Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/Ccl4SNNK1NuqYyS-WlIt-OQltDI.roa
File:                     Ccl4SNNK1NuqYyS-WlIt-OQltDI.roa (raw, json)
Hash identifier:          Fyt9neRKO6R+TN/cs7jV5grf4d6U+KjwTpbt8CnYpbg=
Subject key identifier:   09:C9:78:48:D3:4A:D4:DB:AA:63:24:BE:5A:52:2D:F8:E4:25:B4:32
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       018E13CCA06E474D165241985232B204126A
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/Ccl4SNNK1NuqYyS-WlIt-OQltDI.roa
Signing time:             Wed 06 Mar 2024 12:46:01 +0000
ROA not before:           Wed 06 Mar 2024 12:46:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212335
IP address blocks:        2.58.234.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:02:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:13:cc:a0:6e:47:4d:16:52:41:98:52:32:b2:04:12:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Mar  6 12:46:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=09c97848d34ad4dbaa6324be5a522df8e425b432
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:51:a9:18:5a:ab:ae:aa:7c:74:72:a0:1b:d3:
                    98:77:0f:c1:26:bf:77:26:56:68:66:12:ba:f2:72:
                    8a:66:ee:0b:b7:31:01:67:ac:12:12:0a:56:cc:5a:
                    b4:16:fa:0f:fe:ab:78:00:04:f9:ba:1f:ba:2b:d1:
                    70:e9:72:36:07:e4:ed:3c:e1:34:b9:3c:13:a2:62:
                    8f:d9:0e:cf:dc:e2:e4:2b:c8:38:0b:c1:78:7d:ea:
                    18:2c:e1:a5:d8:40:73:63:54:c3:23:31:51:e4:33:
                    38:95:0f:38:0d:1c:27:30:80:cf:cc:da:50:a0:c9:
                    3e:2b:38:41:0b:2e:78:51:86:f4:14:a4:a1:ab:b5:
                    9f:c5:64:33:7f:74:29:2d:a0:02:36:b7:4f:63:d6:
                    ca:57:aa:df:ec:30:f9:6a:86:cb:72:89:bd:6e:d9:
                    1d:57:9f:67:88:98:96:42:1b:ef:82:56:f5:41:30:
                    c2:f7:6b:66:e2:75:50:3e:ad:35:6a:ff:39:a4:8c:
                    ef:ad:e8:ad:25:c1:86:c5:5e:1a:bb:13:3a:94:f7:
                    b3:68:d8:f7:90:f7:c2:dc:24:c0:ac:29:5d:6a:e4:
                    fd:ea:58:64:b7:e8:5f:db:32:8e:54:78:7c:57:63:
                    00:0d:a4:52:12:c5:25:5d:dd:af:95:d7:68:b9:d3:
                    28:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:C9:78:48:D3:4A:D4:DB:AA:63:24:BE:5A:52:2D:F8:E4:25:B4:32
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/Ccl4SNNK1NuqYyS-WlIt-OQltDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:73:da:eb:ac:e5:b1:de:72:a1:c2:13:94:5d:f6:0a:07:ad:
         87:7c:6f:4f:73:1c:87:0d:09:5e:77:13:e3:ed:4c:c8:17:35:
         ca:30:45:22:c2:78:8b:f1:3c:f6:21:36:98:6c:1c:c3:f3:29:
         d4:6c:3d:6a:53:4b:62:02:88:46:3f:b0:20:ec:76:bb:0c:27:
         5e:01:c7:78:0f:97:c3:3c:7a:d4:79:7e:17:8d:dc:0c:f5:7f:
         d3:10:93:f9:b9:11:43:b2:d9:49:ad:62:5b:6d:e0:c5:fe:3f:
         04:b2:f1:b3:a7:2d:99:b7:72:51:ea:25:47:40:83:be:e6:7b:
         bf:64:d7:4a:f0:c3:e4:d3:00:95:ac:43:c2:a7:64:fe:25:9c:
         2a:4f:4d:c2:4a:4b:3d:3b:a6:27:f5:d6:54:7e:d8:4c:d1:c0:
         7f:69:ff:6d:6a:6a:ca:2e:92:99:5f:54:56:f1:59:bc:2d:3e:
         35:22:c3:c1:70:eb:8b:e2:fc:3e:8f:45:6f:0a:20:b0:d8:f9:
         3c:b9:f7:1a:f7:69:3d:85:8e:02:21:92:10:db:47:57:44:e3:
         75:e1:56:a1:2d:9e:c9:d0:b5:c0:d7:7b:cd:d7:d9:7b:5e:95:
         01:85:65:9b:c5:b3:78:ce:85:af:ae:cc:c0:a7:9a:3c:e5:41:
         79:ba:af:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4TzKBuR00WUkGYUjKyBBJqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjQwMzA2MTI0NjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWM5Nzg0OGQzNGFkNGRiYWE2MzI0YmU1YTUyMmRmOGU0MjViNDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAulGpGFqrrqp8dHKgG9OYdw/BJr93
JlZoZhK68nKKZu4LtzEBZ6wSEgpWzFq0FvoP/qt4AAT5uh+6K9Fw6XI2B+TtPOE0
uTwTomKP2Q7P3OLkK8g4C8F4feoYLOGl2EBzY1TDIzFR5DM4lQ84DRwnMIDPzNpQ
oMk+KzhBCy54UYb0FKShq7WfxWQzf3QpLaACNrdPY9bKV6rf7DD5aobLcom9btkd
V59niJiWQhvvglb1QTDC92tm4nVQPq01av85pIzvreitJcGGxV4auxM6lPezaNj3
kPfC3CTArCldauT96lhkt+hf2zKOVHh8V2MADaRSEsUlXd2vlddoudMoLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAnJeEjTStTbqmMkvlpSLfjkJbQyMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvQ2NsNFNOTksxTnVxWXlTLVdsSXQtT1FsdERJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjrqMA0G
CSqGSIb3DQEBCwUAA4IBAQAxc9rrrOWx3nKhwhOUXfYKB62HfG9PcxyHDQledxPj
7UzIFzXKMEUiwniL8Tz2ITaYbBzD8ynUbD1qU0tiAohGP7Ag7Ha7DCdeAcd4D5fD
PHrUeX4XjdwM9X/TEJP5uRFDstlJrWJbbeDF/j8EsvGzpy2Zt3JR6iVHQIO+5nu/
ZNdK8MPk0wCVrEPCp2T+JZwqT03CSks9O6Yn9dZUfthM0cB/af9tamrKLpKZX1RW
8Vm8LT41IsPBcOuL4vw+j0VvCiCw2Pk8ufca92k9hY4CIZIQ20dXRON14VahLZ7J
0LXA13vN19l7XpUBhWWbxbN4zoWvrszAp5o85UF5uq8W
-----END CERTIFICATE-----