Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/9b4530-76e4-4401-a87b-29f78c27989f/1/v5B6XJkuiUlxr77y-BFXalUmc7I.roa
File:                     v5B6XJkuiUlxr77y-BFXalUmc7I.roa (raw, json)
Hash identifier:          /t0ISmqyWZkTNYepoE3TrSigo0dNPkY5O1NlIYNgxZ4=
Subject key identifier:   BF:90:7A:5C:99:2E:89:49:71:AF:BE:F2:F8:11:57:6A:55:26:73:B2
Certificate issuer:       /CN=bdab6cb2e807aecebd7e03a80808fab23d9c4716
Certificate serial:       018CC26D83FAA907FEAEC2D541575FB98BFA
Authority key identifier: BD:AB:6C:B2:E8:07:AE:CE:BD:7E:03:A8:08:08:FA:B2:3D:9C:47:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vatssugHrs69fgOoCAj6sj2cRxY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/9b4530-76e4-4401-a87b-29f78c27989f/1/v5B6XJkuiUlxr77y-BFXalUmc7I.roa
Signing time:             Mon 01 Jan 2024 00:30:06 +0000
ROA not before:           Mon 01 Jan 2024 00:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199556
IP address blocks:        2.58.164.0/24 maxlen: 24
                          2.58.164.0/22 maxlen: 24
                          2.58.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/9b4530-76e4-4401-a87b-29f78c27989f/1/vatssugHrs69fgOoCAj6sj2cRxY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/9b4530-76e4-4401-a87b-29f78c27989f/1/vatssugHrs69fgOoCAj6sj2cRxY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vatssugHrs69fgOoCAj6sj2cRxY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:83:fa:a9:07:fe:ae:c2:d5:41:57:5f:b9:8b:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdab6cb2e807aecebd7e03a80808fab23d9c4716
        Validity
            Not Before: Jan  1 00:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf907a5c992e894971afbef2f811576a552673b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:dc:1c:8a:af:97:fe:5d:74:92:9e:85:8c:cc:
                    5d:fc:69:ad:7e:2a:4b:35:eb:5d:33:b3:7b:5a:26:
                    b9:86:d4:32:c0:0e:8e:7d:4f:e5:0a:3c:db:33:5c:
                    48:64:32:58:01:96:23:ea:33:8f:b3:ec:96:54:84:
                    aa:0b:97:b8:43:bf:e4:9a:c8:d9:ad:e5:b2:15:4e:
                    95:98:85:2e:09:1c:9a:64:9a:70:f9:f2:72:c8:a4:
                    f5:6c:d7:da:da:49:b3:c5:ec:42:4f:d1:5c:c3:f8:
                    f7:a0:52:1f:ed:b3:62:51:ff:d2:3c:ee:d5:6e:e5:
                    d5:d9:a7:cc:ed:fd:69:8d:e3:9a:03:7a:35:98:d6:
                    7f:a0:28:08:62:dc:fe:f6:07:5d:4d:5a:fd:3e:65:
                    51:52:0e:e2:e0:e5:09:f7:1b:df:10:26:00:c7:20:
                    8b:5a:45:55:b0:85:61:00:b6:1d:d5:c2:82:56:dd:
                    74:bc:57:18:f4:1d:73:c8:f4:88:fc:a4:7a:a1:37:
                    71:d6:6a:a8:7e:88:80:0d:d6:81:c9:23:eb:03:f9:
                    eb:ee:5e:a9:d7:a0:42:a4:76:c6:1c:c2:60:52:c8:
                    9b:29:98:29:d7:69:18:71:26:86:41:09:d1:d6:dd:
                    b0:d9:09:c7:2a:b3:40:7c:59:d8:d4:f3:2b:13:b1:
                    f0:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:90:7A:5C:99:2E:89:49:71:AF:BE:F2:F8:11:57:6A:55:26:73:B2
            X509v3 Authority Key Identifier:
                keyid:BD:AB:6C:B2:E8:07:AE:CE:BD:7E:03:A8:08:08:FA:B2:3D:9C:47:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vatssugHrs69fgOoCAj6sj2cRxY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/9b4530-76e4-4401-a87b-29f78c27989f/1/v5B6XJkuiUlxr77y-BFXalUmc7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/9b4530-76e4-4401-a87b-29f78c27989f/1/vatssugHrs69fgOoCAj6sj2cRxY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8b:b4:e6:d1:e2:5c:a6:8c:73:c0:9b:f0:81:af:3f:e6:af:e7:
         40:4f:9f:7e:7c:7d:69:7b:89:c5:15:67:d8:b4:43:a0:2d:58:
         e4:14:bd:d1:35:2e:c4:56:52:ce:cf:cb:b6:4c:eb:0d:c0:b1:
         71:42:53:34:0a:3d:7e:f8:35:96:87:1f:6e:c4:3d:ad:cc:7d:
         5f:5b:5b:77:95:b9:dd:df:d8:f4:88:1b:87:c2:de:9f:73:3b:
         33:45:b5:66:db:bb:ef:b0:25:3e:27:f8:46:f3:dc:de:69:74:
         7a:ef:c6:c0:b4:16:9d:ff:bb:fe:40:d3:8c:b9:c1:95:7b:13:
         d4:76:a6:a5:f5:e4:76:07:d6:85:ea:b4:d5:53:23:85:6e:5e:
         d1:61:50:97:8b:c9:a5:01:d5:b8:56:ca:55:46:0e:50:a4:4b:
         0c:e4:31:c6:2c:6e:9a:4f:78:fb:10:9c:2d:eb:fa:57:1e:8a:
         34:4d:87:b3:68:4f:81:e0:cb:2e:42:97:d0:51:c8:4e:3f:8c:
         14:c1:71:ba:40:96:ff:cf:3e:74:e8:12:7c:d1:ec:ac:a7:6d:
         20:5b:38:89:3d:09:fc:e8:fc:f1:8f:83:3e:94:cb:a5:b3:87:
         bc:e0:76:28:c6:32:3f:10:8f:73:a0:2c:e4:0b:05:61:89:d8:
         77:1d:4b:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbYP6qQf+rsLVQVdfuYv6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkYWI2Y2IyZTgwN2FlY2ViZDdlMDNhODA4MDhmYWIyM2Q5
YzQ3MTYwHhcNMjQwMTAxMDAzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjkwN2E1Yzk5MmU4OTQ5NzFhZmJlZjJmODExNTc2YTU1MjY3M2IyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNwciq+X/l10kp6FjMxd/GmtfipL
NetdM7N7Wia5htQywA6OfU/lCjzbM1xIZDJYAZYj6jOPs+yWVISqC5e4Q7/kmsjZ
reWyFU6VmIUuCRyaZJpw+fJyyKT1bNfa2kmzxexCT9Fcw/j3oFIf7bNiUf/SPO7V
buXV2afM7f1pjeOaA3o1mNZ/oCgIYtz+9gddTVr9PmVRUg7i4OUJ9xvfECYAxyCL
WkVVsIVhALYd1cKCVt10vFcY9B1zyPSI/KR6oTdx1mqofoiADdaBySPrA/nr7l6p
16BCpHbGHMJgUsibKZgp12kYcSaGQQnR1t2w2QnHKrNAfFnY1PMrE7HwcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL+QelyZLolJca++8vgRV2pVJnOyMB8GA1UdIwQY
MBaAFL2rbLLoB67OvX4DqAgI+rI9nEcWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmF0c3N1Z0hyczY5ZmdPb0NBajZzajJjUnhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS85YjQ1MzAtNzZlNC00NDAxLWE4N2It
MjlmNzhjMjc5ODlmLzEvdjVCNlhKa3VpVWx4cjc3eS1CRlhhbFVtYzdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS85YjQ1MzAtNzZlNC00NDAxLWE4N2ItMjlmNzhjMjc5ODlm
LzEvdmF0c3N1Z0hyczY5ZmdPb0NBajZzajJjUnhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCAjqkMA0G
CSqGSIb3DQEBCwUAA4IBAQCLtObR4lymjHPAm/CBrz/mr+dAT59+fH1pe4nFFWfY
tEOgLVjkFL3RNS7EVlLOz8u2TOsNwLFxQlM0Cj1++DWWhx9uxD2tzH1fW1t3lbnd
39j0iBuHwt6fczszRbVm27vvsCU+J/hG89zeaXR678bAtBad/7v+QNOMucGVexPU
dqal9eR2B9aF6rTVUyOFbl7RYVCXi8mlAdW4VspVRg5QpEsM5DHGLG6aT3j7EJwt
6/pXHoo0TYezaE+B4MsuQpfQUchOP4wUwXG6QJb/zz506BJ80eysp20gWziJPQn8
6Pzxj4M+lMuls4e84HYoxjI/EI9zoCzkCwVhidh3HUtS
-----END CERTIFICATE-----