Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/8e19Nq8IpkQOf2b-yTmEai1_f9g.roa
File:                     8e19Nq8IpkQOf2b-yTmEai1_f9g.roa (raw, json)
Hash identifier:          CFaN6SbrYX532DeOBjzX8tFbHAicmZxEovslLEEn7/w=
Subject key identifier:   F1:ED:7D:36:AF:08:A6:44:0E:7F:66:FE:C9:39:84:6A:2D:7F:7F:D8
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A2F3E67EAB4BB04F7FFE20C3644B6
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/8e19Nq8IpkQOf2b-yTmEai1_f9g.roa
Signing time:             Tue 02 Jan 2024 12:33:31 +0000
ROA not before:           Tue 02 Jan 2024 12:33:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62083
IP address blocks:        92.38.6.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 04:02:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:2f:3e:67:ea:b4:bb:04:f7:ff:e2:0c:36:44:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1ed7d36af08a6440e7f66fec939846a2d7f7fd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:05:27:63:c7:9f:2e:b2:30:df:01:aa:b5:3f:
                    93:12:9b:cd:5d:04:2f:a1:a9:61:57:94:a7:e8:44:
                    c5:99:6d:6e:20:c3:ba:21:7d:d1:98:35:62:fa:f9:
                    97:2d:92:19:ca:64:1a:11:24:fe:da:5c:73:00:3b:
                    96:2f:ee:05:f6:7b:6b:28:74:b3:4a:9c:1a:8d:5a:
                    cb:5f:e2:34:72:83:2b:1b:7e:29:37:f7:70:a9:b8:
                    9c:7b:09:52:bb:0f:9e:c6:43:ca:8a:02:40:8a:c0:
                    be:2b:ea:43:6a:99:0b:cd:1f:d0:1d:4f:e3:76:ac:
                    4f:ba:20:b2:77:18:0d:a9:7d:d3:da:79:48:39:1f:
                    ac:51:d4:0c:78:7d:aa:a6:b3:ff:8d:a0:12:13:7b:
                    ab:3e:c3:35:70:d3:8a:76:7f:5c:69:fe:66:ce:68:
                    2b:9b:a2:71:78:87:80:a2:1f:9a:75:06:ba:56:f0:
                    a9:c9:bb:1a:b5:72:ae:e0:a0:77:8d:f8:3e:ce:e9:
                    1a:60:2a:80:ef:b0:8a:f8:b5:0a:3a:1b:2a:98:b7:
                    93:89:fc:f3:0e:81:cd:13:29:35:a1:bb:aa:d4:f2:
                    b3:84:81:6a:87:23:c8:74:dc:16:34:36:6f:00:44:
                    69:99:1a:cd:10:bb:09:86:50:01:2e:e8:01:f6:29:
                    ee:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:ED:7D:36:AF:08:A6:44:0E:7F:66:FE:C9:39:84:6A:2D:7F:7F:D8
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/8e19Nq8IpkQOf2b-yTmEai1_f9g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.38.6.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8f:21:d8:04:55:52:92:1b:d5:0d:4c:5b:f1:0a:eb:66:04:d2:
         5f:7d:9a:48:7a:bf:7e:1d:8f:93:8b:3d:26:b5:0e:ff:18:b8:
         19:8c:e1:2b:ca:f7:84:be:1c:5d:fd:2e:3e:79:42:00:c1:42:
         7d:e1:24:0e:4f:3f:de:41:cc:b2:95:5f:a4:f7:7c:41:18:43:
         6f:53:5e:76:94:20:17:13:e1:71:9c:a4:71:13:6d:b7:3b:2d:
         50:cb:73:96:78:48:33:fc:e3:de:b4:3f:72:21:10:57:df:5f:
         27:c5:02:4e:e1:fc:df:7a:05:d4:0b:f0:7d:6f:25:59:b7:60:
         ed:4b:c0:92:16:4f:9d:52:a3:63:c2:79:3a:71:79:77:91:e9:
         42:45:8d:9f:bb:95:19:a9:3f:c7:04:aa:ab:3c:cf:62:86:85:
         ae:10:a6:e8:86:48:23:8c:bd:02:22:c6:08:a9:27:df:94:b7:
         f0:07:25:e7:c9:be:c2:7e:be:b7:a4:38:4f:7c:0a:84:97:92:
         b9:54:bf:1b:19:2e:eb:1f:d3:db:7a:fe:e8:1d:ae:28:40:5f:
         e6:07:8f:a1:f9:17:73:77:5a:41:3f:b8:ef:18:6f:21:f8:b6:
         26:67:85:98:a4:fe:f2:bd:c6:6b:0f:c5:fb:37:30:d8:0a:92:
         c5:fc:1d:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKi8+Z+q0uwT3/+IMNkS2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWVkN2QzNmFmMDhhNjQ0MGU3ZjY2ZmVjOTM5ODQ2YTJkN2Y3ZmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgUnY8efLrIw3wGqtT+TEpvNXQQv
oalhV5Sn6ETFmW1uIMO6IX3RmDVi+vmXLZIZymQaEST+2lxzADuWL+4F9ntrKHSz
SpwajVrLX+I0coMrG34pN/dwqbicewlSuw+exkPKigJAisC+K+pDapkLzR/QHU/j
dqxPuiCydxgNqX3T2nlIOR+sUdQMeH2qprP/jaASE3urPsM1cNOKdn9caf5mzmgr
m6JxeIeAoh+adQa6VvCpybsatXKu4KB3jfg+zukaYCqA77CK+LUKOhsqmLeTifzz
DoHNEyk1obuq1PKzhIFqhyPIdNwWNDZvAERpmRrNELsJhlABLugB9inudwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPHtfTavCKZEDn9m/sk5hGotf3/YMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvOGUxOU5xOElwa1FPZjJiLXlUbUVhaTFfZjlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXCYGMA0G
CSqGSIb3DQEBCwUAA4IBAQCPIdgEVVKSG9UNTFvxCutmBNJffZpIer9+HY+Tiz0m
tQ7/GLgZjOEryveEvhxd/S4+eUIAwUJ94SQOTz/eQcyylV+k93xBGENvU152lCAX
E+FxnKRxE223Oy1Qy3OWeEgz/OPetD9yIRBX318nxQJO4fzfegXUC/B9byVZt2Dt
S8CSFk+dUqNjwnk6cXl3kelCRY2fu5UZqT/HBKqrPM9ihoWuEKbohkgjjL0CIsYI
qSfflLfwByXnyb7Cfr63pDhPfAqEl5K5VL8bGS7rH9Pbev7oHa4oQF/mB4+h+Rdz
d1pBP7jvGG8h+LYmZ4WYpP7yvcZrD8X7NzDYCpLF/B3z
-----END CERTIFICATE-----