Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/XmIZkGB-DVoglWHKlXYB0sR_-Xc.roa
File:                     XmIZkGB-DVoglWHKlXYB0sR_-Xc.roa (raw, json)
Hash identifier:          Z9jeq3DFJfk+OhcuETCtjI+E3KwnMMU0kgDd+VDW4FY=
Subject key identifier:   5E:62:19:90:60:7E:0D:5A:20:95:61:CA:95:76:01:D2:C4:7F:F9:77
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A3077073647B007792F6728B2C67F
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/XmIZkGB-DVoglWHKlXYB0sR_-Xc.roa
Signing time:             Tue 02 Jan 2024 12:33:31 +0000
ROA not before:           Tue 02 Jan 2024 12:33:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62247
IP address blocks:        93.170.82.0/24 maxlen: 24
                          93.171.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:30:77:07:36:47:b0:07:79:2f:67:28:b2:c6:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e621990607e0d5a209561ca957601d2c47ff977
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:ba:e5:b0:3d:26:a1:d0:02:a0:e5:2f:2a:11:
                    2d:43:c1:5f:b4:2d:55:fb:a6:bd:b2:6c:85:8a:fa:
                    ed:80:90:1d:bc:a0:86:9c:31:46:09:93:d9:ee:e2:
                    38:6b:d2:a4:78:68:de:dc:ff:de:3f:51:37:81:56:
                    2e:7e:c3:11:79:00:c3:de:06:43:e0:d2:0e:8a:b1:
                    e4:0a:11:b7:5d:b9:3e:d5:00:c7:1d:f6:54:38:28:
                    cd:bf:00:a0:7e:4a:d4:a0:ab:ea:02:58:3e:de:0d:
                    90:5c:56:2f:ee:0d:6b:79:e3:95:12:c0:33:6e:e7:
                    2a:af:a0:52:ec:d9:8a:b0:0f:92:65:b3:85:d9:ee:
                    f9:96:85:d8:43:21:81:b5:8a:96:10:d3:30:2b:d3:
                    e7:05:2d:0e:59:37:af:fb:55:4d:19:fc:7b:b0:f5:
                    7f:8d:64:cd:c2:70:44:ab:65:9c:a6:fc:bc:20:23:
                    bb:d0:4c:8e:f7:62:6e:8a:7b:1d:83:4b:1e:ba:bb:
                    66:a9:61:1d:60:b8:f4:b1:50:cd:c5:21:64:bc:b1:
                    c4:77:35:b2:ac:8c:87:3b:f5:1a:d6:ff:01:85:7a:
                    7d:08:e7:ea:6e:4f:fc:d8:3a:10:96:9b:9d:14:e9:
                    d2:9c:1e:44:08:3f:11:10:a8:d1:cb:a9:11:fd:31:
                    f5:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:62:19:90:60:7E:0D:5A:20:95:61:CA:95:76:01:D2:C4:7F:F9:77
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/XmIZkGB-DVoglWHKlXYB0sR_-Xc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.170.82.0/24
                  93.171.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:ce:ca:9c:b7:c6:a1:0e:c5:3e:03:88:8c:3d:1d:3c:92:b3:
         e5:b7:97:eb:5a:6d:c6:50:53:75:fe:99:3e:f2:92:d1:46:47:
         76:5c:b2:a7:a5:23:9e:10:9b:da:05:5d:bf:a0:98:7b:75:53:
         ba:43:b4:0a:80:7e:07:f6:d2:85:08:2a:3c:b8:f0:b8:15:0c:
         3e:b6:16:02:91:d5:67:53:bb:9a:74:16:7b:aa:70:e3:d3:10:
         56:6c:e6:62:68:15:47:30:85:a0:96:42:99:f1:58:dd:08:e9:
         3a:76:c4:7f:41:59:90:a7:76:2d:44:42:09:16:08:b8:f5:13:
         9d:2b:14:0d:80:44:51:76:fb:fd:75:f3:dd:c5:98:53:05:96:
         59:26:ac:f1:1b:c3:b8:e6:c6:0c:4f:34:52:92:6e:96:d3:29:
         36:cf:38:4f:73:ad:50:6b:87:31:53:e4:f4:b8:c6:45:0a:d8:
         1c:6e:b7:26:d5:e8:0e:b6:50:d6:34:59:48:ca:8d:31:52:72:
         27:61:57:c7:11:65:a4:0f:0c:2b:e9:3e:fb:35:56:ef:6e:43:
         9d:1b:7e:49:0b:76:3e:ef:d7:a7:55:92:b0:8f:92:e5:ef:94:
         78:5a:28:20:7f:94:df:f9:18:4e:40:65:6f:f6:35:a8:cf:43:
         ac:6c:9b:ce
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKjB3BzZHsAd5L2cossZ/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTYyMTk5MDYwN2UwZDVhMjA5NTYxY2E5NTc2MDFkMmM0N2ZmOTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkLrlsD0modACoOUvKhEtQ8FftC1V
+6a9smyFivrtgJAdvKCGnDFGCZPZ7uI4a9KkeGje3P/eP1E3gVYufsMReQDD3gZD
4NIOirHkChG3Xbk+1QDHHfZUOCjNvwCgfkrUoKvqAlg+3g2QXFYv7g1reeOVEsAz
bucqr6BS7NmKsA+SZbOF2e75loXYQyGBtYqWENMwK9PnBS0OWTev+1VNGfx7sPV/
jWTNwnBEq2Wcpvy8ICO70EyO92Juinsdg0seurtmqWEdYLj0sVDNxSFkvLHEdzWy
rIyHO/Ua1v8BhXp9COfqbk/82DoQlpudFOnSnB5ECD8REKjRy6kR/TH1QQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF5iGZBgfg1aIJVhypV2AdLEf/l3MB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvWG1JWmtHQi1EVm9nbFdIS2xYWUIwc1JfLVhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXapSAwQA
XavVMA0GCSqGSIb3DQEBCwUAA4IBAQCrzsqct8ahDsU+A4iMPR08krPlt5frWm3G
UFN1/pk+8pLRRkd2XLKnpSOeEJvaBV2/oJh7dVO6Q7QKgH4H9tKFCCo8uPC4FQw+
thYCkdVnU7uadBZ7qnDj0xBWbOZiaBVHMIWglkKZ8VjdCOk6dsR/QVmQp3YtREIJ
Fgi49ROdKxQNgERRdvv9dfPdxZhTBZZZJqzxG8O45sYMTzRSkm6W0yk2zzhPc61Q
a4cxU+T0uMZFCtgcbrcm1egOtlDWNFlIyo0xUnInYVfHEWWkDwwr6T77NVbvbkOd
G35JC3Y+79enVZKwj5Ll75R4Wiggf5Tf+RhOQGVv9jWoz0OsbJvO
-----END CERTIFICATE-----