Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/1-J4G0KJk4DEjR9cJjx4WtTODxqk.roa
File:                     1-J4G0KJk4DEjR9cJjx4WtTODxqk.roa (raw, json)
Hash identifier:          WECEbBWmrNH0y6xTH/fIx6mfOZgfgQF0CPXg1KafPGE=
Subject key identifier:   F8:9E:06:D0:A2:64:E0:31:23:47:D7:09:8F:1E:16:B5:33:83:C6:A9
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       0194258FA4171D66E5E18CCFBFC33952BB3C
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/1-J4G0KJk4DEjR9cJjx4WtTODxqk.roa
Signing time:             Thu 02 Jan 2025 05:49:18 +0000
ROA not before:           Thu 02 Jan 2025 05:49:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208626
IP address blocks:        2.58.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 10:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:a4:17:1d:66:e5:e1:8c:cf:bf:c3:39:52:bb:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 05:49:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f89e06d0a264e0312347d7098f1e16b53383c6a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:d1:d5:0e:4d:ba:58:e5:3b:d2:fb:69:fd:08:
                    64:1f:c2:5f:e1:ce:04:47:6d:75:a4:a4:0d:f1:1b:
                    09:70:ee:72:be:cf:35:e1:2d:ea:88:c3:c2:32:b0:
                    b0:21:22:a6:44:43:f6:9b:90:80:e8:41:1a:96:aa:
                    ec:e1:fd:1f:66:bb:9c:75:34:39:2e:ae:07:df:90:
                    8a:8c:62:49:68:6e:ec:5d:2e:61:c5:ec:cb:f2:ea:
                    3b:ab:5b:cd:75:8b:b3:2d:2e:0b:89:6e:9b:b3:79:
                    b1:5b:53:6a:08:69:66:24:01:46:3e:d6:40:06:1c:
                    94:44:27:05:14:6a:fa:15:08:8e:27:23:94:be:79:
                    53:c5:9f:b0:ba:9d:1d:ad:47:22:18:0a:97:04:e6:
                    b5:dc:5a:f5:d8:bb:9c:c4:d2:f3:5b:1b:5d:a3:6b:
                    4a:9b:1e:ed:49:d8:e8:9f:46:fd:1d:89:43:a5:90:
                    90:4b:17:bd:8a:fe:07:a0:53:29:ae:98:8b:6b:34:
                    ae:44:72:46:59:0b:04:7d:f1:09:25:2e:83:ff:f7:
                    da:d0:cd:24:fc:57:87:8c:69:b9:37:e3:75:fe:a2:
                    75:65:ce:c5:e9:05:39:08:ce:31:bb:b7:4c:7a:4a:
                    61:ae:85:dc:2b:89:57:e4:e9:59:60:6c:27:ab:9f:
                    25:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:9E:06:D0:A2:64:E0:31:23:47:D7:09:8F:1E:16:B5:33:83:C6:A9
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/1-J4G0KJk4DEjR9cJjx4WtTODxqk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:53:65:ba:a8:a7:d2:99:e6:be:38:d4:87:52:45:dd:5f:58:
         e9:de:cc:e6:7e:58:c0:36:24:07:f1:9c:06:77:f4:60:da:4a:
         0a:7d:a2:f9:d2:46:63:12:ea:fb:6b:1a:a0:c3:91:a0:27:3f:
         b9:0a:ea:7f:a9:be:7e:04:23:a7:14:d6:12:bf:be:f2:83:8f:
         c3:5a:81:66:f9:48:7e:d6:51:42:70:bf:78:a6:72:e8:5f:e9:
         ac:05:95:78:de:db:b6:a2:5b:66:e1:b4:05:81:64:3c:e2:25:
         e3:62:2a:f7:d5:51:10:e4:cf:02:07:6a:9d:77:0c:ee:15:9c:
         76:10:f2:c0:24:a7:f1:b8:d2:2d:75:c4:80:4c:75:79:d3:6a:
         6e:2b:60:fc:6f:fd:34:de:8e:d2:cb:aa:28:ba:ea:9a:54:c7:
         fd:0e:8c:f8:f0:bb:a0:bf:55:5e:41:d3:54:97:3d:e5:95:08:
         90:0a:ec:57:3d:39:0f:d3:72:6c:a9:ce:0b:b6:f6:83:7e:c4:
         20:25:79:ac:19:4d:6d:8d:81:da:1a:1a:50:eb:61:78:6f:b1:
         c7:5b:80:d7:10:e0:a8:f4:11:23:c0:29:70:4c:12:13:60:b5:
         e3:90:85:d3:40:32:05:2b:0b:03:82:af:75:73:18:98:b4:cd:
         1c:06:70:78
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQlj6QXHWbl4YzPv8M5Urs8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjUwMTAyMDU0OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODllMDZkMGEyNjRlMDMxMjM0N2Q3MDk4ZjFlMTZiNTMzODNjNmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9HVDk26WOU70vtp/QhkH8Jf4c4E
R211pKQN8RsJcO5yvs814S3qiMPCMrCwISKmREP2m5CA6EEalqrs4f0fZrucdTQ5
Lq4H35CKjGJJaG7sXS5hxezL8uo7q1vNdYuzLS4LiW6bs3mxW1NqCGlmJAFGPtZA
BhyURCcFFGr6FQiOJyOUvnlTxZ+wup0drUciGAqXBOa13Fr12LucxNLzWxtdo2tK
mx7tSdjon0b9HYlDpZCQSxe9iv4HoFMprpiLazSuRHJGWQsEffEJJS6D//fa0M0k
/FeHjGm5N+N1/qJ1Zc7F6QU5CM4xu7dMekphroXcK4lX5OlZYGwnq58lywIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPieBtCiZOAxI0fXCY8eFrUzg8apMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvMS1KNEcwS0prNERFalI5Y0pqeDRXdFRPRHhxay5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTAvNTNjN2I4LTVlNGItNDlmZC04YzkxLWJhOThmMTEyMjEy
MS8xL1lZUjQ4WmotVnBBUXc5OWlHUlF2VXd4UFhsWS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAI6YjAN
BgkqhkiG9w0BAQsFAAOCAQEAZ1Nluqin0pnmvjjUh1JF3V9Y6d7M5n5YwDYkB/Gc
Bnf0YNpKCn2i+dJGYxLq+2saoMORoCc/uQrqf6m+fgQjpxTWEr++8oOPw1qBZvlI
ftZRQnC/eKZy6F/prAWVeN7btqJbZuG0BYFkPOIl42Iq99VREOTPAgdqnXcM7hWc
dhDywCSn8bjSLXXEgEx1edNqbitg/G/9NN6O0suqKLrqmlTH/Q6M+PC7oL9VXkHT
VJc95ZUIkArsVz05D9NybKnOC7b2g37EICV5rBlNbY2B2hoaUOtheG+xx1uA1xDg
qPQRI8ApcEwSE2C145CF00AyBSsLA4KvdXMYmLTNHAZweA==
-----END CERTIFICATE-----