Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/d6ubA2lQHckYmvj-x8m0dB0QyQE.roa
File:                     d6ubA2lQHckYmvj-x8m0dB0QyQE.roa (raw, json)
Hash identifier:          0f/sB0sPR/6A6zXbkuFbUmXNSLlWIs2mILrHMGJ3ZEg=
Subject key identifier:   77:AB:9B:03:69:50:1D:C9:18:9A:F8:FE:C7:C9:B4:74:1D:10:C9:01
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       018E0063DCC5AEEA868A6976D365A5C9CB43
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/d6ubA2lQHckYmvj-x8m0dB0QyQE.roa
Signing time:             Sat 02 Mar 2024 18:18:48 +0000
ROA not before:           Sat 02 Mar 2024 18:18:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12676
IP address blocks:        2.58.54.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 04:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:00:63:dc:c5:ae:ea:86:8a:69:76:d3:65:a5:c9:cb:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Mar  2 18:18:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77ab9b0369501dc9189af8fec7c9b4741d10c901
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:fc:46:16:ed:ec:4d:f1:26:36:db:ca:d4:27:
                    0b:57:96:ab:54:a4:8c:ed:87:17:a8:b0:d4:a0:35:
                    86:78:60:4b:e7:61:0e:93:72:33:35:c9:0b:42:8c:
                    90:3e:12:3b:76:9d:1a:45:3c:f2:25:0c:80:59:b8:
                    80:00:5a:02:0a:d7:ce:56:b6:76:11:76:74:4c:8e:
                    2f:e5:6d:76:af:2d:b4:8e:56:88:9f:43:93:5a:c5:
                    5a:ec:c0:92:85:5f:4b:85:6e:0b:a6:29:9b:c1:08:
                    79:0d:cd:0e:3d:86:3b:db:2f:c6:c3:91:28:00:5e:
                    a2:31:5a:6c:83:94:77:79:45:de:5a:05:4d:57:6d:
                    68:64:33:e2:d6:10:9c:87:a7:1a:90:15:ab:55:f9:
                    fc:81:93:0c:07:66:99:57:cc:8a:eb:da:5f:f9:67:
                    79:0c:e8:b0:3c:64:3d:f6:66:d8:9f:79:b2:37:47:
                    64:33:cc:92:0f:10:8e:d9:04:ff:a6:ff:b8:bf:75:
                    fc:3b:1c:4a:b0:25:5d:2b:a1:d8:12:3c:56:ca:8d:
                    c5:7c:2a:ff:8f:2c:bc:82:b1:2b:86:07:01:1e:6b:
                    35:c5:d6:7c:5d:d5:41:1a:c0:3c:9e:f8:65:f7:31:
                    22:58:ac:a7:f3:6c:87:20:5b:31:56:42:0a:53:8c:
                    b4:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:AB:9B:03:69:50:1D:C9:18:9A:F8:FE:C7:C9:B4:74:1D:10:C9:01
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/d6ubA2lQHckYmvj-x8m0dB0QyQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:a4:ea:0b:df:36:2e:a8:f4:cc:21:bd:02:96:3b:28:7e:57:
         ea:4d:9c:d5:f7:77:ab:1a:12:eb:ac:94:9a:77:0e:37:71:e2:
         b6:32:42:b6:67:65:32:42:f4:21:6b:46:60:25:f7:a1:7f:df:
         be:2c:f1:8f:cd:47:a2:ff:24:e5:d8:3c:a7:df:66:70:b9:0a:
         9b:3f:d0:ed:3c:e1:fb:93:d5:d4:ad:55:9b:51:d7:7f:5a:82:
         ba:db:3a:47:16:45:d6:97:ce:ba:bf:96:4d:91:3a:55:51:52:
         38:9c:8c:5a:8a:ce:1d:a2:b3:2d:2f:d9:50:63:b3:dd:e7:4e:
         bd:1f:1c:1d:10:68:ca:57:94:49:bb:24:54:20:ae:89:b0:74:
         98:0d:54:28:fd:4b:67:07:2d:0b:60:dc:e3:d7:bf:3c:14:f0:
         67:96:72:92:a7:ef:44:05:34:76:71:54:1f:49:f7:f9:dc:07:
         df:c4:ff:3d:10:6d:8d:be:ec:ee:45:be:78:f5:79:cb:44:1a:
         11:b4:f6:15:60:90:e9:be:6b:d1:33:52:aa:7e:b8:d3:33:c8:
         7f:e1:53:12:f7:19:fb:b0:34:9a:f5:46:fa:05:94:a6:50:4b:
         fa:fe:cf:89:89:3d:4a:68:63:ba:98:0e:95:a0:af:19:8a:c4:
         3d:05:b7:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4AY9zFruqGiml202WlyctDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjQwMzAyMTgxODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2FiOWIwMzY5NTAxZGM5MTg5YWY4ZmVjN2M5YjQ3NDFkMTBjOTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfxGFu3sTfEmNtvK1CcLV5arVKSM
7YcXqLDUoDWGeGBL52EOk3IzNckLQoyQPhI7dp0aRTzyJQyAWbiAAFoCCtfOVrZ2
EXZ0TI4v5W12ry20jlaIn0OTWsVa7MCShV9LhW4LpimbwQh5Dc0OPYY72y/Gw5Eo
AF6iMVpsg5R3eUXeWgVNV21oZDPi1hCch6cakBWrVfn8gZMMB2aZV8yK69pf+Wd5
DOiwPGQ99mbYn3myN0dkM8ySDxCO2QT/pv+4v3X8OxxKsCVdK6HYEjxWyo3FfCr/
jyy8grErhgcBHms1xdZ8XdVBGsA8nvhl9zEiWKyn82yHIFsxVkIKU4y0nQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHermwNpUB3JGJr4/sfJtHQdEMkBMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEvZDZ1YkEybFFIY2tZbXZqLXg4bTBkQjBReVFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjo2MA0G
CSqGSIb3DQEBCwUAA4IBAQBwpOoL3zYuqPTMIb0CljsoflfqTZzV93erGhLrrJSa
dw43ceK2MkK2Z2UyQvQha0ZgJfehf9++LPGPzUei/yTl2Dyn32ZwuQqbP9DtPOH7
k9XUrVWbUdd/WoK62zpHFkXWl866v5ZNkTpVUVI4nIxais4dorMtL9lQY7Pd5069
HxwdEGjKV5RJuyRUIK6JsHSYDVQo/UtnBy0LYNzj1788FPBnlnKSp+9EBTR2cVQf
Sff53AffxP89EG2NvuzuRb549XnLRBoRtPYVYJDpvmvRM1KqfrjTM8h/4VMS9xn7
sDSa9Ub6BZSmUEv6/s+JiT1KaGO6mA6VoK8ZisQ9Bbe5
-----END CERTIFICATE-----