Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/8wsGDs7_JAueCeO_s9Lo1meVDOQ.roa
File:                     8wsGDs7_JAueCeO_s9Lo1meVDOQ.roa (raw, json)
Hash identifier:          gG/qkJlvgZZgSv9zN+vq1SJIw5DepJIfbAR0tLUUyNw=
Subject key identifier:   F3:0B:06:0E:CE:FF:24:0B:9E:09:E3:BF:B3:D2:E8:D6:67:95:0C:E4
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       019072C17397E9E350B054089617EED9AC0C
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/8wsGDs7_JAueCeO_s9Lo1meVDOQ.roa
Signing time:             Tue 02 Jul 2024 09:23:18 +0000
ROA not before:           Tue 02 Jul 2024 09:23:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60108
IP address blocks:        95.47.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:12:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:72:c1:73:97:e9:e3:50:b0:54:08:96:17:ee:d9:ac:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jul  2 09:23:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f30b060eceff240b9e09e3bfb3d2e8d667950ce4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:7b:4b:20:d6:9f:83:ed:ab:96:52:17:f9:bc:
                    1e:72:1f:8c:53:c6:79:ba:f3:23:28:cf:ca:83:7b:
                    da:0f:aa:44:38:1b:92:27:f0:64:1d:33:c1:42:f0:
                    37:e9:fc:2d:62:5e:cf:2c:e7:50:41:8f:3c:b7:24:
                    f9:0d:15:98:3d:60:16:4b:f9:b3:81:c0:77:ee:da:
                    f2:54:5e:c1:56:92:a5:b9:26:28:9b:0c:c0:0f:fa:
                    30:34:42:6e:1e:4e:99:5f:49:f3:54:45:f1:e2:ec:
                    47:c0:b3:97:6a:f9:eb:86:ce:6e:0b:df:03:82:96:
                    b9:a2:76:f0:8a:e3:c9:a5:10:ef:8f:f8:06:6a:f2:
                    f1:11:0b:fa:29:b5:c9:3c:9c:28:e3:a7:79:e4:a4:
                    73:43:8d:59:55:14:34:19:e3:88:bc:07:46:b5:ad:
                    aa:b0:a6:d1:f5:10:0f:96:83:ba:8b:56:d1:4b:ce:
                    1d:84:ac:d2:26:de:91:6a:7e:34:f5:53:a7:f1:4f:
                    49:2f:b0:f9:ce:7b:ab:a9:c0:48:2a:58:ab:75:f6:
                    97:f8:13:b2:cf:53:5d:04:88:46:b8:36:61:2c:36:
                    e3:9b:8e:78:6a:91:8b:5a:26:20:18:4f:04:16:87:
                    d4:3f:d1:b9:5f:87:1d:92:41:e8:76:0e:bf:65:6f:
                    3d:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:0B:06:0E:CE:FF:24:0B:9E:09:E3:BF:B3:D2:E8:D6:67:95:0C:E4
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/8wsGDs7_JAueCeO_s9Lo1meVDOQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.47.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:7e:b5:5a:53:39:1f:d2:ff:3b:e0:ce:d4:05:ed:f5:90:18:
         c5:e3:27:45:61:f2:5f:87:bf:cc:76:4b:4a:a1:b7:2a:e6:2a:
         db:fd:8c:74:51:2e:ed:e5:b7:88:24:11:e8:29:6a:ed:85:f1:
         18:61:e9:b6:a7:f5:47:34:0f:54:ac:be:2f:85:28:b5:fa:25:
         f9:d1:74:be:55:3a:19:42:bf:47:a4:24:00:81:25:1c:74:87:
         ab:e7:76:6f:85:30:71:77:20:65:6a:a9:9e:e8:64:41:7c:c0:
         20:14:f3:cf:a5:46:2e:4e:46:88:e7:13:2d:f4:d2:ed:21:79:
         7d:48:49:24:f8:b2:9c:3b:9e:71:91:53:cc:77:cd:17:0b:44:
         2a:54:4c:c0:53:44:4c:84:46:50:4e:8c:b2:e4:a3:1b:a2:25:
         48:d8:5f:66:89:74:71:56:04:07:69:ea:45:ef:c5:39:28:eb:
         fb:d2:66:a1:17:33:05:a4:ee:b0:5c:f0:e3:0e:79:a0:5f:4f:
         a3:39:1e:93:03:1f:6b:48:21:0a:dd:ae:39:7f:53:a6:62:fa:
         81:aa:7a:4c:fc:9c:b7:28:99:ee:a5:d0:3f:74:5f:b2:c6:28:
         be:42:49:43:7f:da:59:1d:28:7d:64:3a:f6:cf:a0:42:6c:64:
         23:18:3e:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBywXOX6eNQsFQIlhfu2awMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwNzAyMDkyMzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzBiMDYwZWNlZmYyNDBiOWUwOWUzYmZiM2QyZThkNjY3OTUwY2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzXtLINafg+2rllIX+bwech+MU8Z5
uvMjKM/Kg3vaD6pEOBuSJ/BkHTPBQvA36fwtYl7PLOdQQY88tyT5DRWYPWAWS/mz
gcB37tryVF7BVpKluSYomwzAD/owNEJuHk6ZX0nzVEXx4uxHwLOXavnrhs5uC98D
gpa5onbwiuPJpRDvj/gGavLxEQv6KbXJPJwo46d55KRzQ41ZVRQ0GeOIvAdGta2q
sKbR9RAPloO6i1bRS84dhKzSJt6Ran409VOn8U9JL7D5znurqcBIKlirdfaX+BOy
z1NdBIhGuDZhLDbjm454apGLWiYgGE8EFofUP9G5X4cdkkHodg6/ZW89AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPMLBg7O/yQLngnjv7PS6NZnlQzkMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvOHdzR0RzN19KQXVlQ2VPX3M5TG8xbWVWRE9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXy+MMA0G
CSqGSIb3DQEBCwUAA4IBAQCgfrVaUzkf0v874M7UBe31kBjF4ydFYfJfh7/MdktK
obcq5irb/Yx0US7t5beIJBHoKWrthfEYYem2p/VHNA9UrL4vhSi1+iX50XS+VToZ
Qr9HpCQAgSUcdIer53ZvhTBxdyBlaqme6GRBfMAgFPPPpUYuTkaI5xMt9NLtIXl9
SEkk+LKcO55xkVPMd80XC0QqVEzAU0RMhEZQToyy5KMboiVI2F9miXRxVgQHaepF
78U5KOv70mahFzMFpO6wXPDjDnmgX0+jOR6TAx9rSCEK3a45f1OmYvqBqnpM/Jy3
KJnupdA/dF+yxii+QklDf9pZHSh9ZDr2z6BCbGQjGD7I
-----END CERTIFICATE-----