Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/zMnP4SbXXtzO5Qz_HmHXST-lJbc.roa
File:                     zMnP4SbXXtzO5Qz_HmHXST-lJbc.roa (raw, json)
Hash identifier:          x/mXpix8fyVF7pfT27hYA7xsa5opQzKkRx7F0dXWqMU=
Subject key identifier:   CC:C9:CF:E1:26:D7:5E:DC:CE:E5:0C:FF:1E:61:D7:49:3F:A5:25:B7
Certificate issuer:       /CN=ba60a4d874d9601c8142c352f80c56a43276cd47
Certificate serial:       019423D7E5276B31A19D4682FA2202A59A81
Authority key identifier: BA:60:A4:D8:74:D9:60:1C:81:42:C3:52:F8:0C:56:A4:32:76:CD:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/umCk2HTZYByBQsNS-AxWpDJ2zUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/zMnP4SbXXtzO5Qz_HmHXST-lJbc.roa
Signing time:             Wed 01 Jan 2025 21:48:58 +0000
ROA not before:           Wed 01 Jan 2025 21:48:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44592
IP address blocks:        2.58.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/umCk2HTZYByBQsNS-AxWpDJ2zUc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/umCk2HTZYByBQsNS-AxWpDJ2zUc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/umCk2HTZYByBQsNS-AxWpDJ2zUc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:e5:27:6b:31:a1:9d:46:82:fa:22:02:a5:9a:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba60a4d874d9601c8142c352f80c56a43276cd47
        Validity
            Not Before: Jan  1 21:48:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ccc9cfe126d75edccee50cff1e61d7493fa525b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:44:7b:da:25:3b:b6:40:53:0f:47:76:39:f2:
                    9e:ec:b6:04:ae:dc:f7:40:f7:e3:70:78:09:76:66:
                    68:57:16:e3:07:7a:63:4a:33:8b:74:e4:8c:f3:62:
                    76:a5:08:58:3a:55:04:7b:e1:a7:1f:b0:c1:67:52:
                    29:12:c4:93:e8:a0:8e:6c:69:ce:cd:d4:51:88:06:
                    b7:43:14:a2:43:40:31:0f:36:c6:43:c1:0f:73:c5:
                    d6:e9:5a:8a:ab:aa:c9:9b:4f:2b:da:6f:d3:84:f6:
                    8a:52:30:45:85:20:35:49:88:ae:40:06:68:8b:67:
                    a5:b4:06:cd:ea:48:ef:c9:3a:cf:f1:a5:5f:da:7e:
                    1f:76:c6:7c:1a:45:9a:36:d8:9a:57:68:87:f3:83:
                    0e:11:79:33:94:e7:c8:eb:76:9c:bb:d0:fe:7d:79:
                    c8:b4:15:08:a4:8c:dc:9e:0b:d5:5a:e9:73:e2:62:
                    d3:5e:19:a7:56:76:b0:3b:f8:c7:4b:e3:e5:1e:5f:
                    2d:af:83:26:2c:a9:a5:85:12:ec:cb:38:9c:92:5b:
                    15:79:7d:66:d7:08:f9:c5:7a:8f:87:20:5f:82:0c:
                    56:95:53:f4:48:1a:a0:c7:4d:26:dc:95:4b:a3:99:
                    6e:8d:47:12:2d:d3:98:d7:f1:27:e3:d1:9d:26:71:
                    78:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:C9:CF:E1:26:D7:5E:DC:CE:E5:0C:FF:1E:61:D7:49:3F:A5:25:B7
            X509v3 Authority Key Identifier:
                keyid:BA:60:A4:D8:74:D9:60:1C:81:42:C3:52:F8:0C:56:A4:32:76:CD:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/umCk2HTZYByBQsNS-AxWpDJ2zUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/zMnP4SbXXtzO5Qz_HmHXST-lJbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/28cb5c-298f-4d8b-815b-e5a3778be3ad/1/umCk2HTZYByBQsNS-AxWpDJ2zUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:e2:e3:18:97:77:ef:95:65:2b:c8:ba:52:86:41:63:b3:77:
         3b:9f:1e:bd:e6:ab:65:0d:68:58:ae:90:68:45:7e:19:35:d4:
         5c:77:b5:60:bb:e9:65:08:a4:9a:38:5d:ef:1e:c0:f1:60:d4:
         2b:6b:b3:c7:f5:05:18:12:e7:fd:48:22:f4:fb:32:6f:f8:98:
         02:99:d2:a2:f7:e1:a3:af:09:88:2b:3b:39:5f:71:bc:96:24:
         0d:78:ab:25:cc:ee:f7:d1:a6:90:9a:ce:18:be:22:3e:d7:d2:
         e3:ae:25:92:ea:7a:7d:47:02:ed:b7:11:48:68:00:b6:bc:ae:
         fb:f7:b7:bf:ab:80:31:e2:46:62:e1:2e:b8:c4:8b:45:8e:c6:
         68:dc:76:38:27:3d:57:3a:69:f0:3d:02:a9:39:80:93:fc:5b:
         bd:82:ff:cd:c6:48:6e:c7:c3:84:4f:b0:e1:52:ea:8d:a2:e6:
         ee:70:3d:7d:f7:46:33:1b:d8:de:ca:90:b8:6e:07:2e:f4:50:
         63:8f:20:81:db:42:83:3d:91:c8:b6:5c:eb:53:d0:f6:03:13:
         bb:6e:ce:d1:34:a8:65:87:52:f3:64:d6:49:d4:06:1c:6d:de:
         a0:2d:c6:36:63:58:97:e4:bd:fb:3e:7f:70:e7:f2:0b:14:a4:
         8c:4d:99:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1+UnazGhnUaC+iICpZqBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNjBhNGQ4NzRkOTYwMWM4MTQyYzM1MmY4MGM1NmE0MzI3
NmNkNDcwHhcNMjUwMTAxMjE0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2M5Y2ZlMTI2ZDc1ZWRjY2VlNTBjZmYxZTYxZDc0OTNmYTUyNWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0R72iU7tkBTD0d2OfKe7LYErtz3
QPfjcHgJdmZoVxbjB3pjSjOLdOSM82J2pQhYOlUEe+GnH7DBZ1IpEsST6KCObGnO
zdRRiAa3QxSiQ0AxDzbGQ8EPc8XW6VqKq6rJm08r2m/ThPaKUjBFhSA1SYiuQAZo
i2eltAbN6kjvyTrP8aVf2n4fdsZ8GkWaNtiaV2iH84MOEXkzlOfI63acu9D+fXnI
tBUIpIzcngvVWulz4mLTXhmnVnawO/jHS+PlHl8tr4MmLKmlhRLsyzicklsVeX1m
1wj5xXqPhyBfggxWlVP0SBqgx00m3JVLo5lujUcSLdOY1/En49GdJnF4TwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMzJz+Em117czuUM/x5h10k/pSW3MB8GA1UdIwQY
MBaAFLpgpNh02WAcgULDUvgMVqQyds1HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW1DazJIVFpZQnlCUXNOUy1BeFdwREoyelVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8yOGNiNWMtMjk4Zi00ZDhiLTgxNWIt
ZTVhMzc3OGJlM2FkLzEvek1uUDRTYlhYdHpPNVF6X0htSFhTVC1sSmJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8yOGNiNWMtMjk4Zi00ZDhiLTgxNWItZTVhMzc3OGJlM2Fk
LzEvdW1DazJIVFpZQnlCUXNOUy1BeFdwREoyelVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjpxMA0G
CSqGSIb3DQEBCwUAA4IBAQAd4uMYl3fvlWUryLpShkFjs3c7nx695qtlDWhYrpBo
RX4ZNdRcd7Vgu+llCKSaOF3vHsDxYNQra7PH9QUYEuf9SCL0+zJv+JgCmdKi9+Gj
rwmIKzs5X3G8liQNeKslzO730aaQms4YviI+19LjriWS6np9RwLttxFIaAC2vK77
97e/q4Ax4kZi4S64xItFjsZo3HY4Jz1XOmnwPQKpOYCT/Fu9gv/Nxkhux8OET7Dh
UuqNoubucD1990YzG9jeypC4bgcu9FBjjyCB20KDPZHItlzrU9D2AxO7bs7RNKhl
h1LzZNZJ1AYcbd6gLcY2Y1iX5L37Pn9w5/ILFKSMTZms
-----END CERTIFICATE-----