Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/8_d6O7CJPM54wjHhotFGQYrzXQk.roa
File:                     8_d6O7CJPM54wjHhotFGQYrzXQk.roa (raw, json)
Hash identifier:          qYpAHLCql9Mxt1ts3ZYgRd3ZR2lzb/cV2FkcCek4yEY=
Subject key identifier:   F3:F7:7A:3B:B0:89:3C:CE:78:C2:31:E1:A2:D1:46:41:8A:F3:5D:09
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA29E2BD101071719D49D17B0FF35F64
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/8_d6O7CJPM54wjHhotFGQYrzXQk.roa
Signing time:             Tue 02 Jan 2024 12:33:11 +0000
ROA not before:           Tue 02 Jan 2024 12:33:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16066
IP address blocks:        93.170.81.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:12:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:e2:bd:10:10:71:71:9d:49:d1:7b:0f:f3:5f:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3f77a3bb0893cce78c231e1a2d146418af35d09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:39:70:31:27:a9:d6:32:a3:81:43:c4:ae:8b:
                    df:e5:96:b4:19:f4:6e:36:89:a4:5e:4e:c0:8f:db:
                    7f:bc:01:b5:5d:ae:de:48:e6:d5:69:77:58:f8:bb:
                    c2:63:9a:4f:59:f3:9e:95:8d:92:77:0b:2e:94:87:
                    27:7a:df:7f:cd:05:3d:dc:ca:23:6b:06:e3:d9:e8:
                    08:2b:a8:49:44:bf:5d:94:09:23:d7:35:8e:3f:66:
                    47:ee:22:e7:66:b3:74:5c:8e:9f:3f:d8:24:25:c3:
                    d3:10:8b:48:9b:dc:bd:17:79:3c:2b:aa:cd:a5:d8:
                    ee:f1:e7:bc:68:5a:97:d6:17:84:c1:ed:1a:c9:19:
                    45:e6:31:c8:b5:14:e6:37:ba:3a:87:dc:fb:dc:b3:
                    86:48:9b:09:bd:ff:af:00:78:4a:ec:e9:93:e0:fa:
                    c8:68:86:92:7d:d7:de:3c:ef:ff:32:ac:3e:98:cf:
                    c0:ca:e8:58:a2:af:a2:d1:bf:04:39:7f:32:56:12:
                    c7:8c:d3:f4:70:4c:b5:a3:0d:91:2d:d5:d3:5d:48:
                    07:f9:a7:53:b2:ef:f8:b6:d8:86:c9:ec:82:db:9b:
                    b2:bc:f4:c2:75:ac:33:80:b9:39:c2:48:b0:24:66:
                    2f:44:7f:16:11:17:d6:d0:c8:4d:a8:13:22:aa:1e:
                    b7:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:F7:7A:3B:B0:89:3C:CE:78:C2:31:E1:A2:D1:46:41:8A:F3:5D:09
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/8_d6O7CJPM54wjHhotFGQYrzXQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.170.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:7e:fb:27:46:df:ed:db:26:8a:5b:78:ab:c9:4d:b6:42:30:
         39:49:7c:81:ed:65:1f:f8:98:09:29:4a:6f:af:81:e1:a6:8a:
         c6:ae:c3:5f:52:a2:b0:80:ee:ec:d7:ce:b9:84:a0:3d:b6:6e:
         85:b5:b1:8b:ff:81:f9:6e:9e:4c:72:6f:65:7e:d6:c6:d3:77:
         0c:f7:b1:0b:75:63:61:24:50:91:43:16:4d:82:66:2c:e7:89:
         83:ea:72:48:e7:73:97:bb:40:60:1f:53:72:7b:e6:8e:04:78:
         c8:5b:a0:09:82:ba:f8:dd:61:be:d5:47:06:86:3a:4a:84:b2:
         4a:1c:aa:d8:65:35:a7:6a:f5:1f:e0:2d:91:93:ae:12:aa:f6:
         fd:98:b1:c5:c9:43:c9:6e:93:d5:48:08:41:b1:ae:e2:b7:37:
         18:76:04:3c:0a:78:f0:51:55:6d:6c:56:43:0b:07:ce:24:24:
         b4:a1:5c:59:68:9c:b1:e3:a1:d4:83:80:c1:26:9c:0f:6a:b8:
         7c:11:9b:0b:d1:df:cf:25:1e:0d:be:90:ed:e8:cf:fc:c6:0e:
         54:2f:04:85:ac:b2:05:83:7d:73:e7:88:be:a9:5a:7d:4f:fd:
         f2:e6:55:18:af:3b:52:4b:06:56:d1:6d:53:6a:52:64:0f:23:
         9c:10:5a:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKeK9EBBxcZ1J0XsP819kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2Y3N2EzYmIwODkzY2NlNzhjMjMxZTFhMmQxNDY0MThhZjM1ZDA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2zlwMSep1jKjgUPErovf5Za0GfRu
NomkXk7Aj9t/vAG1Xa7eSObVaXdY+LvCY5pPWfOelY2SdwsulIcnet9/zQU93Moj
awbj2egIK6hJRL9dlAkj1zWOP2ZH7iLnZrN0XI6fP9gkJcPTEItIm9y9F3k8K6rN
pdju8ee8aFqX1heEwe0ayRlF5jHItRTmN7o6h9z73LOGSJsJvf+vAHhK7OmT4PrI
aIaSfdfePO//Mqw+mM/AyuhYoq+i0b8EOX8yVhLHjNP0cEy1ow2RLdXTXUgH+adT
su/4ttiGyeyC25uyvPTCdawzgLk5wkiwJGYvRH8WERfW0MhNqBMiqh63IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPP3ejuwiTzOeMIx4aLRRkGK810JMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvOF9kNk83Q0pQTTU0d2pIaG90RkdRWXJ6WFFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXapRMA0G
CSqGSIb3DQEBCwUAA4IBAQCkfvsnRt/t2yaKW3iryU22QjA5SXyB7WUf+JgJKUpv
r4HhporGrsNfUqKwgO7s1865hKA9tm6FtbGL/4H5bp5Mcm9lftbG03cM97ELdWNh
JFCRQxZNgmYs54mD6nJI53OXu0BgH1Nye+aOBHjIW6AJgrr43WG+1UcGhjpKhLJK
HKrYZTWnavUf4C2Rk64Sqvb9mLHFyUPJbpPVSAhBsa7itzcYdgQ8CnjwUVVtbFZD
CwfOJCS0oVxZaJyx46HUg4DBJpwParh8EZsL0d/PJR4NvpDt6M/8xg5ULwSFrLIF
g31z54i+qVp9T/3y5lUYrztSSwZW0W1TalJkDyOcEFpf
-----END CERTIFICATE-----