Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/3vBygop7FgkzUGcoPe5EzSJQRtA.roa
File:                     3vBygop7FgkzUGcoPe5EzSJQRtA.roa (raw, json)
Hash identifier:          1Jq7uhDbtaXgFSTUlFreew1bCgVlsLjiiuEONO8fyiA=
Subject key identifier:   DE:F0:72:82:8A:7B:16:09:33:50:67:28:3D:EE:44:CD:22:50:46:D0
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0194258FB61CA1A9B344D986636872286CEF
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/3vBygop7FgkzUGcoPe5EzSJQRtA.roa
Signing time:             Thu 02 Jan 2025 05:49:22 +0000
ROA not before:           Thu 02 Jan 2025 05:49:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50043
IP address blocks:        93.170.136.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:b6:1c:a1:a9:b3:44:d9:86:63:68:72:28:6c:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=def072828a7b1609335067283dee44cd225046d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:3c:9f:a0:df:f5:df:46:4b:02:44:d9:92:f5:
                    6e:cf:87:b7:de:0c:5f:0e:0b:34:bd:61:66:92:22:
                    73:b7:c5:a5:7f:30:52:d4:07:74:6a:aa:62:e0:3e:
                    db:bd:c7:99:04:27:73:28:99:17:af:90:c0:19:2e:
                    80:ca:27:3c:4c:fc:86:0f:cd:ed:30:60:8a:56:c4:
                    02:a5:68:1d:ae:8a:8f:44:b2:29:04:49:50:14:25:
                    98:f0:10:42:f3:08:94:fc:bb:90:50:07:67:07:62:
                    b6:04:12:98:a3:cd:fe:56:10:af:2b:7f:b1:23:24:
                    bb:ad:f2:06:e7:66:af:4a:3a:de:c7:71:42:e4:2a:
                    7e:d8:eb:72:2d:82:ec:1b:3f:8d:7d:26:8c:40:10:
                    1c:bb:26:9b:4b:57:39:33:1e:7d:9a:2d:50:6e:26:
                    ec:49:ab:81:5a:ed:01:97:4e:6f:fa:ad:b8:9c:d4:
                    c9:e0:77:8c:de:eb:4a:1f:69:7d:bf:17:21:d9:38:
                    b8:fe:39:9d:db:0b:39:4a:8a:75:c0:96:f6:5a:d5:
                    70:fe:e8:dc:a8:6e:36:d2:73:51:62:02:86:9d:af:
                    f0:5c:67:31:89:28:d9:12:ba:1f:36:cc:03:a9:94:
                    a0:74:6d:86:43:af:74:bd:f8:e7:81:f7:8f:b7:ca:
                    e0:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:F0:72:82:8A:7B:16:09:33:50:67:28:3D:EE:44:CD:22:50:46:D0
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/3vBygop7FgkzUGcoPe5EzSJQRtA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.170.136.0/23

    Signature Algorithm: sha256WithRSAEncryption
         88:02:aa:f2:54:32:7b:74:6c:ad:24:ab:75:aa:1a:23:77:ec:
         b4:a8:c7:08:ed:0d:aa:f3:b1:2f:2d:8b:69:44:84:72:f9:35:
         7a:0f:b9:93:2d:3c:12:b3:06:77:d0:46:f5:6a:ad:ff:16:e6:
         1f:4e:2d:8c:7c:3e:bf:e2:d5:0f:0b:98:22:01:c3:2b:7a:75:
         98:b9:85:35:76:e4:a9:c3:fb:48:53:31:19:69:a9:56:b8:27:
         d9:45:25:a4:ab:85:de:32:9f:b4:19:9f:23:31:a9:7f:1c:5d:
         33:0d:f8:b1:aa:e1:13:50:b9:72:ed:68:28:88:cf:80:82:d2:
         6d:33:79:f5:48:13:cc:c3:57:e6:88:65:87:3a:8b:e4:33:ab:
         76:7c:d8:9e:b9:ae:64:f4:68:fc:36:bb:9c:52:90:1e:20:02:
         3c:a7:0b:af:ab:0b:5e:ac:06:d9:6a:db:af:db:8e:b8:de:be:
         97:34:8b:b9:cb:36:12:a8:ed:1b:8b:ed:9f:b5:e9:60:a8:00:
         35:94:eb:a5:cb:26:ff:6d:03:a6:e5:85:de:35:85:65:fb:75:
         ac:65:02:fb:1d:2e:ea:64:a7:10:d9:a7:de:f6:50:aa:f6:de:
         2e:3a:26:4f:09:23:ac:8d:da:b9:7f:86:3d:c5:34:15:02:97:
         09:b9:46:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj7YcoamzRNmGY2hyKGzvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWYwNzI4MjhhN2IxNjA5MzM1MDY3MjgzZGVlNDRjZDIyNTA0NmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjDyfoN/130ZLAkTZkvVuz4e33gxf
Dgs0vWFmkiJzt8WlfzBS1Ad0aqpi4D7bvceZBCdzKJkXr5DAGS6Ayic8TPyGD83t
MGCKVsQCpWgdroqPRLIpBElQFCWY8BBC8wiU/LuQUAdnB2K2BBKYo83+VhCvK3+x
IyS7rfIG52avSjrex3FC5Cp+2OtyLYLsGz+NfSaMQBAcuyabS1c5Mx59mi1Qbibs
SauBWu0Bl05v+q24nNTJ4HeM3utKH2l9vxch2Ti4/jmd2ws5Sop1wJb2WtVw/ujc
qG420nNRYgKGna/wXGcxiSjZErofNswDqZSgdG2GQ690vfjngfePt8rgewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN7wcoKKexYJM1BnKD3uRM0iUEbQMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvM3ZCeWdvcDdGZ2t6VUdjb1BlNUV6U0pRUnRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXaqIMA0G
CSqGSIb3DQEBCwUAA4IBAQCIAqryVDJ7dGytJKt1qhojd+y0qMcI7Q2q87EvLYtp
RIRy+TV6D7mTLTwSswZ30Eb1aq3/FuYfTi2MfD6/4tUPC5giAcMrenWYuYU1duSp
w/tIUzEZaalWuCfZRSWkq4XeMp+0GZ8jMal/HF0zDfixquETULly7WgoiM+AgtJt
M3n1SBPMw1fmiGWHOovkM6t2fNieua5k9Gj8NrucUpAeIAI8pwuvqwterAbZatuv
24643r6XNIu5yzYSqO0bi+2ftelgqAA1lOulyyb/bQOm5YXeNYVl+3WsZQL7HS7q
ZKcQ2afe9lCq9t4uOiZPCSOsjdq5f4Y9xTQVApcJuUbk
-----END CERTIFICATE-----