Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/kPsDUSBkqswfaMzVi1Cye0vM8ks.roa
File:                     kPsDUSBkqswfaMzVi1Cye0vM8ks.roa (raw, json)
Hash identifier:          w+xp6HNKwTbsH2m8GWhBFiGbaO4PIv65OfaGPcmfyUs=
Subject key identifier:   90:FB:03:51:20:64:AA:CC:1F:68:CC:D5:8B:50:B2:7B:4B:CC:F2:4B
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       019428263F023C6AF3BFA6E40E2DC10647C2
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/kPsDUSBkqswfaMzVi1Cye0vM8ks.roa
Signing time:             Thu 02 Jan 2025 17:53:02 +0000
ROA not before:           Thu 02 Jan 2025 17:53:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        193.25.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:3f:02:3c:6a:f3:bf:a6:e4:0e:2d:c1:06:47:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Jan  2 17:53:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=90fb03512064aacc1f68ccd58b50b27b4bccf24b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:0c:99:d8:89:d7:8b:89:3a:84:9b:81:a9:68:
                    6e:8e:21:bc:63:e7:06:45:da:22:1d:ea:a2:ab:07:
                    42:0b:06:b9:b8:da:30:c8:4d:51:3b:46:db:67:4f:
                    4f:0d:2b:8e:31:26:56:87:8a:76:b2:c9:18:62:47:
                    2a:19:43:89:61:a3:4b:d1:d5:ae:96:94:00:7b:a9:
                    44:be:04:e4:16:4f:b9:f2:0c:15:42:04:6e:81:47:
                    07:cb:60:8f:f3:5c:b0:44:35:c3:02:78:3d:0c:a7:
                    34:fa:1e:81:79:1c:b5:cf:68:6e:79:d0:77:92:cf:
                    eb:64:dc:67:4f:9f:dc:10:0f:ae:15:6a:aa:91:7a:
                    6c:be:b7:f1:c2:c1:82:cd:3b:20:e0:f1:72:19:05:
                    d4:1f:a5:77:c9:cb:72:19:67:ad:eb:44:30:b6:5b:
                    54:06:9e:55:b6:1d:46:89:74:17:74:62:80:4c:75:
                    01:7e:07:f6:e6:7a:68:6d:b8:81:84:8e:a1:31:68:
                    35:52:01:ac:9b:dd:99:12:6f:5a:13:26:f8:80:e8:
                    69:ee:92:29:05:89:51:3d:dd:b4:c8:7d:71:e4:d9:
                    56:f5:dd:cd:87:fe:0c:48:e4:54:33:3b:5f:81:09:
                    d9:7f:23:2e:62:09:92:2b:44:5d:90:73:9d:36:d2:
                    13:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:FB:03:51:20:64:AA:CC:1F:68:CC:D5:8B:50:B2:7B:4B:CC:F2:4B
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/kPsDUSBkqswfaMzVi1Cye0vM8ks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.25.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:0b:0a:cf:04:b1:67:8c:75:01:0d:df:b5:c5:f1:9f:ae:3f:
         e1:53:10:98:d6:a2:2a:17:48:ee:ac:91:b4:06:40:6b:14:c7:
         42:60:49:b0:1f:18:0a:8f:0b:9d:5b:2f:5e:92:36:db:2f:90:
         89:6f:84:7b:7f:13:fa:f1:84:8c:c3:d5:b7:1b:7b:dd:d3:2a:
         6f:20:f9:27:4d:cf:cf:ea:5b:f7:53:09:88:39:e8:9f:8d:d1:
         65:63:33:30:ce:e3:cf:e3:09:42:f5:75:d0:0d:54:66:f9:fa:
         06:6b:ad:48:46:07:b5:4b:ca:22:0d:d7:e9:99:19:c3:be:bc:
         c1:23:ec:3d:dc:fc:bc:79:c3:6a:1e:69:4f:16:50:e5:21:66:
         ac:1d:e6:f1:a6:e9:04:48:84:d2:21:90:98:60:2f:05:0a:15:
         75:06:53:c8:10:ff:fc:8f:33:a4:3f:5c:02:f6:28:c5:e9:cb:
         e1:13:87:10:50:93:ee:c9:8c:b0:75:92:23:1f:0e:8a:28:f8:
         79:a1:96:4e:39:cd:4e:ee:fd:6b:ca:88:21:ba:1a:b9:41:5d:
         9b:9b:51:9b:68:ca:d8:d0:cb:d8:f1:51:e5:9b:02:69:12:dd:
         f3:8f:63:25:e1:51:1d:43:fa:20:94:c0:94:98:b3:f9:08:49:
         28:43:dc:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJj8CPGrzv6bkDi3BBkfCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwMTAyMTc1MzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGZiMDM1MTIwNjRhYWNjMWY2OGNjZDU4YjUwYjI3YjRiY2NmMjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6gyZ2InXi4k6hJuBqWhujiG8Y+cG
RdoiHeqiqwdCCwa5uNowyE1RO0bbZ09PDSuOMSZWh4p2sskYYkcqGUOJYaNL0dWu
lpQAe6lEvgTkFk+58gwVQgRugUcHy2CP81ywRDXDAng9DKc0+h6BeRy1z2huedB3
ks/rZNxnT5/cEA+uFWqqkXpsvrfxwsGCzTsg4PFyGQXUH6V3yctyGWet60QwtltU
Bp5Vth1GiXQXdGKATHUBfgf25npobbiBhI6hMWg1UgGsm92ZEm9aEyb4gOhp7pIp
BYlRPd20yH1x5NlW9d3Nh/4MSORUMztfgQnZfyMuYgmSK0RdkHOdNtIT3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJD7A1EgZKrMH2jM1YtQsntLzPJLMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEva1BzRFVTQmtxc3dmYU16VmkxQ3llMHZNOGtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRmmMA0G
CSqGSIb3DQEBCwUAA4IBAQCHCwrPBLFnjHUBDd+1xfGfrj/hUxCY1qIqF0jurJG0
BkBrFMdCYEmwHxgKjwudWy9ekjbbL5CJb4R7fxP68YSMw9W3G3vd0ypvIPknTc/P
6lv3UwmIOeifjdFlYzMwzuPP4wlC9XXQDVRm+foGa61IRge1S8oiDdfpmRnDvrzB
I+w93Py8ecNqHmlPFlDlIWasHebxpukESITSIZCYYC8FChV1BlPIEP/8jzOkP1wC
9ijF6cvhE4cQUJPuyYywdZIjHw6KKPh5oZZOOc1O7v1ryoghuhq5QV2bm1GbaMrY
0MvY8VHlmwJpEt3zj2Ml4VEdQ/oglMCUmLP5CEkoQ9yf
-----END CERTIFICATE-----