Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/17836a-d678-41ca-8fb2-5eb7bef9a7a8/1/aawodUMaz1sarMmhPxEtl3_VHI8.roa
File:                     aawodUMaz1sarMmhPxEtl3_VHI8.roa (raw, json)
Hash identifier:          PvCoehhRC8ZaTGeMyYaNuEr08RIx7R/qtgOFrXKvTuo=
Subject key identifier:   69:AC:28:75:43:1A:CF:5B:1A:AC:C9:A1:3F:11:2D:97:7F:D5:1C:8F
Certificate issuer:       /CN=fb744006eac3084bf88f128349b0e733bb3d79e3
Certificate serial:       018CC4933D2C75E35426413437D8435010AA
Authority key identifier: FB:74:40:06:EA:C3:08:4B:F8:8F:12:83:49:B0:E7:33:BB:3D:79:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-3RABurDCEv4jxKDSbDnM7s9eeM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/17836a-d678-41ca-8fb2-5eb7bef9a7a8/1/aawodUMaz1sarMmhPxEtl3_VHI8.roa
Signing time:             Mon 01 Jan 2024 10:30:32 +0000
ROA not before:           Mon 01 Jan 2024 10:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57706
IP address blocks:        2.58.58.0/24 maxlen: 24
                          2a09:e240::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/17836a-d678-41ca-8fb2-5eb7bef9a7a8/1/1-3RABurDCEv4jxKDSbDnM7s9eeM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/17836a-d678-41ca-8fb2-5eb7bef9a7a8/1/1-3RABurDCEv4jxKDSbDnM7s9eeM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-3RABurDCEv4jxKDSbDnM7s9eeM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:3d:2c:75:e3:54:26:41:34:37:d8:43:50:10:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb744006eac3084bf88f128349b0e733bb3d79e3
        Validity
            Not Before: Jan  1 10:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69ac2875431acf5b1aacc9a13f112d977fd51c8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:be:6c:7d:dc:12:b2:29:13:6d:26:aa:83:c8:
                    18:e6:7a:1d:0f:95:2a:9f:64:c0:c9:5e:db:cf:07:
                    3c:ce:4e:47:b2:1a:09:30:ee:62:9c:6c:94:5b:3c:
                    f0:97:58:24:36:61:5e:4c:8f:3c:5a:be:03:00:22:
                    8f:e5:62:16:26:bd:2f:e8:41:d0:5e:46:d3:78:fc:
                    40:f6:0c:56:b8:00:fc:ff:6a:2b:58:62:b7:1a:fd:
                    bf:04:66:15:98:13:4b:b5:9b:99:39:56:99:dc:89:
                    28:2f:86:aa:25:bb:08:f0:f2:2e:d2:4d:0a:e0:3b:
                    fd:e0:66:37:d1:4b:ce:86:28:3b:01:68:96:50:50:
                    53:29:d5:8d:a8:d4:60:d8:d8:3a:5f:a2:1c:00:f7:
                    9a:c8:2b:12:59:a3:0c:98:b3:df:fe:2c:eb:71:eb:
                    5c:05:5f:fd:be:c8:5d:c5:a3:31:62:65:f4:eb:51:
                    97:65:b5:96:04:5a:f2:32:e6:ef:2c:15:81:b9:29:
                    e1:b5:19:62:03:5d:79:cb:a3:c9:3b:2a:53:90:3a:
                    f0:56:3a:c3:f0:73:03:09:83:b0:e6:2a:dd:0f:10:
                    48:f3:d0:91:bc:3c:88:4b:b3:e7:09:25:46:32:3b:
                    55:2e:9f:53:0b:2d:ad:36:61:64:4c:0b:d2:a5:cf:
                    b2:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:AC:28:75:43:1A:CF:5B:1A:AC:C9:A1:3F:11:2D:97:7F:D5:1C:8F
            X509v3 Authority Key Identifier:
                keyid:FB:74:40:06:EA:C3:08:4B:F8:8F:12:83:49:B0:E7:33:BB:3D:79:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-3RABurDCEv4jxKDSbDnM7s9eeM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/17836a-d678-41ca-8fb2-5eb7bef9a7a8/1/aawodUMaz1sarMmhPxEtl3_VHI8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/17836a-d678-41ca-8fb2-5eb7bef9a7a8/1/1-3RABurDCEv4jxKDSbDnM7s9eeM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.58.0/24
                IPv6:
                  2a09:e240::/48

    Signature Algorithm: sha256WithRSAEncryption
         c5:23:55:88:78:0c:98:eb:03:8d:d7:ca:a7:4c:1e:b1:b2:a1:
         23:0b:31:94:e2:84:fb:29:3f:83:da:c3:e3:cb:58:57:2a:9d:
         40:2b:98:64:a7:71:09:b6:22:58:a1:74:30:07:fe:5a:6d:68:
         9b:49:ec:16:fb:b8:6c:1a:02:65:65:22:d9:ca:aa:42:ac:19:
         3d:dd:7c:c4:88:95:7d:cf:04:f2:75:68:23:6d:39:43:d5:aa:
         17:48:d5:27:69:8c:70:61:17:72:c3:4b:4b:98:47:df:a2:6f:
         80:4c:b2:c9:b4:e1:65:fd:57:76:eb:25:aa:f9:c9:dc:d9:cb:
         70:e7:7a:90:14:d4:cd:ba:cd:ea:78:54:df:5f:a6:74:4f:d0:
         74:01:64:2e:09:0e:66:d6:94:60:9a:4a:dc:9a:d0:22:ac:f4:
         d8:b8:2f:c2:e8:79:3a:54:e4:57:54:7d:09:01:e4:c2:b3:14:
         66:db:47:67:a8:c5:36:b5:6a:9f:5a:3c:41:8b:06:b2:83:84:
         6c:a9:72:8e:07:44:3b:04:f6:e7:b0:4a:14:11:f1:36:b4:e1:
         d8:8a:79:6d:77:b4:14:f0:d2:d6:ff:7b:67:b0:99:4f:33:0b:
         fe:99:8c:e3:e7:09:71:5b:5a:93:59:1c:a6:b5:83:ba:d9:e5:
         b8:ae:40:75
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAYzEkz0sdeNUJkE0N9hDUBCqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiNzQ0MDA2ZWFjMzA4NGJmODhmMTI4MzQ5YjBlNzMzYmIz
ZDc5ZTMwHhcNMjQwMTAxMTAzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWFjMjg3NTQzMWFjZjViMWFhY2M5YTEzZjExMmQ5NzdmZDUxYzhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnb5sfdwSsikTbSaqg8gY5nodD5Uq
n2TAyV7bzwc8zk5HshoJMO5inGyUWzzwl1gkNmFeTI88Wr4DACKP5WIWJr0v6EHQ
XkbTePxA9gxWuAD8/2orWGK3Gv2/BGYVmBNLtZuZOVaZ3IkoL4aqJbsI8PIu0k0K
4Dv94GY30UvOhig7AWiWUFBTKdWNqNRg2Ng6X6IcAPeayCsSWaMMmLPf/izrcetc
BV/9vshdxaMxYmX061GXZbWWBFryMubvLBWBuSnhtRliA115y6PJOypTkDrwVjrD
8HMDCYOw5irdDxBI89CRvDyIS7PnCSVGMjtVLp9TCy2tNmFkTAvSpc+yFwIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFGmsKHVDGs9bGqzJoT8RLZd/1RyPMB8GA1UdIwQY
MBaAFPt0QAbqwwhL+I8Sg0mw5zO7PXnjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS0zUkFCdXJEQ0V2NGp4S0RTYkRuTTdzOWVlTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmUvMTc4MzZhLWQ2NzgtNDFjYS04ZmIy
LTVlYjdiZWY5YTdhOC8xL2Fhd29kVU1hejFzYXJNbWhQeEV0bDNfVkhJOC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZmUvMTc4MzZhLWQ2NzgtNDFjYS04ZmIyLTVlYjdiZWY5YTdh
OC8xLzEtM1JBQnVyRENFdjRqeEtEU2JEbk03czllZU0uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMAYIKwYBBQUHAQcBAf8EITAfMAwEAgABMAYDBAACOjow
DwQCAAIwCQMHACoJ4kAAADANBgkqhkiG9w0BAQsFAAOCAQEAxSNViHgMmOsDjdfK
p0wesbKhIwsxlOKE+yk/g9rD48tYVyqdQCuYZKdxCbYiWKF0MAf+Wm1om0nsFvu4
bBoCZWUi2cqqQqwZPd18xIiVfc8E8nVoI205Q9WqF0jVJ2mMcGEXcsNLS5hH36Jv
gEyyybThZf1XduslqvnJ3NnLcOd6kBTUzbrN6nhU31+mdE/QdAFkLgkOZtaUYJpK
3JrQIqz02Lgvwuh5OlTkV1R9CQHkwrMUZttHZ6jFNrVqn1o8QYsGsoOEbKlyjgdE
OwT257BKFBHxNrTh2Ip5bXe0FPDS1v97Z7CZTzML/pmM4+cJcVtak1kcprWDutnl
uK5AdQ==
-----END CERTIFICATE-----