Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/DNXevPEz1ji5h7KNMz8KScik36Q.roa
File:                     DNXevPEz1ji5h7KNMz8KScik36Q.roa (raw, json)
Hash identifier:          nt63gROVGR992yLeQWzlIsRaEgOxvOoG8N7rTyZ1igA=
Subject key identifier:   0C:D5:DE:BC:F1:33:D6:38:B9:87:B2:8D:33:3F:0A:49:C8:A4:DF:A4
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0194258FDA1FEBE7CC25B8EF381AE6B5EC35
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/DNXevPEz1ji5h7KNMz8KScik36Q.roa
Signing time:             Thu 02 Jan 2025 05:49:32 +0000
ROA not before:           Thu 02 Jan 2025 05:49:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61384
IP address blocks:        93.170.132.0/23 maxlen: 24
                          93.171.170.0/23 maxlen: 24
                          93.171.250.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 14:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:da:1f:eb:e7:cc:25:b8:ef:38:1a:e6:b5:ec:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0cd5debcf133d638b987b28d333f0a49c8a4dfa4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:9f:bf:5a:1a:81:01:1f:cc:5e:92:bc:80:d2:
                    ff:17:92:68:1e:12:fd:8b:56:a1:3d:15:33:db:96:
                    52:81:22:34:d2:b2:89:2d:5a:45:4b:7b:c9:d6:4f:
                    aa:06:d9:04:67:1b:2f:64:73:a3:a3:0e:35:fd:77:
                    fe:7c:f9:50:c2:6d:e4:5e:2b:13:a0:d1:ec:f5:b4:
                    fe:51:72:2c:93:74:ff:ef:e3:a8:96:c3:b9:54:00:
                    8f:62:ff:af:66:93:bf:62:8f:14:93:e2:85:59:b1:
                    e8:f5:8b:10:8f:fc:ba:d2:c8:6c:14:40:86:c0:00:
                    a9:ee:a4:be:9a:a2:22:5f:30:ff:5d:ea:88:f4:53:
                    c0:c9:20:11:c1:70:25:a4:5c:2b:f1:7c:05:4d:94:
                    e2:58:05:b9:11:76:a6:5c:bf:8b:76:75:6a:e6:8a:
                    00:9c:35:47:f8:bf:30:00:2b:a4:a3:34:cb:7b:c2:
                    88:eb:7a:11:99:fd:0f:20:a0:cd:63:ba:13:ee:d1:
                    d1:bb:c2:62:ce:57:6e:42:e7:88:bd:64:3f:d4:80:
                    69:f6:e9:59:87:e0:a5:ba:bf:99:ae:b4:c0:8f:3d:
                    15:75:30:60:87:cf:91:88:39:08:df:b9:ab:3c:35:
                    42:1c:ac:78:fe:4e:9a:1c:3c:6a:44:65:10:52:54:
                    ea:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:D5:DE:BC:F1:33:D6:38:B9:87:B2:8D:33:3F:0A:49:C8:A4:DF:A4
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/DNXevPEz1ji5h7KNMz8KScik36Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.170.132.0/23
                  93.171.170.0/23
                  93.171.250.0/23

    Signature Algorithm: sha256WithRSAEncryption
         52:e0:c6:ae:56:10:93:30:18:62:17:73:d1:fe:78:ec:f5:03:
         37:01:9c:83:d1:c1:40:6f:fc:b1:f9:bf:c5:d6:61:78:db:0d:
         c7:20:b0:47:18:dd:af:19:b8:1e:52:01:21:fa:2b:5a:17:3c:
         04:43:60:39:69:b7:82:d3:eb:27:24:ab:6e:7b:0e:1c:b1:99:
         83:a7:90:9b:7d:97:74:d6:24:8e:f7:32:e8:7a:36:2a:68:79:
         c7:ad:01:83:04:07:0b:7f:7c:3f:a8:98:14:1d:d9:1f:98:47:
         86:61:3f:51:de:41:79:8c:81:a1:05:6d:f3:08:5b:0a:c8:ae:
         f1:7e:25:d9:25:86:12:98:10:b1:61:19:54:3c:b6:32:9b:a4:
         1b:66:f4:c3:be:7a:96:9e:54:7a:39:f6:15:53:eb:b5:ba:19:
         a9:e1:47:38:6f:14:ec:cf:b1:2c:70:88:59:17:cc:0f:ec:02:
         c1:f2:c8:bf:16:41:17:68:8f:39:3d:24:84:d4:be:17:e7:cd:
         ce:c3:10:d7:55:b0:34:05:1e:71:13:23:40:74:6f:01:87:2f:
         33:7c:10:51:bd:a2:f0:56:7c:57:8a:d5:f9:2d:81:4a:10:95:
         aa:32:a9:b7:96:01:fe:7b:bf:af:c4:87:41:62:74:12:fc:0a:
         56:41:fa:22
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQlj9of6+fMJbjvOBrmtew1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2Q1ZGViY2YxMzNkNjM4Yjk4N2IyOGQzMzNmMGE0OWM4YTRkZmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJ+/WhqBAR/MXpK8gNL/F5JoHhL9
i1ahPRUz25ZSgSI00rKJLVpFS3vJ1k+qBtkEZxsvZHOjow41/Xf+fPlQwm3kXisT
oNHs9bT+UXIsk3T/7+OolsO5VACPYv+vZpO/Yo8Uk+KFWbHo9YsQj/y60shsFECG
wACp7qS+mqIiXzD/XeqI9FPAySARwXAlpFwr8XwFTZTiWAW5EXamXL+LdnVq5ooA
nDVH+L8wACukozTLe8KI63oRmf0PIKDNY7oT7tHRu8JizlduQueIvWQ/1IBp9ulZ
h+Clur+ZrrTAjz0VdTBgh8+RiDkI37mrPDVCHKx4/k6aHDxqRGUQUlTq7wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAzV3rzxM9Y4uYeyjTM/CknIpN+kMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvRE5YZXZQRXoxamk1aDdLTk16OEtTY2lrMzZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBXaqEAwQB
XauqAwQBXav6MA0GCSqGSIb3DQEBCwUAA4IBAQBS4MauVhCTMBhiF3PR/njs9QM3
AZyD0cFAb/yx+b/F1mF42w3HILBHGN2vGbgeUgEh+itaFzwEQ2A5abeC0+snJKtu
ew4csZmDp5CbfZd01iSO9zLoejYqaHnHrQGDBAcLf3w/qJgUHdkfmEeGYT9R3kF5
jIGhBW3zCFsKyK7xfiXZJYYSmBCxYRlUPLYym6QbZvTDvnqWnlR6OfYVU+u1uhmp
4Uc4bxTsz7EscIhZF8wP7ALB8si/FkEXaI85PSSE1L4X583OwxDXVbA0BR5xEyNA
dG8Bhy8zfBBRvaLwVnxXitX5LYFKEJWqMqm3lgH+e7+vxIdBYnQS/ApWQfoi
-----END CERTIFICATE-----