Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/OGOG1RJa8b5MmV7aXy9seBi0fxw.roa
File:                     OGOG1RJa8b5MmV7aXy9seBi0fxw.roa (raw, json)
Hash identifier:          zW40nQrTsd8lxkQFKSX7OGYCMIxyHeliGZPF5SXmgPo=
Subject key identifier:   38:63:86:D5:12:5A:F1:BE:4C:99:5E:DA:5F:2F:6C:78:18:B4:7F:1C
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA29E6354526A0192637D02A92C96E41
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/OGOG1RJa8b5MmV7aXy9seBi0fxw.roa
Signing time:             Tue 02 Jan 2024 12:33:12 +0000
ROA not before:           Tue 02 Jan 2024 12:33:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35325
IP address blocks:        93.170.40.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:e6:35:45:26:a0:19:26:37:d0:2a:92:c9:6e:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=386386d5125af1be4c995eda5f2f6c7818b47f1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:9e:b2:5f:3c:21:3e:a0:f2:96:60:2a:07:10:
                    ea:14:d4:ed:05:98:d3:0a:16:c2:e3:23:ed:bb:63:
                    23:3a:64:02:0f:89:80:52:b4:7d:dc:9d:1e:10:77:
                    32:c7:2d:eb:57:90:ec:42:7c:7f:8e:0e:48:63:a0:
                    41:92:5b:4a:ec:4b:37:ef:e5:9c:d0:f2:d5:6f:ba:
                    ad:90:89:90:1b:a5:09:70:db:e7:47:68:cb:b9:e3:
                    81:4a:51:e1:1a:68:51:dd:4b:5a:66:b7:01:3a:ed:
                    c5:f4:9b:26:d3:37:74:50:67:c3:71:2f:23:74:d4:
                    8e:91:26:22:23:a4:c2:85:f9:f2:21:25:42:c6:d8:
                    e7:cd:7e:5a:59:c5:82:7c:30:04:ed:c8:82:81:c2:
                    f0:7b:8a:02:74:e0:76:e0:8a:65:a3:23:42:28:07:
                    e8:16:cd:73:5a:4c:be:bf:53:f7:f1:5c:44:4c:c0:
                    5b:c5:f5:99:4b:c3:28:e9:6b:8d:c1:10:16:a7:3f:
                    01:bf:50:79:b3:ac:b7:75:a1:13:4c:9f:61:b1:3b:
                    df:ee:23:d3:ab:ba:35:72:2b:72:1d:0a:44:2d:fc:
                    ac:39:99:c2:93:6a:14:f0:d6:99:3e:b4:28:02:75:
                    83:87:fc:75:e1:d7:e9:9d:4c:3a:c0:c4:3c:45:32:
                    2a:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:63:86:D5:12:5A:F1:BE:4C:99:5E:DA:5F:2F:6C:78:18:B4:7F:1C
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/OGOG1RJa8b5MmV7aXy9seBi0fxw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.170.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         61:62:54:c3:1d:72:9d:c8:88:40:21:9a:32:0f:ad:1c:61:f3:
         e7:30:03:97:45:4b:10:c9:22:d4:a6:60:54:ad:1e:0e:c6:77:
         e0:69:ab:35:b9:43:03:ec:79:49:28:ae:aa:7e:de:7f:18:7e:
         f0:4d:36:35:8d:aa:36:3c:3e:04:99:bb:2f:35:ff:80:f7:3a:
         8b:c2:60:16:09:d1:41:40:0c:c7:8c:68:2b:75:8e:67:29:c5:
         24:c1:f3:56:25:8f:e1:0c:96:a9:2b:ec:e2:19:04:c5:3f:07:
         b9:2a:02:fd:07:53:a9:4b:29:41:65:5f:0a:16:c7:dc:a7:e1:
         89:ab:fc:86:54:ae:8b:41:d3:39:22:97:1c:86:0b:0d:c6:e6:
         ca:55:14:2b:3c:7d:2c:cc:0d:76:5f:e0:7e:23:ce:65:4e:aa:
         7f:30:65:9b:cf:e2:9c:a4:05:1c:00:7f:4e:4e:23:d2:ff:1a:
         62:65:af:c0:ff:e8:53:13:b6:ea:72:c9:af:7f:90:1f:cf:10:
         9e:8c:40:17:67:74:cc:3a:8f:c3:f0:8b:5d:95:51:7e:17:4e:
         07:d1:b0:a8:0b:c0:3f:d6:e6:f0:a3:27:a6:e7:e5:1c:b3:d3:
         3d:70:65:d5:b2:a6:62:d5:46:05:14:44:3a:12:8a:14:8b:f1:
         b5:01:fe:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKeY1RSagGSY30CqSyW5BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODYzODZkNTEyNWFmMWJlNGM5OTVlZGE1ZjJmNmM3ODE4YjQ3ZjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZ6yXzwhPqDylmAqBxDqFNTtBZjT
ChbC4yPtu2MjOmQCD4mAUrR93J0eEHcyxy3rV5DsQnx/jg5IY6BBkltK7Es37+Wc
0PLVb7qtkImQG6UJcNvnR2jLueOBSlHhGmhR3UtaZrcBOu3F9Jsm0zd0UGfDcS8j
dNSOkSYiI6TChfnyISVCxtjnzX5aWcWCfDAE7ciCgcLwe4oCdOB24IployNCKAfo
Fs1zWky+v1P38VxETMBbxfWZS8Mo6WuNwRAWpz8Bv1B5s6y3daETTJ9hsTvf7iPT
q7o1cityHQpELfysOZnCk2oU8NaZPrQoAnWDh/x14dfpnUw6wMQ8RTIqTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDhjhtUSWvG+TJle2l8vbHgYtH8cMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvT0dPRzFSSmE4YjVNbVY3YVh5OXNlQmkwZnh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXaooMA0G
CSqGSIb3DQEBCwUAA4IBAQBhYlTDHXKdyIhAIZoyD60cYfPnMAOXRUsQySLUpmBU
rR4Oxnfgaas1uUMD7HlJKK6qft5/GH7wTTY1jao2PD4EmbsvNf+A9zqLwmAWCdFB
QAzHjGgrdY5nKcUkwfNWJY/hDJapK+ziGQTFPwe5KgL9B1OpSylBZV8KFsfcp+GJ
q/yGVK6LQdM5IpcchgsNxubKVRQrPH0szA12X+B+I85lTqp/MGWbz+KcpAUcAH9O
TiPS/xpiZa/A/+hTE7bqcsmvf5AfzxCejEAXZ3TMOo/D8ItdlVF+F04H0bCoC8A/
1ubwoyem5+Ucs9M9cGXVsqZi1UYFFEQ6EooUi/G1Af45
-----END CERTIFICATE-----