Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/7wk80tQuyduRdqvoNs8BTR4kUYo.roa
File:                     7wk80tQuyduRdqvoNs8BTR4kUYo.roa (raw, json)
Hash identifier:          zYzlgJeN8iroFcPqqu4R2Ew+Dd55P37UvA6CYpObcSI=
Subject key identifier:   EF:09:3C:D2:D4:2E:C9:DB:91:76:AB:E8:36:CF:01:4D:1E:24:51:8A
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A1EE1F3D50FB47D71EC47EEDF9186
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/7wk80tQuyduRdqvoNs8BTR4kUYo.roa
Signing time:             Tue 02 Jan 2024 12:33:27 +0000
ROA not before:           Tue 02 Jan 2024 12:33:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59734
IP address blocks:        95.47.240.0/23 maxlen: 24
                          95.46.120.0/23 maxlen: 24
                          93.171.32.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:1e:e1:f3:d5:0f:b4:7d:71:ec:47:ee:df:91:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef093cd2d42ec9db9176abe836cf014d1e24518a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:a9:52:ac:02:18:70:ed:6d:bf:49:a5:01:c8:
                    e0:b6:84:af:8f:2d:56:c7:bb:11:b8:37:97:11:dc:
                    c9:76:9d:f3:67:4f:f7:81:b0:38:66:be:f5:18:b2:
                    8f:c4:ef:f0:ef:5c:3d:a3:2e:9f:81:de:12:bc:68:
                    51:6c:97:81:14:2b:77:16:84:8d:5a:11:42:18:dc:
                    e1:c0:25:1f:79:51:b1:36:ad:e7:55:1d:fa:15:26:
                    a5:13:9d:35:62:1d:ca:6a:e9:75:b8:a8:61:4f:0a:
                    9c:b8:f9:12:2b:81:0b:35:c6:d9:6c:e8:31:ed:de:
                    08:7b:55:bd:9d:c6:3a:d7:de:ac:ae:23:4f:eb:c5:
                    e6:04:11:d1:92:f8:f4:8b:d2:81:98:96:dd:70:cb:
                    a8:87:ad:ff:6a:d0:d0:82:05:27:d0:ce:25:ba:39:
                    50:2a:c1:a2:1c:40:4b:ff:56:4f:8f:82:9e:91:c3:
                    cc:e1:ad:09:a4:23:46:2a:24:1a:cc:91:fc:ab:72:
                    68:50:24:b7:f8:c7:bc:cf:f1:21:80:d1:ff:75:08:
                    28:b7:c7:c9:8c:2e:ed:93:f4:3d:c8:16:e0:32:e4:
                    03:d5:a4:26:c8:1e:40:ec:7c:7a:ca:0a:da:55:e7:
                    56:93:83:4b:d2:aa:9b:b7:8a:17:23:75:d9:fd:ce:
                    bc:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:09:3C:D2:D4:2E:C9:DB:91:76:AB:E8:36:CF:01:4D:1E:24:51:8A
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/7wk80tQuyduRdqvoNs8BTR4kUYo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.171.32.0/23
                  95.46.120.0/23
                  95.47.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         14:6e:da:40:6e:59:4e:e1:5c:fb:a9:c6:8d:81:11:c5:09:d8:
         d5:46:6c:18:a9:27:3f:6f:d6:5f:da:f7:ec:db:63:f6:cb:ff:
         24:c1:9b:4e:db:71:21:89:7f:3a:fc:ab:dd:50:50:e9:73:7a:
         d8:69:b7:ac:17:69:f3:81:a7:2f:e5:35:f8:3c:26:25:36:f4:
         2f:f3:2f:00:79:ea:1f:98:c2:cd:7a:f6:a6:b3:cc:1a:5e:9e:
         55:a3:a2:1b:5a:da:cf:f0:04:ec:9d:fc:3b:96:1b:98:d7:1b:
         d3:8d:c2:5e:50:60:3a:09:c7:34:7a:63:5d:0c:02:28:0c:b5:
         e8:b0:a5:01:54:d6:15:ca:7f:67:fe:c3:5a:87:92:b4:fd:b6:
         1d:26:38:5a:ed:cb:ea:4c:7d:6a:05:67:66:42:64:c0:8b:5c:
         fc:bf:ec:9e:4c:2d:50:07:3a:c4:59:1e:57:46:1e:4e:3b:19:
         cb:08:80:28:cb:7c:a4:b5:82:b2:af:78:7b:77:cb:56:7f:5b:
         b7:51:43:f6:b2:40:70:de:f1:73:79:7a:d8:50:9e:75:71:97:
         70:6c:be:7c:bb:fa:9f:68:37:12:eb:f3:7d:5e:0a:79:b9:ba:
         27:cd:52:c9:06:6d:c0:de:41:6e:6e:64:02:72:f7:43:ab:4a:
         24:c3:51:e5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzKKh7h89UPtH1x7Efu35GGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjA5M2NkMmQ0MmVjOWRiOTE3NmFiZTgzNmNmMDE0ZDFlMjQ1MThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgKlSrAIYcO1tv0mlAcjgtoSvjy1W
x7sRuDeXEdzJdp3zZ0/3gbA4Zr71GLKPxO/w71w9oy6fgd4SvGhRbJeBFCt3FoSN
WhFCGNzhwCUfeVGxNq3nVR36FSalE501Yh3Kaul1uKhhTwqcuPkSK4ELNcbZbOgx
7d4Ie1W9ncY6196sriNP68XmBBHRkvj0i9KBmJbdcMuoh63/atDQggUn0M4lujlQ
KsGiHEBL/1ZPj4KekcPM4a0JpCNGKiQazJH8q3JoUCS3+Me8z/EhgNH/dQgot8fJ
jC7tk/Q9yBbgMuQD1aQmyB5A7Hx6ygraVedWk4NL0qqbt4oXI3XZ/c68rwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFO8JPNLULsnbkXar6DbPAU0eJFGKMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvN3drODB0UXV5ZHVSZHF2b05zOEJUUjRrVVlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBXasgAwQB
Xy54AwQBXy/wMA0GCSqGSIb3DQEBCwUAA4IBAQAUbtpAbllO4Vz7qcaNgRHFCdjV
RmwYqSc/b9Zf2vfs22P2y/8kwZtO23EhiX86/KvdUFDpc3rYabesF2nzgacv5TX4
PCYlNvQv8y8AeeofmMLNevams8waXp5Vo6IbWtrP8ATsnfw7lhuY1xvTjcJeUGA6
Ccc0emNdDAIoDLXosKUBVNYVyn9n/sNah5K0/bYdJjha7cvqTH1qBWdmQmTAi1z8
v+yeTC1QBzrEWR5XRh5OOxnLCIAoy3yktYKyr3h7d8tWf1u3UUP2skBw3vFzeXrY
UJ51cZdwbL58u/qfaDcS6/N9Xgp5ubonzVLJBm3A3kFubmQCcvdDq0okw1Hl
-----END CERTIFICATE-----