Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/Pzk3fS65YINhBnB-vKLQ2ckqTY0.roa
File:                     Pzk3fS65YINhBnB-vKLQ2ckqTY0.roa (raw, json)
Hash identifier:          k8jfXCt4iyFRPqWwsSo7/Izqn0+H5JYEXpbUNUrhuiM=
Subject key identifier:   3F:39:37:7D:2E:B9:60:83:61:06:70:7E:BC:A2:D0:D9:C9:2A:4D:8D
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CE87FF2F17FFCF250C76E95B90F67FFE4
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/Pzk3fS65YINhBnB-vKLQ2ckqTY0.roa
Signing time:             Mon 08 Jan 2024 09:55:48 +0000
ROA not before:           Mon 08 Jan 2024 09:55:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204752
IP address blocks:        95.47.118.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:12:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e8:7f:f2:f1:7f:fc:f2:50:c7:6e:95:b9:0f:67:ff:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  8 09:55:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f39377d2eb960836106707ebca2d0d9c92a4d8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:bb:a3:ea:6a:a1:67:07:35:62:9a:ab:18:90:
                    e0:75:21:66:d5:7b:ef:4a:89:4f:50:0b:b4:33:c6:
                    1f:25:58:7f:27:a9:9e:7b:61:19:4a:c0:28:e6:c6:
                    d1:c0:f2:56:13:54:f3:bc:66:13:5c:af:85:93:24:
                    e7:44:3d:01:c1:b7:fb:b5:c1:1d:9d:d7:87:d9:f6:
                    08:e4:b1:60:41:08:11:5f:83:a5:b6:95:b7:ce:22:
                    c8:05:e5:76:11:10:cd:24:ea:6c:56:dd:00:e3:29:
                    9a:de:71:43:6f:41:6a:df:f0:c4:be:82:1b:f9:2b:
                    8f:97:51:e9:b3:dc:b8:d1:43:36:b8:8e:89:7a:8f:
                    68:7a:09:e1:29:2f:f5:e2:19:47:d9:95:70:9a:56:
                    cd:78:4d:97:f6:c7:6a:14:ad:43:73:d9:b5:80:4a:
                    4e:1b:cc:00:c8:a2:05:da:35:49:c9:e8:e6:63:9c:
                    f5:b4:fd:9e:6c:1e:fe:fe:ff:40:48:4b:cd:2a:73:
                    38:24:e7:e5:a4:f6:bd:b1:7d:48:31:ba:b2:5f:38:
                    af:3d:13:35:f2:7a:be:5b:6c:68:88:b0:3a:b1:fe:
                    05:26:ba:e7:01:d1:77:27:35:95:87:4a:30:de:dc:
                    1d:3d:ec:49:41:ec:00:e2:b8:a1:05:f6:21:30:a0:
                    07:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:39:37:7D:2E:B9:60:83:61:06:70:7E:BC:A2:D0:D9:C9:2A:4D:8D
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/Pzk3fS65YINhBnB-vKLQ2ckqTY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.47.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:80:fa:bf:90:2c:9d:24:ee:19:5c:70:53:c3:09:47:e5:c8:
         8d:98:69:93:2b:84:97:9b:28:ba:9c:8d:81:88:dd:53:39:93:
         49:14:48:b1:a9:1d:c0:1b:8d:95:9e:29:9a:8d:27:e1:86:58:
         0a:e7:90:b1:73:fd:b6:fe:25:c9:3f:ce:96:c9:e0:72:48:39:
         de:64:1d:1f:4f:8e:ab:12:c7:6d:5e:c6:58:94:d9:d4:38:68:
         fb:d8:88:f1:f7:b8:14:01:00:71:91:01:8c:7e:29:0a:13:8d:
         d8:65:6a:63:3b:cd:cb:f8:1c:02:f4:ee:07:1d:01:a3:58:74:
         f7:d6:a1:c6:55:5d:b1:69:c8:9f:b9:a2:16:48:65:09:54:f0:
         fe:06:47:cf:00:a0:8a:6e:41:54:56:11:fb:1c:4d:e8:4f:e8:
         23:dc:21:01:da:60:b8:2e:52:11:25:c0:33:4a:2c:88:d0:fc:
         19:a1:23:da:d6:60:26:6a:1c:f8:be:59:11:4b:3f:76:0b:ff:
         f8:8e:f3:c4:d1:23:38:a9:a3:1d:0f:01:0b:37:f1:a5:13:c9:
         18:63:4f:0d:48:b0:25:fc:5c:1a:e4:e9:73:d1:2c:11:6a:83:
         2d:14:38:3b:c7:9a:30:db:d5:f4:4f:2b:0a:5d:00:7e:97:02:
         33:13:f4:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzof/Lxf/zyUMdulbkPZ//kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTA4MDk1NTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjM5Mzc3ZDJlYjk2MDgzNjEwNjcwN2ViY2EyZDBkOWM5MmE0ZDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnruj6mqhZwc1YpqrGJDgdSFm1Xvv
SolPUAu0M8YfJVh/J6mee2EZSsAo5sbRwPJWE1TzvGYTXK+FkyTnRD0Bwbf7tcEd
ndeH2fYI5LFgQQgRX4OltpW3ziLIBeV2ERDNJOpsVt0A4yma3nFDb0Fq3/DEvoIb
+SuPl1Hps9y40UM2uI6Jeo9oegnhKS/14hlH2ZVwmlbNeE2X9sdqFK1Dc9m1gEpO
G8wAyKIF2jVJyejmY5z1tP2ebB7+/v9ASEvNKnM4JOflpPa9sX1IMbqyXzivPRM1
8nq+W2xoiLA6sf4FJrrnAdF3JzWVh0ow3twdPexJQewA4rihBfYhMKAHWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD85N30uuWCDYQZwfryi0NnJKk2NMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvUHprM2ZTNjVZSU5oQm5CLXZLTFEyY2txVFkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXy92MA0G
CSqGSIb3DQEBCwUAA4IBAQAMgPq/kCydJO4ZXHBTwwlH5ciNmGmTK4SXmyi6nI2B
iN1TOZNJFEixqR3AG42VnimajSfhhlgK55Cxc/22/iXJP86WyeBySDneZB0fT46r
EsdtXsZYlNnUOGj72Ijx97gUAQBxkQGMfikKE43YZWpjO83L+BwC9O4HHQGjWHT3
1qHGVV2xacifuaIWSGUJVPD+BkfPAKCKbkFUVhH7HE3oT+gj3CEB2mC4LlIRJcAz
SiyI0PwZoSPa1mAmahz4vlkRSz92C//4jvPE0SM4qaMdDwELN/GlE8kYY08NSLAl
/Fwa5Olz0SwRaoMtFDg7x5ow29X0TysKXQB+lwIzE/Qd
-----END CERTIFICATE-----