Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/1Hwd-BG933EudCyznD55QTAfyVE.roa
File:                     1Hwd-BG933EudCyznD55QTAfyVE.roa (raw, json)
Hash identifier:          MYhmxsWEjmjOMMTZYxdLxJvU0PfTj16MzozO+9xI1ak=
Subject key identifier:   D4:7C:1D:F8:11:BD:DF:71:2E:74:2C:B3:9C:3E:79:41:30:1F:C9:51
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A03737976E34AB695DDEF2EA293FA
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/1Hwd-BG933EudCyznD55QTAfyVE.roa
Signing time:             Tue 02 Jan 2024 12:33:20 +0000
ROA not before:           Tue 02 Jan 2024 12:33:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49393
IP address blocks:        93.171.153.0/24 maxlen: 24
                          31.148.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:03:73:79:76:e3:4a:b6:95:dd:ef:2e:a2:93:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d47c1df811bddf712e742cb39c3e7941301fc951
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:4f:7d:1b:30:73:72:39:fc:1b:55:fc:be:79:
                    19:bc:e8:ee:98:14:d1:aa:77:ae:b2:32:b5:7a:ee:
                    51:4f:25:b9:89:5d:d7:e5:4b:93:05:47:1f:0d:83:
                    eb:c9:77:33:e0:37:63:61:4d:f5:19:41:c7:a0:87:
                    60:11:5e:fc:a5:f4:19:60:80:99:58:f0:08:2c:58:
                    e6:f2:52:0e:a3:ad:5f:9d:34:a7:3d:d0:8f:23:21:
                    77:8e:ec:41:ef:15:73:e6:fd:e2:da:a9:d0:dc:15:
                    41:c1:06:4a:ef:07:eb:02:24:f7:aa:7e:a3:c7:14:
                    c8:4d:d3:55:65:a8:12:33:31:8c:b2:9c:a4:0f:47:
                    88:5c:83:7c:24:eb:ad:37:fd:ad:7e:4b:fe:9c:db:
                    55:2c:1d:8a:96:7f:30:d0:5b:c9:fc:85:ee:96:18:
                    7c:4b:11:04:3d:7b:1e:66:5f:0f:ea:65:5a:21:79:
                    70:bf:7c:57:df:34:36:07:0f:a2:50:f9:42:28:50:
                    6b:28:9f:74:23:d4:a4:6f:2b:b1:21:85:d3:4f:d4:
                    bf:e9:c8:d7:e1:0a:de:b4:85:ea:54:62:85:2a:ff:
                    7d:2c:ec:ef:63:60:95:a5:8a:d1:a1:8f:07:15:df:
                    34:62:77:f1:a3:ec:2a:d2:37:e1:e7:6e:5e:ca:d4:
                    48:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:7C:1D:F8:11:BD:DF:71:2E:74:2C:B3:9C:3E:79:41:30:1F:C9:51
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/1Hwd-BG933EudCyznD55QTAfyVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.148.22.0/24
                  93.171.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:ff:c9:a3:f0:24:fb:2a:2d:c8:8c:42:7f:90:5c:36:27:4a:
         b7:da:31:b2:cf:ae:2e:c4:11:ce:fd:e3:ca:45:02:4e:3a:10:
         59:35:2a:81:5e:f6:e8:e3:46:26:cb:af:82:d0:bc:b7:7d:b9:
         37:5f:95:83:93:78:20:ce:56:bc:83:7f:a0:d0:d4:a1:84:17:
         3c:2f:32:ed:e3:02:de:b4:0c:7b:b2:df:23:1d:e1:ef:1b:2e:
         a4:ef:55:4d:7c:3f:bd:61:e8:7f:9d:10:16:20:28:b3:87:3f:
         a9:76:5e:88:a7:fa:0a:91:68:05:ab:20:23:9b:09:2c:f4:b5:
         17:cb:1c:01:2c:6d:e0:ea:e5:f5:19:2f:64:40:22:de:87:e8:
         7c:4a:50:48:43:eb:e5:b0:c7:bc:fc:3c:23:27:6f:f9:4e:25:
         a1:e6:0b:bf:8e:58:72:d1:4c:e7:9e:39:18:ad:29:35:c0:62:
         e2:93:1a:1e:4e:8e:ca:3b:47:cc:b6:bf:39:d2:96:2e:6a:2f:
         c9:d7:b9:2d:e0:3b:5c:1a:85:aa:68:e7:d1:09:51:21:3f:59:
         9c:f6:d5:4b:66:e0:94:79:8b:19:e4:0a:a1:d8:93:51:45:36:
         ba:b0:fc:bc:d8:1a:88:a6:a4:55:93:7f:cd:32:cf:7f:99:46:
         1f:aa:74:30
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKgNzeXbjSraV3e8uopP6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDdjMWRmODExYmRkZjcxMmU3NDJjYjM5YzNlNzk0MTMwMWZjOTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApU99GzBzcjn8G1X8vnkZvOjumBTR
qneusjK1eu5RTyW5iV3X5UuTBUcfDYPryXcz4DdjYU31GUHHoIdgEV78pfQZYICZ
WPAILFjm8lIOo61fnTSnPdCPIyF3juxB7xVz5v3i2qnQ3BVBwQZK7wfrAiT3qn6j
xxTITdNVZagSMzGMspykD0eIXIN8JOutN/2tfkv+nNtVLB2Kln8w0FvJ/IXulhh8
SxEEPXseZl8P6mVaIXlwv3xX3zQ2Bw+iUPlCKFBrKJ90I9SkbyuxIYXTT9S/6cjX
4QretIXqVGKFKv99LOzvY2CVpYrRoY8HFd80Ynfxo+wq0jfh525eytRIkQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNR8HfgRvd9xLnQss5w+eUEwH8lRMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvMUh3ZC1CRzkzM0V1ZEN5em5ENTVRVEFmeVZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAH5QWAwQA
XauZMA0GCSqGSIb3DQEBCwUAA4IBAQBa/8mj8CT7Ki3IjEJ/kFw2J0q32jGyz64u
xBHO/ePKRQJOOhBZNSqBXvbo40Ymy6+C0Ly3fbk3X5WDk3ggzla8g3+g0NShhBc8
LzLt4wLetAx7st8jHeHvGy6k71VNfD+9Yeh/nRAWICizhz+pdl6Ip/oKkWgFqyAj
mwks9LUXyxwBLG3g6uX1GS9kQCLeh+h8SlBIQ+vlsMe8/DwjJ2/5TiWh5gu/jlhy
0UznnjkYrSk1wGLikxoeTo7KO0fMtr850pYuai/J17kt4DtcGoWqaOfRCVEhP1mc
9tVLZuCUeYsZ5Aqh2JNRRTa6sPy82BqIpqRVk3/NMs9/mUYfqnQw
-----END CERTIFICATE-----