Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/RRqk46A8NM_5mfQ7dN-gtvrnYak.roa
File:                     RRqk46A8NM_5mfQ7dN-gtvrnYak.roa (raw, json)
Hash identifier:          desRrIavxTujDfP1oEAc7vh/w7o3t5XbXPmLG3UZRcY=
Subject key identifier:   45:1A:A4:E3:A0:3C:34:CF:F9:99:F4:3B:74:DF:A0:B6:FA:E7:61:A9
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A518DB701E8B60D96400B11422664
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/RRqk46A8NM_5mfQ7dN-gtvrnYak.roa
Signing time:             Tue 02 Jan 2024 12:33:40 +0000
ROA not before:           Tue 02 Jan 2024 12:33:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210390
IP address blocks:        95.46.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:51:8d:b7:01:e8:b6:0d:96:40:0b:11:42:26:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=451aa4e3a03c34cff999f43b74dfa0b6fae761a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:de:c8:61:22:96:1d:2c:e2:c8:4d:32:88:ac:
                    20:59:67:fc:d2:fe:fc:02:a1:fa:1d:07:36:2f:56:
                    d2:0b:fa:ca:d0:36:49:a0:61:2b:cb:19:b7:c2:10:
                    fb:6d:80:8a:11:b0:19:67:48:f4:22:20:4c:94:cf:
                    4b:8c:2e:3e:02:de:a7:d1:d8:ed:2d:4f:c8:40:43:
                    0e:9b:11:eb:67:3b:7f:e3:4a:68:02:52:43:67:55:
                    c4:d4:e2:e5:95:e0:9c:cd:ba:45:be:39:41:45:bc:
                    9d:e3:c5:98:c9:86:10:47:4e:00:a5:92:39:eb:11:
                    6d:fa:b1:c1:20:16:6a:83:91:c0:41:ec:95:c1:0c:
                    3f:d7:f3:15:72:f7:4a:55:6a:cb:dc:ff:16:44:54:
                    45:74:f0:d4:15:59:d0:8b:2c:8c:1e:4f:8d:89:c9:
                    f6:3b:50:31:3f:e9:d8:79:59:03:3b:1a:69:95:b3:
                    ed:7e:cf:c0:e1:96:3d:16:04:0a:98:db:21:5b:eb:
                    d2:24:4a:7a:9f:8f:de:4e:ec:d8:a9:2f:79:76:c1:
                    92:b4:39:2c:83:21:af:83:94:4f:77:65:98:c2:ed:
                    26:c0:9a:85:f7:14:66:86:41:da:d0:d7:8e:7e:47:
                    92:1b:db:3e:2e:f7:f0:c4:9b:bc:1f:ac:81:bd:bc:
                    18:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:1A:A4:E3:A0:3C:34:CF:F9:99:F4:3B:74:DF:A0:B6:FA:E7:61:A9
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/RRqk46A8NM_5mfQ7dN-gtvrnYak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.46.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:2d:a3:8b:28:74:9b:c6:56:0c:2e:76:a5:da:a4:97:af:34:
         e7:03:68:a8:6e:a7:44:34:43:12:9c:69:6d:89:78:3d:5f:f0:
         f6:c9:82:5b:09:10:dc:3d:f4:a1:f2:da:0e:28:8b:85:2e:12:
         3a:bc:9d:69:f9:66:32:1c:13:81:e3:b2:e9:0d:35:c0:8d:f9:
         f6:aa:49:e5:af:a9:71:a3:f3:fd:56:05:1a:22:32:ed:c9:51:
         3c:75:35:c1:c6:99:4c:c0:cb:99:72:ab:4e:56:62:28:2b:df:
         bc:a9:69:13:1c:1e:e9:8b:dc:1c:41:a1:d4:4a:89:3d:bc:fb:
         31:98:c2:c2:47:30:a7:91:f9:a0:08:b6:f9:41:ac:05:b7:e7:
         51:27:9a:ad:c1:94:ee:72:4d:c6:5e:a1:1a:59:52:06:c7:c7:
         cf:88:2e:6f:e8:55:6c:ae:a4:ef:49:bc:9f:ff:e5:09:a2:e5:
         d8:5d:c6:ac:73:59:9d:f1:6c:da:7c:81:19:1d:87:86:29:27:
         ff:64:9a:db:d9:28:2c:c0:32:29:11:4b:3c:20:ce:81:00:23:
         ae:99:dc:98:d8:f6:df:85:48:63:ba:d3:56:57:9e:6f:78:2a:
         cc:c6:2e:42:59:4e:a0:c9:3d:7d:ec:1c:58:da:2d:be:4a:b9:
         83:cf:ad:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKlGNtwHotg2WQAsRQiZkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTFhYTRlM2EwM2MzNGNmZjk5OWY0M2I3NGRmYTBiNmZhZTc2MWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhd7IYSKWHSziyE0yiKwgWWf80v78
AqH6HQc2L1bSC/rK0DZJoGEryxm3whD7bYCKEbAZZ0j0IiBMlM9LjC4+At6n0djt
LU/IQEMOmxHrZzt/40poAlJDZ1XE1OLlleCczbpFvjlBRbyd48WYyYYQR04ApZI5
6xFt+rHBIBZqg5HAQeyVwQw/1/MVcvdKVWrL3P8WRFRFdPDUFVnQiyyMHk+Nicn2
O1AxP+nYeVkDOxpplbPtfs/A4ZY9FgQKmNshW+vSJEp6n4/eTuzYqS95dsGStDks
gyGvg5RPd2WYwu0mwJqF9xRmhkHa0NeOfkeSG9s+LvfwxJu8H6yBvbwYdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEUapOOgPDTP+Zn0O3TfoLb652GpMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvUlJxazQ2QThOTV81bWZRN2ROLWd0dnJuWWFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXy5gMA0G
CSqGSIb3DQEBCwUAA4IBAQCmLaOLKHSbxlYMLnal2qSXrzTnA2iobqdENEMSnGlt
iXg9X/D2yYJbCRDcPfSh8toOKIuFLhI6vJ1p+WYyHBOB47LpDTXAjfn2qknlr6lx
o/P9VgUaIjLtyVE8dTXBxplMwMuZcqtOVmIoK9+8qWkTHB7pi9wcQaHUSok9vPsx
mMLCRzCnkfmgCLb5QawFt+dRJ5qtwZTuck3GXqEaWVIGx8fPiC5v6FVsrqTvSbyf
/+UJouXYXcasc1md8WzafIEZHYeGKSf/ZJrb2SgswDIpEUs8IM6BACOumdyY2Pbf
hUhjutNWV55veCrMxi5CWU6gyT197BxY2i2+SrmDz63w
-----END CERTIFICATE-----