Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/bHZh-gl2BV9HaE6gMvNJJyeNKUs.roa
File:                     bHZh-gl2BV9HaE6gMvNJJyeNKUs.roa (raw, json)
Hash identifier:          sDUjjxYqPfgF3z6qcjo8Ch8x8GHsvhm9yqvWs72G0WI=
Subject key identifier:   6C:76:61:FA:09:76:05:5F:47:68:4E:A0:32:F3:49:27:27:8D:29:4B
Certificate issuer:       /CN=ba60a4d874d9601c8142c352f80c56a43276cd47
Certificate serial:       019423D7E496607DD5A44BC4E1D68B5BEFB4
Authority key identifier: BA:60:A4:D8:74:D9:60:1C:81:42:C3:52:F8:0C:56:A4:32:76:CD:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/umCk2HTZYByBQsNS-AxWpDJ2zUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/bHZh-gl2BV9HaE6gMvNJJyeNKUs.roa
Signing time:             Wed 01 Jan 2025 21:48:58 +0000
ROA not before:           Wed 01 Jan 2025 21:48:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34318
IP address blocks:        2.58.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/umCk2HTZYByBQsNS-AxWpDJ2zUc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/umCk2HTZYByBQsNS-AxWpDJ2zUc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/umCk2HTZYByBQsNS-AxWpDJ2zUc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 02:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:e4:96:60:7d:d5:a4:4b:c4:e1:d6:8b:5b:ef:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba60a4d874d9601c8142c352f80c56a43276cd47
        Validity
            Not Before: Jan  1 21:48:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6c7661fa0976055f47684ea032f34927278d294b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:01:8e:bd:e5:4c:f2:ba:b1:d1:78:a0:1d:45:
                    f1:ca:cc:c4:73:f9:8b:d0:13:98:74:67:5d:b3:16:
                    90:c6:7b:8b:20:6c:f0:b5:f9:24:2f:d2:99:35:66:
                    b9:04:5c:48:b1:7b:b5:a9:40:87:a6:ab:b7:9d:0a:
                    02:ea:82:d2:bd:1a:09:ec:f6:58:23:79:9a:ca:2f:
                    6f:d5:37:61:2f:dd:0e:d5:7b:9d:69:1d:0b:24:2a:
                    8a:4a:cc:88:f9:49:47:a4:36:31:46:8b:20:75:08:
                    50:42:ca:9a:aa:cf:00:c2:bc:8a:5b:2b:27:79:3c:
                    88:70:ff:ad:d7:0c:17:98:93:b3:68:fb:69:40:48:
                    ab:c3:48:85:97:d4:32:44:03:c2:38:85:4b:73:f2:
                    a1:c6:3c:68:66:6f:b5:08:0b:97:67:b4:6f:9e:02:
                    f8:9f:47:a9:8c:07:4a:eb:27:3c:3d:5a:d7:41:7c:
                    45:03:84:98:69:0a:72:19:bf:d9:33:2f:bc:ff:b8:
                    e9:a6:f0:82:ca:8f:67:1d:d4:bc:e1:f4:9d:1e:06:
                    d7:87:7b:26:7f:cd:9d:4c:28:99:68:a8:fd:e2:1d:
                    16:2a:eb:22:98:85:fe:48:73:dc:a7:1b:60:b1:20:
                    87:5e:b4:40:b3:77:e4:d6:14:21:b2:4e:cc:73:f4:
                    fe:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:76:61:FA:09:76:05:5F:47:68:4E:A0:32:F3:49:27:27:8D:29:4B
            X509v3 Authority Key Identifier:
                keyid:BA:60:A4:D8:74:D9:60:1C:81:42:C3:52:F8:0C:56:A4:32:76:CD:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/umCk2HTZYByBQsNS-AxWpDJ2zUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/bHZh-gl2BV9HaE6gMvNJJyeNKUs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/umCk2HTZYByBQsNS-AxWpDJ2zUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:db:60:36:7d:65:16:e9:e7:0f:c7:fb:89:8e:59:84:94:13:
         5b:97:a1:09:ae:fe:7d:83:e1:0c:33:d2:7c:0a:b0:1f:67:d8:
         7b:e5:81:73:83:64:5f:86:dd:e8:ea:d7:c4:79:7b:36:84:b5:
         33:01:6d:50:20:4a:b4:0e:c4:6d:c0:e9:98:4a:ce:71:1a:91:
         06:e3:ac:83:b2:8a:86:e5:78:0e:c0:43:54:00:48:31:43:4a:
         36:bd:7b:2b:d7:1f:08:cb:6a:44:d0:b7:23:40:f8:3d:f7:af:
         61:35:f6:78:69:bc:7a:3b:a8:fe:c5:96:11:28:3d:67:49:3b:
         61:19:98:0c:8f:ee:29:85:0b:65:17:9e:60:ea:c7:c1:0e:af:
         b6:d0:7c:ea:34:38:76:01:c2:83:1f:6e:d9:ac:e2:16:32:14:
         0a:ef:73:60:78:0a:b6:39:0c:0e:49:c6:97:ac:ae:49:56:76:
         e4:ea:17:f8:e5:0e:b7:19:91:be:12:d4:09:9c:cf:1f:8e:20:
         88:69:2d:89:5c:6e:10:4b:ca:19:41:62:c8:46:e6:72:fc:c4:
         de:f1:22:9c:a7:65:49:cf:d6:20:c4:2c:f0:d8:55:15:bb:18:
         c9:e4:a5:ac:c4:0e:a5:da:24:32:63:4a:86:5d:96:c1:1e:4f:
         59:ed:86:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1+SWYH3VpEvE4daLW++0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNjBhNGQ4NzRkOTYwMWM4MTQyYzM1MmY4MGM1NmE0MzI3
NmNkNDcwHhcNMjUwMTAxMjE0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Yzc2NjFmYTA5NzYwNTVmNDc2ODRlYTAzMmYzNDkyNzI3OGQyOTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgGOveVM8rqx0XigHUXxyszEc/mL
0BOYdGddsxaQxnuLIGzwtfkkL9KZNWa5BFxIsXu1qUCHpqu3nQoC6oLSvRoJ7PZY
I3mayi9v1TdhL90O1XudaR0LJCqKSsyI+UlHpDYxRosgdQhQQsqaqs8AwryKWysn
eTyIcP+t1wwXmJOzaPtpQEirw0iFl9QyRAPCOIVLc/KhxjxoZm+1CAuXZ7RvngL4
n0epjAdK6yc8PVrXQXxFA4SYaQpyGb/ZMy+8/7jppvCCyo9nHdS84fSdHgbXh3sm
f82dTCiZaKj94h0WKusimIX+SHPcpxtgsSCHXrRAs3fk1hQhsk7Mc/T+lwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGx2YfoJdgVfR2hOoDLzSScnjSlLMB8GA1UdIwQY
MBaAFLpgpNh02WAcgULDUvgMVqQyds1HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW1DazJIVFpZQnlCUXNOUy1BeFdwREoyelVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8yOGNiNWMtMjk4Zi00ZDhiLTgxNWIt
ZTVhMzc3OGJlM2FkLzEvYkhaaC1nbDJCVjlIYUU2Z012TkpKeWVOS1VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8yOGNiNWMtMjk4Zi00ZDhiLTgxNWItZTVhMzc3OGJlM2Fk
LzEvdW1DazJIVFpZQnlCUXNOUy1BeFdwREoyelVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjpyMA0G
CSqGSIb3DQEBCwUAA4IBAQCm22A2fWUW6ecPx/uJjlmElBNbl6EJrv59g+EMM9J8
CrAfZ9h75YFzg2Rfht3o6tfEeXs2hLUzAW1QIEq0DsRtwOmYSs5xGpEG46yDsoqG
5XgOwENUAEgxQ0o2vXsr1x8Iy2pE0LcjQPg9969hNfZ4abx6O6j+xZYRKD1nSTth
GZgMj+4phQtlF55g6sfBDq+20HzqNDh2AcKDH27ZrOIWMhQK73NgeAq2OQwOScaX
rK5JVnbk6hf45Q63GZG+EtQJnM8fjiCIaS2JXG4QS8oZQWLIRuZy/MTe8SKcp2VJ
z9YgxCzw2FUVuxjJ5KWsxA6l2iQyY0qGXZbBHk9Z7Ya2
-----END CERTIFICATE-----