNK+yD4/i4tQZ8FO0N/Kp9GnJy79UK1N6hPJo6hwJXxFWdzOx
EO2qDAYHb34mDHpST6rDWivdHhZPiPmto+DfeXEwDQf+ZZzsygdNY/rIClXYsUem
Pq4ezD79Kvlq1ePvz50lis9CyZ6u7sms9qfFP3MlNWuPoCjufmSu0mzPo2iQ2voa
HX3HsjqOV/8pFyzI0s8ZYbP90SuBh86J+Z1CsNddU3pS9eNUjPPFYCYvSZzH01jr
47iEk4zaM7MODmGdTwuMFEifKawaJzVDYw4cyznRdZk7
-----END CERTIFICATE-----