Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/N7p9fg8KHnPoYmMFCs4NGS10eCo.roa
File:                     N7p9fg8KHnPoYmMFCs4NGS10eCo.roa (raw, json)
Hash identifier:          NwZc+X7F9nkOFSwua9s8tZ8ou59PlCso7DbHuCDJpNo=
Subject key identifier:   37:BA:7D:7E:0F:0A:1E:73:E8:62:63:05:0A:CE:0D:19:2D:74:78:2A
Certificate issuer:       /CN=ba60a4d874d9601c8142c352f80c56a43276cd47
Certificate serial:       018E3DEE34D923F1C9864A6DDA9911AB4627
Authority key identifier: BA:60:A4:D8:74:D9:60:1C:81:42:C3:52:F8:0C:56:A4:32:76:CD:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/umCk2HTZYByBQsNS-AxWpDJ2zUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/N7p9fg8KHnPoYmMFCs4NGS10eCo.roa
Signing time:             Thu 14 Mar 2024 17:06:45 +0000
ROA not before:           Thu 14 Mar 2024 17:06:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209185
IP address blocks:        2.58.112.0/24 maxlen: 24
                          2a09:e440::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/umCk2HTZYByBQsNS-AxWpDJ2zUc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/umCk2HTZYByBQsNS-AxWpDJ2zUc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/umCk2HTZYByBQsNS-AxWpDJ2zUc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:3d:ee:34:d9:23:f1:c9:86:4a:6d:da:99:11:ab:46:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba60a4d874d9601c8142c352f80c56a43276cd47
        Validity
            Not Before: Mar 14 17:06:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37ba7d7e0f0a1e73e86263050ace0d192d74782a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:09:52:07:35:35:4e:9d:43:e1:85:f4:57:9d:
                    b7:a8:2b:dc:ae:a8:1e:0d:be:72:17:ed:74:fb:18:
                    1b:7c:ad:46:87:d6:ee:df:52:c3:e5:62:2c:78:d4:
                    63:b4:af:e6:c9:81:60:31:00:f2:6f:78:66:6a:03:
                    24:de:ff:79:4e:51:50:5a:75:ec:24:c5:a9:dc:2a:
                    59:39:8c:5f:52:7b:6e:d7:93:41:ce:7e:88:9f:f3:
                    59:7f:66:a4:99:91:a0:03:de:bd:72:91:e9:ac:8e:
                    22:e7:19:7f:fe:a9:ca:24:f1:39:81:99:c9:26:34:
                    54:70:64:72:69:fa:15:95:e8:15:95:18:87:51:15:
                    25:8d:01:84:ef:9e:f6:e3:b0:bb:aa:85:f1:de:94:
                    59:cd:e0:6e:e6:7b:a6:cb:33:0a:a0:7a:5f:04:00:
                    8b:68:ff:cc:d3:34:7c:eb:3c:b6:f8:49:ba:0d:3c:
                    70:9d:a9:28:f0:e5:e5:08:ce:31:61:5d:6f:13:b4:
                    88:c3:44:c0:71:bb:41:23:79:4e:18:09:81:49:95:
                    cb:cc:b6:e2:45:5a:68:cd:84:1b:14:07:92:c0:df:
                    4b:c6:08:44:c4:d7:85:e3:1f:51:de:e6:ac:3b:2c:
                    10:46:79:99:cb:10:32:01:24:69:d5:28:a4:14:cc:
                    fe:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:BA:7D:7E:0F:0A:1E:73:E8:62:63:05:0A:CE:0D:19:2D:74:78:2A
            X509v3 Authority Key Identifier:
                keyid:BA:60:A4:D8:74:D9:60:1C:81:42:C3:52:F8:0C:56:A4:32:76:CD:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/umCk2HTZYByBQsNS-AxWpDJ2zUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/N7p9fg8KHnPoYmMFCs4NGS10eCo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/umCk2HTZYByBQsNS-AxWpDJ2zUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.112.0/24
                IPv6:
                  2a09:e440::/40

    Signature Algorithm: sha256WithRSAEncryption
         58:c1:03:e1:fa:c4:4c:1c:74:86:57:b6:f1:9c:56:4e:54:2f:
         e5:26:bc:ff:f9:7e:6a:15:ab:50:97:7b:f6:05:8f:bb:a2:87:
         c1:27:67:a1:7f:4f:48:4d:a3:57:0d:e7:bd:16:27:d4:33:2f:
         36:bc:c3:c8:80:1e:ba:05:ba:6e:bf:d0:0b:82:2b:dc:c6:d3:
         8d:ed:e0:d2:e3:d8:7c:14:44:15:5a:9f:83:2d:9d:35:f6:0a:
         10:fe:68:94:4c:6b:5d:ad:3f:42:3e:42:8a:95:1c:6f:ed:73:
         97:e3:08:ef:c8:05:c6:1c:3b:db:b8:42:ff:d4:1d:a3:02:91:
         a6:07:79:68:d5:cc:06:22:68:0a:eb:ed:26:92:cd:97:f8:71:
         2c:5d:6e:74:ce:5a:a1:5d:83:4a:94:ca:5a:5b:31:49:cb:4e:
         78:8e:2b:7b:9c:b4:43:6d:62:4d:bc:e5:01:4b:e0:dd:2f:4e:
         ed:67:4b:94:d0:58:ab:d3:48:68:be:2c:ae:81:f8:27:f8:7b:
         04:b1:bf:88:1a:67:50:c5:15:4c:50:f0:be:34:87:42:44:07:
         82:d0:71:95:3e:8d:96:76:70:f9:02:a7:74:e2:f8:a6:4d:3e:
         fd:60:e3:17:28:ee:16:08:88:34:15:fa:27:07:7e:1d:4b:6d:
         ec:40:4a:1a
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAY497jTZI/HJhkpt2pkRq0YnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNjBhNGQ4NzRkOTYwMWM4MTQyYzM1MmY4MGM1NmE0MzI3
NmNkNDcwHhcNMjQwMzE0MTcwNjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2JhN2Q3ZTBmMGExZTczZTg2MjYzMDUwYWNlMGQxOTJkNzQ3ODJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQlSBzU1Tp1D4YX0V523qCvcrqge
Db5yF+10+xgbfK1Gh9bu31LD5WIseNRjtK/myYFgMQDyb3hmagMk3v95TlFQWnXs
JMWp3CpZOYxfUntu15NBzn6In/NZf2akmZGgA969cpHprI4i5xl//qnKJPE5gZnJ
JjRUcGRyafoVlegVlRiHURUljQGE757247C7qoXx3pRZzeBu5numyzMKoHpfBACL
aP/M0zR86zy2+Em6DTxwnako8OXlCM4xYV1vE7SIw0TAcbtBI3lOGAmBSZXLzLbi
RVpozYQbFAeSwN9LxghExNeF4x9R3uasOywQRnmZyxAyASRp1SikFMz+DwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFDe6fX4PCh5z6GJjBQrODRktdHgqMB8GA1UdIwQY
MBaAFLpgpNh02WAcgULDUvgMVqQyds1HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW1DazJIVFpZQnlCUXNOUy1BeFdwREoyelVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8yOGNiNWMtMjk4Zi00ZDhiLTgxNWIt
ZTVhMzc3OGJlM2FkLzEvTjdwOWZnOEtIblBvWW1NRkNzNE5HUzEwZUNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8yOGNiNWMtMjk4Zi00ZDhiLTgxNWItZTVhMzc3OGJlM2Fk
LzEvdW1DazJIVFpZQnlCUXNOUy1BeFdwREoyelVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAAjpwMA4E
AgACMAgDBgAqCeRAADANBgkqhkiG9w0BAQsFAAOCAQEAWMED4frETBx0hle28ZxW
TlQv5Sa8//l+ahWrUJd79gWPu6KHwSdnoX9PSE2jVw3nvRYn1DMvNrzDyIAeugW6
br/QC4Ir3MbTje3g0uPYfBREFVqfgy2dNfYKEP5olExrXa0/Qj5CipUcb+1zl+MI
78gFxhw727hC/9QdowKRpgd5aNXMBiJoCuvtJpLNl/hxLF1udM5aoV2DSpTKWlsx
SctOeI4re5y0Q21iTbzlAUvg3S9O7WdLlNBYq9NIaL4sroH4J/h7BLG/iBpnUMUV
TFDwvjSHQkQHgtBxlT6NlnZw+QKndOL4pk0+/WDjFyjuFgiINBX6Jwd+HUtt7EBK
Gg==
-----END CERTIFICATE-----