Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/C2ixSRiqvBnLxFND7Mlp5Hi7kVs.roa
File:                     C2ixSRiqvBnLxFND7Mlp5Hi7kVs.roa (raw, json)
Hash identifier:          dHobWK9IdoDyXHUtBFS/XkC429cNCZ4od/e9wPK+EZ0=
Subject key identifier:   0B:68:B1:49:18:AA:BC:19:CB:C4:53:43:EC:C9:69:E4:78:BB:91:5B
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       018EE62633F1DCFD22A8083BD53165F4E474
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/C2ixSRiqvBnLxFND7Mlp5Hi7kVs.roa
Signing time:             Tue 16 Apr 2024 09:04:07 +0000
ROA not before:           Tue 16 Apr 2024 09:04:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211439
IP address blocks:        91.202.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e6:26:33:f1:dc:fd:22:a8:08:3b:d5:31:65:f4:e4:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Apr 16 09:04:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b68b14918aabc19cbc45343ecc969e478bb915b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:a5:87:60:9e:3d:9e:ef:87:ad:08:a9:28:28:
                    72:cc:1d:a5:43:2d:ea:aa:bd:8b:e8:d1:7a:29:c8:
                    ea:44:9b:09:2c:6a:ff:b7:f0:ff:fb:47:ef:2d:f7:
                    85:b0:08:06:49:76:1f:0c:a8:ce:f2:d7:41:5e:8a:
                    03:67:bf:ef:3c:8a:ac:b1:2e:ce:47:80:c8:1c:65:
                    b8:a4:de:2d:c0:94:be:5d:5f:0e:04:fb:27:91:3d:
                    c0:d7:8a:fc:4f:08:78:08:09:9b:c3:c2:6f:b8:73:
                    ca:88:b5:d9:bf:96:f3:4e:91:3f:fa:24:06:a3:df:
                    a5:9e:ce:1b:98:fd:23:6f:b1:c0:b6:ad:e4:3d:57:
                    30:c2:f2:0a:55:f9:0f:e9:dc:4c:22:9c:7c:dd:cf:
                    a9:51:64:92:67:eb:ef:68:b2:9d:ec:ec:74:38:91:
                    42:2c:7e:ff:99:3e:a1:99:5a:cc:c4:85:e2:bb:f0:
                    12:04:5e:10:86:84:77:95:4e:fa:1b:c3:8a:a3:0a:
                    ef:6d:dd:d6:44:69:6a:8d:d1:26:fe:85:cc:55:e2:
                    b7:67:63:d0:d9:87:32:1c:f5:e8:b0:55:65:c6:56:
                    3a:c4:4a:ab:c8:fd:e6:4a:f7:a0:2f:87:c1:95:b9:
                    1c:69:96:37:22:1a:e1:93:7b:48:c3:3c:02:ff:e5:
                    4a:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:68:B1:49:18:AA:BC:19:CB:C4:53:43:EC:C9:69:E4:78:BB:91:5B
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/C2ixSRiqvBnLxFND7Mlp5Hi7kVs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.202.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:2c:79:31:5b:e8:62:43:a9:48:3a:e6:37:32:4c:0a:34:36:
         c7:75:9a:46:73:b9:d7:c2:2c:4d:36:27:ac:6c:b0:0d:28:37:
         29:8f:b8:90:e0:60:de:f8:80:f5:af:ce:5e:b9:72:82:ae:08:
         ff:23:ba:80:6b:f8:60:ea:33:df:d4:a4:06:01:18:f3:f4:7e:
         0e:94:72:c6:1f:da:93:58:68:8b:fa:02:90:4e:55:55:63:36:
         49:cc:c3:7d:f3:c7:79:83:cb:a2:8f:f1:76:56:27:9e:14:92:
         6d:e4:2b:0d:9f:3d:51:12:1e:05:8e:1d:67:18:9b:34:3a:f9:
         d1:9a:f6:d8:a8:73:e0:3e:91:14:48:cb:7b:0e:d6:25:5a:04:
         4e:81:a5:35:21:b4:fa:85:95:fa:fb:0a:e3:b4:7c:97:97:8c:
         4d:92:bb:65:0d:ed:b3:19:9a:dc:20:2c:91:38:61:66:ef:2b:
         15:86:c9:3a:73:22:e6:0f:0a:ba:c5:7e:ad:52:ff:61:91:bd:
         bf:be:6e:a1:4d:b6:e3:02:36:98:43:7d:2d:ef:79:47:49:d1:
         29:41:d3:91:ff:db:7c:f7:a6:99:89:d0:11:a0:a5:6b:0d:b8:
         24:49:46:eb:27:0a:f3:14:bc:4b:fb:5c:41:13:e0:85:b7:7a:
         6c:cb:9a:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7mJjPx3P0iqAg71TFl9OR0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjQwNDE2MDkwNDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjY4YjE0OTE4YWFiYzE5Y2JjNDUzNDNlY2M5NjllNDc4YmI5MTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKWHYJ49nu+HrQipKChyzB2lQy3q
qr2L6NF6KcjqRJsJLGr/t/D/+0fvLfeFsAgGSXYfDKjO8tdBXooDZ7/vPIqssS7O
R4DIHGW4pN4twJS+XV8OBPsnkT3A14r8Twh4CAmbw8JvuHPKiLXZv5bzTpE/+iQG
o9+lns4bmP0jb7HAtq3kPVcwwvIKVfkP6dxMIpx83c+pUWSSZ+vvaLKd7Ox0OJFC
LH7/mT6hmVrMxIXiu/ASBF4QhoR3lU76G8OKowrvbd3WRGlqjdEm/oXMVeK3Z2PQ
2YcyHPXosFVlxlY6xEqryP3mSvegL4fBlbkcaZY3Ihrhk3tIwzwC/+VKoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAtosUkYqrwZy8RTQ+zJaeR4u5FbMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvQzJpeFNSaXF2Qm5MeEZORDdNbHA1SGk3a1ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8rRMA0G
CSqGSIb3DQEBCwUAA4IBAQAILHkxW+hiQ6lIOuY3MkwKNDbHdZpGc7nXwixNNies
bLANKDcpj7iQ4GDe+ID1r85euXKCrgj/I7qAa/hg6jPf1KQGARjz9H4OlHLGH9qT
WGiL+gKQTlVVYzZJzMN988d5g8uij/F2VieeFJJt5CsNnz1REh4Fjh1nGJs0OvnR
mvbYqHPgPpEUSMt7DtYlWgROgaU1IbT6hZX6+wrjtHyXl4xNkrtlDe2zGZrcICyR
OGFm7ysVhsk6cyLmDwq6xX6tUv9hkb2/vm6hTbbjAjaYQ30t73lHSdEpQdOR/9t8
96aZidARoKVrDbgkSUbrJwrzFLxL+1xBE+CFt3psy5pi
-----END CERTIFICATE-----