Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/DrGCIiGRlIuM-CjJtth-EmhKKNk.roa
File:                     DrGCIiGRlIuM-CjJtth-EmhKKNk.roa (raw, json)
Hash identifier:          nCPgaInsvUZcGyPrwiotFqETg1/Z/bOU3ANha3Gm7nY=
Subject key identifier:   0E:B1:82:22:21:91:94:8B:8C:F8:28:C9:B6:D8:7E:12:68:4A:28:D9
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018D185926A75D416474946B92DDFBAD4048
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/DrGCIiGRlIuM-CjJtth-EmhKKNk.roa
Signing time:             Wed 17 Jan 2024 16:55:12 +0000
ROA not before:           Wed 17 Jan 2024 16:55:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49551
IP address blocks:        31.148.202.0/23 maxlen: 24
                          93.171.44.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:18:59:26:a7:5d:41:64:74:94:6b:92:dd:fb:ad:40:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan 17 16:55:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0eb182222191948b8cf828c9b6d87e12684a28d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c0:e9:22:f0:b2:03:d8:f8:8a:3b:7e:bd:a8:
                    d6:9c:74:b9:b4:7b:a5:c5:8e:04:3f:de:f6:9b:e4:
                    54:5c:ca:85:56:6e:46:2f:f0:66:7a:15:a0:9a:d0:
                    50:b1:6e:b4:e5:5e:c1:c7:84:ab:b2:00:28:65:fd:
                    5e:55:8c:9e:c7:d8:35:b6:84:86:55:5f:52:9b:f0:
                    90:45:7a:4f:7a:45:9f:3e:6e:bf:a3:28:19:75:4f:
                    a7:f9:20:df:f4:19:8c:b2:9d:2c:0e:be:d1:63:bd:
                    6c:2f:e6:dc:7a:fe:7f:ee:cd:97:57:ed:50:4c:db:
                    5c:51:8e:84:b6:bd:bc:ac:45:c2:06:4d:d8:bc:f9:
                    03:64:8a:b2:94:db:db:5a:bd:a1:ca:98:c5:c1:7f:
                    11:72:16:0d:e5:14:79:f8:98:13:3b:c7:df:60:3d:
                    8c:35:d0:4a:01:69:49:f7:f5:0d:16:e7:c8:45:4e:
                    58:23:08:6c:36:8f:c5:9d:57:e4:72:8b:35:46:0b:
                    30:7f:ca:e3:e5:32:6d:7c:79:a3:ef:a9:a8:04:56:
                    e8:7e:66:a7:61:df:6e:3a:b9:98:80:c3:84:dd:01:
                    c9:ad:26:26:7a:19:e2:b1:dd:11:d0:05:05:67:29:
                    31:fb:46:a2:15:b5:c7:c0:8a:bc:3e:1e:03:e1:24:
                    ec:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:B1:82:22:21:91:94:8B:8C:F8:28:C9:B6:D8:7E:12:68:4A:28:D9
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/DrGCIiGRlIuM-CjJtth-EmhKKNk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.148.202.0/23
                  93.171.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         78:23:5a:9b:dd:b0:29:bd:ee:9c:ee:13:c4:1a:ee:dd:c3:c1:
         e1:7b:b5:dd:bb:f7:47:9a:d1:98:54:7a:ed:cd:b1:ed:c0:82:
         4c:53:07:02:84:7a:59:f0:01:c2:f4:6e:62:30:5c:67:1d:18:
         83:e7:c6:2f:da:bb:55:82:21:ea:c4:3f:f2:07:a8:77:1b:a9:
         8e:b8:5a:5f:43:00:5d:aa:9a:24:fe:98:cd:b1:20:40:d9:cc:
         2a:d7:32:08:5b:bd:df:86:fa:8c:29:1b:ae:b2:cd:c9:0e:3b:
         95:4a:02:c6:13:06:1b:5c:25:b1:a2:b1:fe:48:c5:68:03:fb:
         a8:e2:f1:30:f1:d2:61:0f:ef:5e:ea:07:3b:1d:5d:d5:2b:e9:
         0d:e6:4b:eb:6f:1d:d7:d7:05:51:f2:f1:8c:75:93:eb:37:d9:
         57:d1:dc:8a:27:96:61:66:29:38:0c:57:70:88:35:79:ba:d7:
         55:a1:45:73:7a:bd:e5:c4:61:25:a1:ee:25:59:3a:49:bc:c9:
         af:47:2d:9d:2b:71:af:ed:e9:10:39:c6:34:c0:86:67:1b:5e:
         96:50:d2:1d:0a:ed:8c:bc:c9:6d:63:d6:84:24:18:b6:d6:3c:
         80:2e:88:d0:01:15:b3:55:c6:99:74:6e:1a:fa:ce:6d:7e:8a:
         3a:85:14:81
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY0YWSanXUFkdJRrkt37rUBIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTE3MTY1NTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWIxODIyMjIxOTE5NDhiOGNmODI4YzliNmQ4N2UxMjY4NGEyOGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8DpIvCyA9j4ijt+vajWnHS5tHul
xY4EP972m+RUXMqFVm5GL/BmehWgmtBQsW605V7Bx4SrsgAoZf1eVYyex9g1toSG
VV9Sm/CQRXpPekWfPm6/oygZdU+n+SDf9BmMsp0sDr7RY71sL+bcev5/7s2XV+1Q
TNtcUY6Etr28rEXCBk3YvPkDZIqylNvbWr2hypjFwX8RchYN5RR5+JgTO8ffYD2M
NdBKAWlJ9/UNFufIRU5YIwhsNo/FnVfkcos1Rgswf8rj5TJtfHmj76moBFbofman
Yd9uOrmYgMOE3QHJrSYmehnisd0R0AUFZykx+0aiFbXHwIq8Ph4D4STsfQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA6xgiIhkZSLjPgoybbYfhJoSijZMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvRHJHQ0lpR1JsSXVNLUNqSnR0aC1FbWhLS05rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBH5TKAwQC
XassMA0GCSqGSIb3DQEBCwUAA4IBAQB4I1qb3bApve6c7hPEGu7dw8Hhe7Xdu/dH
mtGYVHrtzbHtwIJMUwcChHpZ8AHC9G5iMFxnHRiD58Yv2rtVgiHqxD/yB6h3G6mO
uFpfQwBdqpok/pjNsSBA2cwq1zIIW73fhvqMKRuuss3JDjuVSgLGEwYbXCWxorH+
SMVoA/uo4vEw8dJhD+9e6gc7HV3VK+kN5kvrbx3X1wVR8vGMdZPrN9lX0dyKJ5Zh
Zik4DFdwiDV5utdVoUVzer3lxGEloe4lWTpJvMmvRy2dK3Gv7ekQOcY0wIZnG16W
UNIdCu2MvMltY9aEJBi21jyALojQARWzVcaZdG4a+s5tfoo6hRSB
-----END CERTIFICATE-----