Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/8XbDAxpjGgzuxDgRJxDO98xeanU.roa
File:                     8XbDAxpjGgzuxDgRJxDO98xeanU.roa (raw, json)
Hash identifier:          ZviMkb9PMEbSR3VoJ5ZhwCFOh7RCS58NMtKZ8cYj9Zs=
Subject key identifier:   F1:76:C3:03:1A:63:1A:0C:EE:C4:38:11:27:10:CE:F7:CC:5E:6A:75
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA29F7E1742D696B5F5F117A892AE177
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/8XbDAxpjGgzuxDgRJxDO98xeanU.roa
Signing time:             Tue 02 Jan 2024 12:33:17 +0000
ROA not before:           Tue 02 Jan 2024 12:33:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44429
IP address blocks:        93.171.140.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 12:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:f7:e1:74:2d:69:6b:5f:5f:11:7a:89:2a:e1:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f176c3031a631a0ceec438112710cef7cc5e6a75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:b9:d8:c4:58:45:02:d9:43:bc:df:2f:09:24:
                    75:bd:81:03:53:bd:48:c9:d9:66:13:e0:9c:bb:19:
                    2b:3a:34:11:f7:72:be:3a:b6:a7:8b:1f:0b:9c:05:
                    92:7e:44:1c:76:72:b3:8a:e5:f8:14:d4:42:99:8a:
                    78:d7:82:6e:22:35:0c:4b:33:d9:18:1d:67:95:1b:
                    18:65:d0:26:67:97:36:20:b3:d4:91:6a:68:ad:38:
                    5a:c3:7e:e2:1e:e0:48:b7:74:6b:40:d0:9f:1b:37:
                    8d:e8:9b:18:00:b3:7e:e6:16:f5:cf:7e:0a:50:d3:
                    36:8b:7a:02:2d:1a:53:85:f9:8e:72:69:29:33:50:
                    75:55:11:78:b1:12:a3:ee:ac:66:e6:e8:6e:a0:0c:
                    bc:c2:fe:26:cd:7f:50:b3:64:2b:69:5d:60:b6:c4:
                    a2:8a:6c:a6:28:17:94:a6:eb:d0:56:43:7d:cd:6c:
                    fb:bb:46:6f:e9:79:e4:ad:9f:12:89:24:9c:43:c2:
                    29:a8:44:51:7c:ad:29:cd:ac:53:29:26:0f:6d:0d:
                    6b:cd:08:f5:c7:eb:36:2c:af:9a:62:4f:2d:0f:a9:
                    05:11:df:cf:98:b8:d4:94:b5:54:6b:2b:79:be:80:
                    87:9a:8f:f8:c7:3b:45:4f:92:b4:71:fc:77:61:3f:
                    59:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:76:C3:03:1A:63:1A:0C:EE:C4:38:11:27:10:CE:F7:CC:5E:6A:75
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/8XbDAxpjGgzuxDgRJxDO98xeanU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.171.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         27:83:b7:c5:86:c9:49:c8:42:70:4a:f5:59:35:de:37:ca:00:
         4b:b3:d6:53:86:e7:2b:cd:68:99:31:77:8c:8f:59:d3:30:9e:
         0a:53:f3:38:9d:62:3b:ab:73:61:2a:80:68:24:39:32:44:45:
         29:bc:6d:40:cd:e0:72:98:c5:f4:ed:2e:ab:1f:88:a5:b0:1f:
         c0:50:20:5b:3f:6b:23:fa:2d:dc:20:99:a6:f1:ce:ad:d0:ec:
         df:6b:ec:02:1d:88:2f:ef:72:94:a6:33:4f:bd:ea:0b:e1:30:
         c2:07:5d:b7:88:c2:eb:ad:46:67:2a:5c:68:94:67:b5:65:5e:
         1d:3c:b6:c3:f9:a4:d3:e9:f5:0b:3c:2f:a9:85:74:33:7a:f0:
         74:31:c8:3a:04:37:9a:56:84:c2:a3:b9:8d:7f:ac:79:89:0a:
         c5:ef:ce:51:91:90:83:f2:e5:dd:da:76:9c:d2:c9:64:dd:35:
         ee:06:96:ec:a6:2c:18:f3:eb:62:ff:33:ab:ab:5d:f9:fe:27:
         43:9b:63:eb:1b:72:13:6d:b5:4e:18:d7:68:54:b6:00:73:cc:
         f9:86:aa:fc:78:10:ab:91:89:8c:27:54:65:d4:7c:b4:a6:3e:
         12:0e:08:c1:66:74:16:17:bf:5a:a7:8d:d7:82:e8:de:9b:20:
         36:a5:0f:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKffhdC1pa19fEXqJKuF3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTc2YzMwMzFhNjMxYTBjZWVjNDM4MTEyNzEwY2VmN2NjNWU2YTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgrnYxFhFAtlDvN8vCSR1vYEDU71I
ydlmE+CcuxkrOjQR93K+Oranix8LnAWSfkQcdnKziuX4FNRCmYp414JuIjUMSzPZ
GB1nlRsYZdAmZ5c2ILPUkWporThaw37iHuBIt3RrQNCfGzeN6JsYALN+5hb1z34K
UNM2i3oCLRpThfmOcmkpM1B1VRF4sRKj7qxm5uhuoAy8wv4mzX9Qs2QraV1gtsSi
imymKBeUpuvQVkN9zWz7u0Zv6XnkrZ8SiSScQ8IpqERRfK0pzaxTKSYPbQ1rzQj1
x+s2LK+aYk8tD6kFEd/PmLjUlLVUayt5voCHmo/4xztFT5K0cfx3YT9Z+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPF2wwMaYxoM7sQ4EScQzvfMXmp1MB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvOFhiREF4cGpHZ3p1eERnUkp4RE85OHhlYW5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXauMMA0G
CSqGSIb3DQEBCwUAA4IBAQAng7fFhslJyEJwSvVZNd43ygBLs9ZThucrzWiZMXeM
j1nTMJ4KU/M4nWI7q3NhKoBoJDkyREUpvG1AzeBymMX07S6rH4ilsB/AUCBbP2sj
+i3cIJmm8c6t0Ozfa+wCHYgv73KUpjNPveoL4TDCB123iMLrrUZnKlxolGe1ZV4d
PLbD+aTT6fULPC+phXQzevB0Mcg6BDeaVoTCo7mNf6x5iQrF785RkZCD8uXd2nac
0slk3TXuBpbspiwY8+ti/zOrq135/idDm2PrG3ITbbVOGNdoVLYAc8z5hqr8eBCr
kYmMJ1Rl1Hy0pj4SDgjBZnQWF79ap43XgujemyA2pQ/r
-----END CERTIFICATE-----