Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/jiKl7KXy7uDZcCf0jONPCCanmjQ.roa
File:                     jiKl7KXy7uDZcCf0jONPCCanmjQ.roa (raw, json)
Hash identifier:          I2URJ4U8fPQvh8mFEeeFkmio7q2u3stHu9cWTRW1I2s=
Subject key identifier:   8E:22:A5:EC:A5:F2:EE:E0:D9:70:27:F4:8C:E3:4F:08:26:A7:9A:34
Certificate issuer:       /CN=ba60a4d874d9601c8142c352f80c56a43276cd47
Certificate serial:       018CC56EA45C543636D7EB046C105376C50D
Authority key identifier: BA:60:A4:D8:74:D9:60:1C:81:42:C3:52:F8:0C:56:A4:32:76:CD:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/umCk2HTZYByBQsNS-AxWpDJ2zUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/jiKl7KXy7uDZcCf0jONPCCanmjQ.roa
Signing time:             Mon 01 Jan 2024 14:30:11 +0000
ROA not before:           Mon 01 Jan 2024 14:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44592
IP address blocks:        2.58.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/umCk2HTZYByBQsNS-AxWpDJ2zUc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/umCk2HTZYByBQsNS-AxWpDJ2zUc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/umCk2HTZYByBQsNS-AxWpDJ2zUc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:a4:5c:54:36:36:d7:eb:04:6c:10:53:76:c5:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba60a4d874d9601c8142c352f80c56a43276cd47
        Validity
            Not Before: Jan  1 14:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e22a5eca5f2eee0d97027f48ce34f0826a79a34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:93:c2:01:bf:46:c1:19:8c:7a:c9:79:84:94:
                    b4:db:d6:6a:14:7d:bc:77:20:a1:43:f6:dc:02:71:
                    72:43:15:63:a3:11:3b:da:b8:01:c7:3a:3e:9e:47:
                    c8:73:6f:d6:e3:35:21:6f:e6:8c:6c:a4:a9:f3:3a:
                    df:31:4e:1e:20:f7:22:bf:17:e9:32:75:33:42:64:
                    97:a9:03:9b:2c:b8:17:97:b8:31:22:42:e6:eb:5b:
                    ae:2e:3c:4c:5b:2d:29:52:3a:f6:50:7a:18:44:fd:
                    8e:da:d1:10:88:17:e0:50:a2:e5:20:ef:dd:b3:b0:
                    7f:72:8b:f9:3c:3a:49:fd:bc:43:10:e8:da:78:46:
                    b1:3b:49:7f:f7:97:84:47:1f:dc:1a:8a:3a:dc:c7:
                    39:78:cd:f8:05:2b:55:7b:d9:d3:45:44:77:31:2a:
                    7c:31:f3:ce:b5:16:0c:f9:fb:91:c1:8f:e0:16:a6:
                    f8:8b:bc:ca:ea:93:9f:90:ee:32:66:61:dc:e0:bd:
                    02:15:89:39:a7:4f:7a:4d:da:e0:6d:89:41:bd:2f:
                    80:dd:95:c5:bf:24:d9:ae:db:4f:ec:a9:b8:28:70:
                    43:1a:b7:aa:99:ca:05:dc:c8:0d:78:04:76:d9:96:
                    d8:80:da:aa:d2:f2:0f:8d:ab:cb:47:be:43:b6:1b:
                    e9:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:22:A5:EC:A5:F2:EE:E0:D9:70:27:F4:8C:E3:4F:08:26:A7:9A:34
            X509v3 Authority Key Identifier:
                keyid:BA:60:A4:D8:74:D9:60:1C:81:42:C3:52:F8:0C:56:A4:32:76:CD:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/umCk2HTZYByBQsNS-AxWpDJ2zUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/jiKl7KXy7uDZcCf0jONPCCanmjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/umCk2HTZYByBQsNS-AxWpDJ2zUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:8d:73:ed:04:71:37:de:9a:70:95:58:02:05:c2:c7:dd:28:
         c1:2a:a2:32:6d:76:b9:21:84:4f:4b:1f:9e:08:22:7e:8a:54:
         86:14:ab:f4:57:48:68:ac:ab:24:66:0a:13:c4:58:13:07:68:
         ff:0f:7e:57:b2:b5:72:1c:e3:a6:03:26:cb:fd:e4:99:cd:a7:
         7e:eb:08:13:87:f5:e1:c4:d5:14:ad:02:a7:c4:39:40:55:47:
         1d:01:36:a9:8f:40:a0:3b:04:e8:83:30:2a:18:00:af:31:6a:
         f1:9a:5f:ff:14:a7:21:42:e3:d0:cc:70:ca:57:6f:9e:72:7d:
         69:7c:60:e7:7e:81:42:7a:d6:5e:3f:28:6b:18:da:fb:87:2a:
         e0:52:ba:c6:69:3d:82:79:db:59:d5:7b:b1:81:93:27:47:45:
         d4:81:ef:e4:3a:97:23:71:98:7e:c1:69:eb:d2:ab:42:8a:a1:
         5b:03:ae:ba:40:c8:79:3b:72:09:c2:ed:fd:ee:7b:22:f6:f1:
         0b:43:85:7e:90:e2:a7:d0:d5:fd:04:5f:a2:6b:a4:e8:52:ff:
         45:fd:5f:e5:6a:8b:79:13:04:76:14:8c:f1:a4:47:9b:1f:dd:
         fb:86:b7:67:83:ea:b0:70:81:09:81:da:ae:02:c3:ac:d1:b8:
         c7:c0:0f:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbqRcVDY21+sEbBBTdsUNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNjBhNGQ4NzRkOTYwMWM4MTQyYzM1MmY4MGM1NmE0MzI3
NmNkNDcwHhcNMjQwMTAxMTQzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTIyYTVlY2E1ZjJlZWUwZDk3MDI3ZjQ4Y2UzNGYwODI2YTc5YTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhpPCAb9GwRmMesl5hJS029ZqFH28
dyChQ/bcAnFyQxVjoxE72rgBxzo+nkfIc2/W4zUhb+aMbKSp8zrfMU4eIPcivxfp
MnUzQmSXqQObLLgXl7gxIkLm61uuLjxMWy0pUjr2UHoYRP2O2tEQiBfgUKLlIO/d
s7B/cov5PDpJ/bxDEOjaeEaxO0l/95eERx/cGoo63Mc5eM34BStVe9nTRUR3MSp8
MfPOtRYM+fuRwY/gFqb4i7zK6pOfkO4yZmHc4L0CFYk5p096TdrgbYlBvS+A3ZXF
vyTZrttP7Km4KHBDGreqmcoF3MgNeAR22ZbYgNqq0vIPjavLR75DthvpgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI4ipeyl8u7g2XAn9IzjTwgmp5o0MB8GA1UdIwQY
MBaAFLpgpNh02WAcgULDUvgMVqQyds1HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW1DazJIVFpZQnlCUXNOUy1BeFdwREoyelVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8yOGNiNWMtMjk4Zi00ZDhiLTgxNWIt
ZTVhMzc3OGJlM2FkLzEvamlLbDdLWHk3dURaY0NmMGpPTlBDQ2FubWpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8yOGNiNWMtMjk4Zi00ZDhiLTgxNWItZTVhMzc3OGJlM2Fk
LzEvdW1DazJIVFpZQnlCUXNOUy1BeFdwREoyelVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjpxMA0G
CSqGSIb3DQEBCwUAA4IBAQB7jXPtBHE33ppwlVgCBcLH3SjBKqIybXa5IYRPSx+e
CCJ+ilSGFKv0V0horKskZgoTxFgTB2j/D35XsrVyHOOmAybL/eSZzad+6wgTh/Xh
xNUUrQKnxDlAVUcdATapj0CgOwTogzAqGACvMWrxml//FKchQuPQzHDKV2+ecn1p
fGDnfoFCetZePyhrGNr7hyrgUrrGaT2CedtZ1XuxgZMnR0XUge/kOpcjcZh+wWnr
0qtCiqFbA666QMh5O3IJwu397nsi9vELQ4V+kOKn0NX9BF+ia6ToUv9F/V/laot5
EwR2FIzxpEebH937hrdng+qwcIEJgdquAsOs0bjHwA/K
-----END CERTIFICATE-----