Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/QMjiuDHITuqbFP2LN3I3CZPLgWI.roa
File:                     QMjiuDHITuqbFP2LN3I3CZPLgWI.roa (raw, json)
Hash identifier:          Kfhw8fmOPjo/OS/20uLdVFQ3N90jwnTfyYD27cLFsfI=
Subject key identifier:   40:C8:E2:B8:31:C8:4E:EA:9B:14:FD:8B:37:72:37:09:93:CB:81:62
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A2922A0C59EB31FD4AB3FF654FD1E
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/QMjiuDHITuqbFP2LN3I3CZPLgWI.roa
Signing time:             Tue 02 Jan 2024 12:33:29 +0000
ROA not before:           Tue 02 Jan 2024 12:33:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61371
IP address blocks:        93.171.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:29:22:a0:c5:9e:b3:1f:d4:ab:3f:f6:54:fd:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40c8e2b831c84eea9b14fd8b3772370993cb8162
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:fd:70:68:00:73:d3:7b:cf:37:44:c9:f8:91:
                    77:3f:39:7c:1b:c0:20:2d:c5:6a:8d:f7:78:e3:6a:
                    b8:b5:b8:3a:a7:1a:68:68:bb:7c:ad:01:8a:ee:c9:
                    a5:59:b6:71:56:42:31:fc:8d:74:45:3b:85:7d:9c:
                    91:a1:a0:2c:18:7f:32:6a:e7:59:e9:b1:29:3f:ed:
                    79:30:54:8b:ea:dc:94:66:77:ef:ea:18:54:ca:64:
                    f3:a3:6d:d7:db:9b:62:ec:8b:a5:44:11:1b:78:90:
                    5d:5f:43:6b:e1:7f:e2:7f:3f:0f:f3:48:15:01:aa:
                    32:9e:12:4d:2b:e8:bf:f1:1e:da:b2:35:38:f2:12:
                    89:27:a3:28:d8:f7:ea:b8:b0:bd:96:9c:fb:b7:a0:
                    91:49:97:c2:cb:15:11:0d:df:7b:6f:8d:f5:9e:f9:
                    8d:5b:18:0d:8a:0e:98:6f:3b:9a:ca:36:52:93:2e:
                    8a:f7:02:a4:1a:79:cd:4a:01:0c:35:3f:c4:83:bd:
                    18:ce:9c:5f:f4:78:c3:ac:1c:a4:74:ec:86:44:f0:
                    b1:ae:6d:10:0a:df:f5:87:ff:65:eb:8a:1b:21:c3:
                    5c:ed:f1:3e:95:ff:34:d5:b0:1f:91:bc:02:bf:64:
                    1f:29:d2:02:c9:ad:70:80:25:a9:d6:8b:78:88:cd:
                    3a:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:C8:E2:B8:31:C8:4E:EA:9B:14:FD:8B:37:72:37:09:93:CB:81:62
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/QMjiuDHITuqbFP2LN3I3CZPLgWI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.171.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:e4:26:7e:be:b8:56:a7:a6:dd:c8:45:7e:7e:d2:f8:af:35:
         59:fd:29:e5:2f:ad:8f:dc:0a:cd:00:41:69:48:2f:85:82:d0:
         bc:90:79:86:21:36:6f:54:40:3c:31:f1:6d:df:e8:7d:95:18:
         cb:15:7d:c4:10:49:0d:d8:1d:b9:4f:83:a2:d1:33:f3:49:52:
         c6:47:7b:93:13:e8:da:cc:99:d5:7b:c0:2b:db:28:f4:20:fc:
         c3:f4:03:f8:e0:a9:03:83:6f:fe:07:1f:90:e9:9e:fd:9d:c9:
         02:87:19:86:8a:1d:1d:45:c4:31:de:b0:0f:8f:8f:35:c7:80:
         82:6b:74:65:55:74:4c:54:26:fa:53:91:5b:14:bd:25:1e:ab:
         4f:49:c2:6e:12:e0:79:62:bd:ca:be:ba:27:c3:8c:53:d0:6f:
         ef:96:ee:c2:0a:3b:4c:55:b0:f9:ba:75:82:0d:d5:c7:1f:f9:
         2b:1b:50:d1:3b:69:ba:2d:f1:af:63:7b:0d:49:40:ac:6a:0c:
         50:a4:5f:16:20:a1:37:87:95:31:14:c7:71:c0:40:e3:04:b7:
         2a:e6:d1:24:2f:b9:2c:61:c7:53:2a:12:91:49:f6:c1:3d:92:
         7c:a3:d6:63:20:0c:a4:5e:d8:48:6e:0b:4e:ad:3e:90:5f:7b:
         01:82:0e:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKikioMWesx/Uqz/2VP0eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGM4ZTJiODMxYzg0ZWVhOWIxNGZkOGIzNzcyMzcwOTkzY2I4MTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0/1waABz03vPN0TJ+JF3Pzl8G8Ag
LcVqjfd442q4tbg6pxpoaLt8rQGK7smlWbZxVkIx/I10RTuFfZyRoaAsGH8yaudZ
6bEpP+15MFSL6tyUZnfv6hhUymTzo23X25ti7IulRBEbeJBdX0Nr4X/ifz8P80gV
AaoynhJNK+i/8R7asjU48hKJJ6Mo2PfquLC9lpz7t6CRSZfCyxURDd97b431nvmN
WxgNig6YbzuayjZSky6K9wKkGnnNSgEMNT/Eg70Yzpxf9HjDrBykdOyGRPCxrm0Q
Ct/1h/9l64obIcNc7fE+lf801bAfkbwCv2QfKdICya1wgCWp1ot4iM06cQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEDI4rgxyE7qmxT9izdyNwmTy4FiMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvUU1qaXVESElUdXFiRlAyTE4zSTNDWlBMZ1dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXau5MA0G
CSqGSIb3DQEBCwUAA4IBAQCJ5CZ+vrhWp6bdyEV+ftL4rzVZ/SnlL62P3ArNAEFp
SC+FgtC8kHmGITZvVEA8MfFt3+h9lRjLFX3EEEkN2B25T4Oi0TPzSVLGR3uTE+ja
zJnVe8Ar2yj0IPzD9AP44KkDg2/+Bx+Q6Z79nckChxmGih0dRcQx3rAPj481x4CC
a3RlVXRMVCb6U5FbFL0lHqtPScJuEuB5Yr3Kvronw4xT0G/vlu7CCjtMVbD5unWC
DdXHH/krG1DRO2m6LfGvY3sNSUCsagxQpF8WIKE3h5UxFMdxwEDjBLcq5tEkL7ks
YcdTKhKRSfbBPZJ8o9ZjIAykXthIbgtOrT6QX3sBgg6x
-----END CERTIFICATE-----