Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/S1XZGGNmbImtc2Dj5tQtSpTg6OM.roa
File:                     S1XZGGNmbImtc2Dj5tQtSpTg6OM.roa (raw, json)
Hash identifier:          IwovtLCpslJikueK/eT/sUG3hcY7UR7/I2Vz7S/rR90=
Subject key identifier:   4B:55:D9:18:63:66:6C:89:AD:73:60:E3:E6:D4:2D:4A:94:E0:E8:E3
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0194258FB9A0D685003884386C9AFE473824
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/S1XZGGNmbImtc2Dj5tQtSpTg6OM.roa
Signing time:             Thu 02 Jan 2025 05:49:23 +0000
ROA not before:           Thu 02 Jan 2025 05:49:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50765
IP address blocks:        95.47.62.0/24 maxlen: 24
                          2a02:128:6::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 02:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:b9:a0:d6:85:00:38:84:38:6c:9a:fe:47:38:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b55d91863666c89ad7360e3e6d42d4a94e0e8e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:69:06:fd:fc:10:22:25:51:57:a9:6d:f3:4c:
                    19:61:36:d5:53:a1:90:e8:77:52:41:57:b9:0a:e7:
                    1c:f3:6d:68:c0:c8:f4:1e:11:dd:60:64:dc:18:ff:
                    6d:65:c3:39:2d:10:5d:0f:1a:77:00:ca:fa:5f:c4:
                    a6:2c:43:e1:10:2d:49:eb:22:84:b2:81:8c:0b:5a:
                    f0:53:98:f7:2a:ed:9c:9a:42:00:9d:d2:ad:35:a8:
                    27:99:6d:8a:58:eb:53:57:df:c6:e0:d0:7d:9c:b4:
                    2a:60:e9:d3:50:d8:20:07:bd:16:8b:8a:6c:86:11:
                    0c:28:87:a6:5c:a8:8d:a1:08:a8:cd:d2:22:cb:20:
                    07:db:b2:14:04:99:95:63:37:ae:b0:93:c6:d1:5a:
                    f5:91:b8:8d:c4:42:1c:c2:cc:f3:7e:ac:43:fb:d5:
                    5b:3d:eb:9b:60:93:a0:dc:a3:08:29:c3:53:98:53:
                    ef:6f:e1:e4:91:29:57:3b:a7:5f:0f:99:ab:f6:c7:
                    a8:72:72:45:fc:ca:2f:26:31:54:d0:62:6e:5d:37:
                    74:b5:9f:01:ef:fe:55:76:db:f7:39:60:a7:80:bd:
                    d8:3a:73:9c:e8:0a:86:35:38:6b:4c:66:a4:29:48:
                    e5:13:8b:bb:04:60:37:77:06:2d:6a:a6:20:33:ee:
                    af:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:55:D9:18:63:66:6C:89:AD:73:60:E3:E6:D4:2D:4A:94:E0:E8:E3
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/S1XZGGNmbImtc2Dj5tQtSpTg6OM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.47.62.0/24
                IPv6:
                  2a02:128:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         80:82:d9:5c:07:55:6e:dd:7f:7a:7e:97:21:24:fe:78:99:87:
         ce:b7:7a:a6:3c:dd:92:fd:61:a9:de:ea:ad:47:5c:2c:7a:a4:
         95:d4:87:17:34:31:c6:3a:0e:04:c4:17:74:0e:c5:64:a4:6f:
         ee:65:18:24:0f:31:94:d0:5d:2e:68:40:48:18:67:e8:45:2c:
         45:e9:bb:88:62:92:b2:05:80:1a:95:cf:77:56:c8:dc:b8:a0:
         00:d2:e6:c5:10:7a:9f:34:38:e4:ec:75:ba:e8:f9:55:21:24:
         64:31:78:6e:61:fa:f6:85:a9:0f:d1:9a:23:ab:93:a2:a6:f3:
         24:4b:9f:ad:af:ed:ed:9e:3f:ad:e3:5e:79:66:ce:6e:b9:a9:
         65:b1:eb:c2:d0:97:dc:03:95:37:be:b0:b3:88:99:1a:3a:44:
         55:4d:53:19:05:44:e7:c1:7d:9f:ec:17:91:64:71:78:e7:c8:
         ad:26:f1:02:d9:f7:76:56:06:13:81:f2:3f:39:48:af:d0:a6:
         db:a1:b6:a9:4f:d4:96:f0:f3:a4:52:11:0d:d5:74:0a:cf:68:
         20:37:66:6a:d6:c2:ab:b5:e7:3b:93:52:5b:36:d7:86:11:2a:
         ea:08:9b:7a:2e:c4:27:49:2b:66:ab:fe:03:a7:4e:85:a3:5e:
         dd:af:b8:c1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQlj7mg1oUAOIQ4bJr+RzgkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjU1ZDkxODYzNjY2Yzg5YWQ3MzYwZTNlNmQ0MmQ0YTk0ZTBlOGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1mkG/fwQIiVRV6lt80wZYTbVU6GQ
6HdSQVe5Cucc821owMj0HhHdYGTcGP9tZcM5LRBdDxp3AMr6X8SmLEPhEC1J6yKE
soGMC1rwU5j3Ku2cmkIAndKtNagnmW2KWOtTV9/G4NB9nLQqYOnTUNggB70Wi4ps
hhEMKIemXKiNoQiozdIiyyAH27IUBJmVYzeusJPG0Vr1kbiNxEIcwszzfqxD+9Vb
PeubYJOg3KMIKcNTmFPvb+HkkSlXO6dfD5mr9seocnJF/MovJjFU0GJuXTd0tZ8B
7/5Vdtv3OWCngL3YOnOc6AqGNThrTGakKUjlE4u7BGA3dwYtaqYgM+6vUQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEtV2RhjZmyJrXNg4+bULUqU4OjjMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvUzFYWkdHTm1iSW10YzJEajV0UXRTcFRnNk9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAXy8+MA8E
AgACMAkDBwAqAgEoAAYwDQYJKoZIhvcNAQELBQADggEBAICC2VwHVW7df3p+lyEk
/niZh863eqY83ZL9Yane6q1HXCx6pJXUhxc0McY6DgTEF3QOxWSkb+5lGCQPMZTQ
XS5oQEgYZ+hFLEXpu4hikrIFgBqVz3dWyNy4oADS5sUQep80OOTsdbro+VUhJGQx
eG5h+vaFqQ/RmiOrk6Km8yRLn62v7e2eP63jXnlmzm65qWWx68LQl9wDlTe+sLOI
mRo6RFVNUxkFROfBfZ/sF5FkcXjnyK0m8QLZ93ZWBhOB8j85SK/QptuhtqlP1Jbw
86RSEQ3VdArPaCA3ZmrWwqu15zuTUls214YRKuoIm3ouxCdJK2ar/gOnToWjXt2v
uME=
-----END CERTIFICATE-----