Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/CK7IPckywSXDed5FbpMTfkmcl0g.roa
File:                     CK7IPckywSXDed5FbpMTfkmcl0g.roa (raw, json)
Hash identifier:          MdW6NMkLiOIUyxJeBJH2H+ckSrhRSirTCJhmcWKR+LQ=
Subject key identifier:   08:AE:C8:3D:C9:32:C1:25:C3:79:DE:45:6E:93:13:7E:49:9C:97:48
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018DC1BC57C173C4D37167BE70B84A782DA5
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/CK7IPckywSXDed5FbpMTfkmcl0g.roa
Signing time:             Mon 19 Feb 2024 14:19:22 +0000
ROA not before:           Mon 19 Feb 2024 14:19:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215469
IP address blocks:        95.47.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c1:bc:57:c1:73:c4:d3:71:67:be:70:b8:4a:78:2d:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Feb 19 14:19:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08aec83dc932c125c379de456e93137e499c9748
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:d3:d8:77:5e:20:41:43:04:b9:d6:6b:12:8d:
                    9d:d5:43:30:64:f7:f3:74:d9:5f:f9:25:12:ab:6c:
                    ef:01:28:b4:bf:f4:4e:3f:60:29:0e:fd:f9:f7:b1:
                    f6:0e:f0:c0:7c:a8:b1:e7:f8:84:c3:84:f1:c9:37:
                    f6:8f:89:4f:33:62:c9:e4:a4:d3:37:fa:43:e1:71:
                    12:29:bd:37:72:37:7d:4f:ac:5d:1e:46:e2:a7:b9:
                    5b:77:b7:7b:71:3a:f8:f3:f7:a5:f0:f7:4d:19:94:
                    ca:2a:85:0d:4e:74:bb:c8:02:9d:e6:9e:74:d5:9e:
                    c7:ad:a5:98:06:4f:26:be:e3:a5:2b:c2:b0:9f:07:
                    0f:f8:8d:58:54:38:5c:a6:60:8d:0a:dd:79:ca:4c:
                    1c:6b:95:31:98:99:47:0a:4d:eb:ee:da:84:db:ae:
                    6d:5c:d5:7d:b5:bf:02:9c:f7:a9:78:f8:93:6c:3a:
                    b0:e6:f5:90:d2:dc:f4:60:3a:c5:36:ef:f0:9c:12:
                    34:ad:d1:a4:8d:98:23:6f:73:57:74:91:a3:41:81:
                    c4:95:3d:75:65:8c:21:c2:92:93:f3:81:30:11:c1:
                    f6:d9:46:75:8a:e7:93:57:0b:36:7d:ec:88:88:51:
                    d4:8e:cf:69:bd:c0:52:79:e5:b3:0b:58:9c:15:74:
                    b1:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:AE:C8:3D:C9:32:C1:25:C3:79:DE:45:6E:93:13:7E:49:9C:97:48
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/CK7IPckywSXDed5FbpMTfkmcl0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.47.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:8e:46:f6:5c:35:92:24:4a:b6:26:2e:00:1d:a1:54:41:9a:
         30:55:73:71:54:d7:93:6d:ef:d9:cc:27:2b:fb:15:20:40:f9:
         11:5b:ab:b9:cb:66:41:cf:9b:3a:01:d9:3d:bd:09:b9:f3:36:
         45:62:a2:eb:9b:e2:9d:a3:8c:bd:6b:00:80:4b:a9:1c:54:db:
         ce:ea:07:28:1a:55:f8:d5:c5:6c:68:e4:98:99:23:80:10:38:
         19:ef:d7:f4:a3:32:e3:87:37:1e:74:c4:42:64:75:2d:fc:c4:
         b5:74:e2:7f:bd:cf:ba:98:b7:31:bc:fb:5d:63:8a:b1:70:ea:
         e3:0c:b2:18:b6:43:74:0d:71:aa:0e:2f:37:81:7a:12:e2:6c:
         a4:b9:2c:b6:3b:d4:3d:26:26:fb:7f:c1:3c:1b:33:df:69:10:
         8a:59:df:a2:b7:0a:97:78:8e:0e:19:03:4e:d8:c0:54:93:fb:
         89:10:b6:d4:aa:c2:da:a9:6c:24:52:16:55:d5:4c:6a:40:0d:
         b3:3f:48:fc:df:52:07:e6:77:9d:ba:b5:35:b2:5c:4f:12:d4:
         e0:2a:18:91:6c:7c:48:1c:1b:5e:9c:99:d9:ba:26:e2:17:9c:
         17:79:70:0c:a7:33:e4:5f:fa:9d:53:bb:e2:14:42:97:45:83:
         8a:f0:79:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3BvFfBc8TTcWe+cLhKeC2lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMjE5MTQxOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGFlYzgzZGM5MzJjMTI1YzM3OWRlNDU2ZTkzMTM3ZTQ5OWM5NzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjdPYd14gQUMEudZrEo2d1UMwZPfz
dNlf+SUSq2zvASi0v/ROP2ApDv3597H2DvDAfKix5/iEw4TxyTf2j4lPM2LJ5KTT
N/pD4XESKb03cjd9T6xdHkbip7lbd7d7cTr48/el8PdNGZTKKoUNTnS7yAKd5p50
1Z7HraWYBk8mvuOlK8KwnwcP+I1YVDhcpmCNCt15ykwca5UxmJlHCk3r7tqE265t
XNV9tb8CnPepePiTbDqw5vWQ0tz0YDrFNu/wnBI0rdGkjZgjb3NXdJGjQYHElT11
ZYwhwpKT84EwEcH22UZ1iueTVws2feyIiFHUjs9pvcBSeeWzC1icFXSx+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAiuyD3JMsElw3neRW6TE35JnJdIMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvQ0s3SVBja3l3U1hEZWQ1RmJwTVRma21jbDBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXy85MA0G
CSqGSIb3DQEBCwUAA4IBAQAjjkb2XDWSJEq2Ji4AHaFUQZowVXNxVNeTbe/ZzCcr
+xUgQPkRW6u5y2ZBz5s6Adk9vQm58zZFYqLrm+Kdo4y9awCAS6kcVNvO6gcoGlX4
1cVsaOSYmSOAEDgZ79f0ozLjhzcedMRCZHUt/MS1dOJ/vc+6mLcxvPtdY4qxcOrj
DLIYtkN0DXGqDi83gXoS4mykuSy2O9Q9Jib7f8E8GzPfaRCKWd+itwqXeI4OGQNO
2MBUk/uJELbUqsLaqWwkUhZV1UxqQA2zP0j831IH5nedurU1slxPEtTgKhiRbHxI
HBtenJnZuibiF5wXeXAMpzPkX/qdU7viFEKXRYOK8Hna
-----END CERTIFICATE-----