Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/9b4530-76e4-4401-a87b-29f78c27989f/1/P26iBMzDxpvH-LQZESUQTHncYxo.roa
File:                     P26iBMzDxpvH-LQZESUQTHncYxo.roa (raw, json)
Hash identifier:          3+DbSLlopFDVY7Piu2/Wt1KhQBxlA0+iBBO7seLQMiE=
Subject key identifier:   3F:6E:A2:04:CC:C3:C6:9B:C7:F8:B4:19:11:25:10:4C:79:DC:63:1A
Certificate issuer:       /CN=bdab6cb2e807aecebd7e03a80808fab23d9c4716
Certificate serial:       0194258F7AC632F703E77A976811834D0B23
Authority key identifier: BD:AB:6C:B2:E8:07:AE:CE:BD:7E:03:A8:08:08:FA:B2:3D:9C:47:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vatssugHrs69fgOoCAj6sj2cRxY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/9b4530-76e4-4401-a87b-29f78c27989f/1/P26iBMzDxpvH-LQZESUQTHncYxo.roa
Signing time:             Thu 02 Jan 2025 05:49:07 +0000
ROA not before:           Thu 02 Jan 2025 05:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199556
IP address blocks:        2.58.164.0/22 maxlen: 24
                          2.58.164.0/24 maxlen: 24
                          2.58.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/9b4530-76e4-4401-a87b-29f78c27989f/1/vatssugHrs69fgOoCAj6sj2cRxY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/9b4530-76e4-4401-a87b-29f78c27989f/1/vatssugHrs69fgOoCAj6sj2cRxY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vatssugHrs69fgOoCAj6sj2cRxY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:7a:c6:32:f7:03:e7:7a:97:68:11:83:4d:0b:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdab6cb2e807aecebd7e03a80808fab23d9c4716
        Validity
            Not Before: Jan  2 05:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f6ea204ccc3c69bc7f8b4191125104c79dc631a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:a9:2e:b4:e6:bc:8c:3a:00:fb:da:70:c4:40:
                    94:2d:68:70:7e:db:22:89:55:ae:93:17:42:7f:7c:
                    99:24:70:4f:a4:87:de:5e:de:e5:63:74:d1:90:22:
                    ad:aa:7c:a3:07:ab:7e:c0:63:2e:90:fa:5f:3d:0f:
                    b1:23:86:82:88:7c:67:54:fe:f6:c5:f4:9b:6f:c1:
                    1b:64:a6:36:59:7e:44:3b:6b:f8:bb:59:e6:0f:09:
                    b0:0f:da:4f:09:aa:2d:91:34:27:92:e6:b0:d3:29:
                    d1:05:20:21:12:31:2c:70:9d:67:53:c4:52:6d:fe:
                    36:09:8a:08:8e:8b:44:06:55:63:0d:98:78:eb:95:
                    6c:d9:fd:3d:0b:ce:f2:a9:20:a2:b7:22:f1:54:8c:
                    c5:67:99:cc:32:24:4d:9d:7a:fa:e7:d3:f7:79:a9:
                    31:d7:eb:85:1e:4e:23:40:67:0f:2a:d2:30:ee:9d:
                    e9:2b:fe:04:f0:cb:65:02:9d:f3:36:bc:23:e2:fa:
                    08:d8:16:a0:68:3c:c7:48:96:c3:dd:32:59:ff:24:
                    e0:6b:24:35:97:5c:f6:ff:9f:df:62:3c:8e:39:62:
                    e0:e7:ef:09:a8:6b:cc:0a:c1:de:1d:ef:c8:bf:28:
                    d5:f5:b4:49:0e:f0:9a:02:f7:ab:73:b4:94:aa:7d:
                    ee:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:6E:A2:04:CC:C3:C6:9B:C7:F8:B4:19:11:25:10:4C:79:DC:63:1A
            X509v3 Authority Key Identifier:
                keyid:BD:AB:6C:B2:E8:07:AE:CE:BD:7E:03:A8:08:08:FA:B2:3D:9C:47:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vatssugHrs69fgOoCAj6sj2cRxY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/9b4530-76e4-4401-a87b-29f78c27989f/1/P26iBMzDxpvH-LQZESUQTHncYxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/9b4530-76e4-4401-a87b-29f78c27989f/1/vatssugHrs69fgOoCAj6sj2cRxY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4a:c1:fd:b0:13:78:81:77:5b:1b:4b:6f:32:6e:fe:ca:a2:3d:
         91:5c:ef:95:57:37:34:e2:0a:28:73:d4:a2:db:f8:52:e4:6f:
         32:03:3b:ca:c2:53:73:e0:d5:f9:a3:71:ac:9d:a2:24:be:9f:
         65:a0:03:24:b2:f2:57:a6:6c:d1:0a:18:8c:65:4a:14:d7:de:
         19:07:f7:d7:57:85:05:4d:ab:73:75:30:64:e6:45:fc:0f:89:
         0f:91:d5:b3:25:48:c9:02:f4:9c:91:a1:c7:ff:e4:69:5d:d1:
         26:c1:7f:a4:84:3a:dc:86:3d:43:ca:ea:f8:c8:b6:9e:ab:93:
         92:36:02:01:b7:9b:c1:13:65:bf:10:2b:35:5a:c5:b7:7f:84:
         14:7a:e3:a4:e6:bb:e9:16:e4:df:7f:12:28:18:1d:d9:57:c1:
         89:df:5e:b3:8f:74:a4:1c:e6:84:3b:62:f2:66:23:dd:28:c4:
         6f:34:76:80:1a:62:a5:15:65:4a:1b:8c:12:b3:68:c3:f4:cf:
         84:11:1e:49:09:48:f1:df:94:43:0b:fb:21:a6:35:70:d9:8d:
         ec:4e:3f:3b:d9:cd:31:72:7c:af:ad:c2:86:77:81:83:95:b3:
         f6:3c:79:41:b5:6a:6a:6a:cf:e8:a6:78:26:65:c8:c8:4d:8e:
         3b:fe:f8:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj3rGMvcD53qXaBGDTQsjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkYWI2Y2IyZTgwN2FlY2ViZDdlMDNhODA4MDhmYWIyM2Q5
YzQ3MTYwHhcNMjUwMTAyMDU0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjZlYTIwNGNjYzNjNjliYzdmOGI0MTkxMTI1MTA0Yzc5ZGM2MzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqkutOa8jDoA+9pwxECULWhwftsi
iVWukxdCf3yZJHBPpIfeXt7lY3TRkCKtqnyjB6t+wGMukPpfPQ+xI4aCiHxnVP72
xfSbb8EbZKY2WX5EO2v4u1nmDwmwD9pPCaotkTQnkuaw0ynRBSAhEjEscJ1nU8RS
bf42CYoIjotEBlVjDZh465Vs2f09C87yqSCityLxVIzFZ5nMMiRNnXr659P3eakx
1+uFHk4jQGcPKtIw7p3pK/4E8MtlAp3zNrwj4voI2BagaDzHSJbD3TJZ/yTgayQ1
l1z2/5/fYjyOOWLg5+8JqGvMCsHeHe/IvyjV9bRJDvCaAverc7SUqn3ujQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD9uogTMw8abx/i0GRElEEx53GMaMB8GA1UdIwQY
MBaAFL2rbLLoB67OvX4DqAgI+rI9nEcWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmF0c3N1Z0hyczY5ZmdPb0NBajZzajJjUnhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS85YjQ1MzAtNzZlNC00NDAxLWE4N2It
MjlmNzhjMjc5ODlmLzEvUDI2aUJNekR4cHZILUxRWkVTVVFUSG5jWXhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS85YjQ1MzAtNzZlNC00NDAxLWE4N2ItMjlmNzhjMjc5ODlm
LzEvdmF0c3N1Z0hyczY5ZmdPb0NBajZzajJjUnhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCAjqkMA0G
CSqGSIb3DQEBCwUAA4IBAQBKwf2wE3iBd1sbS28ybv7Koj2RXO+VVzc04gooc9Si
2/hS5G8yAzvKwlNz4NX5o3GsnaIkvp9loAMksvJXpmzRChiMZUoU194ZB/fXV4UF
TatzdTBk5kX8D4kPkdWzJUjJAvSckaHH/+RpXdEmwX+khDrchj1Dyur4yLaeq5OS
NgIBt5vBE2W/ECs1WsW3f4QUeuOk5rvpFuTffxIoGB3ZV8GJ316zj3SkHOaEO2Ly
ZiPdKMRvNHaAGmKlFWVKG4wSs2jD9M+EER5JCUjx35RDC/shpjVw2Y3sTj872c0x
cnyvrcKGd4GDlbP2PHlBtWpqas/opngmZcjITY47/vgm
-----END CERTIFICATE-----