Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/Yi_rIUbaRSB9JYwc0I8MOgsMH-4.roa
File:                     Yi_rIUbaRSB9JYwc0I8MOgsMH-4.roa (raw, json)
Hash identifier:          Q3MLgbHK4XwEqGRJlBnP9X41yicZiQ8VdTqfXGslgGQ=
Subject key identifier:   62:2F:EB:21:46:DA:45:20:7D:25:8C:1C:D0:8F:0C:3A:0B:0C:1F:EE
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0194258FFEE9BBFB65DE79FF9E9EE7F6E7DB
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/Yi_rIUbaRSB9JYwc0I8MOgsMH-4.roa
Signing time:             Thu 02 Jan 2025 05:49:41 +0000
ROA not before:           Thu 02 Jan 2025 05:49:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208870
IP address blocks:        93.171.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:fe:e9:bb:fb:65:de:79:ff:9e:9e:e7:f6:e7:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=622feb2146da45207d258c1cd08f0c3a0b0c1fee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:3a:28:b8:1c:ff:c1:6c:aa:52:2a:1f:88:66:
                    e6:4b:c7:30:bf:66:0b:1c:c3:9c:41:de:cd:ee:ef:
                    4d:8b:9d:5c:30:d6:1e:b6:6e:87:a2:be:33:30:46:
                    e9:7a:13:26:2a:68:6e:cd:4c:f9:99:c3:74:9a:15:
                    f5:3a:84:36:be:1d:92:49:de:d5:75:1c:b3:6a:06:
                    ee:07:fa:1e:8c:a6:f4:0b:aa:95:ae:90:22:b7:87:
                    d6:99:42:d9:43:92:a5:20:25:51:ea:41:52:b9:39:
                    36:5b:f3:d1:d9:c6:a8:25:02:fc:36:97:0c:b6:cb:
                    cf:de:61:a5:b5:fa:c2:50:ff:3b:8d:ae:19:24:8a:
                    b5:5c:d8:4e:37:05:cb:4e:3d:86:08:f1:1a:99:e2:
                    a2:30:90:6e:df:70:92:4a:f2:25:f1:3e:a2:56:c0:
                    4b:37:c8:1f:61:7d:48:03:94:02:ed:18:4a:9a:74:
                    2e:1d:b2:16:d4:2f:41:e6:d9:58:41:76:da:e5:a9:
                    26:7c:c6:94:ef:06:fe:02:62:c5:99:bc:03:ce:3a:
                    94:84:5b:ed:b3:e1:ba:cf:03:d0:3d:ab:f6:20:56:
                    e7:61:27:68:c9:5d:b0:73:db:7f:d2:de:1e:ed:28:
                    d9:5f:53:b6:e4:10:c9:3d:a3:1f:fc:e0:e5:bb:26:
                    a3:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:2F:EB:21:46:DA:45:20:7D:25:8C:1C:D0:8F:0C:3A:0B:0C:1F:EE
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/Yi_rIUbaRSB9JYwc0I8MOgsMH-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.171.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:8e:93:b9:a7:9c:5f:06:fe:5a:25:1c:c9:8d:d7:1d:e8:6c:
         8b:a8:29:2b:b2:07:38:0a:27:7a:83:5e:87:7f:f7:4a:71:f4:
         6b:98:38:74:b6:46:d2:e0:bb:18:f6:78:05:00:da:6e:35:c6:
         64:65:cd:32:b7:66:e0:60:9b:ed:de:43:45:7b:25:2a:fc:29:
         71:3f:d5:da:bd:36:6e:7e:90:f2:e2:14:39:08:62:c1:07:ee:
         c5:6b:7b:f7:1b:2c:2f:5b:c3:c6:d2:4c:53:3c:77:45:97:27:
         fa:d7:f6:07:c4:94:0f:8e:20:a1:95:6d:b5:1d:f4:1a:a5:6e:
         ab:03:36:14:b2:89:35:4d:bd:31:c8:90:42:b5:aa:3b:93:b2:
         6d:f4:ff:57:04:02:33:51:1b:f7:a1:91:52:39:a9:9a:6b:3d:
         fa:34:eb:61:e6:50:97:39:32:e2:16:81:de:43:fb:0e:72:49:
         f7:24:4a:63:e1:2f:26:f9:fe:3a:c8:33:87:7b:b6:ac:4d:fd:
         6b:7c:51:a1:57:4f:14:8e:e7:bd:2c:3e:e2:8b:ae:0b:f7:75:
         9c:16:c8:b4:95:df:ab:ef:5c:fd:e1:ce:b1:85:58:49:d3:26:
         ca:79:65:ad:0f:36:05:77:38:86:82:62:29:74:0a:99:46:ea:
         2f:a6:73:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj/7pu/tl3nn/np7n9ufbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjJmZWIyMTQ2ZGE0NTIwN2QyNThjMWNkMDhmMGMzYTBiMGMxZmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1zoouBz/wWyqUiofiGbmS8cwv2YL
HMOcQd7N7u9Ni51cMNYetm6Hor4zMEbpehMmKmhuzUz5mcN0mhX1OoQ2vh2SSd7V
dRyzagbuB/oejKb0C6qVrpAit4fWmULZQ5KlICVR6kFSuTk2W/PR2caoJQL8NpcM
tsvP3mGltfrCUP87ja4ZJIq1XNhONwXLTj2GCPEameKiMJBu33CSSvIl8T6iVsBL
N8gfYX1IA5QC7RhKmnQuHbIW1C9B5tlYQXba5akmfMaU7wb+AmLFmbwDzjqUhFvt
s+G6zwPQPav2IFbnYSdoyV2wc9t/0t4e7SjZX1O25BDJPaMf/ODluyajPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGIv6yFG2kUgfSWMHNCPDDoLDB/uMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvWWlfcklVYmFSU0I5Sll3YzBJOE1PZ3NNSC00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXavuMA0G
CSqGSIb3DQEBCwUAA4IBAQAsjpO5p5xfBv5aJRzJjdcd6GyLqCkrsgc4Cid6g16H
f/dKcfRrmDh0tkbS4LsY9ngFANpuNcZkZc0yt2bgYJvt3kNFeyUq/ClxP9XavTZu
fpDy4hQ5CGLBB+7Fa3v3GywvW8PG0kxTPHdFlyf61/YHxJQPjiChlW21HfQapW6r
AzYUsok1Tb0xyJBCtao7k7Jt9P9XBAIzURv3oZFSOamaaz36NOth5lCXOTLiFoHe
Q/sOckn3JEpj4S8m+f46yDOHe7asTf1rfFGhV08Ujue9LD7ii64L93WcFsi0ld+r
71z94c6xhVhJ0ybKeWWtDzYFdziGgmIpdAqZRuovpnMZ
-----END CERTIFICATE-----