Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/KC8yl_YPERCA7mF0epClgIyJLpA.roa
File:                     KC8yl_YPERCA7mF0epClgIyJLpA.roa (raw, json)
Hash identifier:          o2xVmdI1VbuHDv53kBPdrfYaKIh1g/Ots7pP02IREoY=
Subject key identifier:   28:2F:32:97:F6:0F:11:10:80:EE:61:74:7A:90:A5:80:8C:89:2E:90
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0194258FC71E3CA3FE6AD22D92A7D4062550
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/KC8yl_YPERCA7mF0epClgIyJLpA.roa
Signing time:             Thu 02 Jan 2025 05:49:27 +0000
ROA not before:           Thu 02 Jan 2025 05:49:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58330
IP address blocks:        95.46.160.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:c7:1e:3c:a3:fe:6a:d2:2d:92:a7:d4:06:25:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=282f3297f60f111080ee61747a90a5808c892e90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:d4:60:89:c6:bb:4e:a9:c0:c3:f3:ff:2d:8e:
                    ad:0c:66:89:de:d0:d9:38:29:94:0c:c5:6e:5e:d6:
                    79:b2:f3:40:6e:74:c9:63:89:46:ad:16:1e:bf:b1:
                    71:27:9f:04:53:4e:30:8a:e4:4d:86:fa:24:1a:f4:
                    f7:d4:61:ba:39:6a:02:6f:61:71:32:28:98:51:37:
                    b2:46:31:c2:d8:f5:fb:04:6a:be:39:7a:db:62:4d:
                    8c:5c:3b:1f:4c:cf:55:0c:4d:72:24:2b:7b:6a:80:
                    b7:eb:ae:d1:3e:4c:d5:a1:ae:29:ed:94:58:68:a7:
                    df:e7:fe:98:28:3f:93:60:4f:a6:f3:5b:fa:a3:8b:
                    59:81:69:da:76:bc:59:b2:d9:4e:75:69:28:b4:c1:
                    75:0b:ac:b9:71:86:75:f7:5f:80:7e:8e:fe:93:2c:
                    eb:dd:30:c2:28:50:0b:18:88:cc:52:c7:d0:6f:90:
                    c3:09:e4:f7:ac:df:e3:57:66:2b:66:ad:97:23:38:
                    50:eb:10:51:87:74:0b:a1:a7:4a:b7:50:9e:36:15:
                    3d:f6:f7:53:60:7a:e0:f3:68:c6:6b:b3:d2:a5:11:
                    14:c6:2e:e0:96:a1:90:05:e3:ce:b8:75:74:af:63:
                    de:3b:93:c1:9a:a2:0e:9c:5f:6f:72:4a:03:cb:ea:
                    6e:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:2F:32:97:F6:0F:11:10:80:EE:61:74:7A:90:A5:80:8C:89:2E:90
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/KC8yl_YPERCA7mF0epClgIyJLpA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.46.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         33:c1:6c:49:8a:27:11:f3:cd:eb:7a:a6:9f:08:b1:c1:96:40:
         e3:ff:d1:0e:5d:a9:dd:f4:ad:92:3e:71:06:ca:a3:1b:3d:74:
         5e:c2:c2:c1:3d:d6:dc:c9:95:ed:76:0e:59:72:aa:ff:e9:fc:
         5d:4d:9f:2e:13:b6:76:2c:05:79:23:19:e9:7d:13:15:c2:a2:
         ef:c9:d0:24:d1:23:4d:ab:fe:a1:50:ab:0a:73:66:32:f5:19:
         85:14:7f:a0:aa:a7:10:e0:fd:cf:ad:b7:30:34:b0:b4:b8:0a:
         c7:2a:c5:0c:a9:d1:35:99:b4:52:de:8a:f5:23:38:9f:73:d3:
         9b:26:b7:7f:7e:67:c7:76:62:c4:0e:4f:b5:c7:56:1f:38:57:
         30:8e:fe:94:f2:63:4f:db:a7:cc:f6:90:6b:41:90:0b:5c:1c:
         a8:7b:0c:2a:b8:85:ad:96:a3:6d:14:d5:46:b7:45:99:d4:26:
         4a:cf:0b:61:e8:05:a2:8f:70:da:04:2c:23:b3:5d:b3:38:ee:
         af:fa:49:cd:5f:b7:0c:c3:e7:e1:77:02:8a:bb:d5:fb:08:17:
         33:8a:40:e1:b0:86:bc:ee:13:d0:a6:2f:53:28:a5:4a:83:7e:
         7e:c9:2a:e1:19:75:db:27:5a:a9:eb:45:81:49:14:ba:1d:c4:
         cb:44:a9:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj8cePKP+atItkqfUBiVQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODJmMzI5N2Y2MGYxMTEwODBlZTYxNzQ3YTkwYTU4MDhjODkyZTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNRgica7TqnAw/P/LY6tDGaJ3tDZ
OCmUDMVuXtZ5svNAbnTJY4lGrRYev7FxJ58EU04wiuRNhvokGvT31GG6OWoCb2Fx
MiiYUTeyRjHC2PX7BGq+OXrbYk2MXDsfTM9VDE1yJCt7aoC3667RPkzVoa4p7ZRY
aKff5/6YKD+TYE+m81v6o4tZgWnadrxZstlOdWkotMF1C6y5cYZ191+Afo7+kyzr
3TDCKFALGIjMUsfQb5DDCeT3rN/jV2YrZq2XIzhQ6xBRh3QLoadKt1CeNhU99vdT
YHrg82jGa7PSpREUxi7glqGQBePOuHV0r2PeO5PBmqIOnF9vckoDy+purwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCgvMpf2DxEQgO5hdHqQpYCMiS6QMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvS0M4eWxfWVBFUkNBN21GMGVwQ2xnSXlKTHBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXy6gMA0G
CSqGSIb3DQEBCwUAA4IBAQAzwWxJiicR883reqafCLHBlkDj/9EOXand9K2SPnEG
yqMbPXRewsLBPdbcyZXtdg5Zcqr/6fxdTZ8uE7Z2LAV5IxnpfRMVwqLvydAk0SNN
q/6hUKsKc2Yy9RmFFH+gqqcQ4P3PrbcwNLC0uArHKsUMqdE1mbRS3or1Izifc9Ob
Jrd/fmfHdmLEDk+1x1YfOFcwjv6U8mNP26fM9pBrQZALXByoewwquIWtlqNtFNVG
t0WZ1CZKzwth6AWij3DaBCwjs12zOO6v+knNX7cMw+fhdwKKu9X7CBczikDhsIa8
7hPQpi9TKKVKg35+ySrhGXXbJ1qp60WBSRS6HcTLRKkG
-----END CERTIFICATE-----