Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/1-7s5RmjW_OEajH-PZXa2ehQHZm0.roa
File:                     1-7s5RmjW_OEajH-PZXa2ehQHZm0.roa (raw, json)
Hash identifier:          Ij3zvsmTAQ7OZVezJh6Qi6bHce4OhTy2N2NUdgqTM9s=
Subject key identifier:   FB:BB:39:46:68:D6:FC:E1:1A:8C:7F:8F:65:76:B6:7A:14:07:66:6D
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0194258FA03BF359CC72A8D76E54118D9B21
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/1-7s5RmjW_OEajH-PZXa2ehQHZm0.roa
Signing time:             Thu 02 Jan 2025 05:49:17 +0000
ROA not before:           Thu 02 Jan 2025 05:49:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43656
IP address blocks:        93.170.64.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:a0:3b:f3:59:cc:72:a8:d7:6e:54:11:8d:9b:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fbbb394668d6fce11a8c7f8f6576b67a1407666d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c7:d9:cc:bf:12:93:ee:c5:e3:67:d9:84:ab:
                    8c:b4:c4:7f:9e:77:65:ed:ea:75:c3:3c:0e:8d:15:
                    2d:7f:14:02:a0:c9:fd:3d:75:0b:5d:e1:c4:96:86:
                    a0:bd:c7:a1:ae:e2:b8:58:e6:f5:04:f2:2f:fa:b4:
                    cb:a4:46:b8:6f:60:9e:a3:1b:4c:8d:b7:79:22:50:
                    b3:b7:65:11:1f:80:3a:4a:1d:80:23:e4:f3:75:2a:
                    24:4f:d7:a9:1f:42:cd:c1:d5:ca:e7:61:c2:22:1d:
                    bf:26:9d:96:23:3f:d0:9c:c1:0b:35:e0:5c:cc:6d:
                    2d:7b:b9:a5:ef:93:7d:b8:66:ec:3e:29:17:4a:03:
                    0d:b4:a4:47:c8:71:21:1b:9a:3c:b2:d3:7e:de:da:
                    66:4b:e9:02:ac:00:13:0e:56:a6:0e:28:73:7c:a4:
                    74:fd:5b:f1:46:fb:03:bf:be:84:24:83:90:c7:6c:
                    4b:cf:57:f4:86:d0:ad:a9:2d:e6:1b:81:a2:34:db:
                    0c:68:00:b9:7b:3a:c2:91:76:8c:67:1d:b0:89:a0:
                    9c:ff:4c:08:48:ab:56:f0:70:d7:30:81:17:27:d9:
                    e1:4d:e8:40:3f:e3:67:d3:11:f3:2c:97:76:6c:ef:
                    d8:64:7e:57:9e:f1:a5:51:e0:8f:07:f2:ee:39:24:
                    09:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:BB:39:46:68:D6:FC:E1:1A:8C:7F:8F:65:76:B6:7A:14:07:66:6D
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/1-7s5RmjW_OEajH-PZXa2ehQHZm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.170.64.0/21

    Signature Algorithm: sha256WithRSAEncryption
         36:be:08:8e:6f:f0:6e:18:2e:4c:de:56:6e:06:9c:c5:fc:05:
         d1:2c:fe:f6:3e:c1:5a:84:e6:00:e7:79:30:9f:7f:6f:f5:59:
         af:c4:22:0c:1b:db:aa:7a:03:0d:39:79:d0:db:7a:88:89:d9:
         f8:8d:45:05:2c:ff:8e:42:ce:e3:c3:bd:01:a8:13:86:c3:cb:
         a9:b0:ae:de:cd:24:4c:3c:6c:17:68:86:b8:7c:61:06:7d:22:
         2b:87:b9:19:28:ea:dd:01:07:ad:38:4b:6b:b3:8e:bd:03:d1:
         39:32:ff:3b:f6:6e:f4:ba:b5:a6:32:a4:bf:2f:d3:bf:da:83:
         35:6b:8c:cc:79:c8:ec:9c:f8:78:de:12:9a:5b:e7:28:2a:ca:
         37:50:ce:bb:18:a7:97:7c:8c:a3:e1:a0:67:ed:de:80:e6:64:
         da:b3:1d:86:c5:e7:80:d0:aa:09:8a:1e:91:7d:aa:8a:00:c6:
         54:a6:c3:c3:96:66:b3:e6:e1:e2:09:0d:3d:70:29:a6:93:ec:
         ab:d2:6d:a4:39:1c:c4:72:4f:9a:d8:9f:74:9d:db:16:13:fd:
         f4:5a:04:ee:5e:7d:39:30:06:bf:54:37:b8:1e:bb:9c:4c:b5:
         f1:4d:ee:63:2b:10:d6:09:19:7c:87:be:3d:ae:9b:2a:0d:38:
         5a:79:65:72
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQlj6A781nMcqjXblQRjZshMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmJiMzk0NjY4ZDZmY2UxMWE4YzdmOGY2NTc2YjY3YTE0MDc2NjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArsfZzL8Sk+7F42fZhKuMtMR/nndl
7ep1wzwOjRUtfxQCoMn9PXULXeHEloagvcehruK4WOb1BPIv+rTLpEa4b2CeoxtM
jbd5IlCzt2URH4A6Sh2AI+TzdSokT9epH0LNwdXK52HCIh2/Jp2WIz/QnMELNeBc
zG0te7ml75N9uGbsPikXSgMNtKRHyHEhG5o8stN+3tpmS+kCrAATDlamDihzfKR0
/VvxRvsDv76EJIOQx2xLz1f0htCtqS3mG4GiNNsMaAC5ezrCkXaMZx2wiaCc/0wI
SKtW8HDXMIEXJ9nhTehAP+Nn0xHzLJd2bO/YZH5XnvGlUeCPB/LuOSQJdQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPu7OUZo1vzhGox/j2V2tnoUB2ZtMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvMS03czVSbWpXX09FYWpILVBaWGEyZWhRSFptMC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNTgvMThhOTFjLTBlNzctNDVjOS04Y2M0LTA2MmM2OTMzYWJl
ZC8xL2RKRWl3MVE0cE9zbUl6X2Nia3V4M3kycTcwSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA12qQDAN
BgkqhkiG9w0BAQsFAAOCAQEANr4Ijm/wbhguTN5WbgacxfwF0Sz+9j7BWoTmAOd5
MJ9/b/VZr8QiDBvbqnoDDTl50Nt6iInZ+I1FBSz/jkLO48O9AagThsPLqbCu3s0k
TDxsF2iGuHxhBn0iK4e5GSjq3QEHrThLa7OOvQPROTL/O/Zu9Lq1pjKkvy/Tv9qD
NWuMzHnI7Jz4eN4SmlvnKCrKN1DOuxinl3yMo+GgZ+3egOZk2rMdhsXngNCqCYoe
kX2qigDGVKbDw5Zms+bh4gkNPXApppPsq9JtpDkcxHJPmtifdJ3bFhP99FoE7l59
OTAGv1Q3uB67nEy18U3uYysQ1gkZfIe+Pa6bKg04Wnllcg==
-----END CERTIFICATE-----