Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/ko1Zt653bHsgSWtsIVFTBMNKTT4.roa
File:                     ko1Zt653bHsgSWtsIVFTBMNKTT4.roa (raw, json)
Hash identifier:          itSo6jQQIGcS3Nu0HYNm+E6ozNtm4Qf5rgkWaFYAsns=
Subject key identifier:   92:8D:59:B7:AE:77:6C:7B:20:49:6B:6C:21:51:53:04:C3:4A:4D:3E
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       018F7DB33D86FDD1DEA5AD807E34FEB028DB
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/ko1Zt653bHsgSWtsIVFTBMNKTT4.roa
Signing time:             Wed 15 May 2024 19:20:49 +0000
ROA not before:           Wed 15 May 2024 19:20:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57043
IP address blocks:        217.28.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:7d:b3:3d:86:fd:d1:de:a5:ad:80:7e:34:fe:b0:28:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: May 15 19:20:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=928d59b7ae776c7b20496b6c21515304c34a4d3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:5a:eb:32:94:a0:0d:e9:e9:f1:db:93:6e:14:
                    42:9b:65:f8:35:d1:3e:53:05:f6:43:4e:b2:65:cf:
                    85:ce:f1:bc:ba:f6:47:eb:c0:b2:4e:11:20:bd:a3:
                    9e:8f:61:79:04:fb:ce:3b:eb:44:b8:42:c1:37:68:
                    96:37:e0:3b:90:83:8d:2a:d9:4c:11:13:d1:e5:57:
                    17:78:39:4b:7d:b6:e7:87:4f:c8:ae:f2:70:62:22:
                    e0:15:59:dc:fc:1a:d1:82:ac:d6:21:6b:56:76:03:
                    2d:7a:6c:ce:ba:91:b6:c8:bc:e1:9d:a1:f5:af:66:
                    bc:41:82:00:bd:54:f1:77:64:26:05:81:83:48:98:
                    51:29:88:0c:1d:3b:85:e6:5d:c2:fc:f4:e0:6b:be:
                    b9:3c:9e:dc:26:5a:33:9e:cf:b7:30:2a:e2:37:66:
                    28:75:84:ad:07:ac:25:09:5a:7c:3e:66:b3:da:c8:
                    28:01:8c:70:98:3b:c9:99:f7:ea:63:a6:f1:96:22:
                    34:10:52:63:7f:ad:cf:7b:e4:30:b1:2d:31:f7:4f:
                    55:0a:98:3d:47:e3:b1:52:cd:ae:b5:62:7d:9f:9a:
                    bd:91:db:c9:64:ee:49:9c:80:74:db:b7:53:82:e9:
                    c6:2b:1b:dd:dc:86:c7:2b:7c:88:be:93:36:4a:84:
                    1f:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:8D:59:B7:AE:77:6C:7B:20:49:6B:6C:21:51:53:04:C3:4A:4D:3E
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/ko1Zt653bHsgSWtsIVFTBMNKTT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.28.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d0:dc:87:90:5e:10:22:45:22:f6:a8:5d:65:5d:e0:5b:58:b4:
         96:00:21:d7:d8:55:01:63:ec:be:1e:56:62:e1:c8:4e:7c:a0:
         1f:9c:38:6e:04:06:fe:b3:70:93:53:31:26:fb:a4:5b:76:78:
         e2:4a:21:4a:b1:20:04:16:db:99:9d:de:3b:ac:1d:f1:91:99:
         a3:7d:87:31:dc:5e:7f:e4:ad:10:4b:85:71:cf:9e:d4:d4:5a:
         11:54:15:c8:fe:74:b4:af:73:22:8c:ea:ad:2a:2c:6d:a1:e7:
         8a:d5:d0:b6:b2:ca:af:3d:57:86:58:77:04:f4:92:88:f6:f2:
         5a:d1:ac:53:41:d0:a7:6e:7f:e5:7e:ac:7d:f3:7e:96:71:f1:
         9c:d4:7c:8f:7c:8e:94:1c:0f:97:ec:cc:69:68:43:a4:a8:2b:
         2e:57:6c:c9:a9:84:01:9f:44:e5:86:19:d9:65:2d:a3:47:e0:
         e3:85:cf:d9:79:92:d8:cf:d8:d5:e3:19:47:6f:db:57:d6:2f:
         4b:4d:4f:cd:5f:7f:ba:ec:d6:3a:1b:58:e3:06:72:9d:d7:c8:
         50:bd:28:45:40:64:89:a6:fc:fb:93:bb:1f:66:d5:be:8a:57:
         b4:c2:ca:39:79:3d:46:95:a5:a3:6d:55:df:57:7b:bd:13:ac:
         60:4e:cd:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY99sz2G/dHepa2AfjT+sCjbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjQwNTE1MTkyMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjhkNTliN2FlNzc2YzdiMjA0OTZiNmMyMTUxNTMwNGMzNGE0ZDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvlrrMpSgDenp8duTbhRCm2X4NdE+
UwX2Q06yZc+FzvG8uvZH68CyThEgvaOej2F5BPvOO+tEuELBN2iWN+A7kIONKtlM
ERPR5VcXeDlLfbbnh0/IrvJwYiLgFVnc/BrRgqzWIWtWdgMtemzOupG2yLzhnaH1
r2a8QYIAvVTxd2QmBYGDSJhRKYgMHTuF5l3C/PTga765PJ7cJlozns+3MCriN2Yo
dYStB6wlCVp8Pmaz2sgoAYxwmDvJmffqY6bxliI0EFJjf63Pe+QwsS0x909VCpg9
R+OxUs2utWJ9n5q9kdvJZO5JnIB027dTgunGKxvd3IbHK3yIvpM2SoQfjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJKNWbeud2x7IElrbCFRUwTDSk0+MB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEva28xWnQ2NTNiSHNnU1d0c0lWRlRCTU5LVFQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RyBMA0G
CSqGSIb3DQEBCwUAA4IBAQDQ3IeQXhAiRSL2qF1lXeBbWLSWACHX2FUBY+y+HlZi
4chOfKAfnDhuBAb+s3CTUzEm+6RbdnjiSiFKsSAEFtuZnd47rB3xkZmjfYcx3F5/
5K0QS4Vxz57U1FoRVBXI/nS0r3MijOqtKixtoeeK1dC2ssqvPVeGWHcE9JKI9vJa
0axTQdCnbn/lfqx9836WcfGc1HyPfI6UHA+X7MxpaEOkqCsuV2zJqYQBn0TlhhnZ
ZS2jR+Djhc/ZeZLYz9jV4xlHb9tX1i9LTU/NX3+67NY6G1jjBnKd18hQvShFQGSJ
pvz7k7sfZtW+ile0wso5eT1GlaWjbVXfV3u9E6xgTs1s
-----END CERTIFICATE-----