Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/2f9a33-cd8c-41e4-9c48-eb8612457715/1/0fPXJz4ZkFhSnDl_qC3Oqnd5MPk.roa
File:                     0fPXJz4ZkFhSnDl_qC3Oqnd5MPk.roa (raw, json)
Hash identifier:          9f23J/XrfHwop7pkXvCqZEzg16V5jFPr7gFFFr197JQ=
Subject key identifier:   D1:F3:D7:27:3E:19:90:58:52:9C:39:7F:A8:2D:CE:AA:77:79:30:F9
Certificate issuer:       /CN=58e0687a24d6a3e414d798d9b2fb6c52591cbb23
Certificate serial:       019424B285E82A27451750FFFC7BC59EA099
Authority key identifier: 58:E0:68:7A:24:D6:A3:E4:14:D7:98:D9:B2:FB:6C:52:59:1C:BB:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WOBoeiTWo-QU15jZsvtsUlkcuyM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/2f9a33-cd8c-41e4-9c48-eb8612457715/1/0fPXJz4ZkFhSnDl_qC3Oqnd5MPk.roa
Signing time:             Thu 02 Jan 2025 01:47:46 +0000
ROA not before:           Thu 02 Jan 2025 01:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208149
IP address blocks:        185.89.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/2f9a33-cd8c-41e4-9c48-eb8612457715/1/WOBoeiTWo-QU15jZsvtsUlkcuyM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/2f9a33-cd8c-41e4-9c48-eb8612457715/1/WOBoeiTWo-QU15jZsvtsUlkcuyM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WOBoeiTWo-QU15jZsvtsUlkcuyM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 13:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:85:e8:2a:27:45:17:50:ff:fc:7b:c5:9e:a0:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58e0687a24d6a3e414d798d9b2fb6c52591cbb23
        Validity
            Not Before: Jan  2 01:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d1f3d7273e199058529c397fa82dceaa777930f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:b3:4e:ac:65:47:80:df:af:ee:ef:1d:ed:87:
                    60:42:51:98:57:ce:47:bb:2a:7e:67:60:42:ff:c6:
                    cf:f0:95:2b:a1:cf:3d:c9:cd:96:94:24:0e:fa:60:
                    da:3a:85:90:c7:6c:d1:2a:74:21:c6:3b:72:37:22:
                    a5:ac:c4:1d:ad:85:a6:d6:ca:b0:85:89:12:fb:b0:
                    e4:54:19:0f:91:13:65:18:72:67:49:75:24:df:9d:
                    5b:43:5f:47:93:b2:fd:40:1b:81:57:2e:cc:e0:e7:
                    21:75:78:bd:de:45:09:eb:f5:d2:67:d9:c0:49:69:
                    26:8c:f0:61:ab:0a:32:8b:1b:82:29:41:bd:6f:a8:
                    f3:e8:83:1c:2f:af:1b:a9:bd:31:68:c5:69:a2:82:
                    3e:3a:28:69:38:bf:de:fb:62:60:10:6a:a0:1e:46:
                    c3:76:07:31:e3:56:42:66:a0:4f:6f:1e:1c:fb:b5:
                    ff:c0:90:e3:20:f0:8a:6e:1e:3d:e9:71:50:c9:67:
                    13:6b:f4:58:83:be:48:52:dc:93:33:99:1b:43:46:
                    2b:1c:32:e4:70:97:e1:d1:56:35:d7:af:ce:49:9f:
                    4f:e1:14:79:ad:d1:f2:8a:93:d8:7a:69:42:4e:af:
                    e4:4e:23:7c:98:09:33:29:1e:e7:37:cb:10:19:e5:
                    95:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:F3:D7:27:3E:19:90:58:52:9C:39:7F:A8:2D:CE:AA:77:79:30:F9
            X509v3 Authority Key Identifier:
                keyid:58:E0:68:7A:24:D6:A3:E4:14:D7:98:D9:B2:FB:6C:52:59:1C:BB:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WOBoeiTWo-QU15jZsvtsUlkcuyM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/2f9a33-cd8c-41e4-9c48-eb8612457715/1/0fPXJz4ZkFhSnDl_qC3Oqnd5MPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/2f9a33-cd8c-41e4-9c48-eb8612457715/1/WOBoeiTWo-QU15jZsvtsUlkcuyM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.89.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:a5:80:0d:cf:81:12:c7:af:f5:ca:99:ac:94:d5:b1:de:48:
         42:19:83:1e:db:23:41:2c:89:20:be:d6:bd:22:04:41:3b:d7:
         10:99:08:a1:cc:ba:98:e5:ae:45:ba:2b:fc:1b:0e:db:42:24:
         51:08:89:bc:d7:46:ba:31:eb:b8:7e:e7:02:40:5a:34:3d:cd:
         0d:40:49:88:c2:af:fe:c1:1e:9e:60:59:49:38:f3:aa:2c:54:
         3e:93:11:3b:2b:52:ee:9b:45:96:83:ae:07:c2:6d:88:a2:35:
         36:54:cb:ef:85:8c:2c:06:a4:96:c3:77:d3:49:78:af:7b:10:
         32:25:08:be:9d:34:e9:08:dc:45:c1:30:13:14:a2:be:e5:c7:
         c1:0c:de:a0:5d:db:5d:41:0e:be:80:52:bf:8a:de:68:42:22:
         b9:47:5b:6c:96:12:74:3d:7e:db:39:e5:b3:a8:87:06:63:31:
         16:33:7c:c2:3d:63:5b:01:21:9e:ff:4f:d2:d5:82:a6:c9:e5:
         11:b9:4f:42:fc:7e:39:61:d8:6a:84:b1:57:6f:4e:66:da:27:
         1a:95:e3:2f:3f:33:a1:9e:ce:a0:c9:dd:4e:b8:59:b8:f9:23:
         55:3c:77:21:e0:57:42:5f:c4:ee:c2:ac:82:3f:be:aa:8f:29:
         6b:80:e2:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQksoXoKidFF1D//HvFnqCZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ZTA2ODdhMjRkNmEzZTQxNGQ3OThkOWIyZmI2YzUyNTkx
Y2JiMjMwHhcNMjUwMTAyMDE0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWYzZDcyNzNlMTk5MDU4NTI5YzM5N2ZhODJkY2VhYTc3NzkzMGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA47NOrGVHgN+v7u8d7YdgQlGYV85H
uyp+Z2BC/8bP8JUroc89yc2WlCQO+mDaOoWQx2zRKnQhxjtyNyKlrMQdrYWm1sqw
hYkS+7DkVBkPkRNlGHJnSXUk351bQ19Hk7L9QBuBVy7M4OchdXi93kUJ6/XSZ9nA
SWkmjPBhqwoyixuCKUG9b6jz6IMcL68bqb0xaMVpooI+OihpOL/e+2JgEGqgHkbD
dgcx41ZCZqBPbx4c+7X/wJDjIPCKbh496XFQyWcTa/RYg75IUtyTM5kbQ0YrHDLk
cJfh0VY116/OSZ9P4RR5rdHyipPYemlCTq/kTiN8mAkzKR7nN8sQGeWV0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNHz1yc+GZBYUpw5f6gtzqp3eTD5MB8GA1UdIwQY
MBaAFFjgaHok1qPkFNeY2bL7bFJZHLsjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV09Cb2VpVFdvLVFVMTVqWnN2dHNVbGtjdXlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8yZjlhMzMtY2Q4Yy00MWU0LTljNDgt
ZWI4NjEyNDU3NzE1LzEvMGZQWEp6NFprRmhTbkRsX3FDM09xbmQ1TVBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8yZjlhMzMtY2Q4Yy00MWU0LTljNDgtZWI4NjEyNDU3NzE1
LzEvV09Cb2VpVFdvLVFVMTVqWnN2dHNVbGtjdXlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVlgMA0G
CSqGSIb3DQEBCwUAA4IBAQBApYANz4ESx6/1ypmslNWx3khCGYMe2yNBLIkgvta9
IgRBO9cQmQihzLqY5a5Fuiv8Gw7bQiRRCIm810a6Meu4fucCQFo0Pc0NQEmIwq/+
wR6eYFlJOPOqLFQ+kxE7K1Lum0WWg64Hwm2IojU2VMvvhYwsBqSWw3fTSXivexAy
JQi+nTTpCNxFwTATFKK+5cfBDN6gXdtdQQ6+gFK/it5oQiK5R1tslhJ0PX7bOeWz
qIcGYzEWM3zCPWNbASGe/0/S1YKmyeURuU9C/H45YdhqhLFXb05m2icaleMvPzOh
ns6gyd1OuFm4+SNVPHch4FdCX8TuwqyCP76qjylrgOI6
-----END CERTIFICATE-----