Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/RUdOcKDRNJIapvpqqy1SsGnToA0.roa
File:                     RUdOcKDRNJIapvpqqy1SsGnToA0.roa (raw, json)
Hash identifier:          ux4dNA5NA+ibmf6FWioLqtq/iwsgM1wAQN95p6fOxBo=
Subject key identifier:   45:47:4E:70:A0:D1:34:92:1A:A6:FA:6A:AB:2D:52:B0:69:D3:A0:0D
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018FBE72C25651A056CD5C4673527035ACB1
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/RUdOcKDRNJIapvpqqy1SsGnToA0.roa
Signing time:             Tue 28 May 2024 09:05:42 +0000
ROA not before:           Tue 28 May 2024 09:05:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15428
IP address blocks:        146.158.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:be:72:c2:56:51:a0:56:cd:5c:46:73:52:70:35:ac:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: May 28 09:05:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45474e70a0d134921aa6fa6aab2d52b069d3a00d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:a5:b9:8d:ac:dd:dd:41:1d:97:90:9b:82:4a:
                    2e:23:8f:96:35:12:2c:cf:ea:58:f5:0d:43:40:aa:
                    05:36:a7:34:ac:8b:b1:03:31:4c:8d:e8:7f:eb:bd:
                    7a:3b:bf:a7:82:8b:bb:bd:cb:c1:e8:8d:e9:62:8a:
                    b0:37:43:af:fd:bc:b2:5b:09:08:7f:41:bb:52:bd:
                    2b:8e:b8:8b:ec:2c:3a:e7:41:90:eb:00:71:32:e2:
                    e1:32:bc:9d:36:e1:82:ab:19:b1:cc:8d:0e:b9:e2:
                    79:b4:64:7b:b8:b0:b1:9d:b8:ea:d2:b4:4f:b1:65:
                    52:7e:e7:06:08:a4:3c:f1:16:5e:35:17:94:19:41:
                    bd:7b:c2:2a:dd:23:65:f0:e6:ae:af:96:19:f0:61:
                    21:b0:9b:df:4b:27:68:fe:53:55:f6:33:22:fd:2a:
                    78:9b:0e:37:1e:8c:2c:87:27:f7:4c:6a:c9:e5:5a:
                    42:28:f0:4e:cf:09:b8:9d:91:97:bc:9c:2e:9e:1f:
                    b7:4b:5d:26:d7:93:5c:43:d9:1c:69:aa:9f:e6:e3:
                    bd:be:e5:1a:b3:ff:7a:b6:73:f0:4e:0d:4f:d0:59:
                    23:11:c3:e3:84:d2:34:42:63:cf:68:65:8d:c8:b8:
                    d7:b6:d2:98:99:b0:b2:21:41:5a:70:c4:40:d0:09:
                    60:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:47:4E:70:A0:D1:34:92:1A:A6:FA:6A:AB:2D:52:B0:69:D3:A0:0D
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/RUdOcKDRNJIapvpqqy1SsGnToA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.158.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:de:85:6c:bd:1a:e4:e4:46:87:78:55:59:c4:cc:6b:76:dc:
         a3:fe:03:63:a4:07:2a:09:1c:ee:72:5d:e2:f5:ee:83:ba:30:
         ad:49:65:57:98:9d:51:6b:92:31:b1:51:d1:2e:73:53:38:33:
         24:c3:65:28:10:55:df:b4:70:90:0e:94:3a:6c:89:46:12:44:
         e5:95:aa:8e:41:3c:a9:8a:70:a9:31:bf:70:d0:55:4d:77:ae:
         d9:15:35:8c:5a:b0:80:59:cd:cf:6e:50:63:4b:87:52:43:d3:
         6f:ff:a7:8d:51:2b:22:6d:42:60:40:8a:3c:3b:88:03:d9:6f:
         eb:c0:9b:b8:ea:79:9c:d6:0f:75:9d:10:59:2f:a8:7b:58:a5:
         7f:a4:86:31:6d:14:f0:27:6a:12:43:c5:cc:df:b9:b8:a4:ac:
         fb:bd:ae:c9:8f:bb:9e:50:7f:63:b6:38:9e:68:0b:6d:98:9d:
         c5:6f:0b:47:63:7f:b0:0c:38:bf:53:13:01:31:53:e0:d5:83:
         cb:ce:30:ac:d3:88:31:bf:75:1e:ef:d2:b1:60:21:f7:d4:91:
         86:b2:c7:81:9f:76:3b:97:16:bc:a3:33:63:3f:a8:23:c9:05:
         66:8c:bd:2a:19:d3:01:72:3f:de:5e:9a:88:41:2f:a0:d1:7a:
         07:b8:0c:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY++csJWUaBWzVxGc1JwNayxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwNTI4MDkwNTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTQ3NGU3MGEwZDEzNDkyMWFhNmZhNmFhYjJkNTJiMDY5ZDNhMDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsaW5jazd3UEdl5CbgkouI4+WNRIs
z+pY9Q1DQKoFNqc0rIuxAzFMjeh/6716O7+ngou7vcvB6I3pYoqwN0Ov/byyWwkI
f0G7Ur0rjriL7Cw650GQ6wBxMuLhMrydNuGCqxmxzI0OueJ5tGR7uLCxnbjq0rRP
sWVSfucGCKQ88RZeNReUGUG9e8Iq3SNl8Oaur5YZ8GEhsJvfSydo/lNV9jMi/Sp4
mw43Howshyf3TGrJ5VpCKPBOzwm4nZGXvJwunh+3S10m15NcQ9kcaaqf5uO9vuUa
s/96tnPwTg1P0FkjEcPjhNI0QmPPaGWNyLjXttKYmbCyIUFacMRA0AlgoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEVHTnCg0TSSGqb6aqstUrBp06ANMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvUlVkT2NLRFJOSklhcHZwcXF5MVNzR25Ub0EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkp5fMA0G
CSqGSIb3DQEBCwUAA4IBAQCQ3oVsvRrk5EaHeFVZxMxrdtyj/gNjpAcqCRzucl3i
9e6DujCtSWVXmJ1Ra5IxsVHRLnNTODMkw2UoEFXftHCQDpQ6bIlGEkTllaqOQTyp
inCpMb9w0FVNd67ZFTWMWrCAWc3PblBjS4dSQ9Nv/6eNUSsibUJgQIo8O4gD2W/r
wJu46nmc1g91nRBZL6h7WKV/pIYxbRTwJ2oSQ8XM37m4pKz7va7Jj7ueUH9jtjie
aAttmJ3FbwtHY3+wDDi/UxMBMVPg1YPLzjCs04gxv3Ue79KxYCH31JGGsseBn3Y7
lxa8ozNjP6gjyQVmjL0qGdMBcj/eXpqIQS+g0XoHuAxB
-----END CERTIFICATE-----