Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/8oEt9pDxirdExwGY6GWEALvkEsM.roa
File:                     8oEt9pDxirdExwGY6GWEALvkEsM.roa (raw, json)
Hash identifier:          0q3r4BpAnZk/YvRD181np8Dt+LHAI9TodvNeLzz+RV0=
Subject key identifier:   F2:81:2D:F6:90:F1:8A:B7:44:C7:01:98:E8:65:84:00:BB:E4:12:C3
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A3C99DEDB70EFE5B7FA8E5EF3D52A
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/8oEt9pDxirdExwGY6GWEALvkEsM.roa
Signing time:             Tue 02 Jan 2024 12:33:34 +0000
ROA not before:           Tue 02 Jan 2024 12:33:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202362
IP address blocks:        93.170.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 12:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:3c:99:de:db:70:ef:e5:b7:fa:8e:5e:f3:d5:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2812df690f18ab744c70198e8658400bbe412c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:7f:48:b2:3d:c7:0d:a0:91:cc:4b:3d:97:50:
                    f6:a0:78:17:47:12:32:6c:1b:29:4b:90:95:0d:0b:
                    e4:d6:57:d4:f9:6e:aa:73:cb:f2:c0:ef:ed:48:bb:
                    39:0f:26:a1:88:f0:6e:f5:ad:73:fd:c2:0a:a0:8f:
                    7b:dc:5d:af:c3:a5:14:f9:5d:c7:27:20:f5:05:94:
                    70:41:5c:d2:be:77:ce:ad:fa:ff:ac:52:c1:d2:c0:
                    d3:81:62:8e:3b:24:ad:3e:d7:f7:59:94:f6:c3:e5:
                    2c:b5:d4:c6:31:c9:f0:64:6e:5b:38:b5:bf:9b:35:
                    9f:a6:cd:61:ea:19:7e:7d:17:99:b6:96:40:69:cc:
                    9b:31:a6:f1:20:bb:41:b7:35:66:ce:02:a8:f6:fe:
                    5d:99:3a:24:0b:53:7b:bb:77:79:52:c9:a4:49:a5:
                    2e:cf:cd:af:2a:94:7d:ea:05:53:45:1d:1e:94:bd:
                    16:3a:75:16:45:57:60:f4:8a:f8:8c:28:ac:a3:f0:
                    c8:9e:7a:f3:b1:72:15:b6:80:f7:86:3c:59:84:3c:
                    44:f0:75:61:1c:e3:d9:fe:0c:50:a3:a1:30:ac:76:
                    ec:0d:5d:6d:86:3f:64:55:16:7f:45:e5:d9:36:67:
                    e6:c8:ec:d4:63:38:f9:c2:51:1c:9d:5f:32:a6:57:
                    7e:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:81:2D:F6:90:F1:8A:B7:44:C7:01:98:E8:65:84:00:BB:E4:12:C3
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/8oEt9pDxirdExwGY6GWEALvkEsM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.170.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:f5:99:73:38:f1:db:c9:f8:66:e9:bc:f3:1a:b6:7b:87:88:
         16:2d:64:4b:eb:1b:c2:83:7b:10:79:49:e2:9b:87:eb:15:47:
         18:a1:08:da:7b:89:0c:ba:78:66:11:df:df:d2:78:da:1a:fa:
         0c:94:dd:95:66:84:4e:a0:8e:5a:31:5c:14:0f:6f:84:42:14:
         4b:b7:3b:27:fd:a4:41:18:a0:9d:77:25:e7:84:3f:06:6b:c5:
         f8:fc:2f:a8:65:db:8a:81:d2:f2:88:4e:67:4d:92:15:e9:28:
         89:3d:ab:0f:20:fd:5a:71:0c:5f:e7:8a:3a:64:6f:48:47:79:
         ca:5a:35:6c:b2:d2:a4:42:8d:bd:c9:cd:79:d3:94:d8:1f:09:
         f8:7f:6e:cf:e4:43:4e:65:3b:eb:9b:fd:59:11:e0:79:57:e2:
         65:3c:6f:e1:1f:28:92:37:5e:38:ba:fa:f6:14:ab:b0:df:25:
         83:64:db:61:d0:f9:43:ef:7d:b2:40:1b:d0:c0:9a:28:d7:92:
         8c:2b:ef:27:59:8a:d0:88:a2:48:0e:f9:52:0f:85:95:62:06:
         be:e1:17:b7:23:50:c8:ce:d5:45:f2:db:c1:7c:83:a4:cc:59:
         6b:c1:d6:c3:e0:59:9b:0f:9f:07:7f:59:da:c8:34:a0:5d:1a:
         a4:ee:9a:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKjyZ3ttw7+W3+o5e89UqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjgxMmRmNjkwZjE4YWI3NDRjNzAxOThlODY1ODQwMGJiZTQxMmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAun9Isj3HDaCRzEs9l1D2oHgXRxIy
bBspS5CVDQvk1lfU+W6qc8vywO/tSLs5DyahiPBu9a1z/cIKoI973F2vw6UU+V3H
JyD1BZRwQVzSvnfOrfr/rFLB0sDTgWKOOyStPtf3WZT2w+UstdTGMcnwZG5bOLW/
mzWfps1h6hl+fReZtpZAacybMabxILtBtzVmzgKo9v5dmTokC1N7u3d5UsmkSaUu
z82vKpR96gVTRR0elL0WOnUWRVdg9Ir4jCiso/DInnrzsXIVtoD3hjxZhDxE8HVh
HOPZ/gxQo6EwrHbsDV1thj9kVRZ/ReXZNmfmyOzUYzj5wlEcnV8ypld+pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPKBLfaQ8Yq3RMcBmOhlhAC75BLDMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvOG9FdDlwRHhpcmRFeHdHWTZHV0VBTHZrRXNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXao1MA0G
CSqGSIb3DQEBCwUAA4IBAQAj9ZlzOPHbyfhm6bzzGrZ7h4gWLWRL6xvCg3sQeUni
m4frFUcYoQjae4kMunhmEd/f0njaGvoMlN2VZoROoI5aMVwUD2+EQhRLtzsn/aRB
GKCddyXnhD8Ga8X4/C+oZduKgdLyiE5nTZIV6SiJPasPIP1acQxf54o6ZG9IR3nK
WjVsstKkQo29yc1505TYHwn4f27P5ENOZTvrm/1ZEeB5V+JlPG/hHyiSN144uvr2
FKuw3yWDZNth0PlD732yQBvQwJoo15KMK+8nWYrQiKJIDvlSD4WVYga+4Re3I1DI
ztVF8tvBfIOkzFlrwdbD4FmbD58Hf1nayDSgXRqk7ppi
-----END CERTIFICATE-----