Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/XUuZf-5crd2jp6eetwZ2sobRK5E.roa
File:                     XUuZf-5crd2jp6eetwZ2sobRK5E.roa (raw, json)
Hash identifier:          +APrHmEtNw6IiXgCaHBP5lPVJtXXwSt8idbhuZizyEo=
Subject key identifier:   5D:4B:99:7F:EE:5C:AD:DD:A3:A7:A7:9E:B7:06:76:B2:86:D1:2B:91
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A43250B0B21F04DB2180CB1B85D5D
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/XUuZf-5crd2jp6eetwZ2sobRK5E.roa
Signing time:             Tue 02 Jan 2024 12:33:36 +0000
ROA not before:           Tue 02 Jan 2024 12:33:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204875
IP address blocks:        146.120.248.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 12:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:43:25:0b:0b:21:f0:4d:b2:18:0c:b1:b8:5d:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d4b997fee5caddda3a7a79eb70676b286d12b91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:fc:16:e1:08:6f:49:79:8b:a2:eb:a3:05:0b:
                    96:6c:39:40:4e:98:7a:9a:58:47:73:48:13:5e:00:
                    84:dc:e6:71:a1:62:43:af:1e:e8:47:ec:2b:f5:8a:
                    ed:46:f4:e2:4f:2b:49:ed:c7:2c:f8:5a:85:c9:88:
                    c7:2a:f3:e4:e6:63:e6:8b:30:67:3e:49:c0:82:dd:
                    20:87:75:1d:16:93:8e:ef:3d:4d:7d:78:29:66:f0:
                    9b:ca:71:c4:7b:56:c2:79:3d:f7:f4:ef:a2:b4:c4:
                    d4:f7:20:30:88:c5:fd:40:e9:f1:ca:30:aa:f8:1a:
                    5e:7c:e1:8f:b3:ed:25:e8:7d:07:f3:25:46:76:57:
                    8e:cf:60:89:02:f3:75:5e:60:c4:b4:f8:8d:24:cb:
                    e0:3c:9e:c8:67:fc:29:79:5a:c0:91:2e:81:c5:4a:
                    1d:90:04:6f:df:d9:4a:1e:48:00:b9:34:37:a6:60:
                    5f:3e:6e:ec:8e:1b:a0:a3:b4:ad:94:06:93:a9:fe:
                    c7:9c:48:0c:bd:fa:fb:90:e2:39:f9:a5:62:b9:ca:
                    37:6f:a2:48:45:4c:51:be:76:9b:a6:14:fb:89:53:
                    0e:00:e0:6f:e6:07:62:3d:d4:a0:cf:d4:ea:e1:69:
                    87:7f:2e:bd:c3:da:45:9c:42:4f:12:b3:a9:38:20:
                    92:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:4B:99:7F:EE:5C:AD:DD:A3:A7:A7:9E:B7:06:76:B2:86:D1:2B:91
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/XUuZf-5crd2jp6eetwZ2sobRK5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.120.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         54:b0:18:52:88:ce:5e:c9:48:58:48:8e:46:e2:a1:1e:0c:d2:
         a8:6b:e6:7d:b6:2d:4c:04:d2:3c:7f:35:63:f8:2d:37:25:24:
         d4:03:9d:a9:a6:f8:5c:c1:b2:8b:bf:30:83:b4:1c:d4:e9:7b:
         c0:d4:21:75:5a:3f:39:73:cf:3d:07:41:a6:11:b9:af:9b:56:
         81:66:af:c1:5c:3f:8c:a8:3f:31:38:c9:05:55:a8:ab:ec:89:
         8a:fc:67:fb:1d:88:ad:8e:00:65:bb:e8:a7:87:20:04:76:d0:
         0c:74:50:3b:65:00:d2:ac:fa:ab:bd:62:15:d5:09:4f:c1:73:
         af:7c:db:d5:9f:ee:33:25:e2:d0:09:4e:9c:9a:40:76:ca:f6:
         98:4f:ea:dc:96:44:43:34:f2:c3:05:e1:d8:a0:3f:67:cd:5c:
         1b:c2:ef:07:46:62:9c:a5:e1:57:90:96:c9:a2:09:40:a1:1b:
         eb:01:ce:ea:64:64:45:0c:50:a8:4a:96:ca:7a:d6:f2:e0:ad:
         af:ea:13:b1:06:5e:e5:9d:54:7a:98:e4:b1:01:bb:89:1f:01:
         1c:7c:03:47:50:2e:a9:98:d7:31:2e:72:be:ba:ff:c7:40:81:
         26:5d:f2:a9:39:d4:2c:3a:2a:26:1d:9b:34:cc:7b:15:93:4d:
         18:55:9b:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKkMlCwsh8E2yGAyxuF1dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDRiOTk3ZmVlNWNhZGRkYTNhN2E3OWViNzA2NzZiMjg2ZDEyYjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvwW4QhvSXmLouujBQuWbDlATph6
mlhHc0gTXgCE3OZxoWJDrx7oR+wr9YrtRvTiTytJ7ccs+FqFyYjHKvPk5mPmizBn
PknAgt0gh3UdFpOO7z1NfXgpZvCbynHEe1bCeT339O+itMTU9yAwiMX9QOnxyjCq
+BpefOGPs+0l6H0H8yVGdleOz2CJAvN1XmDEtPiNJMvgPJ7IZ/wpeVrAkS6BxUod
kARv39lKHkgAuTQ3pmBfPm7sjhugo7StlAaTqf7HnEgMvfr7kOI5+aViuco3b6JI
RUxRvnabphT7iVMOAOBv5gdiPdSgz9Tq4WmHfy69w9pFnEJPErOpOCCSVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF1LmX/uXK3do6ennrcGdrKG0SuRMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvWFV1WmYtNWNyZDJqcDZlZXR3WjJzb2JSSzVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCknj4MA0G
CSqGSIb3DQEBCwUAA4IBAQBUsBhSiM5eyUhYSI5G4qEeDNKoa+Z9ti1MBNI8fzVj
+C03JSTUA52ppvhcwbKLvzCDtBzU6XvA1CF1Wj85c889B0GmEbmvm1aBZq/BXD+M
qD8xOMkFVair7ImK/Gf7HYitjgBlu+inhyAEdtAMdFA7ZQDSrPqrvWIV1QlPwXOv
fNvVn+4zJeLQCU6cmkB2yvaYT+rclkRDNPLDBeHYoD9nzVwbwu8HRmKcpeFXkJbJ
oglAoRvrAc7qZGRFDFCoSpbKetby4K2v6hOxBl7lnVR6mOSxAbuJHwEcfANHUC6p
mNcxLnK+uv/HQIEmXfKpOdQsOiomHZs0zHsVk00YVZtF
-----END CERTIFICATE-----