Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/1-fimaW7E4ZD6-5Df2Wd4UXGX_PA.roa
File:                     1-fimaW7E4ZD6-5Df2Wd4UXGX_PA.roa (raw, json)
Hash identifier:          8VeL7HwYlPKXhW4IqwMlwo8F42qoKkXRuyFo474X238=
Subject key identifier:   F9:F8:A6:69:6E:C4:E1:90:FA:FB:90:DF:D9:67:78:51:71:97:FC:F0
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA29FD5AC6237A6F11D1E8A2A648F66A
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/1-fimaW7E4ZD6-5Df2Wd4UXGX_PA.roa
Signing time:             Tue 02 Jan 2024 12:33:18 +0000
ROA not before:           Tue 02 Jan 2024 12:33:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47726
IP address blocks:        92.38.8.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:fd:5a:c6:23:7a:6f:11:d1:e8:a2:a6:48:f6:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9f8a6696ec4e190fafb90dfd96778517197fcf0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:1c:c0:62:2e:2f:59:ef:23:20:a0:81:9d:5f:
                    27:5c:e1:cd:96:fc:3d:39:87:6a:9c:3a:7b:dd:be:
                    b2:8a:60:31:36:71:9c:16:fc:79:3a:ec:83:66:c2:
                    f5:66:1e:93:11:1c:4f:6f:98:57:c9:f5:77:f2:66:
                    76:25:7c:27:09:40:4c:e1:71:18:80:3d:08:5a:3f:
                    da:76:1e:4c:37:c5:90:3a:dc:92:2d:49:09:e8:d3:
                    65:6a:22:d2:10:1e:10:6f:e0:6b:85:06:20:45:9e:
                    12:88:de:ff:32:c8:82:ff:5e:7d:c9:e1:d8:51:aa:
                    7d:49:73:4b:eb:ba:64:9a:c2:7e:e4:06:ad:db:c6:
                    9c:e5:f7:db:f2:a2:ae:15:be:22:fe:f0:e1:3c:de:
                    2b:c9:7b:3b:fc:3e:e8:8d:b9:3a:4e:a9:b2:73:cc:
                    1f:2b:b4:29:68:82:e1:d4:a7:47:04:bd:64:f3:22:
                    f4:84:9a:ba:65:2c:2a:7a:a0:76:2c:74:32:c3:5c:
                    ac:e1:23:cf:fa:5b:76:c5:8f:70:d3:8a:85:e8:89:
                    b7:6d:53:1b:88:2a:00:1c:3c:0e:7b:d6:10:60:85:
                    b6:b2:c5:cc:3b:65:c4:18:84:41:fc:51:bb:c8:43:
                    a5:86:3c:6d:90:00:72:db:43:ed:ec:3c:9b:18:89:
                    98:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:F8:A6:69:6E:C4:E1:90:FA:FB:90:DF:D9:67:78:51:71:97:FC:F0
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/1-fimaW7E4ZD6-5Df2Wd4UXGX_PA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.38.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         95:ce:c9:2a:ba:37:e6:e5:76:e3:4c:79:aa:f1:4a:57:07:54:
         2f:72:6b:2b:8a:de:8f:30:b2:e5:7d:44:e5:e7:5b:0c:a3:19:
         07:ce:8e:79:c0:03:06:60:4f:48:25:e5:2c:b4:b8:03:8b:07:
         22:ac:ff:72:53:38:f3:e5:b7:85:c3:56:4c:41:9f:17:20:0a:
         18:39:8b:e4:d1:83:e5:f9:18:08:7d:d3:4d:22:63:37:6d:80:
         23:17:8c:3d:fc:6a:60:f0:0d:11:45:69:19:8e:92:d8:c1:12:
         92:14:aa:e9:bc:fc:bc:d9:25:e8:f1:46:1e:ff:08:78:94:b2:
         c4:5d:d2:d9:e9:a4:f0:76:0e:d9:e4:90:3c:9b:bb:a9:08:ce:
         0f:bc:4e:81:8d:c0:03:bd:28:2e:12:9c:a7:96:e7:9c:ca:16:
         26:87:7f:5d:2d:29:8f:2d:d7:45:9d:88:11:23:65:16:4f:e1:
         7f:35:87:02:39:f0:97:5e:dc:5e:df:73:ca:ed:58:0a:f2:d1:
         0e:c8:7b:2b:8d:d3:7f:80:75:d0:22:09:bf:6e:fa:84:bc:0f:
         3e:e2:f1:f9:91:90:f1:40:b0:b1:dd:2e:a4:1f:e5:cf:d6:63:
         88:56:87:8b:f4:b6:7d:a6:a0:f6:ba:2a:62:b3:61:2f:70:fa:
         99:ea:d1:70
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzKKf1axiN6bxHR6KKmSPZqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWY4YTY2OTZlYzRlMTkwZmFmYjkwZGZkOTY3Nzg1MTcxOTdmY2YwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlRzAYi4vWe8jIKCBnV8nXOHNlvw9
OYdqnDp73b6yimAxNnGcFvx5OuyDZsL1Zh6TERxPb5hXyfV38mZ2JXwnCUBM4XEY
gD0IWj/adh5MN8WQOtySLUkJ6NNlaiLSEB4Qb+BrhQYgRZ4SiN7/MsiC/159yeHY
Uap9SXNL67pkmsJ+5Aat28ac5ffb8qKuFb4i/vDhPN4ryXs7/D7ojbk6Tqmyc8wf
K7QpaILh1KdHBL1k8yL0hJq6ZSwqeqB2LHQyw1ys4SPP+lt2xY9w04qF6Im3bVMb
iCoAHDwOe9YQYIW2ssXMO2XEGIRB/FG7yEOlhjxtkABy20Pt7DybGImYPwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPn4pmluxOGQ+vuQ39lneFFxl/zwMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvMS1maW1hVzdFNFpENi01RGYyV2Q0VVhHWF9QQS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNTgvMThhOTFjLTBlNzctNDVjOS04Y2M0LTA2MmM2OTMzYWJl
ZC8xL2RKRWl3MVE0cE9zbUl6X2Nia3V4M3kycTcwSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA1wmCDAN
BgkqhkiG9w0BAQsFAAOCAQEAlc7JKro35uV240x5qvFKVwdUL3JrK4rejzCy5X1E
5edbDKMZB86OecADBmBPSCXlLLS4A4sHIqz/clM48+W3hcNWTEGfFyAKGDmL5NGD
5fkYCH3TTSJjN22AIxeMPfxqYPANEUVpGY6S2MESkhSq6bz8vNkl6PFGHv8IeJSy
xF3S2emk8HYO2eSQPJu7qQjOD7xOgY3AA70oLhKcp5bnnMoWJod/XS0pjy3XRZ2I
ESNlFk/hfzWHAjnwl17cXt9zyu1YCvLRDsh7K43Tf4B10CIJv276hLwPPuLx+ZGQ
8UCwsd0upB/lz9ZjiFaHi/S2faag9roqYrNhL3D6merRcA==
-----END CERTIFICATE-----