Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/CrFphSRt16Q3kt8OCnuHMLVORUI.roa
File:                     CrFphSRt16Q3kt8OCnuHMLVORUI.roa (raw, json)
Hash identifier:          dZ8NHpZw9PufTMxrVaExuXssoIzRIZ//mmeAB8GibWw=
Subject key identifier:   0A:B1:69:85:24:6D:D7:A4:37:92:DF:0E:0A:7B:87:30:B5:4E:45:42
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A51C3ADF9E068FCF3B41D030F800E
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/CrFphSRt16Q3kt8OCnuHMLVORUI.roa
Signing time:             Tue 02 Jan 2024 12:33:40 +0000
ROA not before:           Tue 02 Jan 2024 12:33:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210442
IP address blocks:        95.46.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 00:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:51:c3:ad:f9:e0:68:fc:f3:b4:1d:03:0f:80:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ab16985246dd7a43792df0e0a7b8730b54e4542
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:4d:a5:af:03:ec:fe:7a:0f:8f:02:b3:63:64:
                    8f:0e:81:d5:7f:25:e8:fd:62:0d:09:06:e1:56:41:
                    5b:f6:d1:dc:cd:2d:23:56:50:27:e0:92:69:8b:8f:
                    19:2e:44:e1:0a:c8:ce:1f:83:bf:55:fc:71:5e:73:
                    00:36:78:34:68:57:aa:a0:f8:a2:93:10:ce:18:23:
                    da:16:67:3c:26:37:41:b6:8b:bc:90:ad:7a:b1:14:
                    52:c8:2f:9f:ec:cd:e2:44:e8:31:57:0f:ef:b0:f0:
                    f3:58:44:4d:9b:ee:6e:46:d2:70:1d:f1:75:40:ae:
                    1a:6a:74:14:b1:a8:0f:64:51:55:47:65:d3:4c:45:
                    10:23:e1:d8:a7:52:43:c6:94:26:48:13:50:d4:23:
                    8e:56:9c:67:98:e7:8f:d1:cf:a4:b1:c3:84:d2:34:
                    91:0c:cc:8b:41:df:85:4e:7b:f0:15:b5:dd:dc:dc:
                    69:8a:b6:b7:b2:d7:49:60:c4:8c:00:54:b2:e7:9d:
                    79:da:ef:01:06:01:04:43:34:ef:06:4a:a3:84:c5:
                    81:f6:4f:d1:7f:56:f2:ee:33:02:52:01:d6:9e:ac:
                    9e:f0:fd:83:f4:1e:4e:1c:74:c4:2b:1e:87:bf:4d:
                    ed:26:19:d1:06:20:dd:a5:3f:b4:39:df:4c:2e:d6:
                    74:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:B1:69:85:24:6D:D7:A4:37:92:DF:0E:0A:7B:87:30:B5:4E:45:42
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/CrFphSRt16Q3kt8OCnuHMLVORUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.46.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:f7:51:bd:7a:3d:3f:9f:56:00:f4:60:bd:97:cf:77:dd:12:
         09:81:ab:f8:ef:ef:db:3e:de:87:83:41:40:f0:25:db:0e:81:
         98:b2:97:cb:e9:01:71:d8:5c:6d:72:34:6d:26:03:82:a1:80:
         52:c2:d7:23:9e:b1:ad:a9:f5:00:e2:2a:fa:e3:df:51:8d:46:
         18:72:06:a1:7f:c3:b7:ae:ef:28:15:ba:fd:29:a4:e7:1e:95:
         a4:be:2b:35:a9:d2:e5:8b:f5:ad:58:78:b5:55:6a:81:73:a8:
         bd:94:4e:f9:67:f9:21:a2:08:94:44:29:9e:d9:62:b3:34:19:
         c2:0e:72:e1:2e:32:ae:00:bb:4e:58:04:27:d5:74:cb:2f:fa:
         ad:f4:76:7c:31:fa:8d:17:d4:d8:86:34:b5:e6:5f:44:77:ce:
         82:11:d3:90:0a:32:3d:96:d9:33:72:cd:e9:02:9b:5e:54:11:
         98:d3:73:41:1f:9d:5c:1d:6d:5d:6f:15:99:d9:a5:16:ef:ef:
         c0:e6:f4:1a:d8:cc:a8:90:59:32:a0:cf:9e:68:d0:e4:5c:ab:
         a8:53:af:de:45:60:37:07:4a:f3:fb:61:e2:bb:66:93:d3:ef:
         05:d7:46:50:b1:f1:d0:b3:8a:d2:20:14:93:38:c1:8e:cd:a1:
         36:ed:cf:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKlHDrfngaPzztB0DD4AOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWIxNjk4NTI0NmRkN2E0Mzc5MmRmMGUwYTdiODczMGI1NGU0NTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnk2lrwPs/noPjwKzY2SPDoHVfyXo
/WINCQbhVkFb9tHczS0jVlAn4JJpi48ZLkThCsjOH4O/VfxxXnMANng0aFeqoPii
kxDOGCPaFmc8JjdBtou8kK16sRRSyC+f7M3iROgxVw/vsPDzWERNm+5uRtJwHfF1
QK4aanQUsagPZFFVR2XTTEUQI+HYp1JDxpQmSBNQ1COOVpxnmOeP0c+kscOE0jSR
DMyLQd+FTnvwFbXd3Nxpira3stdJYMSMAFSy55152u8BBgEEQzTvBkqjhMWB9k/R
f1by7jMCUgHWnqye8P2D9B5OHHTEKx6Hv03tJhnRBiDdpT+0Od9MLtZ0cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAqxaYUkbdekN5LfDgp7hzC1TkVCMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvQ3JGcGhTUnQxNlEza3Q4T0NudUhNTFZPUlVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXy5IMA0G
CSqGSIb3DQEBCwUAA4IBAQB/91G9ej0/n1YA9GC9l8933RIJgav47+/bPt6Hg0FA
8CXbDoGYspfL6QFx2FxtcjRtJgOCoYBSwtcjnrGtqfUA4ir6499RjUYYcgahf8O3
ru8oFbr9KaTnHpWkvis1qdLli/WtWHi1VWqBc6i9lE75Z/khogiURCme2WKzNBnC
DnLhLjKuALtOWAQn1XTLL/qt9HZ8MfqNF9TYhjS15l9Ed86CEdOQCjI9ltkzcs3p
ApteVBGY03NBH51cHW1dbxWZ2aUW7+/A5vQa2MyokFkyoM+eaNDkXKuoU6/eRWA3
B0rz+2Hiu2aT0+8F10ZQsfHQs4rSIBSTOMGOzaE27c/6
-----END CERTIFICATE-----