Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/vQq8NdiWqKC636mY4pmMGRnmwhY.roa
File:                     vQq8NdiWqKC636mY4pmMGRnmwhY.roa (raw, json)
Hash identifier:          A1dxntRNIzafqKN4Kla039NiWfDrg3mlyik21Izc4Rg=
Subject key identifier:   BD:0A:BC:35:D8:96:A8:A0:BA:DF:A9:98:E2:99:8C:19:19:E6:C2:16
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A38973440EDB7738AB2734AF2660F
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/vQq8NdiWqKC636mY4pmMGRnmwhY.roa
Signing time:             Tue 02 Jan 2024 12:33:33 +0000
ROA not before:           Tue 02 Jan 2024 12:33:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201041
IP address blocks:        93.171.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:38:97:34:40:ed:b7:73:8a:b2:73:4a:f2:66:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd0abc35d896a8a0badfa998e2998c1919e6c216
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:13:1d:30:42:28:1a:0e:56:c2:58:f7:c7:f1:
                    8a:14:2f:9b:f4:5d:bd:58:f5:07:cb:e8:47:80:ee:
                    7d:76:29:60:64:b1:ac:91:45:54:ee:64:09:5c:d4:
                    56:b7:69:94:82:f6:54:87:d5:d1:57:f1:db:22:d2:
                    1a:57:c1:b5:9b:9f:ff:0e:5a:8f:ab:f7:07:c1:36:
                    60:a4:fb:f5:01:76:7a:5e:fb:12:f0:17:80:c8:47:
                    2f:d5:8d:39:37:b1:af:ef:cf:1d:5f:13:50:03:68:
                    34:a3:d6:06:30:c1:7a:71:b7:ee:5e:77:72:65:cf:
                    93:96:27:8b:fc:68:ad:b3:b9:56:1b:e5:91:3b:a2:
                    0a:23:bf:af:e3:44:fc:b9:d1:c5:81:e2:66:1a:0f:
                    24:90:6a:7b:04:5f:49:03:eb:2e:d1:d1:8a:1f:b1:
                    72:f9:6e:98:97:c4:63:ce:83:cd:ec:1d:f0:f7:27:
                    9e:23:cd:77:4d:5e:8d:c3:e9:80:56:0b:3b:78:59:
                    02:43:cb:b4:fe:1c:66:a6:8f:49:f6:19:cf:72:6b:
                    23:93:64:86:0c:53:56:7a:ca:96:d3:27:3b:85:5a:
                    56:4e:a1:98:d0:1c:db:9f:28:f9:bd:1b:08:74:3f:
                    71:43:5e:23:5c:cd:35:49:a1:f4:07:e2:9a:c2:1c:
                    f8:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:0A:BC:35:D8:96:A8:A0:BA:DF:A9:98:E2:99:8C:19:19:E6:C2:16
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/vQq8NdiWqKC636mY4pmMGRnmwhY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.171.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:76:69:20:a4:20:57:dd:f5:79:6b:69:69:e0:84:8f:31:f6:
         21:24:7b:b8:74:1d:c8:aa:16:f4:5b:9f:4a:90:8f:bf:0e:21:
         7e:26:d3:94:c3:75:45:10:7d:c0:4d:0b:24:aa:f6:e2:3d:39:
         2e:e7:ce:26:88:f4:4f:f4:d3:a8:c2:25:17:e2:ec:76:65:d1:
         d3:f1:79:c7:2b:18:03:fd:64:da:23:07:ba:c2:11:ea:d9:b3:
         71:94:4b:35:4f:01:54:f4:e0:a9:03:5c:a8:af:81:fa:da:0c:
         34:05:ab:aa:4a:3f:3a:6c:82:a4:d0:7d:83:97:1c:ea:d0:a8:
         0c:dc:bc:3a:3d:f3:ca:51:01:75:70:96:3f:c5:50:b9:9f:f5:
         1f:9d:a5:9c:f0:b6:75:5e:38:1a:8e:4e:46:79:99:63:e6:a2:
         ce:cf:e2:8a:a6:2f:35:9e:de:47:d3:14:9a:b8:54:0e:08:ef:
         6f:54:7b:c2:47:d0:90:77:f5:ba:70:e1:08:7b:d7:0a:34:29:
         34:1d:ca:6b:3a:00:ca:d6:cf:9e:60:b8:7c:29:2f:c5:de:32:
         08:d8:c8:62:b2:8b:56:09:de:d2:f8:fe:4c:d8:34:fe:58:5d:
         d0:67:59:28:78:40:25:72:1e:02:d8:fe:8e:75:b8:89:15:95:
         a7:e6:63:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKjiXNEDtt3OKsnNK8mYPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDBhYmMzNWQ4OTZhOGEwYmFkZmE5OThlMjk5OGMxOTE5ZTZjMjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhBMdMEIoGg5Wwlj3x/GKFC+b9F29
WPUHy+hHgO59dilgZLGskUVU7mQJXNRWt2mUgvZUh9XRV/HbItIaV8G1m5//DlqP
q/cHwTZgpPv1AXZ6XvsS8BeAyEcv1Y05N7Gv788dXxNQA2g0o9YGMMF6cbfuXndy
Zc+TlieL/Gits7lWG+WRO6IKI7+v40T8udHFgeJmGg8kkGp7BF9JA+su0dGKH7Fy
+W6Yl8RjzoPN7B3w9yeeI813TV6Nw+mAVgs7eFkCQ8u0/hxmpo9J9hnPcmsjk2SG
DFNWesqW0yc7hVpWTqGY0Bzbnyj5vRsIdD9xQ14jXM01SaH0B+Kawhz4VQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL0KvDXYlqigut+pmOKZjBkZ5sIWMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvdlFxOE5kaVdxS0M2MzZtWTRwbU1HUm5td2hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXaujMA0G
CSqGSIb3DQEBCwUAA4IBAQCKdmkgpCBX3fV5a2lp4ISPMfYhJHu4dB3Iqhb0W59K
kI+/DiF+JtOUw3VFEH3ATQskqvbiPTku584miPRP9NOowiUX4ux2ZdHT8XnHKxgD
/WTaIwe6whHq2bNxlEs1TwFU9OCpA1yor4H62gw0BauqSj86bIKk0H2Dlxzq0KgM
3Lw6PfPKUQF1cJY/xVC5n/UfnaWc8LZ1Xjgajk5GeZlj5qLOz+KKpi81nt5H0xSa
uFQOCO9vVHvCR9CQd/W6cOEIe9cKNCk0HcprOgDK1s+eYLh8KS/F3jII2MhisotW
Cd7S+P5M2DT+WF3QZ1koeEAlch4C2P6OdbiJFZWn5mP/
-----END CERTIFICATE-----