Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/sD7YPxBx1ACgO_2O4RAN5nuF0Mw.roa
File:                     sD7YPxBx1ACgO_2O4RAN5nuF0Mw.roa (raw, json)
Hash identifier:          aE43rYnlOR3U8in3A4H7w/D8441lkJ62Rpz7/ZhKoaA=
Subject key identifier:   B0:3E:D8:3F:10:71:D4:00:A0:3B:FD:8E:E1:10:0D:E6:7B:85:D0:CC
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0197CBF9EC0A25089DED2195B98893A71571
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/sD7YPxBx1ACgO_2O4RAN5nuF0Mw.roa
Signing time:             Wed 02 Jul 2025 16:30:43 +0000
ROA not before:           Wed 02 Jul 2025 16:30:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56387
IP address blocks:        93.171.7.0/24 maxlen: 24
                          93.171.8.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:cb:f9:ec:0a:25:08:9d:ed:21:95:b9:88:93:a7:15:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jul  2 16:30:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b03ed83f1071d400a03bfd8ee1100de67b85d0cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:e7:92:c5:a1:95:f4:50:88:ba:63:c4:79:4d:
                    be:4b:2c:57:2c:0c:85:a7:96:17:52:36:c5:de:9d:
                    fe:f3:c8:3f:0f:ed:e6:b9:4a:94:04:88:eb:68:5c:
                    58:fd:3d:6e:25:d6:bb:08:31:a2:c9:a1:bc:ae:46:
                    a0:de:64:ce:d6:44:19:73:d9:6f:9b:f0:f9:f4:83:
                    0c:04:1c:05:b9:c8:59:c4:35:1d:82:92:aa:59:64:
                    59:a8:97:41:56:ce:d4:45:45:a3:c9:e7:c6:2e:35:
                    1c:57:f0:23:98:25:cc:b0:0f:7f:28:10:24:63:ac:
                    29:f6:05:8f:2e:a3:62:5c:28:2b:a5:eb:2b:e5:fc:
                    5c:c4:97:41:8c:fa:dd:d9:f7:ce:b9:7b:bf:d3:ba:
                    65:f9:e5:81:ce:e4:5c:96:fd:20:db:7f:f3:12:37:
                    f4:6b:9f:1e:da:79:c5:49:fb:ef:ef:1f:1d:e0:02:
                    d4:0a:c5:46:cc:49:96:61:3a:9f:9f:d5:f1:e4:6d:
                    ca:7e:af:fa:3f:71:ce:50:13:77:ec:f9:f1:3b:14:
                    58:7e:45:b4:9a:10:60:b1:0c:c0:27:67:33:d4:4b:
                    f4:84:22:48:3e:f7:7c:50:23:79:c6:af:25:0d:89:
                    e8:08:e7:e1:ee:7d:09:4e:2b:d6:95:2a:8e:6d:23:
                    3c:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:3E:D8:3F:10:71:D4:00:A0:3B:FD:8E:E1:10:0D:E6:7B:85:D0:CC
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/sD7YPxBx1ACgO_2O4RAN5nuF0Mw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.171.7.0-93.171.9.255

    Signature Algorithm: sha256WithRSAEncryption
         90:04:6d:c6:8e:9b:2b:44:b2:31:08:20:82:77:93:b9:69:ff:
         b6:d8:1f:c5:dd:c6:37:7d:64:ec:47:a0:67:8b:9e:85:6b:ff:
         7b:6b:49:8f:d8:c8:e3:19:c7:1c:e1:32:d0:4a:c5:39:e1:91:
         ec:b8:68:f7:eb:28:57:1c:49:85:40:31:70:68:0a:fe:b9:31:
         95:16:30:ea:29:b3:f5:20:e2:3f:a1:ea:3b:cd:f0:fd:43:05:
         5d:a7:ca:28:ef:95:06:db:c3:a3:4f:6e:b9:bf:50:65:be:00:
         b0:2b:c4:7f:c1:c7:9b:0e:55:91:2b:a0:24:1c:00:38:99:ae:
         c5:db:ca:7c:69:13:52:27:9f:5d:a3:fd:02:c1:80:5c:91:dd:
         52:31:76:b5:6c:4b:61:a8:45:2e:4e:71:96:65:d3:3e:a5:4b:
         b2:1b:6f:8e:96:70:32:e2:c4:c6:82:b0:59:d9:ac:95:7e:20:
         9a:d6:25:f1:79:a0:68:0b:d3:39:f0:9a:13:7f:5f:35:7a:fa:
         cd:29:3a:3c:fd:03:38:9a:57:c2:4e:8f:97:af:d3:f6:c5:3d:
         68:5a:ce:50:bc:b1:14:2d:36:c9:05:e2:de:6a:bd:43:fe:57:
         f0:fd:32:e2:15:3f:16:e7:75:35:ab:7b:7d:5a:2d:50:8c:39:
         1a:63:2c:25
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZfL+ewKJQid7SGVuYiTpxVxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwNzAyMTYzMDQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDNlZDgzZjEwNzFkNDAwYTAzYmZkOGVlMTEwMGRlNjdiODVkMGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ueSxaGV9FCIumPEeU2+SyxXLAyF
p5YXUjbF3p3+88g/D+3muUqUBIjraFxY/T1uJda7CDGiyaG8rkag3mTO1kQZc9lv
m/D59IMMBBwFuchZxDUdgpKqWWRZqJdBVs7URUWjyefGLjUcV/AjmCXMsA9/KBAk
Y6wp9gWPLqNiXCgrpesr5fxcxJdBjPrd2ffOuXu/07pl+eWBzuRclv0g23/zEjf0
a58e2nnFSfvv7x8d4ALUCsVGzEmWYTqfn9Xx5G3Kfq/6P3HOUBN37PnxOxRYfkW0
mhBgsQzAJ2cz1Ev0hCJIPvd8UCN5xq8lDYnoCOfh7n0JTivWlSqObSM8XQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLA+2D8QcdQAoDv9juEQDeZ7hdDMMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvc0Q3WVB4QngxQUNnT18yTzRSQU41bnVGME13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABdqwcD
BAFdqwgwDQYJKoZIhvcNAQELBQADggEBAJAEbcaOmytEsjEIIIJ3k7lp/7bYH8Xd
xjd9ZOxHoGeLnoVr/3trSY/YyOMZxxzhMtBKxTnhkey4aPfrKFccSYVAMXBoCv65
MZUWMOops/Ug4j+h6jvN8P1DBV2nyijvlQbbw6NPbrm/UGW+ALArxH/Bx5sOVZEr
oCQcADiZrsXbynxpE1Inn12j/QLBgFyR3VIxdrVsS2GoRS5OcZZl0z6lS7Ibb46W
cDLixMaCsFnZrJV+IJrWJfF5oGgL0znwmhN/XzV6+s0pOjz9AziaV8JOj5ev0/bF
PWhazlC8sRQtNskF4t5qvUP+V/D9MuIVPxbndTWre31aLVCMORpjLCU=
-----END CERTIFICATE-----