Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/WG0sCsA7snymxJM5MCcL_riTcd4.roa
File:                     WG0sCsA7snymxJM5MCcL_riTcd4.roa (raw, json)
Hash identifier:          J8xP482JQvuGQu7JAaiuhISP6DNzy9sNQKvd9enpcNE=
Subject key identifier:   58:6D:2C:0A:C0:3B:B2:7C:A6:C4:93:39:30:27:0B:FE:B8:93:71:DE
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0195ED09B1E94851C34600AC90DDA0B3BCB5
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/WG0sCsA7snymxJM5MCcL_riTcd4.roa
Signing time:             Mon 31 Mar 2025 16:29:50 +0000
ROA not before:           Mon 31 Mar 2025 16:29:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42146
IP address blocks:        95.46.76.0/24 maxlen: 24
                          2a02:128:40c0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ed:09:b1:e9:48:51:c3:46:00:ac:90:dd:a0:b3:bc:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Mar 31 16:29:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=586d2c0ac03bb27ca6c4933930270bfeb89371de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:0a:cc:ea:07:43:84:66:5e:77:09:de:16:9e:
                    cf:e2:8f:7c:2a:e9:56:5e:30:21:10:0b:13:ec:96:
                    4e:2e:11:83:bd:f4:52:18:28:db:3d:95:d5:64:67:
                    2e:76:f6:c7:bc:28:d5:44:7e:89:16:af:b1:ca:b2:
                    e9:d7:23:9e:cb:ff:df:d6:3e:50:7c:94:fb:0f:0c:
                    cc:bc:09:60:5c:75:57:04:e7:b5:9c:4b:28:d5:fd:
                    40:da:a4:67:37:ff:c1:cd:15:9f:39:47:19:7d:e6:
                    ed:e8:45:b4:d2:40:a2:16:67:f9:49:cf:19:c7:55:
                    5f:d7:e4:12:87:aa:ad:09:ab:9a:5f:22:72:38:1a:
                    01:f8:1c:6a:2d:6c:f7:ed:89:11:4e:67:9c:c7:98:
                    13:f3:80:3a:66:01:a6:4e:14:30:08:9d:df:5f:36:
                    e4:67:17:03:75:05:91:94:d1:02:ec:88:3d:f2:99:
                    22:26:8b:3b:67:a8:55:d0:ed:cc:27:e0:2c:31:03:
                    8e:f4:0c:76:94:78:6d:a0:bc:29:c6:e3:50:86:d1:
                    1f:2b:23:14:84:da:43:14:aa:c7:23:9b:6f:a0:1a:
                    4f:35:e4:18:ff:c4:c3:f2:e9:2b:a2:eb:02:1b:9e:
                    5b:ef:b9:08:62:83:7a:93:0a:99:03:06:31:f6:dc:
                    f5:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:6D:2C:0A:C0:3B:B2:7C:A6:C4:93:39:30:27:0B:FE:B8:93:71:DE
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/WG0sCsA7snymxJM5MCcL_riTcd4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.46.76.0/24
                IPv6:
                  2a02:128:40c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         0b:83:83:ab:fc:89:eb:40:ff:48:23:da:79:d0:d5:26:c7:47:
         ec:38:68:2f:47:82:6d:e8:11:f6:e1:0c:70:31:a2:6f:13:cf:
         4f:cb:d3:a4:cc:6f:01:56:f6:53:3e:72:d4:e6:07:be:44:9e:
         b9:6c:c6:b3:64:ee:5d:40:b4:82:26:87:d1:da:23:fa:b0:7b:
         bf:a1:dd:ec:79:90:91:ff:cf:bd:4c:f3:28:83:a9:dc:ab:17:
         7d:0b:a4:c9:0c:54:b2:a0:7c:8e:2b:29:96:32:5a:7b:6e:66:
         54:ea:0e:92:10:39:43:fe:47:d4:af:38:7e:2d:57:9b:dd:97:
         62:30:8d:c8:6f:cd:05:a9:5e:58:d4:a4:11:2e:87:9f:28:5a:
         d5:96:8c:aa:68:eb:08:d8:e2:ae:83:44:1d:57:22:c6:42:14:
         27:05:1e:a1:28:f6:cc:f9:c3:6a:a9:05:c4:51:7a:1a:6d:2b:
         3e:94:d1:1c:42:79:bd:45:ae:c0:76:26:61:e2:8a:1a:e3:c7:
         20:27:b0:9d:42:7a:c5:ce:e4:11:cb:06:bb:be:e4:06:3a:8c:
         68:28:15:fa:77:ce:07:0e:86:76:cc:c1:47:8c:52:c9:bd:f0:
         24:59:6e:cc:47:77:98:4d:25:e5:8b:34:27:04:95:a4:0f:38:
         ab:18:99:5c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZXtCbHpSFHDRgCskN2gs7y1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMzMxMTYyOTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODZkMmMwYWMwM2JiMjdjYTZjNDkzMzkzMDI3MGJmZWI4OTM3MWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjArM6gdDhGZedwneFp7P4o98KulW
XjAhEAsT7JZOLhGDvfRSGCjbPZXVZGcudvbHvCjVRH6JFq+xyrLp1yOey//f1j5Q
fJT7DwzMvAlgXHVXBOe1nEso1f1A2qRnN//BzRWfOUcZfebt6EW00kCiFmf5Sc8Z
x1Vf1+QSh6qtCauaXyJyOBoB+BxqLWz37YkRTmecx5gT84A6ZgGmThQwCJ3fXzbk
ZxcDdQWRlNEC7Ig98pkiJos7Z6hV0O3MJ+AsMQOO9Ax2lHhtoLwpxuNQhtEfKyMU
hNpDFKrHI5tvoBpPNeQY/8TD8ukrousCG55b77kIYoN6kwqZAwYx9tz1CwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFhtLArAO7J8psSTOTAnC/64k3HeMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvV0cwc0NzQTdzbnlteEpNNU1DY0xfcmlUY2Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAXy5MMA8E
AgACMAkDBwQqAgEoQMAwDQYJKoZIhvcNAQELBQADggEBAAuDg6v8ietA/0gj2nnQ
1SbHR+w4aC9Hgm3oEfbhDHAxom8Tz0/L06TMbwFW9lM+ctTmB75EnrlsxrNk7l1A
tIImh9HaI/qwe7+h3ex5kJH/z71M8yiDqdyrF30LpMkMVLKgfI4rKZYyWntuZlTq
DpIQOUP+R9SvOH4tV5vdl2IwjchvzQWpXljUpBEuh58oWtWWjKpo6wjY4q6DRB1X
IsZCFCcFHqEo9sz5w2qpBcRRehptKz6U0RxCeb1FrsB2JmHiihrjxyAnsJ1CesXO
5BHLBru+5AY6jGgoFfp3zgcOhnbMwUeMUsm98CRZbsxHd5hNJeWLNCcElaQPOKsY
mVw=
-----END CERTIFICATE-----