Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/LIHVjJTO9KNwwIKr7DdLc62lD1I.roa
File:                     LIHVjJTO9KNwwIKr7DdLc62lD1I.roa (raw, json)
Hash identifier:          Qm5v/lJPMtju+vzEPFykdLdX03CLI63PGZgY0/7bhoo=
Subject key identifier:   2C:81:D5:8C:94:CE:F4:A3:70:C0:82:AB:EC:37:4B:73:AD:A5:0F:52
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0194258FBB1553618A0FB03F05E350546E22
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/LIHVjJTO9KNwwIKr7DdLc62lD1I.roa
Signing time:             Thu 02 Jan 2025 05:49:24 +0000
ROA not before:           Thu 02 Jan 2025 05:49:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51214
IP address blocks:        93.171.156.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:bb:15:53:61:8a:0f:b0:3f:05:e3:50:54:6e:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2c81d58c94cef4a370c082abec374b73ada50f52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:bb:f5:c2:16:19:cd:32:8b:5e:ee:97:c5:bc:
                    1b:93:c0:fa:ba:99:66:47:6b:57:9c:9b:30:76:d5:
                    14:07:d2:a3:15:ca:d0:aa:71:fd:34:75:9d:30:63:
                    d9:9b:45:99:9d:e7:69:8b:59:c8:fb:75:1f:9b:78:
                    c8:7f:a5:f8:dc:cf:02:e4:e8:82:ba:cd:0e:58:3a:
                    90:c4:9c:f1:16:42:59:84:e3:0f:51:1a:1b:5f:d4:
                    37:fe:1d:a4:c0:71:1b:75:b3:0f:70:26:70:09:c8:
                    82:4b:d0:b8:3f:56:9b:8f:79:07:9e:02:b9:4a:d5:
                    bc:1e:66:28:9d:b8:d8:14:ef:fd:75:ac:b6:3a:2d:
                    69:fd:c9:42:b1:c2:76:2b:78:6c:72:eb:4f:3f:72:
                    5a:ef:d6:f1:7c:68:35:f0:33:b8:5d:f6:76:59:c7:
                    3d:49:43:f5:75:74:ec:ab:cb:40:e4:95:f2:f0:b5:
                    b5:95:97:8c:cc:a8:f8:52:c2:c9:76:25:3a:f9:e0:
                    a0:ce:46:1c:55:32:9a:68:c2:c8:e0:1f:3a:58:b1:
                    3e:91:22:b5:05:c8:b5:60:67:f0:09:c0:f1:10:dc:
                    ba:5f:03:ae:4c:8d:9d:5d:eb:8a:fa:c1:8b:90:40:
                    58:ac:e1:93:dd:aa:6a:c0:7d:14:f6:23:9d:d6:8e:
                    ea:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:81:D5:8C:94:CE:F4:A3:70:C0:82:AB:EC:37:4B:73:AD:A5:0F:52
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/LIHVjJTO9KNwwIKr7DdLc62lD1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.171.156.0/23

    Signature Algorithm: sha256WithRSAEncryption
         95:d3:9b:66:2d:0a:31:c2:7c:b1:1e:19:dd:01:46:bb:48:63:
         04:49:78:2a:28:70:03:d7:fb:22:38:25:6d:d1:f2:0b:71:dd:
         5d:7f:34:6f:7a:4f:db:62:51:67:85:c8:5d:07:57:1b:22:6b:
         43:18:7b:77:18:c3:5c:ae:27:fa:6b:26:22:c4:b5:54:0e:7a:
         b4:34:1b:63:d8:65:bb:16:cf:48:41:40:9b:c4:75:fd:ad:a0:
         84:ce:0a:94:0b:80:49:af:49:c8:7d:91:0a:b4:20:6a:9f:44:
         6d:4e:45:68:fa:ed:c8:cb:49:98:f0:f1:12:71:ed:19:ba:d3:
         8a:4f:3a:69:be:38:c6:2c:b4:8a:29:18:e5:de:07:28:43:bb:
         58:f1:73:3e:59:8a:f1:ee:80:db:00:f4:be:1c:79:25:04:1f:
         f9:c1:db:cd:ab:ba:f5:0c:9e:98:60:4f:55:e5:99:b8:fd:46:
         bb:b6:3b:75:37:68:c7:77:a0:1b:2d:e5:0f:2b:cf:d7:6a:67:
         80:33:12:fc:46:53:f8:86:15:e8:2a:8c:e1:34:f9:e0:35:af:
         05:90:be:bd:fc:dd:55:5a:9c:59:04:69:f1:6b:2e:a0:ce:a2:
         22:e7:88:35:29:aa:df:ac:c4:1e:f1:87:ad:6e:47:eb:9f:e0:
         21:38:61:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj7sVU2GKD7A/BeNQVG4iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzgxZDU4Yzk0Y2VmNGEzNzBjMDgyYWJlYzM3NGI3M2FkYTUwZjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2rv1whYZzTKLXu6Xxbwbk8D6uplm
R2tXnJswdtUUB9KjFcrQqnH9NHWdMGPZm0WZnedpi1nI+3Ufm3jIf6X43M8C5OiC
us0OWDqQxJzxFkJZhOMPURobX9Q3/h2kwHEbdbMPcCZwCciCS9C4P1abj3kHngK5
StW8HmYonbjYFO/9day2Oi1p/clCscJ2K3hscutPP3Ja79bxfGg18DO4XfZ2Wcc9
SUP1dXTsq8tA5JXy8LW1lZeMzKj4UsLJdiU6+eCgzkYcVTKaaMLI4B86WLE+kSK1
Bci1YGfwCcDxENy6XwOuTI2dXeuK+sGLkEBYrOGT3apqwH0U9iOd1o7q1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCyB1YyUzvSjcMCCq+w3S3OtpQ9SMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvTElIVmpKVE85S053d0lLcjdEZExjNjJsRDFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXaucMA0G
CSqGSIb3DQEBCwUAA4IBAQCV05tmLQoxwnyxHhndAUa7SGMESXgqKHAD1/siOCVt
0fILcd1dfzRvek/bYlFnhchdB1cbImtDGHt3GMNcrif6ayYixLVUDnq0NBtj2GW7
Fs9IQUCbxHX9raCEzgqUC4BJr0nIfZEKtCBqn0RtTkVo+u3Iy0mY8PESce0ZutOK
TzppvjjGLLSKKRjl3gcoQ7tY8XM+WYrx7oDbAPS+HHklBB/5wdvNq7r1DJ6YYE9V
5Zm4/Ua7tjt1N2jHd6AbLeUPK8/XameAMxL8RlP4hhXoKozhNPngNa8FkL69/N1V
WpxZBGnxay6gzqIi54g1KarfrMQe8Yetbkfrn+AhOGFt
-----END CERTIFICATE-----