Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/XPqb1e-UpO0xTkEw7g1HQLSm9ys.roa
File:                     XPqb1e-UpO0xTkEw7g1HQLSm9ys.roa (raw, json)
Hash identifier:          wO9fVIDjsPgmGGKDSOUIWfT1Msy/J29EpvyN6cYQlk4=
Subject key identifier:   5C:FA:9B:D5:EF:94:A4:ED:31:4E:41:30:EE:0D:47:40:B4:A6:F7:2B
Certificate issuer:       /CN=ba60a4d874d9601c8142c352f80c56a43276cd47
Certificate serial:       018CC56EA4E0A6BF3B781C3185CEB9B8372A
Authority key identifier: BA:60:A4:D8:74:D9:60:1C:81:42:C3:52:F8:0C:56:A4:32:76:CD:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/umCk2HTZYByBQsNS-AxWpDJ2zUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/XPqb1e-UpO0xTkEw7g1HQLSm9ys.roa
Signing time:             Mon 01 Jan 2024 14:30:11 +0000
ROA not before:           Mon 01 Jan 2024 14:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49581
IP address blocks:        2.58.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/umCk2HTZYByBQsNS-AxWpDJ2zUc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/umCk2HTZYByBQsNS-AxWpDJ2zUc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/umCk2HTZYByBQsNS-AxWpDJ2zUc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:a4:e0:a6:bf:3b:78:1c:31:85:ce:b9:b8:37:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba60a4d874d9601c8142c352f80c56a43276cd47
        Validity
            Not Before: Jan  1 14:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5cfa9bd5ef94a4ed314e4130ee0d4740b4a6f72b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ea:12:6f:7f:f6:89:12:36:86:22:00:87:49:
                    82:60:12:be:e6:f9:fb:43:27:d9:85:09:cb:4b:8a:
                    9b:f0:12:e0:b7:04:af:f9:aa:11:f4:5f:7f:e0:0f:
                    b6:86:57:3b:ec:ce:da:bc:b2:e0:31:7a:76:b8:55:
                    9e:3d:ea:61:1e:1e:19:8f:33:f2:f3:82:36:02:15:
                    54:2b:25:5e:e1:d9:ee:e5:ea:50:54:f8:e7:0f:9a:
                    27:ab:f7:c6:1a:89:cd:4a:e6:55:9f:e0:a7:2a:3e:
                    b7:a5:ed:3d:e9:d5:9e:17:3b:38:38:95:3d:c7:30:
                    39:21:98:0f:b2:5e:c3:16:7e:56:99:c7:55:58:46:
                    07:4a:b8:30:42:28:a6:30:10:bf:a7:5e:e3:8b:10:
                    1f:1e:89:b3:da:10:5c:01:db:d9:98:e5:15:f3:ca:
                    b8:ea:4b:c2:c2:95:bf:ac:17:6f:ff:8d:19:93:82:
                    4a:39:38:2c:d2:a3:dc:86:ab:fa:f1:70:fa:02:6c:
                    22:a5:bc:1d:bc:d5:88:ef:d5:28:42:e1:83:a5:92:
                    da:fb:f3:6c:ad:3c:1b:cf:a9:56:a9:dc:cf:26:cd:
                    b9:11:0e:76:55:46:e1:a3:a5:bf:dd:14:72:73:67:
                    c2:ce:88:85:23:61:b8:62:c0:d1:1b:4c:c8:51:a1:
                    d8:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:FA:9B:D5:EF:94:A4:ED:31:4E:41:30:EE:0D:47:40:B4:A6:F7:2B
            X509v3 Authority Key Identifier:
                keyid:BA:60:A4:D8:74:D9:60:1C:81:42:C3:52:F8:0C:56:A4:32:76:CD:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/umCk2HTZYByBQsNS-AxWpDJ2zUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/XPqb1e-UpO0xTkEw7g1HQLSm9ys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/umCk2HTZYByBQsNS-AxWpDJ2zUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:f8:f7:45:49:37:55:59:d2:2c:fd:b9:dc:0d:7c:5d:15:35:
         eb:53:7a:76:87:73:91:59:21:51:1c:1b:32:0d:df:0a:c7:da:
         4b:76:63:bd:27:73:40:f4:1f:dc:fd:75:18:1c:9a:3c:ea:4f:
         4d:f2:37:4d:37:c0:68:cf:ab:f8:37:d2:18:36:d0:a3:8a:d0:
         50:46:4b:e0:30:42:de:f6:a1:d9:70:44:cc:e8:a0:04:d2:f9:
         22:80:ee:56:f8:2a:e7:7f:24:ac:fd:ea:d4:ca:fd:94:86:85:
         ab:53:54:0a:1c:aa:98:42:00:35:c6:9a:34:fa:54:1f:2a:f3:
         0d:91:10:26:37:9e:7c:f4:ba:db:52:48:a3:c9:c1:21:7f:c7:
         81:a2:37:27:a2:f0:15:71:73:76:38:4c:18:6a:c4:1e:24:cd:
         61:13:54:75:19:9c:92:b4:ea:57:e1:78:86:19:45:76:89:10:
         8f:c4:20:d7:25:a0:e3:b8:ef:58:ba:6e:60:b0:84:b6:8e:da:
         2d:b9:98:5d:32:40:69:6f:78:35:2e:dd:8d:58:a3:75:81:91:
         80:25:5a:30:36:81:14:cb:85:cb:17:57:4a:4e:9a:29:ed:69:
         41:d8:8a:f2:e1:46:61:85:77:01:4a:5f:22:2f:c6:be:e1:06:
         e8:e9:37:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbqTgpr87eBwxhc65uDcqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNjBhNGQ4NzRkOTYwMWM4MTQyYzM1MmY4MGM1NmE0MzI3
NmNkNDcwHhcNMjQwMTAxMTQzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2ZhOWJkNWVmOTRhNGVkMzE0ZTQxMzBlZTBkNDc0MGI0YTZmNzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsuoSb3/2iRI2hiIAh0mCYBK+5vn7
QyfZhQnLS4qb8BLgtwSv+aoR9F9/4A+2hlc77M7avLLgMXp2uFWePephHh4ZjzPy
84I2AhVUKyVe4dnu5epQVPjnD5onq/fGGonNSuZVn+CnKj63pe096dWeFzs4OJU9
xzA5IZgPsl7DFn5WmcdVWEYHSrgwQiimMBC/p17jixAfHomz2hBcAdvZmOUV88q4
6kvCwpW/rBdv/40Zk4JKOTgs0qPchqv68XD6AmwipbwdvNWI79UoQuGDpZLa+/Ns
rTwbz6lWqdzPJs25EQ52VUbho6W/3RRyc2fCzoiFI2G4YsDRG0zIUaHYTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFz6m9XvlKTtMU5BMO4NR0C0pvcrMB8GA1UdIwQY
MBaAFLpgpNh02WAcgULDUvgMVqQyds1HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW1DazJIVFpZQnlCUXNOUy1BeFdwREoyelVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8yOGNiNWMtMjk4Zi00ZDhiLTgxNWIt
ZTVhMzc3OGJlM2FkLzEvWFBxYjFlLVVwTzB4VGtFdzdnMUhRTFNtOXlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8yOGNiNWMtMjk4Zi00ZDhiLTgxNWItZTVhMzc3OGJlM2Fk
LzEvdW1DazJIVFpZQnlCUXNOUy1BeFdwREoyelVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjpxMA0G
CSqGSIb3DQEBCwUAA4IBAQAi+PdFSTdVWdIs/bncDXxdFTXrU3p2h3ORWSFRHBsy
Dd8Kx9pLdmO9J3NA9B/c/XUYHJo86k9N8jdNN8Boz6v4N9IYNtCjitBQRkvgMELe
9qHZcETM6KAE0vkigO5W+CrnfySs/erUyv2UhoWrU1QKHKqYQgA1xpo0+lQfKvMN
kRAmN5589LrbUkijycEhf8eBojcnovAVcXN2OEwYasQeJM1hE1R1GZyStOpX4XiG
GUV2iRCPxCDXJaDjuO9Yum5gsIS2jtotuZhdMkBpb3g1Lt2NWKN1gZGAJVowNoEU
y4XLF1dKTpop7WlB2Iry4UZhhXcBSl8iL8a+4Qbo6TdH
-----END CERTIFICATE-----