Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/YIby5QLQDkQLv6TmBHY9TueaDIw.roa
File:                     YIby5QLQDkQLv6TmBHY9TueaDIw.roa (raw, json)
Hash identifier:          AWdVOXr+oDGZWADOL2XY1KD4XvsbNXtUe/13dBo4rWk=
Subject key identifier:   60:86:F2:E5:02:D0:0E:44:0B:BF:A4:E6:04:76:3D:4E:E7:9A:0C:8C
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A55D7D276D16EDD046D02B2FE281C
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/YIby5QLQDkQLv6TmBHY9TueaDIw.roa
Signing time:             Tue 02 Jan 2024 12:33:41 +0000
ROA not before:           Tue 02 Jan 2024 12:33:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212006
IP address blocks:        95.47.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:55:d7:d2:76:d1:6e:dd:04:6d:02:b2:fe:28:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6086f2e502d00e440bbfa4e604763d4ee79a0c8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:3a:a2:c9:41:fd:61:e0:53:af:74:3d:dd:b2:
                    b3:49:c7:6a:4a:9a:7e:2c:74:e6:68:6c:e5:02:23:
                    76:5f:5b:a6:71:49:a9:51:30:90:e6:b0:70:c0:d9:
                    24:e0:9c:7f:32:51:ac:5c:6c:f7:9b:1e:a6:bf:f3:
                    d6:e3:ee:37:82:fb:f8:ab:8a:62:87:51:9a:2f:0a:
                    52:3d:d5:1f:99:53:00:a9:df:a4:a8:52:a6:91:94:
                    6e:64:4f:91:96:8f:b5:d5:92:66:3e:38:16:f0:0d:
                    46:11:dc:89:f4:d8:ab:3c:c9:49:51:c8:f6:b5:0c:
                    54:49:df:4c:a8:4e:27:bf:99:1e:f2:0f:47:13:10:
                    69:ac:4d:d7:09:ad:bf:5c:7d:39:f5:95:c4:30:54:
                    52:d1:f9:b7:75:17:f3:c2:97:bd:24:27:73:08:c7:
                    60:34:8b:78:f3:0c:7e:ba:ee:bd:8e:fe:7c:17:d4:
                    58:6e:3a:ca:df:65:62:e9:28:be:74:19:a9:49:1e:
                    ef:b7:a1:f4:e8:7d:09:8b:fd:71:5b:0b:70:9c:81:
                    b8:69:84:70:be:e5:22:96:54:1f:ce:89:a2:b3:89:
                    21:72:2f:c9:4a:1f:af:18:e2:e9:e7:e1:60:ba:95:
                    5a:ca:c2:11:6b:6a:9e:48:8f:55:0f:d6:8a:c8:55:
                    7b:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:86:F2:E5:02:D0:0E:44:0B:BF:A4:E6:04:76:3D:4E:E7:9A:0C:8C
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/YIby5QLQDkQLv6TmBHY9TueaDIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.47.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:e7:73:c7:cf:c6:23:5e:e5:51:5b:74:1e:03:bf:03:27:d6:
         0f:b6:b4:0a:23:64:c5:85:65:d7:99:24:bc:55:f2:1a:d8:72:
         60:ec:4b:49:ff:79:6b:9e:f5:2f:58:88:45:33:c3:19:f9:f6:
         ae:6f:64:9e:18:a4:c1:4e:40:0e:06:eb:32:76:6c:c6:48:49:
         58:4a:54:b8:3c:61:a4:da:5c:02:10:a1:41:df:6f:1d:47:82:
         e7:3f:a5:ba:ba:b0:e0:2d:c0:1c:c0:26:0a:35:60:2a:1f:e4:
         95:1b:08:0a:10:26:dc:bd:91:9a:34:bd:bc:80:cb:6c:06:1c:
         58:c8:c4:69:63:be:ab:d7:28:85:33:3c:28:36:16:be:ab:a3:
         a9:4a:a8:f3:d1:73:18:fb:1d:19:46:95:08:e3:7a:9d:70:ce:
         ed:d0:29:d9:fb:69:3a:f3:77:9b:fd:63:3a:ee:81:bb:61:30:
         be:b2:05:a7:5d:12:59:d3:ba:b9:c5:f6:0c:d9:5c:4d:3e:4a:
         3f:ce:ba:a5:9f:d7:66:1f:a2:ca:03:0b:7f:bb:ea:1a:b4:b9:
         01:b7:19:90:2c:c8:4b:72:d6:4f:30:48:9a:72:12:f7:09:14:
         a5:6d:68:73:d6:1a:85:fe:71:1f:20:3e:86:e3:54:b2:7a:75:
         01:f6:85:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKlXX0nbRbt0EbQKy/igcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDg2ZjJlNTAyZDAwZTQ0MGJiZmE0ZTYwNDc2M2Q0ZWU3OWEwYzhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnjqiyUH9YeBTr3Q93bKzScdqSpp+
LHTmaGzlAiN2X1umcUmpUTCQ5rBwwNkk4Jx/MlGsXGz3mx6mv/PW4+43gvv4q4pi
h1GaLwpSPdUfmVMAqd+kqFKmkZRuZE+Rlo+11ZJmPjgW8A1GEdyJ9NirPMlJUcj2
tQxUSd9MqE4nv5ke8g9HExBprE3XCa2/XH059ZXEMFRS0fm3dRfzwpe9JCdzCMdg
NIt48wx+uu69jv58F9RYbjrK32Vi6Si+dBmpSR7vt6H06H0Ji/1xWwtwnIG4aYRw
vuUillQfzomis4khci/JSh+vGOLp5+FgupVaysIRa2qeSI9VD9aKyFV7PQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGCG8uUC0A5EC7+k5gR2PU7nmgyMMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvWUlieTVRTFFEa1FMdjZUbUJIWTlUdWVhREl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXy/pMA0G
CSqGSIb3DQEBCwUAA4IBAQB453PHz8YjXuVRW3QeA78DJ9YPtrQKI2TFhWXXmSS8
VfIa2HJg7EtJ/3lrnvUvWIhFM8MZ+faub2SeGKTBTkAOBusydmzGSElYSlS4PGGk
2lwCEKFB328dR4LnP6W6urDgLcAcwCYKNWAqH+SVGwgKECbcvZGaNL28gMtsBhxY
yMRpY76r1yiFMzwoNha+q6OpSqjz0XMY+x0ZRpUI43qdcM7t0CnZ+2k683eb/WM6
7oG7YTC+sgWnXRJZ07q5xfYM2VxNPko/zrqln9dmH6LKAwt/u+oatLkBtxmQLMhL
ctZPMEiachL3CRSlbWhz1hqF/nEfID6G41SyenUB9oWd
-----END CERTIFICATE-----