Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/WPtzB6lXG1xdLUu9Fd1jHkeV0ws.roa
File:                     WPtzB6lXG1xdLUu9Fd1jHkeV0ws.roa (raw, json)
Hash identifier:          GFCpRAurb2WL/CbzZkChAwL0ZuXWmZVKlfhp21rKVHQ=
Subject key identifier:   58:FB:73:07:A9:57:1B:5C:5D:2D:4B:BD:15:DD:63:1E:47:95:D3:0B
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A007EB0A84323A6E6C42E4732D94F
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/WPtzB6lXG1xdLUu9Fd1jHkeV0ws.roa
Signing time:             Tue 02 Jan 2024 12:33:19 +0000
ROA not before:           Tue 02 Jan 2024 12:33:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48949
IP address blocks:        93.171.181.0/24 maxlen: 24
                          95.47.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:00:7e:b0:a8:43:23:a6:e6:c4:2e:47:32:d9:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58fb7307a9571b5c5d2d4bbd15dd631e4795d30b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:52:a5:72:e5:39:b2:d4:8a:e5:37:54:fb:12:
                    08:b2:d2:95:53:b6:85:99:d7:cf:66:90:56:db:f6:
                    fa:d4:74:75:3a:2b:fe:3d:39:f4:f2:36:94:d0:07:
                    a9:51:29:a1:a0:2f:23:9f:7c:52:5b:c3:50:8a:c4:
                    76:2d:8e:45:68:c7:76:c4:6f:2b:37:ed:b2:e8:bd:
                    b3:e7:75:b4:10:3e:a6:47:ad:b5:c3:87:54:2f:74:
                    bc:df:2a:1e:44:53:dd:50:28:5b:a8:bf:ce:91:4e:
                    7b:a1:6d:04:27:45:4e:76:f7:b3:34:46:bd:11:89:
                    8b:5f:85:43:ab:99:c7:5e:f8:2e:c7:14:04:7d:54:
                    c9:9f:45:5b:9e:d0:90:18:6c:dc:cc:98:30:b0:cc:
                    48:e4:2c:7b:ac:a6:1c:82:73:cb:f6:19:c1:e2:6d:
                    83:1e:0c:07:45:b5:59:96:73:72:3d:21:06:81:30:
                    05:b8:18:5d:d4:f7:32:19:c3:3a:89:90:41:f5:45:
                    54:a6:c4:57:fb:c1:c1:f3:ed:c7:2d:6a:92:88:80:
                    04:5d:d1:8b:5c:05:ea:76:45:a7:3a:3a:7c:c2:fb:
                    2b:3a:65:b1:c1:cd:97:a5:03:61:85:9c:de:bc:98:
                    d7:8b:80:f7:b8:8b:42:b6:f9:08:e2:2d:b9:0a:2e:
                    ec:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:FB:73:07:A9:57:1B:5C:5D:2D:4B:BD:15:DD:63:1E:47:95:D3:0B
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/WPtzB6lXG1xdLUu9Fd1jHkeV0ws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.171.181.0/24
                  95.47.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:82:42:e4:35:0d:c1:74:15:c1:10:29:1e:2c:8f:aa:c6:89:
         3c:09:cc:d6:de:26:07:14:be:88:7c:0d:fa:f0:61:32:49:9a:
         bb:1b:95:7e:f2:f4:e8:07:b0:d5:c8:a1:a6:2c:41:e6:ae:71:
         a5:c3:01:86:79:a2:b7:98:f9:dd:b1:f3:9c:64:83:72:36:ba:
         73:56:29:90:71:df:e7:3c:ed:b8:fd:3d:f0:3e:f4:b2:36:54:
         07:9f:70:d9:35:76:be:02:9f:bc:86:21:e2:07:77:b2:83:39:
         a2:18:8b:88:e2:8f:3b:51:73:4f:ad:a3:5d:15:0f:ad:7e:7f:
         9f:d3:18:63:90:0d:a7:16:95:01:10:ac:32:f9:e8:d6:5f:db:
         be:54:b5:d4:d3:2c:13:e1:b5:20:44:b6:ce:ce:51:7e:26:3d:
         f9:8b:1f:ca:9e:44:bc:1d:86:2a:bd:46:f0:5f:24:60:80:01:
         62:9c:11:56:2a:21:95:27:59:a4:8c:d3:8a:10:a1:77:cc:74:
         46:78:94:67:cd:fe:18:5f:4a:e1:90:b1:88:78:e2:a5:53:67:
         40:06:f8:f7:20:53:45:6a:c3:56:ba:cf:82:7a:3b:f5:7a:5d:
         15:cf:fd:b9:26:e3:32:ea:ab:df:bc:dd:6e:39:94:1f:b4:42:
         80:70:b6:41
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKgB+sKhDI6bmxC5HMtlPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGZiNzMwN2E5NTcxYjVjNWQyZDRiYmQxNWRkNjMxZTQ3OTVkMzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi1KlcuU5stSK5TdU+xIIstKVU7aF
mdfPZpBW2/b61HR1Oiv+PTn08jaU0AepUSmhoC8jn3xSW8NQisR2LY5FaMd2xG8r
N+2y6L2z53W0ED6mR621w4dUL3S83yoeRFPdUChbqL/OkU57oW0EJ0VOdvezNEa9
EYmLX4VDq5nHXvguxxQEfVTJn0VbntCQGGzczJgwsMxI5Cx7rKYcgnPL9hnB4m2D
HgwHRbVZlnNyPSEGgTAFuBhd1PcyGcM6iZBB9UVUpsRX+8HB8+3HLWqSiIAEXdGL
XAXqdkWnOjp8wvsrOmWxwc2XpQNhhZzevJjXi4D3uItCtvkI4i25Ci7siQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFj7cwepVxtcXS1LvRXdYx5HldMLMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvV1B0ekI2bFhHMXhkTFV1OUZkMWpIa2VWMHdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXau1AwQA
Xy+wMA0GCSqGSIb3DQEBCwUAA4IBAQCQgkLkNQ3BdBXBECkeLI+qxok8CczW3iYH
FL6IfA368GEySZq7G5V+8vToB7DVyKGmLEHmrnGlwwGGeaK3mPndsfOcZINyNrpz
VimQcd/nPO24/T3wPvSyNlQHn3DZNXa+Ap+8hiHiB3eygzmiGIuI4o87UXNPraNd
FQ+tfn+f0xhjkA2nFpUBEKwy+ejWX9u+VLXU0ywT4bUgRLbOzlF+Jj35ix/KnkS8
HYYqvUbwXyRggAFinBFWKiGVJ1mkjNOKEKF3zHRGeJRnzf4YX0rhkLGIeOKlU2dA
Bvj3IFNFasNWus+Cejv1el0Vz/25JuMy6qvfvN1uOZQftEKAcLZB
-----END CERTIFICATE-----