Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/LtEK6gjacG804FaulWnSRneyfV8.roa
File:                     LtEK6gjacG804FaulWnSRneyfV8.roa (raw, json)
Hash identifier:          AxrDCMq+vt8v5EguMHaM/6QnYzJ8sVAgjnrleUZwmXI=
Subject key identifier:   2E:D1:0A:EA:08:DA:70:6F:34:E0:56:AE:95:69:D2:46:77:B2:7D:5F
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       019425900A04DDF7B7A496449A57BC765B59
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/LtEK6gjacG804FaulWnSRneyfV8.roa
Signing time:             Thu 02 Jan 2025 05:49:44 +0000
ROA not before:           Thu 02 Jan 2025 05:49:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210845
IP address blocks:        93.171.175.0/24 maxlen: 24
                          2a02:128:18::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:90:0a:04:dd:f7:b7:a4:96:44:9a:57:bc:76:5b:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ed10aea08da706f34e056ae9569d24677b27d5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:b9:d4:be:b8:8d:7d:1c:66:f9:4b:ac:80:91:
                    22:94:22:66:8f:d2:d5:ec:a2:bb:37:dd:ad:6c:6c:
                    76:3c:2a:44:b5:50:6a:25:70:99:cd:99:f7:ac:fc:
                    cd:85:df:9a:78:7c:ed:bd:76:b3:ce:5d:2c:14:93:
                    ed:62:21:14:63:a3:7d:6e:17:0b:02:0a:f8:dc:38:
                    f3:d9:5d:2d:dd:4f:39:aa:6d:14:d1:83:17:b4:df:
                    0c:22:97:bf:50:7e:6b:ee:6f:9a:55:45:94:c8:8a:
                    3c:de:77:cb:25:47:97:c1:aa:3c:eb:63:09:90:72:
                    23:23:19:ea:b6:57:47:38:66:42:9e:90:8b:f9:db:
                    47:6e:34:6a:79:3a:f0:88:71:08:42:a8:1c:7b:22:
                    37:f2:0e:1a:41:72:2b:04:f8:c2:8b:3a:4e:c2:6c:
                    87:a9:c6:47:3b:b7:89:c2:40:44:f9:13:80:32:1a:
                    a0:76:55:76:df:5e:5a:df:fb:bb:04:b4:41:a8:51:
                    00:28:ea:b1:2c:75:9f:eb:28:86:87:26:2b:b2:e1:
                    c5:a0:15:4e:1b:3d:8c:82:ef:9d:e2:c9:6a:93:a3:
                    ac:c1:ab:1b:66:42:75:13:20:52:b7:74:4a:76:44:
                    99:de:9b:32:8d:95:99:1d:0c:1c:ea:04:d6:57:bb:
                    2e:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:D1:0A:EA:08:DA:70:6F:34:E0:56:AE:95:69:D2:46:77:B2:7D:5F
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/LtEK6gjacG804FaulWnSRneyfV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.171.175.0/24
                IPv6:
                  2a02:128:18::/48

    Signature Algorithm: sha256WithRSAEncryption
         30:b6:3f:30:10:b6:b4:e0:6b:0b:c3:59:79:dd:86:79:48:fe:
         83:a7:61:91:19:6d:14:51:c7:fc:d9:6d:a3:5e:e4:b4:2f:1b:
         52:41:2a:5e:09:7d:33:ef:7f:86:3b:cd:58:9a:13:3f:de:dc:
         59:1e:df:9a:cb:3d:b3:f1:93:cc:75:f3:3a:e8:63:eb:b6:89:
         97:62:0e:a2:ab:29:9c:4f:ab:7a:58:3d:1b:59:bc:ee:60:d9:
         32:d7:f7:8c:ac:99:73:bd:54:7b:72:23:c7:97:5e:29:42:fd:
         fa:03:8a:73:ce:76:65:5e:0c:33:ad:9a:0d:04:cf:bd:a7:85:
         18:27:c0:02:fa:82:ba:63:47:06:10:0a:bc:f4:f6:f6:24:be:
         9c:3b:89:85:ae:e1:3c:c3:5b:83:1c:7e:66:a2:fd:4f:05:19:
         ae:9d:e3:a4:df:a5:90:f2:42:65:c1:56:7f:38:12:5f:aa:b8:
         08:12:2b:ca:3d:0d:bf:e2:c9:51:f1:9a:4b:18:64:1c:e4:8e:
         72:1d:92:f4:36:18:b5:4b:0b:85:4b:60:9c:e7:57:40:6b:f7:
         24:c1:98:8c:09:d0:a0:d7:de:81:37:17:ba:86:46:a1:1c:f0:
         4b:37:f9:08:1e:2a:f0:d8:39:d7:ae:cc:5a:c4:25:0c:8e:86:
         b1:b3:7d:4e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQlkAoE3fe3pJZEmle8dltZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWQxMGFlYTA4ZGE3MDZmMzRlMDU2YWU5NTY5ZDI0Njc3YjI3ZDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA17nUvriNfRxm+UusgJEilCJmj9LV
7KK7N92tbGx2PCpEtVBqJXCZzZn3rPzNhd+aeHztvXazzl0sFJPtYiEUY6N9bhcL
Agr43Djz2V0t3U85qm0U0YMXtN8MIpe/UH5r7m+aVUWUyIo83nfLJUeXwao862MJ
kHIjIxnqtldHOGZCnpCL+dtHbjRqeTrwiHEIQqgceyI38g4aQXIrBPjCizpOwmyH
qcZHO7eJwkBE+ROAMhqgdlV2315a3/u7BLRBqFEAKOqxLHWf6yiGhyYrsuHFoBVO
Gz2Mgu+d4slqk6OswasbZkJ1EyBSt3RKdkSZ3psyjZWZHQwc6gTWV7sueQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFC7RCuoI2nBvNOBWrpVp0kZ3sn1fMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvTHRFSzZnamFjRzgwNEZhdWxXblNSbmV5ZlY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAXauvMA8E
AgACMAkDBwAqAgEoABgwDQYJKoZIhvcNAQELBQADggEBADC2PzAQtrTgawvDWXnd
hnlI/oOnYZEZbRRRx/zZbaNe5LQvG1JBKl4JfTPvf4Y7zViaEz/e3Fke35rLPbPx
k8x18zroY+u2iZdiDqKrKZxPq3pYPRtZvO5g2TLX94ysmXO9VHtyI8eXXilC/foD
inPOdmVeDDOtmg0Ez72nhRgnwAL6grpjRwYQCrz09vYkvpw7iYWu4TzDW4Mcfmai
/U8FGa6d46TfpZDyQmXBVn84El+quAgSK8o9Db/iyVHxmksYZBzkjnIdkvQ2GLVL
C4VLYJznV0Br9yTBmIwJ0KDX3oE3F7qGRqEc8Es3+QgeKvDYOdeuzFrEJQyOhrGz
fU4=
-----END CERTIFICATE-----