Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/P5_chl2zln27T7OdxS8UhqH8oOQ.roa
File:                     P5_chl2zln27T7OdxS8UhqH8oOQ.roa (raw, json)
Hash identifier:          2af0cNCW0wbuF25NrOufo3e+sqiYif8F2ezUgYKG+ok=
Subject key identifier:   3F:9F:DC:86:5D:B3:96:7D:BB:4F:B3:9D:C5:2F:14:86:A1:FC:A0:E4
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA29FE07D48F47D204388C70B7ADF2E2
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/P5_chl2zln27T7OdxS8UhqH8oOQ.roa
Signing time:             Tue 02 Jan 2024 12:33:18 +0000
ROA not before:           Tue 02 Jan 2024 12:33:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48118
IP address blocks:        95.46.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:fe:07:d4:8f:47:d2:04:38:8c:70:b7:ad:f2:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f9fdc865db3967dbb4fb39dc52f1486a1fca0e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:00:3b:90:a7:6c:73:1a:f8:c3:5e:83:9f:06:
                    05:73:79:01:41:8c:ed:85:69:82:ef:3c:c5:03:49:
                    73:8b:f4:78:9e:3b:a0:b0:21:fa:9d:28:e8:16:0b:
                    4d:dc:e1:6c:3a:02:34:a0:4b:f7:ce:99:63:8f:a2:
                    6d:48:36:49:29:b5:02:ef:dd:cf:7f:22:b9:38:0b:
                    6e:55:41:da:cc:11:1f:41:97:2c:2e:1e:58:33:a8:
                    45:dd:03:ac:ae:4b:f0:58:ab:65:85:fb:a3:56:0e:
                    d2:50:1e:ac:b1:e6:8b:76:4d:2f:45:76:80:c0:ee:
                    72:22:26:30:f9:a0:81:3b:6e:81:32:9f:f3:73:e5:
                    2a:28:0c:84:53:87:58:4c:30:eb:b8:0c:b2:72:93:
                    f7:18:a7:d2:51:e2:3e:5d:42:13:b7:46:fb:bd:66:
                    e4:47:72:c8:1a:8e:02:9c:30:8c:05:e2:22:3b:7e:
                    c6:36:cf:ea:06:5a:9d:32:26:c4:37:47:bd:8a:c1:
                    70:9d:61:15:d5:4a:20:ec:a9:11:5e:f2:44:18:b9:
                    45:31:4c:a1:f4:f2:e3:b0:68:c8:71:59:76:59:30:
                    f1:8e:0d:15:89:32:78:56:ad:8f:a2:b5:27:f3:0a:
                    d0:78:2a:f4:ab:bd:c8:fc:82:6c:ae:9e:e2:31:60:
                    0f:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:9F:DC:86:5D:B3:96:7D:BB:4F:B3:9D:C5:2F:14:86:A1:FC:A0:E4
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/P5_chl2zln27T7OdxS8UhqH8oOQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.46.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:87:a0:20:a9:80:4a:cb:09:b9:75:b4:33:04:46:be:eb:9e:
         ad:05:74:d2:bf:92:0f:b9:13:e2:9f:49:f1:85:39:12:9c:a4:
         f8:b7:8b:e0:b3:5c:a1:44:f6:49:ce:84:ad:de:6e:af:92:d0:
         b9:50:f9:a6:9f:db:e6:c5:a6:52:95:23:5a:83:58:1b:6a:d8:
         74:e5:df:9b:53:db:1d:33:f4:07:21:5a:40:14:32:7d:6f:2b:
         6d:57:ea:43:0c:3d:5b:f6:8b:71:7e:2e:f0:99:65:f5:b4:49:
         c1:48:cb:32:d3:94:bf:20:e5:ef:ed:ac:bb:8a:df:1d:9b:d6:
         0d:cc:3e:33:7d:c5:aa:d5:ae:ac:2e:a5:f3:55:ea:e9:39:77:
         ad:8f:1b:9a:51:c9:d2:d8:8d:e3:f5:8c:d4:51:b4:86:37:d9:
         ab:14:63:53:4c:2a:db:ac:1a:6d:ea:dd:50:6f:2a:36:b9:22:
         27:05:74:1c:26:ae:d6:6d:c7:66:1f:22:f3:13:a6:6b:4e:2c:
         92:dc:81:27:76:44:06:ab:47:32:02:de:4c:1a:23:44:c9:ef:
         2d:64:cb:c1:53:15:7b:15:12:98:c2:c4:44:0c:72:e0:5d:4d:
         c9:52:58:bf:25:2f:ee:e8:9b:71:7d:f1:93:9e:31:b9:52:48:
         d9:9c:59:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKf4H1I9H0gQ4jHC3rfLiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjlmZGM4NjVkYjM5NjdkYmI0ZmIzOWRjNTJmMTQ4NmExZmNhMGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjwA7kKdscxr4w16DnwYFc3kBQYzt
hWmC7zzFA0lzi/R4njugsCH6nSjoFgtN3OFsOgI0oEv3zpljj6JtSDZJKbUC793P
fyK5OAtuVUHazBEfQZcsLh5YM6hF3QOsrkvwWKtlhfujVg7SUB6sseaLdk0vRXaA
wO5yIiYw+aCBO26BMp/zc+UqKAyEU4dYTDDruAyycpP3GKfSUeI+XUITt0b7vWbk
R3LIGo4CnDCMBeIiO37GNs/qBlqdMibEN0e9isFwnWEV1Uog7KkRXvJEGLlFMUyh
9PLjsGjIcVl2WTDxjg0ViTJ4Vq2PorUn8wrQeCr0q73I/IJsrp7iMWAPhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD+f3IZds5Z9u0+zncUvFIah/KDkMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvUDVfY2hsMnpsbjI3VDdPZHhTOFVocUg4b09RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXy4KMA0G
CSqGSIb3DQEBCwUAA4IBAQAqh6AgqYBKywm5dbQzBEa+656tBXTSv5IPuRPin0nx
hTkSnKT4t4vgs1yhRPZJzoSt3m6vktC5UPmmn9vmxaZSlSNag1gbath05d+bU9sd
M/QHIVpAFDJ9byttV+pDDD1b9otxfi7wmWX1tEnBSMsy05S/IOXv7ay7it8dm9YN
zD4zfcWq1a6sLqXzVerpOXetjxuaUcnS2I3j9YzUUbSGN9mrFGNTTCrbrBpt6t1Q
byo2uSInBXQcJq7WbcdmHyLzE6ZrTiyS3IEndkQGq0cyAt5MGiNEye8tZMvBUxV7
FRKYwsREDHLgXU3JUli/JS/u6JtxffGTnjG5UkjZnFkV
-----END CERTIFICATE-----