Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/R8_XMr-vFoaWWfW7LbddXcEC4hM.roa
File:                     R8_XMr-vFoaWWfW7LbddXcEC4hM.roa (raw, json)
Hash identifier:          4Kol27o7U6lEXU48Bsc09H6K4U/3ORE5tMe8hw+7fOk=
Subject key identifier:   47:CF:D7:32:BF:AF:16:86:96:59:F5:BB:2D:B7:5D:5D:C1:02:E2:13
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA29FF91AA9C938F4F74374CFBCD3AEB
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/R8_XMr-vFoaWWfW7LbddXcEC4hM.roa
Signing time:             Tue 02 Jan 2024 12:33:19 +0000
ROA not before:           Tue 02 Jan 2024 12:33:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48485
IP address blocks:        146.120.104.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:ff:91:aa:9c:93:8f:4f:74:37:4c:fb:cd:3a:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47cfd732bfaf16869659f5bb2db75d5dc102e213
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:61:c2:51:1e:11:b2:6e:5d:c0:31:64:5e:eb:
                    ec:71:fe:37:c0:e6:bf:cd:ac:7a:e1:18:ba:ea:04:
                    8f:ac:fc:2c:28:a1:19:ee:b5:6b:ab:84:d2:1a:fa:
                    51:e7:2d:79:48:f2:5b:2b:cd:86:20:05:cc:dd:53:
                    7a:4c:cc:ce:7b:03:58:c7:1e:dc:5f:47:d1:6b:20:
                    4c:56:c7:47:12:5a:a1:e5:90:77:5b:90:5a:69:dc:
                    ce:47:3d:59:80:9f:60:74:5c:ad:fa:d1:fc:28:f4:
                    8d:e8:4b:f1:2d:c1:93:8e:74:a1:d1:e5:a1:6a:3e:
                    f7:f9:c5:c0:92:c7:26:b3:80:54:83:90:a6:9c:70:
                    cc:85:f8:33:e9:c0:4f:39:65:7d:32:56:c8:31:86:
                    75:88:eb:3b:01:9c:de:dc:72:2f:4d:6f:95:ad:f1:
                    10:b8:64:ef:f1:83:b1:a0:60:6f:c3:72:97:80:2f:
                    b8:dc:8a:8f:4a:48:31:87:5f:aa:21:98:2f:57:08:
                    e4:7c:8b:e0:bd:68:97:4d:e8:ed:41:ee:84:2f:5a:
                    fe:3f:11:03:7b:b4:a6:e7:50:8d:21:56:81:03:a3:
                    a2:25:9f:ab:58:1a:ed:39:0c:ac:3f:0a:f5:03:b8:
                    57:85:31:22:a8:ce:7c:5b:f2:7c:69:65:15:60:3a:
                    1b:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:CF:D7:32:BF:AF:16:86:96:59:F5:BB:2D:B7:5D:5D:C1:02:E2:13
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/R8_XMr-vFoaWWfW7LbddXcEC4hM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.120.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         53:73:74:28:0b:c1:e9:c7:b8:00:78:d9:c0:10:09:e1:3b:79:
         63:09:bb:60:56:d2:16:6d:b0:3c:28:c8:18:fb:55:75:d6:1c:
         1f:ff:0f:3a:80:97:ae:38:17:d8:ed:9b:fa:59:ed:00:9b:62:
         78:2c:f2:58:cb:f6:a5:68:2a:f4:c9:d6:6e:a3:44:1e:87:a4:
         94:5a:0f:59:1c:00:cb:d9:a7:09:4a:7f:09:69:f9:6e:81:70:
         c8:3a:f5:52:4e:6b:13:ec:19:f8:08:66:87:28:01:ee:10:de:
         b3:51:4a:5d:3d:59:b1:85:6e:59:60:f5:ce:20:eb:c9:06:0d:
         7c:4d:f9:ed:74:9e:9f:57:58:dd:d2:05:43:8f:be:3c:33:21:
         c4:ce:23:d0:62:f1:79:88:54:39:e7:dd:30:e7:a3:47:05:3b:
         94:d5:9f:cb:54:88:c5:2f:2d:ec:64:31:19:29:f2:bc:50:bf:
         49:a7:4f:6d:e6:3e:64:bb:18:61:c7:98:67:7c:2f:44:09:79:
         17:32:76:30:14:80:98:07:ba:b0:df:18:1e:47:bb:69:d7:6f:
         09:c9:df:78:b9:71:30:be:28:af:81:c7:9b:c1:5e:f6:a1:ba:
         2a:e8:f3:ce:65:0e:50:d7:80:03:a0:9a:55:de:2d:5e:9e:4e:
         9c:de:b8:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKf+RqpyTj090N0z7zTrrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2NmZDczMmJmYWYxNjg2OTY1OWY1YmIyZGI3NWQ1ZGMxMDJlMjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh2HCUR4Rsm5dwDFkXuvscf43wOa/
zax64Ri66gSPrPwsKKEZ7rVrq4TSGvpR5y15SPJbK82GIAXM3VN6TMzOewNYxx7c
X0fRayBMVsdHElqh5ZB3W5BaadzORz1ZgJ9gdFyt+tH8KPSN6EvxLcGTjnSh0eWh
aj73+cXAkscms4BUg5CmnHDMhfgz6cBPOWV9MlbIMYZ1iOs7AZze3HIvTW+VrfEQ
uGTv8YOxoGBvw3KXgC+43IqPSkgxh1+qIZgvVwjkfIvgvWiXTejtQe6EL1r+PxED
e7Sm51CNIVaBA6OiJZ+rWBrtOQysPwr1A7hXhTEiqM58W/J8aWUVYDobvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEfP1zK/rxaGlln1uy23XV3BAuITMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvUjhfWE1yLXZGb2FXV2ZXN0xiZGRYY0VDNGhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCknhoMA0G
CSqGSIb3DQEBCwUAA4IBAQBTc3QoC8Hpx7gAeNnAEAnhO3ljCbtgVtIWbbA8KMgY
+1V11hwf/w86gJeuOBfY7Zv6We0Am2J4LPJYy/alaCr0ydZuo0Qeh6SUWg9ZHADL
2acJSn8JaflugXDIOvVSTmsT7Bn4CGaHKAHuEN6zUUpdPVmxhW5ZYPXOIOvJBg18
TfntdJ6fV1jd0gVDj748MyHEziPQYvF5iFQ5590w56NHBTuU1Z/LVIjFLy3sZDEZ
KfK8UL9Jp09t5j5kuxhhx5hnfC9ECXkXMnYwFICYB7qw3xgeR7tp128Jyd94uXEw
viivgcebwV72oboq6PPOZQ5Q14ADoJpV3i1enk6c3rhw
-----END CERTIFICATE-----