Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/20dd04-abec-44c3-95eb-5e37d5587be5/1/0sP7TBnC3Diq6c23ctun0ofdEI0.roa
File:                     0sP7TBnC3Diq6c23ctun0ofdEI0.roa (raw, json)
Hash identifier:          yttEHfN1mSKO8NUgd9nMFrAwzDswWLCNaZ9jTYvwIvA=
Subject key identifier:   D2:C3:FB:4C:19:C2:DC:38:AA:E9:CD:B7:72:DB:A7:D2:87:DD:10:8D
Certificate issuer:       /CN=58bb6e2938a2251dc4384daf65efa520dc1a5882
Certificate serial:       018CC56EA019B8667594DFF58794D7B8554A
Authority key identifier: 58:BB:6E:29:38:A2:25:1D:C4:38:4D:AF:65:EF:A5:20:DC:1A:58:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WLtuKTiiJR3EOE2vZe-lINwaWII.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/20dd04-abec-44c3-95eb-5e37d5587be5/1/0sP7TBnC3Diq6c23ctun0ofdEI0.roa
Signing time:             Mon 01 Jan 2024 14:30:10 +0000
ROA not before:           Mon 01 Jan 2024 14:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137
IP address blocks:        137.204.0.0/16 maxlen: 16
                          130.136.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/20dd04-abec-44c3-95eb-5e37d5587be5/1/WLtuKTiiJR3EOE2vZe-lINwaWII.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/20dd04-abec-44c3-95eb-5e37d5587be5/1/WLtuKTiiJR3EOE2vZe-lINwaWII.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WLtuKTiiJR3EOE2vZe-lINwaWII.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:a0:19:b8:66:75:94:df:f5:87:94:d7:b8:55:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58bb6e2938a2251dc4384daf65efa520dc1a5882
        Validity
            Not Before: Jan  1 14:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2c3fb4c19c2dc38aae9cdb772dba7d287dd108d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:5d:32:99:9b:83:1d:68:a6:f9:f6:98:b6:d3:
                    bf:22:eb:16:23:b7:b6:97:56:59:6f:53:62:cd:e3:
                    70:82:45:cb:16:04:52:27:e8:80:35:c1:e5:fb:f8:
                    5a:6f:b4:b7:b7:f2:4b:e9:52:0d:94:bf:8f:83:c9:
                    a5:54:eb:34:e7:7a:16:e7:f6:10:f1:da:ab:00:e6:
                    d9:f5:88:49:1b:ba:18:cf:8a:ac:b5:52:b0:18:e0:
                    6d:b8:3b:b1:10:6b:31:26:b4:19:7a:c8:86:09:33:
                    f7:2d:51:90:8f:b3:b5:b1:c7:99:8e:e9:94:fa:2b:
                    a2:b6:bb:3a:8f:68:5a:8c:f5:f9:ec:a4:19:e1:54:
                    13:78:46:38:87:ee:23:03:91:20:74:ab:d4:a3:10:
                    65:91:2a:1a:98:7e:a9:e0:94:67:43:6e:53:c6:aa:
                    a2:54:c9:77:e0:4e:e9:5e:26:58:7f:65:34:09:c3:
                    dd:7c:df:7a:b5:7b:b5:6f:7e:9a:eb:48:b0:e1:0d:
                    46:8b:de:b5:13:6a:36:9e:80:d5:19:6f:f2:1d:2e:
                    0a:08:78:af:1b:01:a5:90:0c:1a:58:23:1d:71:d5:
                    47:0f:bb:86:d0:dc:e1:7c:7c:a4:a3:5a:85:5b:70:
                    94:d7:c6:2c:28:9a:17:f2:fe:46:43:6f:8f:be:75:
                    c5:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:C3:FB:4C:19:C2:DC:38:AA:E9:CD:B7:72:DB:A7:D2:87:DD:10:8D
            X509v3 Authority Key Identifier:
                keyid:58:BB:6E:29:38:A2:25:1D:C4:38:4D:AF:65:EF:A5:20:DC:1A:58:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WLtuKTiiJR3EOE2vZe-lINwaWII.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/20dd04-abec-44c3-95eb-5e37d5587be5/1/0sP7TBnC3Diq6c23ctun0ofdEI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/20dd04-abec-44c3-95eb-5e37d5587be5/1/WLtuKTiiJR3EOE2vZe-lINwaWII.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.136.0.0/16
                  137.204.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         83:e7:a2:15:a2:7c:5f:e9:69:18:50:1e:61:08:0b:53:b0:d4:
         30:8c:6e:59:1c:38:04:16:fe:c4:f7:29:81:c9:84:f6:d1:b7:
         10:33:49:14:d3:30:c5:75:4b:12:82:6d:3d:d1:19:01:a4:51:
         58:ac:44:76:f4:b8:7e:4f:c8:31:fa:de:3a:8a:34:b5:66:6d:
         bf:82:e9:17:f6:b2:60:9c:7e:86:8b:57:4a:fd:73:73:59:27:
         99:a7:44:19:e0:ea:36:3c:7f:d2:bb:f3:fd:5b:8b:8a:4e:90:
         49:e7:aa:cb:f2:ec:6f:25:d0:2e:96:92:af:3d:7b:ea:e1:56:
         dc:55:09:08:7e:18:ad:ed:f0:f9:71:79:81:52:ba:a5:5d:99:
         89:88:6e:14:f8:e4:0e:d3:49:d0:0c:df:8a:ce:9b:19:68:44:
         f5:d9:7c:6d:3e:7d:a2:9f:58:00:84:45:a6:17:43:9c:e0:53:
         fb:62:0c:e3:d1:76:eb:1a:94:0d:b4:11:a6:00:a5:24:bc:0e:
         33:49:a9:84:c7:6b:d0:db:7a:d8:02:41:1b:c6:37:28:90:c3:
         0e:4f:00:a7:f6:61:c4:64:58:bf:49:c0:5b:75:7e:99:89:9e:
         19:cf:7f:0c:f6:b3:be:e3:c0:c7:7b:2c:a9:27:a4:ed:92:31:
         06:69:6f:a7
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAYzFbqAZuGZ1lN/1h5TXuFVKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YmI2ZTI5MzhhMjI1MWRjNDM4NGRhZjY1ZWZhNTIwZGMx
YTU4ODIwHhcNMjQwMTAxMTQzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmMzZmI0YzE5YzJkYzM4YWFlOWNkYjc3MmRiYTdkMjg3ZGQxMDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgF0ymZuDHWim+faYttO/IusWI7e2
l1ZZb1NizeNwgkXLFgRSJ+iANcHl+/hab7S3t/JL6VINlL+Pg8mlVOs053oW5/YQ
8dqrAObZ9YhJG7oYz4qstVKwGOBtuDuxEGsxJrQZesiGCTP3LVGQj7O1sceZjumU
+iuitrs6j2hajPX57KQZ4VQTeEY4h+4jA5EgdKvUoxBlkSoamH6p4JRnQ25Txqqi
VMl34E7pXiZYf2U0CcPdfN96tXu1b36a60iw4Q1Gi961E2o2noDVGW/yHS4KCHiv
GwGlkAwaWCMdcdVHD7uG0NzhfHyko1qFW3CU18YsKJoX8v5GQ2+PvnXFawIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFNLD+0wZwtw4qunNt3Lbp9KH3RCNMB8GA1UdIwQY
MBaAFFi7bik4oiUdxDhNr2XvpSDcGliCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0x0dUtUaWlKUjNFT0UydlplLWxJTndhV0lJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS8yMGRkMDQtYWJlYy00NGMzLTk1ZWIt
NWUzN2Q1NTg3YmU1LzEvMHNQN1RCbkMzRGlxNmMyM2N0dW4wb2ZkRUkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS8yMGRkMDQtYWJlYy00NGMzLTk1ZWItNWUzN2Q1NTg3YmU1
LzEvV0x0dUtUaWlKUjNFT0UydlplLWxJTndhV0lJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCMGCCsGAQUFBwEHAQH/BBQwEjAQBAIAATAKAwMAgogDAwCJ
zDANBgkqhkiG9w0BAQsFAAOCAQEAg+eiFaJ8X+lpGFAeYQgLU7DUMIxuWRw4BBb+
xPcpgcmE9tG3EDNJFNMwxXVLEoJtPdEZAaRRWKxEdvS4fk/IMfreOoo0tWZtv4Lp
F/ayYJx+hotXSv1zc1knmadEGeDqNjx/0rvz/VuLik6QSeeqy/LsbyXQLpaSrz17
6uFW3FUJCH4Yre3w+XF5gVK6pV2ZiYhuFPjkDtNJ0Azfis6bGWhE9dl8bT59op9Y
AIRFphdDnOBT+2IM49F26xqUDbQRpgClJLwOM0mphMdr0Nt62AJBG8Y3KJDDDk8A
p/ZhxGRYv0nAW3V+mYmeGc9/DPazvuPAx3ssqSek7ZIxBmlvpw==
-----END CERTIFICATE-----