Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/RkRpFjPp3D_9EOekMMbxNTGZi6o.roa
File:                     RkRpFjPp3D_9EOekMMbxNTGZi6o.roa (raw, json)
Hash identifier:          8Aa9QmWY/BOVkS1zNoajQzpHo3HoL1bP6gwzliZ61Bg=
Subject key identifier:   46:44:69:16:33:E9:DC:3F:FD:10:E7:A4:30:C6:F1:35:31:99:8B:AA
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0194258FB156057E126AD634DA3DDEFDF11F
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/RkRpFjPp3D_9EOekMMbxNTGZi6o.roa
Signing time:             Thu 02 Jan 2025 05:49:21 +0000
ROA not before:           Thu 02 Jan 2025 05:49:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49168
IP address blocks:        95.47.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:b1:56:05:7e:12:6a:d6:34:da:3d:de:fd:f1:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4644691633e9dc3ffd10e7a430c6f13531998baa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:35:a0:07:01:37:09:dc:78:2d:c3:aa:8a:a6:
                    34:32:61:c0:16:46:f1:86:ae:fa:ee:ad:82:34:12:
                    1e:ae:2a:ad:6d:0c:87:83:4a:b7:d8:36:7b:ed:5f:
                    86:0d:35:03:96:ce:8e:b8:e6:1b:8b:36:ec:9b:2b:
                    a9:ed:30:0f:e8:98:cb:b3:35:74:7b:61:18:27:da:
                    06:81:98:4c:06:00:cf:79:72:6c:40:ff:42:5c:8b:
                    0b:f3:5a:26:27:c4:8c:79:74:fe:8b:56:9c:da:21:
                    06:08:99:1d:21:2a:7f:84:b2:9e:ad:c6:a0:18:55:
                    80:53:0b:c3:39:28:9d:a2:25:60:c3:c9:d0:30:8a:
                    b2:dd:9f:3f:a4:20:ea:99:82:f0:06:36:59:2e:a3:
                    d9:b2:4d:9e:7f:a3:ce:ee:db:53:c9:22:40:50:08:
                    4c:62:97:29:47:f3:b6:7e:3c:9a:39:d9:17:5a:59:
                    ce:73:6b:57:45:54:97:89:9f:0f:6f:65:9c:69:ef:
                    fe:ec:be:97:d2:5f:5a:57:3d:db:64:63:a3:04:f7:
                    78:f0:dd:90:27:9c:fa:d2:91:02:b7:1d:58:f0:2c:
                    26:92:3d:79:de:8f:11:ce:5e:cf:22:d9:cf:10:44:
                    e8:0c:e3:1f:ad:80:d9:db:7b:79:12:97:4f:05:4c:
                    a6:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:44:69:16:33:E9:DC:3F:FD:10:E7:A4:30:C6:F1:35:31:99:8B:AA
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/RkRpFjPp3D_9EOekMMbxNTGZi6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.47.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:cc:06:33:39:1f:5e:f1:72:5b:3e:ee:e4:d2:d1:29:88:73:
         16:18:5b:13:5c:80:16:d3:48:19:0e:5e:ca:83:2a:2d:6b:82:
         80:b8:ee:93:62:4c:ad:f7:3a:c7:13:48:34:9d:1a:cb:fe:04:
         75:d1:ec:04:c1:44:53:d9:09:92:cd:33:a7:4c:2c:db:d0:c8:
         d8:e7:77:99:71:3f:b8:95:4e:a5:a0:ea:e2:bb:0a:c2:b1:76:
         78:79:17:cf:98:30:ad:81:68:ac:af:8c:6c:56:9d:d9:17:dd:
         18:4d:a9:af:1f:b7:7a:75:99:b1:49:64:be:09:7a:8a:46:91:
         79:18:20:66:d0:31:79:81:08:b4:77:36:89:9a:ad:fa:b1:a6:
         f3:43:59:13:4c:41:6c:1b:18:35:4b:30:e8:ae:66:9b:52:86:
         56:5f:fc:d0:f0:51:ec:6a:b8:e2:25:54:84:f2:ff:fc:11:d4:
         cd:15:ca:eb:f1:51:65:36:50:b7:39:d3:47:2f:87:dc:6f:0a:
         a9:45:18:3f:ec:28:5e:92:bb:37:7d:99:78:0d:cb:92:22:d8:
         9b:2f:86:7b:c4:08:56:3d:f2:96:aa:8b:31:13:00:91:e9:45:
         bf:a7:e0:24:09:e3:67:e1:81:b2:0f:9d:6b:94:f6:7a:3e:18:
         e0:af:c5:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj7FWBX4SatY02j3e/fEfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjQ0NjkxNjMzZTlkYzNmZmQxMGU3YTQzMGM2ZjEzNTMxOTk4YmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzDWgBwE3Cdx4LcOqiqY0MmHAFkbx
hq767q2CNBIeriqtbQyHg0q32DZ77V+GDTUDls6OuOYbizbsmyup7TAP6JjLszV0
e2EYJ9oGgZhMBgDPeXJsQP9CXIsL81omJ8SMeXT+i1ac2iEGCJkdISp/hLKercag
GFWAUwvDOSidoiVgw8nQMIqy3Z8/pCDqmYLwBjZZLqPZsk2ef6PO7ttTySJAUAhM
YpcpR/O2fjyaOdkXWlnOc2tXRVSXiZ8Pb2Wcae/+7L6X0l9aVz3bZGOjBPd48N2Q
J5z60pECtx1Y8Cwmkj153o8Rzl7PItnPEEToDOMfrYDZ23t5EpdPBUymGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEZEaRYz6dw//RDnpDDG8TUxmYuqMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvUmtScEZqUHAzRF85RU9la01NYnhOVEdaaTZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXy/9MA0G
CSqGSIb3DQEBCwUAA4IBAQAAzAYzOR9e8XJbPu7k0tEpiHMWGFsTXIAW00gZDl7K
gyota4KAuO6TYkyt9zrHE0g0nRrL/gR10ewEwURT2QmSzTOnTCzb0MjY53eZcT+4
lU6loOriuwrCsXZ4eRfPmDCtgWisr4xsVp3ZF90YTamvH7d6dZmxSWS+CXqKRpF5
GCBm0DF5gQi0dzaJmq36sabzQ1kTTEFsGxg1SzDormabUoZWX/zQ8FHsarjiJVSE
8v/8EdTNFcrr8VFlNlC3OdNHL4fcbwqpRRg/7Chekrs3fZl4DcuSItibL4Z7xAhW
PfKWqosxEwCR6UW/p+AkCeNn4YGyD51rlPZ6Phjgr8XA
-----END CERTIFICATE-----