Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/7-E0w6j2dPGGbMg3QUvJTxauWP0.roa
File:                     7-E0w6j2dPGGbMg3QUvJTxauWP0.roa (raw, json)
Hash identifier:          1rG/xnkJx0szyAT/gZf46THV5esVRQrVgum1bf2yBAc=
Subject key identifier:   EF:E1:34:C3:A8:F6:74:F1:86:6C:C8:37:41:4B:C9:4F:16:AE:58:FD
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A2B29AB2A3AFC7BAE94478D60292F
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/7-E0w6j2dPGGbMg3QUvJTxauWP0.roa
Signing time:             Tue 02 Jan 2024 12:33:30 +0000
ROA not before:           Tue 02 Jan 2024 12:33:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61433
IP address blocks:        93.171.164.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:12:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:2b:29:ab:2a:3a:fc:7b:ae:94:47:8d:60:29:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=efe134c3a8f674f1866cc837414bc94f16ae58fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a6:c9:90:52:f9:73:00:87:e7:2d:1e:33:2a:
                    e2:8a:33:25:92:61:4b:4f:2a:10:88:81:17:f1:a9:
                    e7:a1:60:67:5b:8e:ed:3e:1f:62:b7:b1:e0:17:9d:
                    53:94:dc:75:3a:4a:ce:49:23:5b:6d:2e:87:ee:3a:
                    45:f5:86:a9:20:4a:c6:58:3a:af:06:d5:63:35:43:
                    58:c6:6c:47:da:8b:bf:d4:d1:6d:57:60:d3:fd:55:
                    81:bd:a8:1e:cf:29:47:81:ee:b8:59:dc:81:c7:08:
                    42:68:e3:d6:36:89:bf:d1:1b:d7:e5:d6:53:bb:d7:
                    06:05:1f:c8:f0:ea:aa:82:bd:e9:47:0d:15:73:a5:
                    df:dc:d5:c2:8e:42:0e:a6:66:94:a9:a1:a7:8d:bf:
                    10:c2:82:54:9f:6c:cc:30:c3:0b:27:e9:af:24:00:
                    ba:ee:2e:e9:2d:b4:3b:1f:d3:42:15:72:49:fd:8f:
                    3b:19:00:b3:52:f2:45:1d:ba:ce:37:e1:bf:c9:25:
                    61:be:d2:fd:03:5b:41:ab:45:ab:b6:4a:04:c2:1f:
                    39:a5:c4:1c:1d:98:65:ec:e5:19:38:f7:53:6e:04:
                    f2:f8:9e:9e:3e:3f:ff:70:79:b6:a3:9b:87:f8:c6:
                    84:08:b1:ba:e0:9a:11:01:cc:d4:38:64:d2:55:37:
                    61:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:E1:34:C3:A8:F6:74:F1:86:6C:C8:37:41:4B:C9:4F:16:AE:58:FD
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/7-E0w6j2dPGGbMg3QUvJTxauWP0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.171.164.0/23

    Signature Algorithm: sha256WithRSAEncryption
         02:c9:ef:27:bf:66:0c:63:d7:0c:95:d6:88:46:9a:5c:0e:18:
         aa:4f:d7:ff:4e:bd:cd:ba:05:16:28:c7:ce:d8:5c:09:e2:21:
         dc:ac:bb:8f:c5:81:66:60:6c:6c:0d:64:29:77:33:82:32:ca:
         65:d1:3c:cb:51:54:94:a1:c2:19:59:74:d6:f8:b4:a3:64:61:
         7a:d3:37:3c:e1:28:f6:4a:c2:61:4f:e0:ee:25:c2:c9:d8:8d:
         82:8a:49:ab:5e:15:d2:e9:a2:5a:e7:2c:be:ad:f2:9b:dc:ad:
         ec:23:89:13:16:26:87:86:50:15:81:8e:56:43:f8:9b:df:c9:
         61:8c:c9:e6:9f:30:b9:13:b6:14:34:ba:7c:3f:24:d2:df:7e:
         87:55:09:c6:d8:dd:04:86:37:af:df:ca:e2:28:2a:0d:80:a0:
         2a:93:39:fc:1d:bb:53:d8:6e:15:f6:5e:74:ef:b8:b0:48:29:
         30:46:61:3f:1b:13:0a:82:9e:e2:ef:0f:b7:6b:90:6a:16:43:
         a4:70:b5:df:8f:93:b9:ff:a4:18:a5:65:fa:41:8c:d1:e4:6f:
         19:70:60:fd:d9:c1:81:2b:63:12:63:c5:28:f7:b1:89:30:26:
         1d:b0:bb:eb:d2:84:9b:1f:c8:31:b6:5c:8c:34:7c:d4:2b:92:
         30:5d:c9:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKispqyo6/HuulEeNYCkvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmUxMzRjM2E4ZjY3NGYxODY2Y2M4Mzc0MTRiYzk0ZjE2YWU1OGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6bJkFL5cwCH5y0eMyriijMlkmFL
TyoQiIEX8annoWBnW47tPh9it7HgF51TlNx1OkrOSSNbbS6H7jpF9YapIErGWDqv
BtVjNUNYxmxH2ou/1NFtV2DT/VWBvagezylHge64WdyBxwhCaOPWNom/0RvX5dZT
u9cGBR/I8Oqqgr3pRw0Vc6Xf3NXCjkIOpmaUqaGnjb8QwoJUn2zMMMMLJ+mvJAC6
7i7pLbQ7H9NCFXJJ/Y87GQCzUvJFHbrON+G/ySVhvtL9A1tBq0WrtkoEwh85pcQc
HZhl7OUZOPdTbgTy+J6ePj//cHm2o5uH+MaECLG64JoRAczUOGTSVTdhCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO/hNMOo9nTxhmzIN0FLyU8Wrlj9MB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvNy1FMHc2ajJkUEdHYk1nM1FVdkpUeGF1V1AwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXaukMA0G
CSqGSIb3DQEBCwUAA4IBAQACye8nv2YMY9cMldaIRppcDhiqT9f/Tr3NugUWKMfO
2FwJ4iHcrLuPxYFmYGxsDWQpdzOCMspl0TzLUVSUocIZWXTW+LSjZGF60zc84Sj2
SsJhT+DuJcLJ2I2CikmrXhXS6aJa5yy+rfKb3K3sI4kTFiaHhlAVgY5WQ/ib38lh
jMnmnzC5E7YUNLp8PyTS336HVQnG2N0Ehjev38riKCoNgKAqkzn8HbtT2G4V9l50
77iwSCkwRmE/GxMKgp7i7w+3a5BqFkOkcLXfj5O5/6QYpWX6QYzR5G8ZcGD92cGB
K2MSY8Uo97GJMCYdsLvr0oSbH8gxtlyMNHzUK5IwXclW
-----END CERTIFICATE-----