Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/jn61MsjFKIftc3vWy9QKibOxY4c.roa
File:                     jn61MsjFKIftc3vWy9QKibOxY4c.roa (raw, json)
Hash identifier:          KIV3qeMAFB3H2sdXT9N/LtygZZCKsaFQvTG7pREZ0lU=
Subject key identifier:   8E:7E:B5:32:C8:C5:28:87:ED:73:7B:D6:CB:D4:0A:89:B3:B1:63:87
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       018F4FAB98C65FE92E6930FB654613D488C4
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/jn61MsjFKIftc3vWy9QKibOxY4c.roa
Signing time:             Mon 06 May 2024 20:49:56 +0000
ROA not before:           Mon 06 May 2024 20:49:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     998
IP address blocks:        193.25.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:4f:ab:98:c6:5f:e9:2e:69:30:fb:65:46:13:d4:88:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: May  6 20:49:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e7eb532c8c52887ed737bd6cbd40a89b3b16387
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:86:81:19:52:f7:01:5c:7a:b1:47:06:98:df:
                    38:59:d0:32:58:38:81:d4:8f:0c:06:73:d4:fa:ad:
                    03:ae:40:46:92:27:2a:36:fd:b4:42:14:4b:c0:ea:
                    e8:1b:b1:24:5d:9f:97:85:24:47:ca:61:d6:6d:a6:
                    5b:d1:4b:c5:b7:72:c2:93:bb:79:03:27:ad:a5:9a:
                    ee:a0:19:fe:37:91:d7:cf:e3:f4:4a:79:5f:97:48:
                    1b:4c:47:33:db:1d:8e:21:20:09:97:7c:4d:ab:28:
                    ff:52:8b:85:cf:3f:2c:92:c2:74:0d:0c:97:de:df:
                    97:c8:6b:2a:72:b1:44:2b:3f:b6:9e:5d:2b:a5:74:
                    b1:8e:47:0b:55:ef:04:8a:14:e4:04:52:37:09:62:
                    c7:84:3b:0a:02:42:b4:77:40:50:0c:5e:d8:ac:0a:
                    93:6a:10:81:29:09:3b:30:b3:d6:ea:08:4b:c6:62:
                    55:83:22:73:94:60:ee:27:8a:0a:dc:d2:a5:c8:e8:
                    c1:ec:f6:06:69:a4:64:20:a1:2e:7f:56:68:c2:4a:
                    5f:b2:32:42:2d:7e:95:b5:6d:92:34:83:44:d3:8c:
                    00:05:53:b6:cf:b6:f4:e2:b8:01:31:11:04:52:ab:
                    56:47:dd:f9:a2:70:6c:44:b7:37:d5:6c:45:cd:02:
                    3b:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:7E:B5:32:C8:C5:28:87:ED:73:7B:D6:CB:D4:0A:89:B3:B1:63:87
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/jn61MsjFKIftc3vWy9QKibOxY4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.25.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:b7:f1:b0:c0:44:ea:f6:06:48:0c:5b:01:76:c5:60:5d:75:
         7b:a0:7c:9f:10:d5:66:6e:4a:88:b4:05:0a:8d:e9:56:5f:2a:
         69:bd:28:77:f3:c1:a8:fe:86:8e:a4:fc:e7:cf:4f:a0:c8:e0:
         51:71:a0:88:ba:7b:4d:ec:1d:a1:81:ee:93:df:4b:a9:61:b6:
         a8:a9:c4:3a:4a:77:21:1f:82:cc:b8:a6:a8:d2:07:d3:c9:d7:
         fe:c8:d4:53:61:bf:59:07:77:ae:7a:6d:66:43:4e:b8:6f:d2:
         32:7e:71:2f:b4:3d:41:38:d8:6e:89:93:a9:17:6e:79:87:30:
         59:1d:91:da:6f:eb:64:e0:03:71:c7:87:8e:2e:89:43:0c:7f:
         39:66:29:07:4e:65:1d:a6:bd:3b:ef:ce:6a:01:6d:7f:98:a3:
         49:a5:35:c5:04:7f:a0:c6:8e:ac:4f:eb:6f:8d:24:12:ef:94:
         15:c7:92:71:e0:c8:86:17:33:df:42:43:8d:26:45:5f:ec:69:
         34:85:3e:2d:ef:e5:e6:c0:81:01:fd:8f:d3:90:e6:e7:2c:4b:
         76:6e:23:49:4f:a7:24:ff:b0:32:0d:70:a7:26:f9:06:5c:bd:
         16:cf:06:c7:8a:8e:f6:f7:d1:a8:91:02:96:00:3a:94:2b:d7:
         a3:a3:1c:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9Pq5jGX+kuaTD7ZUYT1IjEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjQwNTA2MjA0OTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTdlYjUzMmM4YzUyODg3ZWQ3MzdiZDZjYmQ0MGE4OWIzYjE2Mzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4aBGVL3AVx6sUcGmN84WdAyWDiB
1I8MBnPU+q0DrkBGkicqNv20QhRLwOroG7EkXZ+XhSRHymHWbaZb0UvFt3LCk7t5
AyetpZruoBn+N5HXz+P0Snlfl0gbTEcz2x2OISAJl3xNqyj/UouFzz8sksJ0DQyX
3t+XyGsqcrFEKz+2nl0rpXSxjkcLVe8EihTkBFI3CWLHhDsKAkK0d0BQDF7YrAqT
ahCBKQk7MLPW6ghLxmJVgyJzlGDuJ4oK3NKlyOjB7PYGaaRkIKEuf1ZowkpfsjJC
LX6VtW2SNINE04wABVO2z7b04rgBMREEUqtWR935onBsRLc31WxFzQI7aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI5+tTLIxSiH7XN71svUComzsWOHMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvam42MU1zakZLSWZ0YzN2V3k5UUtpYk94WTRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRmmMA0G
CSqGSIb3DQEBCwUAA4IBAQA0t/GwwETq9gZIDFsBdsVgXXV7oHyfENVmbkqItAUK
jelWXyppvSh388Go/oaOpPznz0+gyOBRcaCIuntN7B2hge6T30upYbaoqcQ6Snch
H4LMuKao0gfTydf+yNRTYb9ZB3euem1mQ064b9IyfnEvtD1BONhuiZOpF255hzBZ
HZHab+tk4ANxx4eOLolDDH85ZikHTmUdpr07785qAW1/mKNJpTXFBH+gxo6sT+tv
jSQS75QVx5Jx4MiGFzPfQkONJkVf7Gk0hT4t7+XmwIEB/Y/TkObnLEt2biNJT6ck
/7AyDXCnJvkGXL0WzwbHio7299GokQKWADqUK9ejoxx+
-----END CERTIFICATE-----