Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/Vedd31K36BW0FtFdJmgu7RtebZ0.roa
File:                     Vedd31K36BW0FtFdJmgu7RtebZ0.roa (raw, json)
Hash identifier:          UL6Hnivw/B+oxS5q55F7qNNs7Ynb0wMF1mBZUl4ggtM=
Subject key identifier:   55:E7:5D:DF:52:B7:E8:15:B4:16:D1:5D:26:68:2E:ED:1B:5E:6D:9D
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       01942827F0447C7DF4657951D67580946A43
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/Vedd31K36BW0FtFdJmgu7RtebZ0.roa
Signing time:             Thu 02 Jan 2025 17:54:53 +0000
ROA not before:           Thu 02 Jan 2025 17:54:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200017
IP address blocks:        2.58.232.0/24 maxlen: 24
                          2.58.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:f0:44:7c:7d:f4:65:79:51:d6:75:80:94:6a:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Jan  2 17:54:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=55e75ddf52b7e815b416d15d26682eed1b5e6d9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:b0:ef:61:93:d8:32:52:a0:b3:5b:c6:43:51:
                    e7:d3:60:39:42:4c:3e:e9:9d:24:b0:52:47:76:6f:
                    4d:b7:d4:08:50:73:40:bc:b1:0f:b8:8f:f8:36:9c:
                    5b:b3:86:7b:fe:5f:b2:38:29:80:b1:a6:af:24:8d:
                    dd:af:9a:41:65:28:fa:ee:26:6c:07:96:6d:fa:58:
                    4a:93:0c:d4:81:fc:e4:e0:bf:6d:36:dc:2b:81:7b:
                    69:d9:6b:20:6c:80:a6:bd:8b:fc:8f:b9:88:6c:21:
                    96:b3:42:0b:10:e8:78:a5:82:7e:b3:fc:f0:05:ec:
                    b5:bf:be:0e:12:fe:dd:6d:b8:96:95:aa:95:25:da:
                    b2:73:81:46:59:30:4f:0c:fb:20:2a:f1:42:4a:c7:
                    7d:ec:6a:60:38:fc:d2:35:05:0e:7a:99:b8:38:cc:
                    c0:de:46:15:2f:1c:a1:4f:cb:b0:54:48:6a:18:82:
                    eb:33:94:1a:95:8b:4a:14:60:dd:32:67:e5:60:8b:
                    5b:4c:91:e6:55:f2:8d:11:47:59:46:aa:c4:9d:89:
                    10:84:00:ae:a1:20:d2:cc:ab:84:04:a1:c9:08:70:
                    c7:aa:c4:3b:e4:ac:17:28:41:dd:91:a6:8c:da:e9:
                    96:f9:16:f1:13:e4:ff:2c:d6:3b:71:f8:40:54:11:
                    4b:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:E7:5D:DF:52:B7:E8:15:B4:16:D1:5D:26:68:2E:ED:1B:5E:6D:9D
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/Vedd31K36BW0FtFdJmgu7RtebZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.232.0/24
                  2.58.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:62:64:d1:81:63:af:52:cc:46:f9:29:48:e1:73:f4:0a:cc:
         d6:62:08:26:a6:c5:37:79:38:90:c6:31:02:d9:dc:a9:06:16:
         eb:56:8b:3d:b0:f6:43:ee:e1:d9:ed:c5:0c:6f:8e:a4:65:56:
         9d:81:8b:a8:58:c2:e5:cf:5e:13:04:ff:d0:ac:d5:90:93:d6:
         70:db:f0:8f:0d:df:80:50:53:34:6b:bf:f8:85:8d:74:9d:6a:
         af:aa:ae:86:54:6d:9a:c5:f3:bc:95:dc:25:52:ee:07:e1:a7:
         c5:45:7a:12:45:70:84:9d:eb:51:1c:cb:08:32:95:28:f9:e6:
         15:54:21:c7:90:94:00:9d:d3:cc:68:3d:6e:dd:09:00:db:b7:
         b4:cf:55:52:4d:b2:4e:37:96:11:33:78:5c:0c:40:03:ff:a8:
         c2:1e:16:54:09:c3:97:4c:91:20:cf:31:c5:3c:5a:85:b7:98:
         e6:45:b7:7c:01:47:67:19:07:a2:70:0d:f9:97:9c:1d:d5:f6:
         b9:98:92:05:19:81:aa:97:3b:55:3d:27:93:8b:b7:30:ae:1a:
         ea:e8:37:47:e2:a5:45:88:cd:f3:01:f7:0d:01:1c:82:64:aa:
         81:9c:8a:a2:57:c0:94:36:fd:8a:b9:59:ce:1d:18:f0:04:9b:
         70:3c:3a:75
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoJ/BEfH30ZXlR1nWAlGpDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjUwMTAyMTc1NDUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWU3NWRkZjUyYjdlODE1YjQxNmQxNWQyNjY4MmVlZDFiNWU2ZDlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7DvYZPYMlKgs1vGQ1Hn02A5Qkw+
6Z0ksFJHdm9Nt9QIUHNAvLEPuI/4Npxbs4Z7/l+yOCmAsaavJI3dr5pBZSj67iZs
B5Zt+lhKkwzUgfzk4L9tNtwrgXtp2WsgbICmvYv8j7mIbCGWs0ILEOh4pYJ+s/zw
Bey1v74OEv7dbbiWlaqVJdqyc4FGWTBPDPsgKvFCSsd97GpgOPzSNQUOepm4OMzA
3kYVLxyhT8uwVEhqGILrM5QalYtKFGDdMmflYItbTJHmVfKNEUdZRqrEnYkQhACu
oSDSzKuEBKHJCHDHqsQ75KwXKEHdkaaM2umW+RbxE+T/LNY7cfhAVBFLywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFXnXd9St+gVtBbRXSZoLu0bXm2dMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvVmVkZDMxSzM2QlcwRnRGZEptZ3U3UnRlYlowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAjroAwQA
AjrqMA0GCSqGSIb3DQEBCwUAA4IBAQBjYmTRgWOvUsxG+SlI4XP0CszWYggmpsU3
eTiQxjEC2dypBhbrVos9sPZD7uHZ7cUMb46kZVadgYuoWMLlz14TBP/QrNWQk9Zw
2/CPDd+AUFM0a7/4hY10nWqvqq6GVG2axfO8ldwlUu4H4afFRXoSRXCEnetRHMsI
MpUo+eYVVCHHkJQAndPMaD1u3QkA27e0z1VSTbJON5YRM3hcDEAD/6jCHhZUCcOX
TJEgzzHFPFqFt5jmRbd8AUdnGQeicA35l5wd1fa5mJIFGYGqlztVPSeTi7cwrhrq
6DdH4qVFiM3zAfcNARyCZKqBnIqiV8CUNv2KuVnOHRjwBJtwPDp1
-----END CERTIFICATE-----