Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/9b4530-76e4-4401-a87b-29f78c27989f/1/XyeCzG_wBf12nrFjyUT3zOVrgF4.roa
File:                     XyeCzG_wBf12nrFjyUT3zOVrgF4.roa (raw, json)
Hash identifier:          B6WE3T2VnI0Q/ZB8p5ymbmWBBlTF/QgWmv6nMptwgFw=
Subject key identifier:   5F:27:82:CC:6F:F0:05:FD:76:9E:B1:63:C9:44:F7:CC:E5:6B:80:5E
Certificate issuer:       /CN=bdab6cb2e807aecebd7e03a80808fab23d9c4716
Certificate serial:       018CC26D843A209102558C0368020A58EB89
Authority key identifier: BD:AB:6C:B2:E8:07:AE:CE:BD:7E:03:A8:08:08:FA:B2:3D:9C:47:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vatssugHrs69fgOoCAj6sj2cRxY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/9b4530-76e4-4401-a87b-29f78c27989f/1/XyeCzG_wBf12nrFjyUT3zOVrgF4.roa
Signing time:             Mon 01 Jan 2024 00:30:06 +0000
ROA not before:           Mon 01 Jan 2024 00:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207843
IP address blocks:        2.58.164.0/24 maxlen: 24
                          2.58.165.0/24 maxlen: 24
                          2a0f:91c0::/48 maxlen: 48
                          2a0f:91c0:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/9b4530-76e4-4401-a87b-29f78c27989f/1/vatssugHrs69fgOoCAj6sj2cRxY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/9b4530-76e4-4401-a87b-29f78c27989f/1/vatssugHrs69fgOoCAj6sj2cRxY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vatssugHrs69fgOoCAj6sj2cRxY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:84:3a:20:91:02:55:8c:03:68:02:0a:58:eb:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdab6cb2e807aecebd7e03a80808fab23d9c4716
        Validity
            Not Before: Jan  1 00:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f2782cc6ff005fd769eb163c944f7cce56b805e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:54:33:35:37:ac:29:02:ab:39:5c:03:f6:1b:
                    aa:58:d0:32:47:be:6d:b9:60:8d:01:3f:c0:5c:ee:
                    63:fb:2d:a6:85:e4:7e:f9:3c:29:80:ce:4a:b2:5b:
                    3d:78:f1:65:15:bd:c2:c1:eb:b0:09:e8:d4:5e:9f:
                    13:3f:e6:07:bb:44:02:8b:15:a2:78:dc:a5:f3:1b:
                    be:a9:d1:88:fc:c3:15:d0:32:a5:b1:04:84:5d:04:
                    29:24:c8:03:ae:02:12:bc:9a:e8:6b:db:42:d2:fb:
                    5b:76:4a:fa:ff:f8:f2:b5:40:8d:83:cf:8b:1f:1c:
                    fe:cf:31:89:23:1e:87:21:7d:23:98:72:ad:ee:07:
                    20:e4:35:db:4f:a7:df:71:b0:27:2a:4f:3e:d9:4e:
                    09:ba:6f:34:81:4f:2b:f4:85:04:2d:f6:ad:ed:ae:
                    11:83:9f:6c:cb:23:91:d9:55:8e:a5:3d:ad:e5:67:
                    31:ca:76:c2:c6:21:a4:93:df:06:61:e3:90:64:22:
                    25:23:21:9d:9c:2a:a6:74:ba:3e:c2:46:c4:22:52:
                    69:b7:5d:f8:03:19:27:28:a7:52:03:ef:52:f2:cf:
                    a3:66:26:db:40:52:11:b4:4d:72:14:ed:23:66:73:
                    f4:db:74:67:7b:39:2d:23:c1:b1:23:a0:00:e5:66:
                    31:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:27:82:CC:6F:F0:05:FD:76:9E:B1:63:C9:44:F7:CC:E5:6B:80:5E
            X509v3 Authority Key Identifier:
                keyid:BD:AB:6C:B2:E8:07:AE:CE:BD:7E:03:A8:08:08:FA:B2:3D:9C:47:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vatssugHrs69fgOoCAj6sj2cRxY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/9b4530-76e4-4401-a87b-29f78c27989f/1/XyeCzG_wBf12nrFjyUT3zOVrgF4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/9b4530-76e4-4401-a87b-29f78c27989f/1/vatssugHrs69fgOoCAj6sj2cRxY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.164.0/23
                IPv6:
                  2a0f:91c0::/47

    Signature Algorithm: sha256WithRSAEncryption
         89:a9:17:1f:6e:10:4b:c4:de:d0:c7:42:da:40:79:17:63:77:
         13:5b:1e:a5:5a:c8:a0:1b:26:02:1c:5c:1a:c9:db:3a:f6:17:
         6b:a4:06:69:75:98:94:b3:d4:18:b2:fa:2e:0a:e6:5d:ab:36:
         5a:5b:33:a1:be:7f:3c:43:c1:54:9c:c5:3c:b0:3b:78:ed:b3:
         ad:56:59:aa:2a:88:9e:07:47:79:28:09:98:6b:3e:ac:e0:31:
         77:2e:f6:3c:45:2a:f2:e9:ed:65:af:98:19:14:fe:fd:53:bf:
         df:14:ee:56:c9:b6:44:f7:69:d4:6f:d2:6c:7c:10:fa:7b:a0:
         a1:61:61:7d:88:d8:09:a1:49:f1:c7:62:d1:a5:b7:cd:99:aa:
         38:3f:a8:1a:39:cb:2f:31:01:2d:44:7f:ff:c9:fa:a7:91:4e:
         9e:e1:8c:5d:a2:ae:e4:32:e5:67:90:6f:2f:66:8d:a4:3f:8e:
         a3:f8:79:51:4f:37:c3:02:f0:05:9e:5a:a6:0e:1b:c3:6c:19:
         cd:ca:12:62:bc:ee:8f:98:35:0e:0b:e7:44:ff:29:5d:7f:2b:
         8e:02:a8:89:61:21:7b:24:e1:cb:15:1b:cc:4d:c9:55:09:bc:
         1c:55:bc:c3:3f:e8:50:70:e5:4f:cd:1b:2b:9a:29:a0:3a:07:
         54:d4:9b:18
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzCbYQ6IJECVYwDaAIKWOuJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkYWI2Y2IyZTgwN2FlY2ViZDdlMDNhODA4MDhmYWIyM2Q5
YzQ3MTYwHhcNMjQwMTAxMDAzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjI3ODJjYzZmZjAwNWZkNzY5ZWIxNjNjOTQ0ZjdjY2U1NmI4MDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhlQzNTesKQKrOVwD9huqWNAyR75t
uWCNAT/AXO5j+y2mheR++TwpgM5Ksls9ePFlFb3CweuwCejUXp8TP+YHu0QCixWi
eNyl8xu+qdGI/MMV0DKlsQSEXQQpJMgDrgISvJroa9tC0vtbdkr6//jytUCNg8+L
Hxz+zzGJIx6HIX0jmHKt7gcg5DXbT6ffcbAnKk8+2U4Jum80gU8r9IUELfat7a4R
g59syyOR2VWOpT2t5WcxynbCxiGkk98GYeOQZCIlIyGdnCqmdLo+wkbEIlJpt134
AxknKKdSA+9S8s+jZibbQFIRtE1yFO0jZnP023RnezktI8GxI6AA5WYxXwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFF8ngsxv8AX9dp6xY8lE98zla4BeMB8GA1UdIwQY
MBaAFL2rbLLoB67OvX4DqAgI+rI9nEcWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmF0c3N1Z0hyczY5ZmdPb0NBajZzajJjUnhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS85YjQ1MzAtNzZlNC00NDAxLWE4N2It
MjlmNzhjMjc5ODlmLzEvWHllQ3pHX3dCZjEybnJGanlVVDN6T1ZyZ0Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS85YjQ1MzAtNzZlNC00NDAxLWE4N2ItMjlmNzhjMjc5ODlm
LzEvdmF0c3N1Z0hyczY5ZmdPb0NBajZzajJjUnhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBAjqkMA8E
AgACMAkDBwEqD5HAAAAwDQYJKoZIhvcNAQELBQADggEBAImpFx9uEEvE3tDHQtpA
eRdjdxNbHqVayKAbJgIcXBrJ2zr2F2ukBml1mJSz1Biy+i4K5l2rNlpbM6G+fzxD
wVScxTywO3jts61WWaoqiJ4HR3koCZhrPqzgMXcu9jxFKvLp7WWvmBkU/v1Tv98U
7lbJtkT3adRv0mx8EPp7oKFhYX2I2AmhSfHHYtGlt82Zqjg/qBo5yy8xAS1Ef//J
+qeRTp7hjF2iruQy5WeQby9mjaQ/jqP4eVFPN8MC8AWeWqYOG8NsGc3KEmK87o+Y
NQ4L50T/KV1/K44CqIlhIXsk4csVG8xNyVUJvBxVvMM/6FBw5U/NGyuaKaA6B1TU
mxg=
-----END CERTIFICATE-----