Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/edaefe-c870-4147-9e3b-c799d6d6144a/1/x_ZIT4T3tcux8Be1pDOp1p2gxYE.roa
File:                     x_ZIT4T3tcux8Be1pDOp1p2gxYE.roa (raw, json)
Hash identifier:          g5G3oOg2XZaIbh4MRw4CKKu68m3Axa/0GOeZXMrazCI=
Subject key identifier:   C7:F6:48:4F:84:F7:B5:CB:B1:F0:17:B5:A4:33:A9:D6:9D:A0:C5:81
Certificate issuer:       /CN=9029ad22579a6805c1ff8b1ee5d735290c01340b
Certificate serial:       018CC4244B4FF1555289E91152D41BB52E79
Authority key identifier: 90:29:AD:22:57:9A:68:05:C1:FF:8B:1E:E5:D7:35:29:0C:01:34:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kCmtIleaaAXB_4se5dc1KQwBNAs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/edaefe-c870-4147-9e3b-c799d6d6144a/1/x_ZIT4T3tcux8Be1pDOp1p2gxYE.roa
Signing time:             Mon 01 Jan 2024 08:29:22 +0000
ROA not before:           Mon 01 Jan 2024 08:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210145
IP address blocks:        193.168.58.0/24 maxlen: 24
                          193.168.58.0/23 maxlen: 23
                          193.168.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/edaefe-c870-4147-9e3b-c799d6d6144a/1/kCmtIleaaAXB_4se5dc1KQwBNAs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/edaefe-c870-4147-9e3b-c799d6d6144a/1/kCmtIleaaAXB_4se5dc1KQwBNAs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kCmtIleaaAXB_4se5dc1KQwBNAs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 13:03:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:4b:4f:f1:55:52:89:e9:11:52:d4:1b:b5:2e:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9029ad22579a6805c1ff8b1ee5d735290c01340b
        Validity
            Not Before: Jan  1 08:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7f6484f84f7b5cbb1f017b5a433a9d69da0c581
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:47:6d:4f:e2:fa:2b:38:55:ac:10:fa:22:c5:
                    b0:16:ac:63:94:e1:f0:9d:b3:61:13:76:36:80:23:
                    04:6d:46:8c:4d:c6:a8:e6:f4:6a:ec:79:7a:fd:32:
                    69:af:a4:19:67:46:b7:b9:f4:95:21:bd:0f:f8:a8:
                    13:44:81:78:34:b3:a6:cd:fd:9f:ed:06:f2:a1:85:
                    32:23:50:f0:36:8c:11:dd:06:15:2b:3a:05:f3:ce:
                    8d:18:37:14:de:f6:4e:c0:2a:9d:41:81:7c:50:b1:
                    19:06:df:70:3b:5b:ea:cf:f6:ce:5a:8f:23:de:62:
                    9c:26:4d:06:cf:32:bd:62:bf:e9:06:da:c2:ff:c0:
                    6f:d0:61:0a:54:5b:af:5f:92:cd:1f:15:9d:fd:d9:
                    ff:a0:dd:91:e8:bc:97:a9:16:4e:0c:85:d9:ec:ba:
                    fa:4a:5f:67:d6:ae:96:e9:93:a0:53:05:a0:78:28:
                    9f:6c:b9:42:e7:72:ca:95:ab:ef:16:b0:17:3e:df:
                    37:6f:e9:d0:9e:10:df:90:79:c7:89:6a:a1:5b:e0:
                    dc:81:a9:d3:21:6a:9e:6b:b3:ef:0b:51:c1:20:24:
                    0e:64:ff:0d:8f:cb:02:d4:76:cc:52:26:18:17:fb:
                    d8:94:57:37:bf:40:56:c5:f3:81:40:81:33:00:54:
                    c1:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:F6:48:4F:84:F7:B5:CB:B1:F0:17:B5:A4:33:A9:D6:9D:A0:C5:81
            X509v3 Authority Key Identifier:
                keyid:90:29:AD:22:57:9A:68:05:C1:FF:8B:1E:E5:D7:35:29:0C:01:34:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kCmtIleaaAXB_4se5dc1KQwBNAs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/edaefe-c870-4147-9e3b-c799d6d6144a/1/x_ZIT4T3tcux8Be1pDOp1p2gxYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/edaefe-c870-4147-9e3b-c799d6d6144a/1/kCmtIleaaAXB_4se5dc1KQwBNAs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.168.58.0/23

    Signature Algorithm: sha256WithRSAEncryption
         45:00:90:24:ea:5b:f7:97:78:12:9c:b5:e8:f7:48:49:9f:5a:
         bb:27:8a:1b:5e:03:9f:a1:91:01:0f:11:d2:0b:29:39:7b:ea:
         5c:af:0d:01:1b:9e:57:e3:01:0d:dd:f2:10:59:c6:d9:88:f9:
         b2:52:e2:6a:d0:be:33:b9:3c:b2:7b:9c:61:77:ee:51:c1:59:
         f2:d4:fd:a2:98:ed:40:7d:4b:3d:42:e7:fa:52:7f:28:d6:37:
         f4:3d:73:4c:63:ca:44:8c:44:d4:e7:83:7f:63:8d:33:1d:f6:
         fb:44:5a:10:3d:8d:97:d3:83:8c:39:1f:9b:9f:ba:2f:1c:c9:
         63:f1:e9:f3:08:3e:8f:b7:2c:90:bd:bd:29:e4:c3:0c:3d:d4:
         bf:ff:4e:84:57:8f:fc:76:8d:06:52:42:ca:d0:6d:26:8a:39:
         25:63:3d:23:33:d9:62:49:77:bd:ea:4e:15:db:35:a4:a5:dc:
         8f:69:12:e3:6e:a8:7a:b3:43:e5:eb:cf:53:3a:31:16:d6:fa:
         ef:39:4f:20:40:f9:87:70:8f:07:cb:0e:61:b2:90:9f:97:da:
         07:48:74:d6:07:dc:b3:93:8d:20:c2:78:ea:a6:9b:1e:f3:f0:
         21:2e:ca:bb:f4:9b:38:3b:5a:51:e4:41:e8:5b:29:3e:53:f5:
         3e:ea:e6:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJEtP8VVSiekRUtQbtS55MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwMjlhZDIyNTc5YTY4MDVjMWZmOGIxZWU1ZDczNTI5MGMw
MTM0MGIwHhcNMjQwMTAxMDgyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2Y2NDg0Zjg0ZjdiNWNiYjFmMDE3YjVhNDMzYTlkNjlkYTBjNTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0dtT+L6KzhVrBD6IsWwFqxjlOHw
nbNhE3Y2gCMEbUaMTcao5vRq7Hl6/TJpr6QZZ0a3ufSVIb0P+KgTRIF4NLOmzf2f
7QbyoYUyI1DwNowR3QYVKzoF886NGDcU3vZOwCqdQYF8ULEZBt9wO1vqz/bOWo8j
3mKcJk0GzzK9Yr/pBtrC/8Bv0GEKVFuvX5LNHxWd/dn/oN2R6LyXqRZODIXZ7Lr6
Sl9n1q6W6ZOgUwWgeCifbLlC53LKlavvFrAXPt83b+nQnhDfkHnHiWqhW+DcganT
IWqea7PvC1HBICQOZP8Nj8sC1HbMUiYYF/vYlFc3v0BWxfOBQIEzAFTBEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMf2SE+E97XLsfAXtaQzqdadoMWBMB8GA1UdIwQY
MBaAFJAprSJXmmgFwf+LHuXXNSkMATQLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0NtdElsZWFhQVhCXzRzZTVkYzFLUXdCTkFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9lZGFlZmUtYzg3MC00MTQ3LTllM2It
Yzc5OWQ2ZDYxNDRhLzEveF9aSVQ0VDN0Y3V4OEJlMXBET3AxcDJneFlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9lZGFlZmUtYzg3MC00MTQ3LTllM2ItYzc5OWQ2ZDYxNDRh
LzEva0NtdElsZWFhQVhCXzRzZTVkYzFLUXdCTkFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwag6MA0G
CSqGSIb3DQEBCwUAA4IBAQBFAJAk6lv3l3gSnLXo90hJn1q7J4obXgOfoZEBDxHS
Cyk5e+pcrw0BG55X4wEN3fIQWcbZiPmyUuJq0L4zuTyye5xhd+5RwVny1P2imO1A
fUs9Quf6Un8o1jf0PXNMY8pEjETU54N/Y40zHfb7RFoQPY2X04OMOR+bn7ovHMlj
8enzCD6PtyyQvb0p5MMMPdS//06EV4/8do0GUkLK0G0mijklYz0jM9liSXe96k4V
2zWkpdyPaRLjbqh6s0Pl689TOjEW1vrvOU8gQPmHcI8Hyw5hspCfl9oHSHTWB9yz
k40gwnjqppse8/AhLsq79Js4O1pR5EHoWyk+U/U+6uaU
-----END CERTIFICATE-----