Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/7MJFtSdDxTNKK-DVMip8FinGeXU.roa
File:                     7MJFtSdDxTNKK-DVMip8FinGeXU.roa (raw, json)
Hash identifier:          vjHIL8BN6V2rgWciZ2DZ2ojYRLOTpKwF0EFMjOPtswM=
Subject key identifier:   EC:C2:45:B5:27:43:C5:33:4A:2B:E0:D5:32:2A:7C:16:29:C6:79:75
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A0EB0B6600FCA78F0D2ABACFFCD70
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/7MJFtSdDxTNKK-DVMip8FinGeXU.roa
Signing time:             Tue 02 Jan 2024 12:33:23 +0000
ROA not before:           Tue 02 Jan 2024 12:33:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51340
IP address blocks:        95.47.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:12:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:0e:b0:b6:60:0f:ca:78:f0:d2:ab:ac:ff:cd:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ecc245b52743c5334a2be0d5322a7c1629c67975
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:b5:15:af:f4:03:65:00:66:eb:32:e2:9a:a6:
                    ce:b3:54:04:af:c7:71:f2:0d:6a:33:7f:97:36:d4:
                    46:89:e7:74:07:50:51:30:bc:77:d4:ad:1a:f6:2e:
                    26:2b:65:1c:ce:39:51:08:43:3d:b5:17:53:03:ba:
                    d6:54:ce:85:6b:1d:45:b3:ee:8c:29:b8:5e:36:76:
                    af:23:b3:f1:9b:a6:52:17:20:39:e9:9d:e1:27:a6:
                    24:e3:1b:7e:b4:1b:96:28:5e:d2:8f:be:9e:56:6c:
                    54:2b:eb:9d:94:06:66:2d:38:42:87:6e:72:9a:6f:
                    3a:73:64:e1:0b:cc:c8:1e:45:02:28:6d:e6:6b:6a:
                    bf:59:cc:4b:1c:04:bc:bf:8e:f3:b6:1b:46:17:95:
                    b6:1f:e4:f9:1f:4a:97:3c:41:89:a4:c1:d9:90:a3:
                    98:1f:5a:00:64:9b:85:ab:c3:f0:f4:a2:20:27:62:
                    43:ea:53:cf:07:3b:47:0d:04:44:82:5e:0e:92:98:
                    75:1c:53:fd:5e:e3:74:3e:36:3c:80:3a:1c:26:1d:
                    cc:6f:64:6b:c7:29:4a:d6:b4:64:75:b4:ec:2e:a1:
                    1a:66:b2:f8:26:cf:c0:83:bb:88:5a:e9:62:a5:96:
                    0e:46:15:3d:97:39:25:2e:af:ca:9f:18:7a:9f:3d:
                    6c:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:C2:45:B5:27:43:C5:33:4A:2B:E0:D5:32:2A:7C:16:29:C6:79:75
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/7MJFtSdDxTNKK-DVMip8FinGeXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.47.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:13:79:e4:a6:17:1a:7e:00:d6:db:2a:3a:56:26:ad:c8:e5:
         f2:4c:1f:4a:5a:56:ee:df:d8:68:9a:0a:76:0b:c6:e6:46:18:
         c4:13:9e:a3:4b:2c:49:cf:1c:5c:a0:ca:f4:70:e3:c4:c2:d2:
         d4:6c:be:70:cf:44:3a:fd:6c:46:e4:2f:d2:1d:a5:5e:ce:52:
         4e:41:84:40:5c:4f:06:9f:1c:5d:9d:7a:fd:aa:c0:a9:8a:e9:
         39:21:8e:ea:2b:8c:6b:e5:ea:07:8c:48:59:24:7e:b7:e3:11:
         75:98:f0:a0:96:2f:f5:95:70:4b:5d:79:09:df:80:ce:f4:5e:
         b9:1f:c8:ad:92:da:a9:6f:3c:76:96:e4:9c:3f:98:f3:2c:34:
         22:da:83:ad:f2:88:f7:a4:47:d1:7b:59:46:db:47:b0:71:56:
         a1:0d:de:c4:e2:68:0e:4a:ba:10:87:b0:2e:4c:9f:f5:06:aa:
         35:36:36:cd:d3:be:dd:75:2c:5a:e4:fb:99:7d:de:f5:99:b9:
         e1:b0:56:f5:13:31:1f:c1:50:48:1d:4f:d0:1d:1c:9c:a4:64:
         83:f5:16:f9:1a:c5:6a:69:35:95:11:72:aa:18:18:bc:c6:84:
         e3:56:9b:a6:85:5c:81:e6:98:cc:b4:1d:4c:90:a1:c1:cf:12:
         cc:70:91:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKg6wtmAPynjw0qus/81wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2MyNDViNTI3NDNjNTMzNGEyYmUwZDUzMjJhN2MxNjI5YzY3OTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAibUVr/QDZQBm6zLimqbOs1QEr8dx
8g1qM3+XNtRGied0B1BRMLx31K0a9i4mK2UczjlRCEM9tRdTA7rWVM6Fax1Fs+6M
KbheNnavI7Pxm6ZSFyA56Z3hJ6Yk4xt+tBuWKF7Sj76eVmxUK+udlAZmLThCh25y
mm86c2ThC8zIHkUCKG3ma2q/WcxLHAS8v47zthtGF5W2H+T5H0qXPEGJpMHZkKOY
H1oAZJuFq8Pw9KIgJ2JD6lPPBztHDQREgl4Okph1HFP9XuN0PjY8gDocJh3Mb2Rr
xylK1rRkdbTsLqEaZrL4Js/Ag7uIWulipZYORhU9lzklLq/Knxh6nz1sKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOzCRbUnQ8UzSivg1TIqfBYpxnl1MB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvN01KRnRTZER4VE5LSy1EVk1pcDhGaW5HZVhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXy86MA0G
CSqGSIb3DQEBCwUAA4IBAQBME3nkphcafgDW2yo6ViatyOXyTB9KWlbu39homgp2
C8bmRhjEE56jSyxJzxxcoMr0cOPEwtLUbL5wz0Q6/WxG5C/SHaVezlJOQYRAXE8G
nxxdnXr9qsCpiuk5IY7qK4xr5eoHjEhZJH634xF1mPCgli/1lXBLXXkJ34DO9F65
H8itktqpbzx2luScP5jzLDQi2oOt8oj3pEfRe1lG20ewcVahDd7E4mgOSroQh7Au
TJ/1Bqo1NjbN077ddSxa5PuZfd71mbnhsFb1EzEfwVBIHU/QHRycpGSD9Rb5GsVq
aTWVEXKqGBi8xoTjVpumhVyB5pjMtB1MkKHBzxLMcJF5
-----END CERTIFICATE-----