Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/VD8QlA4r7rUPqK3cSkjn3PY1GxY.roa
File:                     VD8QlA4r7rUPqK3cSkjn3PY1GxY.roa (raw, json)
Hash identifier:          X6gR6Qs30Wrm1SBfXEGwViEVGlHrKF58ax+8z+hAbfU=
Subject key identifier:   54:3F:10:94:0E:2B:EE:B5:0F:A8:AD:DC:4A:48:E7:DC:F6:35:1B:16
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0194258FCDE9267CD73A65226AC153ABB141
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/VD8QlA4r7rUPqK3cSkjn3PY1GxY.roa
Signing time:             Thu 02 Jan 2025 05:49:28 +0000
ROA not before:           Thu 02 Jan 2025 05:49:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59826
IP address blocks:        93.171.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:cd:e9:26:7c:d7:3a:65:22:6a:c1:53:ab:b1:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=543f10940e2beeb50fa8addc4a48e7dcf6351b16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:25:37:0d:4e:2a:18:b8:b3:3d:90:77:5e:6b:
                    e1:2e:14:80:25:e1:18:94:3f:21:bb:e8:70:be:6e:
                    53:8c:1a:c6:18:17:3c:8a:f7:9c:7f:68:1b:95:73:
                    71:a3:8a:d6:62:2a:26:71:2e:60:71:b0:db:15:ae:
                    6c:c2:c8:84:36:19:c7:63:53:bc:9b:c3:96:94:90:
                    5d:37:7c:77:3a:77:00:7e:6a:87:95:4f:c3:5b:86:
                    39:1e:b6:8e:41:49:de:9a:bb:b0:4d:98:1f:c4:a5:
                    55:ca:a6:9e:fb:41:cd:0e:f3:7a:49:85:e3:47:e2:
                    5f:b6:46:ce:9f:99:13:00:18:af:65:70:4c:8a:5e:
                    11:9e:aa:7f:01:c9:b7:a5:00:81:e5:72:56:0f:e0:
                    c9:3c:9b:49:6e:da:f3:4a:4c:79:21:c3:73:cf:c2:
                    2f:13:f7:e0:7a:a9:0a:9a:0c:0f:62:7b:4b:2a:89:
                    85:8d:a6:5f:bf:d1:29:37:57:3f:9c:e9:21:df:d8:
                    66:a4:d4:97:42:85:42:57:b3:06:1b:7b:96:0d:18:
                    03:21:90:9b:ab:07:4e:58:ce:97:39:b6:2f:e5:5c:
                    02:17:04:db:a9:1a:1c:1a:47:8f:8c:2b:8c:99:2f:
                    9e:73:d1:54:64:03:52:be:92:d5:52:cb:ff:0a:48:
                    8c:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:3F:10:94:0E:2B:EE:B5:0F:A8:AD:DC:4A:48:E7:DC:F6:35:1B:16
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/VD8QlA4r7rUPqK3cSkjn3PY1GxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.171.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:8e:92:27:0f:23:5d:1e:86:d0:fe:7f:2d:b3:59:98:1b:1c:
         f3:85:0f:b7:7d:cd:4b:ae:b1:42:a8:e1:b8:a7:0e:31:dc:42:
         4e:84:d2:02:cc:41:2d:be:e7:f8:45:3f:b2:27:f2:d2:f0:1c:
         9c:46:95:dd:e6:46:da:b6:f5:f0:40:f4:31:3c:79:5b:ee:68:
         d8:6b:fa:c9:38:d3:25:2b:e1:0f:28:a7:fc:6c:57:73:b3:42:
         fa:f4:85:c7:7e:42:72:58:b9:5b:d2:f3:0e:25:ba:49:c8:31:
         29:a8:17:28:87:a5:d5:0c:99:69:98:44:46:0b:77:48:b6:63:
         1e:aa:82:c7:3d:52:e9:2b:f7:3f:f8:bb:0e:7b:e3:68:42:4d:
         45:a6:72:f4:2b:42:dd:1f:39:9d:de:e4:7b:e0:1d:e2:96:cd:
         ba:83:aa:2e:5b:f6:e3:ef:5c:c9:1c:f2:c2:1a:1b:ed:e8:69:
         1a:22:9f:c5:b1:af:8b:3a:4b:42:eb:2f:26:c7:8e:c5:8a:29:
         9f:a1:a0:23:4b:ef:cb:b7:ae:88:8a:7a:cc:66:b4:f3:51:c7:
         ba:9b:68:b9:ff:05:50:3e:da:bd:0f:d4:ff:08:34:b1:da:a9:
         8a:ce:63:d6:8c:af:77:ee:51:ed:5c:4a:f0:65:44:9f:6b:26:
         e2:21:e5:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj83pJnzXOmUiasFTq7FBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDNmMTA5NDBlMmJlZWI1MGZhOGFkZGM0YTQ4ZTdkY2Y2MzUxYjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuyU3DU4qGLizPZB3XmvhLhSAJeEY
lD8hu+hwvm5TjBrGGBc8ivecf2gblXNxo4rWYiomcS5gcbDbFa5swsiENhnHY1O8
m8OWlJBdN3x3OncAfmqHlU/DW4Y5HraOQUnemruwTZgfxKVVyqae+0HNDvN6SYXj
R+JftkbOn5kTABivZXBMil4Rnqp/Acm3pQCB5XJWD+DJPJtJbtrzSkx5IcNzz8Iv
E/fgeqkKmgwPYntLKomFjaZfv9EpN1c/nOkh39hmpNSXQoVCV7MGG3uWDRgDIZCb
qwdOWM6XObYv5VwCFwTbqRocGkePjCuMmS+ec9FUZANSvpLVUsv/CkiMcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFQ/EJQOK+61D6it3EpI59z2NRsWMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvVkQ4UWxBNHI3clVQcUszY1Nram4zUFkxR3hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXausMA0G
CSqGSIb3DQEBCwUAA4IBAQA/jpInDyNdHobQ/n8ts1mYGxzzhQ+3fc1LrrFCqOG4
pw4x3EJOhNICzEEtvuf4RT+yJ/LS8BycRpXd5kbatvXwQPQxPHlb7mjYa/rJONMl
K+EPKKf8bFdzs0L69IXHfkJyWLlb0vMOJbpJyDEpqBcoh6XVDJlpmERGC3dItmMe
qoLHPVLpK/c/+LsOe+NoQk1FpnL0K0LdHzmd3uR74B3ils26g6ouW/bj71zJHPLC
Ghvt6GkaIp/Fsa+LOktC6y8mx47FiimfoaAjS+/Lt66IinrMZrTzUce6m2i5/wVQ
Ptq9D9T/CDSx2qmKzmPWjK937lHtXErwZUSfaybiIeXd
-----END CERTIFICATE-----