Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/om7cnxirwY1mF6WG8GSa3rsaVqw.roa
File:                     om7cnxirwY1mF6WG8GSa3rsaVqw.roa (raw, json)
Hash identifier:          +3vNfJz4iobOk77Hgvoshz1u99toaeiukQN3KQqch5c=
Subject key identifier:   A2:6E:DC:9F:18:AB:C1:8D:66:17:A5:86:F0:64:9A:DE:BB:1A:56:AC
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       0194282642AF44F4802A59D4DD41409525B6
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/om7cnxirwY1mF6WG8GSa3rsaVqw.roa
Signing time:             Thu 02 Jan 2025 17:53:03 +0000
ROA not before:           Thu 02 Jan 2025 17:53:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56322
IP address blocks:        217.28.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 19:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:42:af:44:f4:80:2a:59:d4:dd:41:40:95:25:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Jan  2 17:53:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a26edc9f18abc18d6617a586f0649adebb1a56ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:03:1e:d3:de:fa:68:76:fa:6e:31:b8:3c:f3:
                    dc:a2:28:3b:a2:03:69:ed:18:37:ce:43:af:20:0d:
                    01:9a:8e:57:a2:43:29:08:f0:40:ad:ff:f3:96:8e:
                    d2:02:04:e5:b9:71:10:e5:a1:60:e3:d3:82:a8:49:
                    5c:9a:18:1f:eb:17:c9:da:f5:3d:3d:55:26:5b:6d:
                    30:68:c2:2e:af:a7:3a:45:2c:7e:87:f8:c8:88:2e:
                    b8:6e:40:fb:01:21:2a:24:85:24:59:b9:90:d4:99:
                    c9:15:55:f7:13:30:38:a5:96:20:93:11:c7:4d:8b:
                    81:fe:87:a0:4c:72:9b:fd:6a:65:1f:e2:21:c1:31:
                    2d:0f:27:c6:39:39:fe:8d:1f:83:d3:0b:79:e4:61:
                    50:fa:96:b6:b8:e5:a4:28:31:b9:34:7e:af:b1:8d:
                    c9:4d:7d:2e:52:f7:35:50:ce:c9:4f:f4:8c:67:b3:
                    d1:4d:8b:6a:f4:6e:79:e9:58:9d:6f:1f:a5:b2:fe:
                    c1:24:e9:81:7c:35:37:bd:7d:77:c7:d7:9c:1a:96:
                    70:7a:86:15:1f:20:c0:94:81:15:a7:18:c2:3b:21:
                    6f:d1:b2:dd:97:a7:06:34:54:ba:09:3a:fa:b2:94:
                    a4:ff:21:7d:ee:b5:b7:45:4d:ce:6e:ab:7a:3e:b7:
                    12:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:6E:DC:9F:18:AB:C1:8D:66:17:A5:86:F0:64:9A:DE:BB:1A:56:AC
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/om7cnxirwY1mF6WG8GSa3rsaVqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.28.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:06:e1:54:5f:71:fc:91:64:02:8f:d8:fd:fd:eb:a9:58:d0:
         e0:12:83:fb:03:36:56:ad:00:b7:dc:e6:72:35:fa:16:27:f1:
         93:d1:6e:c4:e2:4c:3b:fd:b2:b5:5e:8a:00:a6:bf:fd:91:56:
         77:48:38:d4:fb:ed:d5:3d:0f:9e:f5:a9:49:4d:e5:82:9c:f9:
         d2:e7:a8:17:3b:3c:4b:03:3d:d2:4f:71:57:e8:2c:b4:e4:a6:
         9a:8b:95:b0:f9:e9:57:d9:90:56:7d:92:25:c9:d7:d0:2f:3b:
         10:c9:7e:6b:27:6d:8a:12:85:38:1a:91:b4:19:b5:96:72:18:
         8c:55:44:f1:37:6b:ca:25:8c:e2:0d:26:78:d1:e7:4b:da:71:
         40:a4:3f:99:2d:28:c3:d4:41:d2:20:a8:7a:88:a3:33:37:56:
         c2:69:94:84:cb:13:a4:c3:2c:75:92:c5:55:6b:3b:6c:8b:e3:
         0d:ac:c4:8c:f7:51:a9:ba:81:74:52:2c:e7:0c:03:9e:9c:06:
         c4:8f:e2:bc:13:a4:55:8f:3f:9e:5e:05:fd:98:81:9b:9a:0f:
         cf:b9:f9:27:1b:0d:a5:ef:54:76:fa:d1:76:53:16:40:fd:c4:
         3e:44:ce:46:40:2f:86:76:de:cf:cb:91:72:c5:e4:95:6b:aa:
         7b:89:0c:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJkKvRPSAKlnU3UFAlSW2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwMTAyMTc1MzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjZlZGM5ZjE4YWJjMThkNjYxN2E1ODZmMDY0OWFkZWJiMWE1NmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQMe0976aHb6bjG4PPPcoig7ogNp
7Rg3zkOvIA0Bmo5XokMpCPBArf/zlo7SAgTluXEQ5aFg49OCqElcmhgf6xfJ2vU9
PVUmW20waMIur6c6RSx+h/jIiC64bkD7ASEqJIUkWbmQ1JnJFVX3EzA4pZYgkxHH
TYuB/oegTHKb/WplH+IhwTEtDyfGOTn+jR+D0wt55GFQ+pa2uOWkKDG5NH6vsY3J
TX0uUvc1UM7JT/SMZ7PRTYtq9G556Vidbx+lsv7BJOmBfDU3vX13x9ecGpZweoYV
HyDAlIEVpxjCOyFv0bLdl6cGNFS6CTr6spSk/yF97rW3RU3Obqt6PrcSVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJu3J8Yq8GNZhelhvBkmt67GlasMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvb203Y254aXJ3WTFtRjZXRzhHU2EzcnNhVnF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RyCMA0G
CSqGSIb3DQEBCwUAA4IBAQAMBuFUX3H8kWQCj9j9/eupWNDgEoP7AzZWrQC33OZy
NfoWJ/GT0W7E4kw7/bK1XooApr/9kVZ3SDjU++3VPQ+e9alJTeWCnPnS56gXOzxL
Az3ST3FX6Cy05Kaai5Ww+elX2ZBWfZIlydfQLzsQyX5rJ22KEoU4GpG0GbWWchiM
VUTxN2vKJYziDSZ40edL2nFApD+ZLSjD1EHSIKh6iKMzN1bCaZSEyxOkwyx1ksVV
aztsi+MNrMSM91GpuoF0UiznDAOenAbEj+K8E6RVjz+eXgX9mIGbmg/PufknGw2l
71R2+tF2UxZA/cQ+RM5GQC+Gdt7Py5FyxeSVa6p7iQyz
-----END CERTIFICATE-----