Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/GTvv-kjHWISnb8-NwbsNrJ1lO84.roa
File:                     GTvv-kjHWISnb8-NwbsNrJ1lO84.roa (raw, json)
Hash identifier:          bPPM7OIDS3+y7fl9Ho5MupEwl1ezC7OPpJfmLp0HfJw=
Subject key identifier:   19:3B:EF:FA:48:C7:58:84:A7:6F:CF:8D:C1:BB:0D:AC:9D:65:3B:CE
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0194258F8B543DFA3618AE6118E3AF74E429
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/GTvv-kjHWISnb8-NwbsNrJ1lO84.roa
Signing time:             Thu 02 Jan 2025 05:49:11 +0000
ROA not before:           Thu 02 Jan 2025 05:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15428
IP address blocks:        146.158.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 16:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:8b:54:3d:fa:36:18:ae:61:18:e3:af:74:e4:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=193beffa48c75884a76fcf8dc1bb0dac9d653bce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:51:5e:de:81:1b:91:17:7c:34:b7:9d:6d:9c:
                    3a:72:f6:52:76:91:9f:21:95:e4:61:5f:ad:c9:c2:
                    eb:4d:18:89:0e:24:31:40:70:b7:fe:86:d2:44:c5:
                    de:ac:98:db:94:c5:a4:8b:a9:76:fa:c8:13:53:4e:
                    6d:99:ac:e7:c6:c4:fe:8c:e6:9c:46:44:1f:58:a4:
                    da:b6:1e:d5:84:ad:67:73:f6:37:44:82:d0:28:ff:
                    c2:98:07:ab:38:d7:35:5d:a0:a1:da:6e:3b:18:5b:
                    55:ac:8c:93:5b:fb:c6:69:45:ac:6c:a5:83:3c:8e:
                    fd:e4:2b:3b:96:03:9e:6e:d9:83:79:23:c6:e6:e4:
                    bf:87:e5:ec:2e:5d:33:64:01:08:68:53:f7:d8:cb:
                    db:5f:66:69:c2:df:b9:be:fc:00:3c:e1:7e:ab:27:
                    58:9a:1c:67:4d:d4:cf:4d:be:35:8d:95:5a:42:5e:
                    d6:f6:4d:48:c4:82:c6:72:49:8f:0a:44:9d:a9:25:
                    95:94:37:db:91:56:52:02:de:0c:1d:2e:de:6e:39:
                    8b:e1:30:0c:09:e5:67:8e:31:38:5f:79:49:00:2d:
                    ba:af:15:a7:b3:a0:bb:50:02:de:36:db:63:d1:87:
                    71:50:0f:fc:7a:5f:ab:f8:39:99:e0:e1:73:83:c4:
                    89:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:3B:EF:FA:48:C7:58:84:A7:6F:CF:8D:C1:BB:0D:AC:9D:65:3B:CE
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/GTvv-kjHWISnb8-NwbsNrJ1lO84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.158.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:cc:ed:ab:e6:18:52:e6:c5:bc:d9:25:47:78:10:90:88:a6:
         78:be:04:ff:f8:ef:e0:e7:8f:5b:a5:5f:57:82:6f:bb:fa:68:
         29:f6:27:f9:4e:a4:0e:b9:71:6e:9e:fb:41:c2:62:93:ac:42:
         63:af:74:3f:0a:af:08:4a:fc:23:92:8f:87:e4:86:d2:ec:b3:
         de:62:a7:01:21:61:22:c1:c3:80:22:ef:b2:91:5b:92:62:48:
         c0:73:3b:f0:5d:63:5a:81:f1:c8:e1:6c:99:38:16:fe:36:56:
         b8:96:81:5c:12:39:d2:99:d9:90:38:1d:c6:b5:76:10:e8:0d:
         37:f8:d1:6c:77:e2:9f:ea:94:04:16:30:46:7b:d4:42:e8:d6:
         27:1e:0d:2b:11:f9:fc:d2:ea:ba:25:d0:98:bc:5d:fe:c9:7a:
         cc:f3:1f:23:53:97:0c:b7:81:1e:1d:3f:bc:47:7f:52:3e:6d:
         86:cc:95:0e:ae:a8:71:ef:0f:0a:3f:0b:e0:b9:5b:d7:09:81:
         a9:a3:c5:23:a2:c3:c3:24:85:1f:58:d1:48:59:5d:d2:90:eb:
         df:f4:0e:14:0b:9a:ac:5f:21:8f:66:5f:64:f6:94:67:b7:0e:
         24:25:a3:38:83:0c:20:39:ff:5e:a4:f4:e9:c6:83:1e:b4:f2:
         f6:77:12:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj4tUPfo2GK5hGOOvdOQpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTNiZWZmYTQ4Yzc1ODg0YTc2ZmNmOGRjMWJiMGRhYzlkNjUzYmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkFFe3oEbkRd8NLedbZw6cvZSdpGf
IZXkYV+tycLrTRiJDiQxQHC3/obSRMXerJjblMWki6l2+sgTU05tmaznxsT+jOac
RkQfWKTath7VhK1nc/Y3RILQKP/CmAerONc1XaCh2m47GFtVrIyTW/vGaUWsbKWD
PI795Cs7lgOebtmDeSPG5uS/h+XsLl0zZAEIaFP32MvbX2Zpwt+5vvwAPOF+qydY
mhxnTdTPTb41jZVaQl7W9k1IxILGckmPCkSdqSWVlDfbkVZSAt4MHS7ebjmL4TAM
CeVnjjE4X3lJAC26rxWns6C7UALeNttj0YdxUA/8el+r+DmZ4OFzg8SJpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBk77/pIx1iEp2/PjcG7DaydZTvOMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvR1R2di1rakhXSVNuYjgtTndic05ySjFsTzg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkp5fMA0G
CSqGSIb3DQEBCwUAA4IBAQAfzO2r5hhS5sW82SVHeBCQiKZ4vgT/+O/g549bpV9X
gm+7+mgp9if5TqQOuXFunvtBwmKTrEJjr3Q/Cq8ISvwjko+H5IbS7LPeYqcBIWEi
wcOAIu+ykVuSYkjAczvwXWNagfHI4WyZOBb+Nla4loFcEjnSmdmQOB3GtXYQ6A03
+NFsd+Kf6pQEFjBGe9RC6NYnHg0rEfn80uq6JdCYvF3+yXrM8x8jU5cMt4EeHT+8
R39SPm2GzJUOrqhx7w8KPwvguVvXCYGpo8UjosPDJIUfWNFIWV3SkOvf9A4UC5qs
XyGPZl9k9pRntw4kJaM4gwwgOf9epPTpxoMetPL2dxI0
-----END CERTIFICATE-----