Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/AosAQto_z9OqcwqeC_SZWECJeJM.roa
File:                     AosAQto_z9OqcwqeC_SZWECJeJM.roa (raw, json)
Hash identifier:          yf8rKxe7cxV+hvRaeqOv00ssVciIq9eecdLxMG0bKBI=
Subject key identifier:   02:8B:00:42:DA:3F:CF:D3:AA:73:0A:9E:0B:F4:99:58:40:89:78:93
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       0196E4C753B126995632AC4BF70589E242C1
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/AosAQto_z9OqcwqeC_SZWECJeJM.roa
Signing time:             Sun 18 May 2025 19:03:10 +0000
ROA not before:           Sun 18 May 2025 19:03:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     134176
IP address blocks:        185.92.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e4:c7:53:b1:26:99:56:32:ac:4b:f7:05:89:e2:42:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: May 18 19:03:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=028b0042da3fcfd3aa730a9e0bf4995840897893
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:9e:c4:bc:3b:72:0d:f1:4f:4b:bb:3b:79:e5:
                    d7:c6:1a:ba:7c:30:cd:6b:6e:fe:be:45:95:6f:82:
                    af:31:e2:41:72:5b:77:0c:9c:cd:c3:66:21:ca:f1:
                    04:21:15:27:7b:28:15:94:26:b3:21:dd:c2:e4:0a:
                    56:d1:f9:b3:e5:9f:98:e2:20:ac:80:2b:86:7e:70:
                    83:72:03:ca:dc:ed:dd:4c:12:0b:ec:2a:be:d5:21:
                    41:3b:f3:1e:11:9f:10:38:5d:18:72:a6:2e:74:b4:
                    50:e1:e9:09:f7:74:b9:f2:2e:29:c4:69:ee:0c:4c:
                    de:3d:32:2e:4a:33:b7:34:32:59:78:af:dc:e5:3a:
                    c1:8c:b3:dd:e3:08:1c:ee:ff:8b:70:7d:96:8c:ee:
                    3e:43:1d:a3:ca:e7:a7:e2:e1:d6:38:d9:3f:89:38:
                    d7:bd:d0:f7:b8:0c:67:93:81:d8:e2:1f:a5:09:59:
                    e2:6f:86:ec:03:9b:14:76:b9:e9:45:ff:dc:0c:5c:
                    c2:6f:87:3a:ad:c6:4d:58:33:49:e9:bd:c5:7d:ff:
                    ff:99:5b:72:1e:8d:95:a0:16:7a:f3:b8:fd:63:98:
                    e0:6e:89:50:f0:8b:17:21:45:b7:27:5a:31:8f:3b:
                    5e:26:c2:c4:e8:5c:a5:36:26:fe:d6:5c:ec:31:88:
                    5e:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:8B:00:42:DA:3F:CF:D3:AA:73:0A:9E:0B:F4:99:58:40:89:78:93
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/AosAQto_z9OqcwqeC_SZWECJeJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.92.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d1:db:d3:20:f8:ae:ce:14:e4:42:a8:0f:76:75:ab:93:d4:2c:
         eb:26:f2:9a:24:89:f5:5d:50:fb:5b:ad:ed:83:1a:a4:3f:42:
         e6:85:4b:35:23:68:fd:00:76:de:e8:a8:a1:50:a6:e1:cf:56:
         2b:1d:fd:65:73:d7:05:0b:bd:13:95:70:35:b0:47:66:0f:48:
         85:57:34:17:ec:00:fa:9c:3f:32:72:cf:19:70:bc:a3:95:a3:
         fc:7f:4b:2c:e5:b8:73:15:11:77:35:69:1f:57:2f:d0:73:2d:
         da:e3:32:a8:a0:97:11:f8:07:f0:21:56:9e:13:f0:e8:40:ac:
         3f:dd:f7:38:15:c7:cf:76:21:0b:09:31:14:b3:08:a4:b8:42:
         42:93:28:4e:84:d2:2d:15:80:6f:8e:78:34:ef:1b:4e:cc:07:
         86:89:c4:8f:bb:d1:dc:d4:62:16:92:6f:99:ba:45:3a:38:19:
         6e:63:0d:6a:c3:18:68:a2:b9:f5:81:17:88:91:71:69:0d:ef:
         48:b9:07:8e:cd:35:7a:cf:61:68:25:51:d2:4e:da:b4:fd:33:
         a7:d2:1e:07:1a:5d:84:f9:d4:82:73:dc:e6:75:ef:15:26:a4:
         cf:a5:11:af:8a:14:d7:fa:cd:f6:fe:4a:19:e4:80:0f:d9:9b:
         ba:c9:50:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbkx1OxJplWMqxL9wWJ4kLBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwNTE4MTkwMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjhiMDA0MmRhM2ZjZmQzYWE3MzBhOWUwYmY0OTk1ODQwODk3ODkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA157EvDtyDfFPS7s7eeXXxhq6fDDN
a27+vkWVb4KvMeJBclt3DJzNw2YhyvEEIRUneygVlCazId3C5ApW0fmz5Z+Y4iCs
gCuGfnCDcgPK3O3dTBIL7Cq+1SFBO/MeEZ8QOF0YcqYudLRQ4ekJ93S58i4pxGnu
DEzePTIuSjO3NDJZeK/c5TrBjLPd4wgc7v+LcH2WjO4+Qx2jyuen4uHWONk/iTjX
vdD3uAxnk4HY4h+lCVnib4bsA5sUdrnpRf/cDFzCb4c6rcZNWDNJ6b3Fff//mVty
Ho2VoBZ687j9Y5jgbolQ8IsXIUW3J1oxjzteJsLE6FylNib+1lzsMYheRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAKLAELaP8/TqnMKngv0mVhAiXiTMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvQW9zQVF0b196OU9xY3dxZUNfU1pXRUNKZUpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVzRMA0G
CSqGSIb3DQEBCwUAA4IBAQDR29Mg+K7OFORCqA92dauT1CzrJvKaJIn1XVD7W63t
gxqkP0LmhUs1I2j9AHbe6KihUKbhz1YrHf1lc9cFC70TlXA1sEdmD0iFVzQX7AD6
nD8ycs8ZcLyjlaP8f0ss5bhzFRF3NWkfVy/Qcy3a4zKooJcR+AfwIVaeE/DoQKw/
3fc4FcfPdiELCTEUswikuEJCkyhOhNItFYBvjng07xtOzAeGicSPu9Hc1GIWkm+Z
ukU6OBluYw1qwxhoorn1gReIkXFpDe9IuQeOzTV6z2FoJVHSTtq0/TOn0h4HGl2E
+dSCc9zmde8VJqTPpRGvihTX+s32/koZ5IAP2Zu6yVB8
-----END CERTIFICATE-----