Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/5VpArk0LTnLb770Yldm7kScMeIw.roa
File:                     5VpArk0LTnLb770Yldm7kScMeIw.roa (raw, json)
Hash identifier:          HUE6QC04wAUQz7PzVDGAALdJEK9DzRvOISTFDJpLlgU=
Subject key identifier:   E5:5A:40:AE:4D:0B:4E:72:DB:EF:BD:18:95:D9:BB:91:27:0C:78:8C
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0194258FB4426B8FC681F705339D5A0D9EFA
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/5VpArk0LTnLb770Yldm7kScMeIw.roa
Signing time:             Thu 02 Jan 2025 05:49:22 +0000
ROA not before:           Thu 02 Jan 2025 05:49:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49502
IP address blocks:        93.171.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:b4:42:6b:8f:c6:81:f7:05:33:9d:5a:0d:9e:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e55a40ae4d0b4e72dbefbd1895d9bb91270c788c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:c4:2a:db:50:49:28:49:9b:23:2c:d1:69:cb:
                    f1:78:c1:55:33:69:ef:23:17:b4:c8:51:9d:bf:b6:
                    22:48:08:d9:3c:df:13:b9:be:89:fb:e2:ff:fb:29:
                    89:7d:6f:b2:7d:9f:da:2c:f2:76:b0:31:c8:d8:52:
                    4a:c1:c1:7e:8b:09:49:b5:3f:27:e8:ca:ae:15:df:
                    8a:08:bf:b9:f8:93:9b:6f:75:04:de:35:27:d3:e7:
                    91:68:cf:bb:43:21:2e:1b:ab:a3:1e:50:01:de:47:
                    42:d2:3d:e1:7c:bc:79:d1:70:2c:58:3f:dc:ab:7b:
                    2a:91:d2:55:e1:b8:d3:de:63:6b:66:19:33:95:aa:
                    5d:58:55:c9:05:0f:96:5a:6e:3b:8f:2b:c7:e7:ab:
                    3b:01:3f:e0:01:50:51:cf:d8:bb:4a:fc:a6:40:da:
                    ee:3c:fb:7b:c1:64:18:bc:98:10:3b:a1:d7:94:89:
                    2f:00:4b:75:b1:9a:42:81:fc:a3:dc:e0:19:b1:da:
                    b5:74:54:2e:5e:a5:75:24:49:24:3c:0a:48:2e:f5:
                    b3:f9:a7:fc:28:60:f2:7f:68:eb:9f:ba:76:de:46:
                    ee:46:f5:97:70:ff:23:4f:b2:05:e3:28:63:d2:67:
                    64:5a:22:d9:1f:0c:c8:6f:d2:ef:fa:a9:cc:21:37:
                    3d:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:5A:40:AE:4D:0B:4E:72:DB:EF:BD:18:95:D9:BB:91:27:0C:78:8C
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/5VpArk0LTnLb770Yldm7kScMeIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.171.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:98:33:e7:27:ff:cd:6e:c7:be:cf:62:9d:7a:b2:c9:5e:61:
         07:41:f9:82:79:f6:8a:62:ae:e2:a7:8b:ac:63:65:36:0f:50:
         1c:e7:47:bc:3a:00:75:c9:6d:42:2c:d0:ee:5a:b2:40:cb:8d:
         be:31:32:46:3f:67:cc:de:0c:e0:02:44:20:56:72:43:c9:52:
         8a:83:1d:11:a1:30:08:b4:43:f6:0e:e6:71:35:b1:0e:fa:c7:
         00:c7:d7:f4:34:b6:b5:d9:2f:b4:ec:57:0f:42:40:00:d0:ca:
         f1:db:a5:6b:2c:8a:90:ae:fa:f7:97:0d:63:9f:47:57:2f:c3:
         ea:ea:72:d4:f4:0a:b0:d4:fd:1e:68:99:3e:13:d4:a7:33:58:
         93:76:4c:9a:a8:47:0f:78:3d:77:97:5a:19:61:7d:cc:8d:24:
         34:1a:be:76:39:87:b6:6b:4d:9e:0a:bd:9e:36:a5:12:d1:c8:
         0d:35:97:f9:39:c3:b0:0f:16:c9:70:21:35:6f:c8:51:ea:f7:
         c8:2c:b4:dd:30:e0:f8:a7:e3:6a:0c:a7:1f:17:79:ea:88:a9:
         d9:76:bd:96:9c:79:28:c8:2b:7f:66:80:b5:7b:ea:0c:09:7d:
         b9:3f:0a:e5:f4:e2:73:7c:5f:53:c3:de:50:86:a5:73:86:fb:
         3a:b2:24:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj7RCa4/GgfcFM51aDZ76MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTVhNDBhZTRkMGI0ZTcyZGJlZmJkMTg5NWQ5YmI5MTI3MGM3ODhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhcQq21BJKEmbIyzRacvxeMFVM2nv
Ixe0yFGdv7YiSAjZPN8Tub6J++L/+ymJfW+yfZ/aLPJ2sDHI2FJKwcF+iwlJtT8n
6MquFd+KCL+5+JObb3UE3jUn0+eRaM+7QyEuG6ujHlAB3kdC0j3hfLx50XAsWD/c
q3sqkdJV4bjT3mNrZhkzlapdWFXJBQ+WWm47jyvH56s7AT/gAVBRz9i7SvymQNru
PPt7wWQYvJgQO6HXlIkvAEt1sZpCgfyj3OAZsdq1dFQuXqV1JEkkPApILvWz+af8
KGDyf2jrn7p23kbuRvWXcP8jT7IF4yhj0mdkWiLZHwzIb9Lv+qnMITc9xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOVaQK5NC05y2++9GJXZu5EnDHiMMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvNVZwQXJrMExUbkxiNzcwWWxkbTdrU2NNZUl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXavQMA0G
CSqGSIb3DQEBCwUAA4IBAQCbmDPnJ//Nbse+z2KderLJXmEHQfmCefaKYq7ip4us
Y2U2D1Ac50e8OgB1yW1CLNDuWrJAy42+MTJGP2fM3gzgAkQgVnJDyVKKgx0RoTAI
tEP2DuZxNbEO+scAx9f0NLa12S+07FcPQkAA0Mrx26VrLIqQrvr3lw1jn0dXL8Pq
6nLU9Aqw1P0eaJk+E9SnM1iTdkyaqEcPeD13l1oZYX3MjSQ0Gr52OYe2a02eCr2e
NqUS0cgNNZf5OcOwDxbJcCE1b8hR6vfILLTdMOD4p+NqDKcfF3nqiKnZdr2WnHko
yCt/ZoC1e+oMCX25Pwrl9OJzfF9Tw95QhqVzhvs6siTz
-----END CERTIFICATE-----