Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/YhUiBt6aWDxfUxxlX_f5An_H3Vw.roa
File:                     YhUiBt6aWDxfUxxlX_f5An_H3Vw.roa (raw, json)
Hash identifier:          UUlZjHLoXxN7b5MRYoyNUfcSFhA/gMCkcrXZjW9BfPs=
Subject key identifier:   62:15:22:06:DE:9A:58:3C:5F:53:1C:65:5F:F7:F9:02:7F:C7:DD:5C
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       019428264A2E5DD4FC4058D95C2126C4EEDA
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/YhUiBt6aWDxfUxxlX_f5An_H3Vw.roa
Signing time:             Thu 02 Jan 2025 17:53:05 +0000
ROA not before:           Thu 02 Jan 2025 17:53:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400529
IP address blocks:        91.229.114.0/24 maxlen: 24
                          193.243.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:4a:2e:5d:d4:fc:40:58:d9:5c:21:26:c4:ee:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Jan  2 17:53:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=62152206de9a583c5f531c655ff7f9027fc7dd5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:47:81:84:44:70:e8:c1:00:e9:49:79:c2:a9:
                    b3:67:97:10:7e:f6:67:d3:64:12:95:a7:8e:33:3e:
                    16:65:1c:ff:11:38:8c:ba:f7:91:dd:92:47:2f:34:
                    a5:ed:14:c4:48:c2:fa:a2:d5:4e:9a:89:e0:7c:98:
                    7c:37:22:1a:6a:67:29:b7:81:26:3a:4a:1a:a2:04:
                    89:fa:aa:fd:4b:25:45:44:61:6c:08:05:f8:75:61:
                    e3:fb:cd:9d:fd:25:41:64:61:d3:bd:84:4d:7c:6f:
                    0e:5b:8b:41:76:86:12:80:d7:55:f1:e8:7f:30:16:
                    19:72:6f:49:59:0d:85:dc:7f:a8:97:61:6d:b1:b1:
                    b5:20:d0:a8:7f:4f:8e:45:60:13:93:12:cf:96:8a:
                    04:27:f7:95:df:76:52:22:13:02:f9:23:61:94:0f:
                    27:2f:80:a3:ce:a0:ed:e2:90:0e:4e:33:78:4f:a5:
                    ef:37:50:89:d3:38:ef:10:60:20:23:a2:6c:04:85:
                    da:21:aa:ea:8f:22:de:1c:8f:1a:46:fa:51:21:85:
                    43:04:c9:52:d7:8e:6c:df:b7:05:15:60:45:fc:49:
                    4f:9c:08:a1:92:5d:18:3c:39:48:44:8a:c1:5e:55:
                    4b:cb:a0:9e:44:be:e1:1d:80:e6:d2:f1:ac:4e:38:
                    82:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:15:22:06:DE:9A:58:3C:5F:53:1C:65:5F:F7:F9:02:7F:C7:DD:5C
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/YhUiBt6aWDxfUxxlX_f5An_H3Vw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.114.0/24
                  193.243.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:53:ec:f6:1f:13:f5:98:e0:75:51:ca:8c:47:eb:42:c2:d1:
         d5:c7:24:f7:96:e7:bd:3c:f7:b2:9c:62:13:e8:76:de:9c:b4:
         46:9d:02:67:37:f7:cf:95:05:b4:8b:50:5f:ac:1a:4f:77:47:
         f2:01:9b:3b:d7:81:6f:09:eb:a4:59:95:1f:aa:bd:c0:de:18:
         56:cd:40:c6:34:44:f5:d0:c0:8a:7d:79:d5:7d:71:5b:87:94:
         89:09:7c:ee:24:40:06:e4:9b:f8:a0:98:80:fd:4f:77:cb:77:
         d6:d7:9c:6c:99:99:e1:49:22:90:93:aa:f4:a2:55:7e:a1:0f:
         bd:3b:c7:59:12:21:81:cf:e0:b7:bf:60:6d:29:da:ec:0d:cf:
         a3:3a:bb:69:7d:30:b6:3d:66:50:23:2f:b6:f6:33:e7:06:f3:
         e6:f4:1e:2a:43:fa:2d:4b:1c:8d:e4:e1:4e:a5:83:b0:f4:c0:
         48:22:18:19:4d:f8:fd:50:75:33:5a:a4:fc:5b:cb:87:dc:b3:
         79:d6:fd:4c:bf:4e:5d:3c:d1:28:cd:e3:8f:65:24:cc:c0:e2:
         1e:dd:1d:fe:d6:7d:51:15:c6:77:3e:64:20:4b:e4:df:71:a7:
         0a:02:eb:93:80:50:87:78:0a:2b:5f:6a:7f:2b:60:b7:cc:e9:
         e2:dc:a5:15
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoJkouXdT8QFjZXCEmxO7aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwMTAyMTc1MzA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjE1MjIwNmRlOWE1ODNjNWY1MzFjNjU1ZmY3ZjkwMjdmYzdkZDVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkeBhERw6MEA6Ul5wqmzZ5cQfvZn
02QSlaeOMz4WZRz/ETiMuveR3ZJHLzSl7RTESML6otVOmongfJh8NyIaamcpt4Em
OkoaogSJ+qr9SyVFRGFsCAX4dWHj+82d/SVBZGHTvYRNfG8OW4tBdoYSgNdV8eh/
MBYZcm9JWQ2F3H+ol2FtsbG1INCof0+ORWATkxLPlooEJ/eV33ZSIhMC+SNhlA8n
L4CjzqDt4pAOTjN4T6XvN1CJ0zjvEGAgI6JsBIXaIarqjyLeHI8aRvpRIYVDBMlS
145s37cFFWBF/ElPnAihkl0YPDlIRIrBXlVLy6CeRL7hHYDm0vGsTjiCfwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGIVIgbemlg8X1McZV/3+QJ/x91cMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvWWhVaUJ0NmFXRHhmVXh4bFhfZjVBbl9IM1Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+VyAwQA
wfO+MA0GCSqGSIb3DQEBCwUAA4IBAQCIU+z2HxP1mOB1UcqMR+tCwtHVxyT3lue9
PPeynGIT6HbenLRGnQJnN/fPlQW0i1BfrBpPd0fyAZs714FvCeukWZUfqr3A3hhW
zUDGNET10MCKfXnVfXFbh5SJCXzuJEAG5Jv4oJiA/U93y3fW15xsmZnhSSKQk6r0
olV+oQ+9O8dZEiGBz+C3v2BtKdrsDc+jOrtpfTC2PWZQIy+29jPnBvPm9B4qQ/ot
SxyN5OFOpYOw9MBIIhgZTfj9UHUzWqT8W8uH3LN51v1Mv05dPNEozeOPZSTMwOIe
3R3+1n1RFcZ3PmQgS+TfcacKAuuTgFCHeAorX2p/K2C3zOni3KUV
-----END CERTIFICATE-----