Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/G81gbOO1VGpOGZRkDlb3Q8iDuPk.roa
File:                     G81gbOO1VGpOGZRkDlb3Q8iDuPk.roa (raw, json)
Hash identifier:          8P/H+Ged/ZNxUXAbiVOwqm7pGXglMZYQUianwMo3kwQ=
Subject key identifier:   1B:CD:60:6C:E3:B5:54:6A:4E:19:94:64:0E:56:F7:43:C8:83:B8:F9
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA29FCA00505226574B247113912688E
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/G81gbOO1VGpOGZRkDlb3Q8iDuPk.roa
Signing time:             Tue 02 Jan 2024 12:33:18 +0000
ROA not before:           Tue 02 Jan 2024 12:33:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47349
IP address blocks:        93.171.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:12:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:fc:a0:05:05:22:65:74:b2:47:11:39:12:68:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1bcd606ce3b5546a4e1994640e56f743c883b8f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:bc:da:0e:d0:aa:bb:54:e1:00:84:f7:66:ad:
                    62:51:51:8b:21:7d:65:83:c0:3c:4f:71:83:4c:c1:
                    57:33:6a:ba:bf:36:d1:20:96:37:fb:2b:52:f1:3d:
                    08:e9:ef:0a:96:dd:e0:c2:9c:b0:3a:82:c9:ff:1c:
                    a9:40:b6:b2:16:91:59:ff:dc:fb:74:bc:15:d9:5a:
                    fe:7f:4f:02:99:72:d2:41:f2:a4:b7:89:f7:19:71:
                    d2:da:ee:9c:af:2e:67:3a:11:e3:70:99:76:29:83:
                    3f:46:bc:48:05:ff:06:15:63:4d:71:bb:b3:25:41:
                    d4:a5:81:57:7e:fb:ee:1f:10:b3:46:bf:2d:a5:41:
                    19:c3:56:ab:81:03:0e:64:29:71:8c:39:42:e9:d3:
                    75:aa:a0:00:f7:9a:c8:24:a9:14:e3:bb:2b:29:af:
                    57:19:5b:91:56:79:9b:8d:48:34:05:d7:f4:b7:f0:
                    00:25:c4:1d:8b:26:61:a0:52:2e:0e:98:fb:1c:04:
                    e4:fc:6f:ff:89:f3:9b:a7:1b:22:87:b0:b3:96:ee:
                    bb:d5:fe:a3:48:e7:17:d2:fa:94:cf:4c:6a:4c:43:
                    83:57:23:02:90:6e:7c:73:aa:01:69:e9:4c:5c:63:
                    99:cc:57:d2:15:fc:1d:b3:5a:c2:57:3c:cf:5e:30:
                    9f:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:CD:60:6C:E3:B5:54:6A:4E:19:94:64:0E:56:F7:43:C8:83:B8:F9
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/G81gbOO1VGpOGZRkDlb3Q8iDuPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.171.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:44:7d:54:e0:72:55:9a:76:fe:ab:0f:96:ce:f4:30:d5:93:
         50:f4:00:8e:d2:64:6a:17:b4:c5:82:dd:c0:70:cb:b0:ce:73:
         d5:ab:65:18:87:2b:1a:e0:70:26:6d:12:46:d3:da:ce:9a:21:
         94:96:4e:30:49:a0:bb:50:32:12:f6:3d:16:65:5c:b0:dc:40:
         19:e3:5a:5a:5d:2c:a0:b7:ce:28:7d:ca:a4:2b:fc:46:d9:cc:
         c3:85:cf:d2:e9:f7:96:a6:e7:b2:54:a4:ab:a0:84:ab:43:27:
         c9:ac:96:58:4a:75:59:d8:3f:ee:b7:83:b5:c4:a1:1f:81:f5:
         bd:24:e8:3f:2f:54:19:6d:72:90:96:08:c1:84:ae:01:39:2c:
         62:04:fd:59:eb:06:cc:c2:38:d7:58:c3:b5:14:c5:49:71:af:
         75:0e:7b:f7:8a:dc:52:3f:2b:1b:9f:c1:d1:50:34:50:6f:08:
         4a:c9:e0:4b:fa:61:8b:7b:57:23:20:34:44:ff:23:c3:24:3a:
         56:92:84:8c:ee:91:b0:9b:a8:e0:62:b0:99:2c:1a:d4:60:74:
         79:7e:f8:56:ad:31:9f:4c:ce:1c:51:28:66:b3:ee:cd:80:e4:
         68:22:d8:fb:43:9d:98:ad:ec:b0:f7:39:36:9b:4b:f3:44:d8:
         b9:f4:91:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKfygBQUiZXSyRxE5EmiOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmNkNjA2Y2UzYjU1NDZhNGUxOTk0NjQwZTU2Zjc0M2M4ODNiOGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm7zaDtCqu1ThAIT3Zq1iUVGLIX1l
g8A8T3GDTMFXM2q6vzbRIJY3+ytS8T0I6e8Klt3gwpywOoLJ/xypQLayFpFZ/9z7
dLwV2Vr+f08CmXLSQfKkt4n3GXHS2u6cry5nOhHjcJl2KYM/RrxIBf8GFWNNcbuz
JUHUpYFXfvvuHxCzRr8tpUEZw1argQMOZClxjDlC6dN1qqAA95rIJKkU47srKa9X
GVuRVnmbjUg0Bdf0t/AAJcQdiyZhoFIuDpj7HATk/G//ifObpxsih7Czlu671f6j
SOcX0vqUz0xqTEODVyMCkG58c6oBaelMXGOZzFfSFfwds1rCVzzPXjCfbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBvNYGzjtVRqThmUZA5W90PIg7j5MB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvRzgxZ2JPTzFWR3BPR1pSa0RsYjNROGlEdVBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXaubMA0G
CSqGSIb3DQEBCwUAA4IBAQCoRH1U4HJVmnb+qw+WzvQw1ZNQ9ACO0mRqF7TFgt3A
cMuwznPVq2UYhysa4HAmbRJG09rOmiGUlk4wSaC7UDIS9j0WZVyw3EAZ41paXSyg
t84ofcqkK/xG2czDhc/S6feWpueyVKSroISrQyfJrJZYSnVZ2D/ut4O1xKEfgfW9
JOg/L1QZbXKQlgjBhK4BOSxiBP1Z6wbMwjjXWMO1FMVJca91Dnv3itxSPysbn8HR
UDRQbwhKyeBL+mGLe1cjIDRE/yPDJDpWkoSM7pGwm6jgYrCZLBrUYHR5fvhWrTGf
TM4cUShms+7NgORoItj7Q52Yreyw9zk2m0vzRNi59JH5
-----END CERTIFICATE-----