Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/obbszcYkCz5Yv3qsS-2s2wNWl4c.roa
File:                     obbszcYkCz5Yv3qsS-2s2wNWl4c.roa (raw, json)
Hash identifier:          A2gZPzcUTWVZ6Aii4UHNsrIysEgvTAW27r+hKXLS160=
Subject key identifier:   A1:B6:EC:CD:C6:24:0B:3E:58:BF:7A:AC:4B:ED:AC:DB:03:56:97:87
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       01909B9558B40DF69FC90A5F733CDF0D9393
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/obbszcYkCz5Yv3qsS-2s2wNWl4c.roa
Signing time:             Wed 10 Jul 2024 07:39:34 +0000
ROA not before:           Wed 10 Jul 2024 07:39:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212335
IP address blocks:        2.58.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:9b:95:58:b4:0d:f6:9f:c9:0a:5f:73:3c:df:0d:93:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Jul 10 07:39:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1b6eccdc6240b3e58bf7aac4bedacdb03569787
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:44:13:e0:0f:5a:ba:57:2b:1a:31:48:66:ce:
                    2c:e9:36:56:00:e1:64:9b:37:c5:60:91:00:78:c0:
                    31:ea:cb:41:8e:72:3f:74:9f:64:bb:04:05:4d:b8:
                    53:46:3d:06:69:29:6c:eb:e2:d5:80:23:25:a8:e0:
                    c5:87:fc:6b:b3:19:4c:bf:a2:74:85:24:a9:e6:95:
                    9b:8e:73:af:b7:a3:45:d8:c1:00:eb:71:81:08:af:
                    40:ef:ed:e9:4d:b3:6a:c6:08:64:c6:83:36:0e:44:
                    ea:df:7b:7f:96:af:cf:23:32:d6:f6:16:93:37:95:
                    da:3d:9a:6e:cb:5b:9e:5c:16:4e:c3:1b:83:f5:4d:
                    e9:d3:b4:d6:07:bd:13:17:1a:7e:72:8b:2f:f1:d4:
                    7f:45:50:53:03:d6:00:7d:43:17:d5:11:c0:b0:cc:
                    66:b2:97:d9:8b:b2:c9:1b:2e:16:1a:5b:a3:07:ee:
                    15:97:5c:59:c0:7c:75:a4:91:29:f3:a5:9b:d2:f0:
                    8e:90:58:e5:f6:48:b1:9a:06:02:ab:ea:ae:ae:96:
                    d2:2d:69:8a:af:24:09:07:1f:63:61:49:f7:d1:5c:
                    d9:83:72:8c:6b:3f:7a:61:c2:aa:11:62:ef:3e:7e:
                    b7:f2:16:b1:76:16:26:68:13:57:b8:93:46:63:89:
                    a7:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:B6:EC:CD:C6:24:0B:3E:58:BF:7A:AC:4B:ED:AC:DB:03:56:97:87
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/obbszcYkCz5Yv3qsS-2s2wNWl4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:23:1d:a0:e0:1c:8a:fe:55:06:d2:9b:11:ef:13:ef:d7:d8:
         0b:ca:6e:98:e7:ce:61:c1:e7:7c:6e:77:a1:3a:a6:b4:b2:a1:
         f3:6c:e4:4c:a5:a6:d3:ac:04:6b:c0:cb:53:d4:ff:16:44:48:
         86:c5:df:17:ba:f6:e3:b6:d7:2e:7f:77:a8:1f:73:76:d7:d6:
         e9:7a:1f:ea:13:ec:6a:1b:f9:17:a8:04:4b:61:ed:88:ed:de:
         89:b6:83:60:e3:a5:9d:15:d9:cb:22:54:db:fc:95:24:3d:77:
         f1:ee:d5:22:e2:cf:19:56:c7:4f:53:fb:a5:5e:c7:19:fe:d5:
         74:d7:17:36:51:64:53:f5:a2:58:04:d3:09:81:5a:c4:c9:b8:
         49:e1:7a:7b:17:0e:c8:bd:52:c2:4d:5e:ec:4e:f1:b4:09:41:
         f1:db:31:23:df:5f:dd:e6:da:9d:71:8f:1a:91:8c:54:d0:b8:
         53:b5:18:bf:33:1b:b1:61:41:28:fd:2c:b7:47:b2:63:e7:e0:
         b0:ef:21:d0:95:da:08:4c:0f:8a:11:3f:dd:19:f2:31:f0:32:
         cb:3c:4c:0a:91:35:54:a4:e6:89:34:14:16:0a:1a:77:a4:9e:
         f9:12:f1:1d:13:76:f8:1f:ae:99:07:d9:2a:bd:9c:99:12:9b:
         df:c5:78:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCblVi0DfafyQpfczzfDZOTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjQwNzEwMDczOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWI2ZWNjZGM2MjQwYjNlNThiZjdhYWM0YmVkYWNkYjAzNTY5Nzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0QT4A9aulcrGjFIZs4s6TZWAOFk
mzfFYJEAeMAx6stBjnI/dJ9kuwQFTbhTRj0GaSls6+LVgCMlqODFh/xrsxlMv6J0
hSSp5pWbjnOvt6NF2MEA63GBCK9A7+3pTbNqxghkxoM2DkTq33t/lq/PIzLW9haT
N5XaPZpuy1ueXBZOwxuD9U3p07TWB70TFxp+cosv8dR/RVBTA9YAfUMX1RHAsMxm
spfZi7LJGy4WGlujB+4Vl1xZwHx1pJEp86Wb0vCOkFjl9kixmgYCq+qurpbSLWmK
ryQJBx9jYUn30VzZg3KMaz96YcKqEWLvPn638haxdhYmaBNXuJNGY4mnBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKG27M3GJAs+WL96rEvtrNsDVpeHMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvb2Jic3pjWWtDejVZdjNxc1MtMnMyd05XbDRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjrpMA0G
CSqGSIb3DQEBCwUAA4IBAQAfIx2g4ByK/lUG0psR7xPv19gLym6Y585hwed8bneh
Oqa0sqHzbORMpabTrARrwMtT1P8WREiGxd8Xuvbjttcuf3eoH3N219bpeh/qE+xq
G/kXqARLYe2I7d6JtoNg46WdFdnLIlTb/JUkPXfx7tUi4s8ZVsdPU/ulXscZ/tV0
1xc2UWRT9aJYBNMJgVrEybhJ4Xp7Fw7IvVLCTV7sTvG0CUHx2zEj31/d5tqdcY8a
kYxU0LhTtRi/MxuxYUEo/Sy3R7Jj5+Cw7yHQldoITA+KET/dGfIx8DLLPEwKkTVU
pOaJNBQWChp3pJ75EvEdE3b4H66ZB9kqvZyZEpvfxXgX
-----END CERTIFICATE-----