Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/RmrX_61CNHIe-F4wgAwhS96KVS8.roa
File:                     RmrX_61CNHIe-F4wgAwhS96KVS8.roa (raw, json)
Hash identifier:          ak/tv5frrGCJH2F85+PQxvcRlvXrlA/2IauYE6sSRt4=
Subject key identifier:   46:6A:D7:FF:AD:42:34:72:1E:F8:5E:30:80:0C:21:4B:DE:8A:55:2F
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A571904479BCCF0C9D6514364D130
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/RmrX_61CNHIe-F4wgAwhS96KVS8.roa
Signing time:             Tue 02 Jan 2024 12:33:41 +0000
ROA not before:           Tue 02 Jan 2024 12:33:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212392
IP address blocks:        93.171.248.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:57:19:04:47:9b:cc:f0:c9:d6:51:43:64:d1:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=466ad7ffad4234721ef85e30800c214bde8a552f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:bf:66:b4:41:67:97:35:50:90:9e:13:c2:83:
                    96:a2:72:ed:64:75:47:5c:1e:ee:a8:dd:0d:cc:84:
                    d3:56:e5:bc:1e:ff:39:4a:5f:33:a4:10:fd:81:93:
                    6d:f5:9b:37:ee:32:46:f7:e1:4e:9c:e0:b5:db:b3:
                    3b:d4:8e:0a:93:bb:53:70:91:40:42:a8:5a:50:10:
                    56:68:fc:85:81:2c:16:7f:26:f2:ea:21:92:9c:48:
                    8d:12:06:a1:c9:42:80:35:7e:25:cb:74:e0:57:8b:
                    0b:6a:50:9d:81:7f:d9:3f:5a:05:e3:32:6e:a5:ef:
                    83:56:86:f9:e2:5e:4e:b8:31:04:8d:d9:94:73:4d:
                    9d:97:58:9f:41:70:57:d0:66:d8:b4:b0:12:af:2d:
                    74:ff:44:68:2d:c4:2d:16:7c:18:77:f1:49:2c:5a:
                    f7:32:3f:20:0b:27:fd:64:30:5f:e0:74:48:60:a5:
                    91:50:2e:96:f7:21:b3:ac:eb:bb:e2:31:f8:b0:d0:
                    c4:ba:69:13:47:d8:c0:d4:60:55:fe:76:12:ca:83:
                    f6:17:e1:ca:3e:2c:99:51:2a:cc:f7:2a:0a:9a:94:
                    89:fc:46:70:78:5a:0c:64:62:af:0e:86:cc:63:14:
                    b0:7a:0b:de:59:06:c2:87:2d:4c:06:d5:41:36:dd:
                    9d:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:6A:D7:FF:AD:42:34:72:1E:F8:5E:30:80:0C:21:4B:DE:8A:55:2F
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/RmrX_61CNHIe-F4wgAwhS96KVS8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.171.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         46:74:e5:6d:36:90:ab:f7:df:78:31:fa:e7:de:8a:4f:49:67:
         84:7d:d3:6e:33:5c:6f:8b:fd:56:a7:43:52:e9:02:7c:ca:1b:
         73:8d:e9:b8:78:a0:9f:45:0d:b5:5f:d8:1c:a3:49:8d:78:87:
         9d:7b:b1:51:3e:db:bc:40:a1:aa:35:48:5b:ef:c3:77:e3:ee:
         c6:b5:e3:d5:2c:df:d7:cd:8e:37:87:88:2f:ed:fd:2e:9e:7a:
         b2:0d:70:7c:a5:b6:45:00:4a:e7:f1:fa:0f:73:4c:69:db:16:
         52:a2:3f:c2:38:f5:8c:e4:fb:79:0a:c4:5c:fe:cb:66:de:84:
         92:77:01:1c:75:5f:1a:c8:23:ca:50:81:3c:71:ac:5a:0d:bb:
         b0:56:0d:1f:3b:aa:56:78:a7:73:74:3f:0e:76:e3:fd:20:61:
         dc:09:c1:55:14:ef:cf:95:5c:b7:43:39:75:71:19:b7:50:20:
         30:12:20:ee:86:15:fe:35:0d:59:76:fb:6f:27:27:88:3f:3b:
         14:98:06:a3:d2:4a:04:dd:73:98:d3:28:76:6e:cc:68:64:e0:
         79:a8:ad:00:cb:ea:82:3c:8e:e8:45:46:7c:6a:55:ba:08:29:
         97:5d:e0:75:e8:c5:17:ec:64:1e:5a:f4:6e:fd:a4:1c:7a:f7:
         42:40:c6:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKlcZBEebzPDJ1lFDZNEwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjZhZDdmZmFkNDIzNDcyMWVmODVlMzA4MDBjMjE0YmRlOGE1NTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5r9mtEFnlzVQkJ4TwoOWonLtZHVH
XB7uqN0NzITTVuW8Hv85Sl8zpBD9gZNt9Zs37jJG9+FOnOC127M71I4Kk7tTcJFA
QqhaUBBWaPyFgSwWfyby6iGSnEiNEgahyUKANX4ly3TgV4sLalCdgX/ZP1oF4zJu
pe+DVob54l5OuDEEjdmUc02dl1ifQXBX0GbYtLASry10/0RoLcQtFnwYd/FJLFr3
Mj8gCyf9ZDBf4HRIYKWRUC6W9yGzrOu74jH4sNDEumkTR9jA1GBV/nYSyoP2F+HK
PiyZUSrM9yoKmpSJ/EZweFoMZGKvDobMYxSwegveWQbChy1MBtVBNt2dAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEZq1/+tQjRyHvheMIAMIUveilUvMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvUm1yWF82MUNOSEllLUY0d2dBd2hTOTZLVlM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXav4MA0G
CSqGSIb3DQEBCwUAA4IBAQBGdOVtNpCr9994Mfrn3opPSWeEfdNuM1xvi/1Wp0NS
6QJ8yhtzjem4eKCfRQ21X9gco0mNeIede7FRPtu8QKGqNUhb78N34+7GtePVLN/X
zY43h4gv7f0unnqyDXB8pbZFAErn8foPc0xp2xZSoj/COPWM5Pt5CsRc/stm3oSS
dwEcdV8ayCPKUIE8caxaDbuwVg0fO6pWeKdzdD8OduP9IGHcCcFVFO/PlVy3Qzl1
cRm3UCAwEiDuhhX+NQ1ZdvtvJyeIPzsUmAaj0koE3XOY0yh2bsxoZOB5qK0Ay+qC
PI7oRUZ8alW6CCmXXeB16MUX7GQeWvRu/aQcevdCQMbm
-----END CERTIFICATE-----