Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/I9Quv5Hk8Zb3RLHoouHtCwZl9lw.roa
File:                     I9Quv5Hk8Zb3RLHoouHtCwZl9lw.roa (raw, json)
Hash identifier:          QFhDgiju2abJzhS4dj6YhB3QCsMcoYYhDuhurqKv8j4=
Subject key identifier:   23:D4:2E:BF:91:E4:F1:96:F7:44:B1:E8:A2:E1:ED:0B:06:65:F6:5C
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA29E47D25AA3CFD69B3C2C82C1399AF
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/I9Quv5Hk8Zb3RLHoouHtCwZl9lw.roa
Signing time:             Tue 02 Jan 2024 12:33:12 +0000
ROA not before:           Tue 02 Jan 2024 12:33:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29035
IP address blocks:        93.170.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:e4:7d:25:aa:3c:fd:69:b3:c2:c8:2c:13:99:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23d42ebf91e4f196f744b1e8a2e1ed0b0665f65c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:5d:39:0e:a3:a0:4d:f1:81:91:71:6f:15:df:
                    c3:19:26:f9:92:c0:79:dd:32:f8:70:eb:de:6c:56:
                    c7:22:43:36:ba:b5:1b:4b:46:66:f9:23:35:9a:ef:
                    31:5d:75:ed:41:8e:f4:31:30:b3:5d:94:96:de:57:
                    69:25:78:4e:d0:29:fc:2e:75:3e:65:dd:b3:03:c8:
                    ec:d3:2c:45:e0:65:55:d2:ad:23:94:40:37:ab:75:
                    66:15:13:21:98:b1:eb:9c:7c:4d:41:cd:64:af:74:
                    f9:26:ab:55:3d:33:52:8c:38:72:b3:7b:b6:4b:9c:
                    d8:69:b3:91:7b:88:17:4e:e6:37:f1:37:a9:68:d7:
                    6d:1f:5c:61:6d:85:4b:d2:10:ae:a3:e0:4c:ab:2c:
                    2e:a7:c1:c8:d7:e2:d9:0a:47:aa:70:c1:60:ad:24:
                    a5:92:05:cf:bb:59:23:7e:55:b5:4b:4e:d9:7c:d5:
                    b4:b3:e3:fa:2d:5f:4d:1d:9e:b4:a0:c3:f9:c9:e5:
                    fe:c8:9c:1c:db:a6:96:bd:9e:d5:02:9d:d3:e7:08:
                    b2:0a:5a:57:f5:dd:5a:f0:41:63:73:43:52:65:0c:
                    fe:5a:ca:e9:28:13:ec:53:fe:a9:27:6e:bc:78:98:
                    70:ab:6d:40:e7:19:f2:e0:4d:4d:0d:84:e2:c7:2a:
                    4c:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:D4:2E:BF:91:E4:F1:96:F7:44:B1:E8:A2:E1:ED:0B:06:65:F6:5C
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/I9Quv5Hk8Zb3RLHoouHtCwZl9lw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.170.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:c9:8b:69:e3:50:0d:9c:3b:95:f4:d4:c0:3a:e5:46:84:6c:
         36:79:2e:fa:f7:0d:81:02:04:5b:00:d5:e3:50:b1:07:fc:56:
         02:fe:b3:d1:9b:b2:d5:00:2a:8b:30:96:2c:3a:21:9f:95:7b:
         fa:d9:b0:54:68:2a:b4:e4:62:45:f7:ad:ac:d3:35:a1:35:ac:
         46:79:88:56:67:88:19:0c:54:e5:bb:fc:f7:17:38:6c:2b:0d:
         16:a7:d1:a6:96:cb:c7:84:f7:84:66:f7:47:02:e6:00:fb:69:
         9d:a4:8b:00:30:e8:7a:9d:b4:7c:8d:e7:f3:1f:9a:64:d6:79:
         b9:f6:23:30:cd:bf:16:4e:3d:52:e5:49:e1:c2:16:43:bd:9b:
         30:bc:9f:9f:e4:72:96:9c:69:e9:ed:e5:d1:1d:93:0e:e1:4f:
         c9:10:5e:9e:83:eb:32:9a:66:a1:ec:22:b7:47:c2:71:9c:7b:
         21:e4:e4:b2:d1:36:e8:94:cd:ef:68:62:56:71:69:11:29:62:
         18:f8:1f:32:29:87:4b:2e:97:fc:0b:47:23:02:9d:a7:51:c2:
         1e:67:86:3b:f3:58:85:10:ed:0c:ff:4a:23:ef:6c:12:28:c0:
         9c:fa:dc:c6:8c:ac:61:1d:7c:08:13:8e:fe:29:c3:6c:1a:89:
         d7:54:e3:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKeR9Jao8/WmzwsgsE5mvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2Q0MmViZjkxZTRmMTk2Zjc0NGIxZThhMmUxZWQwYjA2NjVmNjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmF05DqOgTfGBkXFvFd/DGSb5ksB5
3TL4cOvebFbHIkM2urUbS0Zm+SM1mu8xXXXtQY70MTCzXZSW3ldpJXhO0Cn8LnU+
Zd2zA8js0yxF4GVV0q0jlEA3q3VmFRMhmLHrnHxNQc1kr3T5JqtVPTNSjDhys3u2
S5zYabORe4gXTuY38TepaNdtH1xhbYVL0hCuo+BMqywup8HI1+LZCkeqcMFgrSSl
kgXPu1kjflW1S07ZfNW0s+P6LV9NHZ60oMP5yeX+yJwc26aWvZ7VAp3T5wiyClpX
9d1a8EFjc0NSZQz+WsrpKBPsU/6pJ268eJhwq21A5xny4E1NDYTixypMTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCPULr+R5PGW90Sx6KLh7QsGZfZcMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvSTlRdXY1SGs4WmIzUkxIb291SHRDd1psOWx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXaoEMA0G
CSqGSIb3DQEBCwUAA4IBAQBGyYtp41ANnDuV9NTAOuVGhGw2eS769w2BAgRbANXj
ULEH/FYC/rPRm7LVACqLMJYsOiGflXv62bBUaCq05GJF962s0zWhNaxGeYhWZ4gZ
DFTlu/z3FzhsKw0Wp9GmlsvHhPeEZvdHAuYA+2mdpIsAMOh6nbR8jefzH5pk1nm5
9iMwzb8WTj1S5UnhwhZDvZswvJ+f5HKWnGnp7eXRHZMO4U/JEF6eg+symmah7CK3
R8JxnHsh5OSy0TbolM3vaGJWcWkRKWIY+B8yKYdLLpf8C0cjAp2nUcIeZ4Y781iF
EO0M/0oj72wSKMCc+tzGjKxhHXwIE47+KcNsGonXVOME
-----END CERTIFICATE-----