Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/ZNbDafC9-05Vh-voN0lOlqvPve4.roa
File:                     ZNbDafC9-05Vh-voN0lOlqvPve4.roa (raw, json)
Hash identifier:          EM5204FaStppdHTzGsRy5fI+JMz/nbjqlYpjWMMdbAA=
Subject key identifier:   64:D6:C3:69:F0:BD:FB:4E:55:87:EB:E8:37:49:4E:96:AB:CF:BD:EE
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA29FE870ED383702DF2A897D74FAB96
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/ZNbDafC9-05Vh-voN0lOlqvPve4.roa
Signing time:             Tue 02 Jan 2024 12:33:18 +0000
ROA not before:           Tue 02 Jan 2024 12:33:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48184
IP address blocks:        95.46.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Jun 2024 06:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:fe:87:0e:d3:83:70:2d:f2:a8:97:d7:4f:ab:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=64d6c369f0bdfb4e5587ebe837494e96abcfbdee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:99:58:e7:db:2f:78:6c:22:04:f8:2f:c7:5e:
                    a0:8d:bd:a5:db:19:7e:a6:3e:cb:c5:a9:93:78:6e:
                    bc:2b:49:19:57:da:e4:97:4a:fe:9b:4c:05:cb:6c:
                    eb:52:6e:73:84:78:7d:52:d6:dc:0b:b4:dc:c4:8b:
                    ab:63:53:75:39:56:b7:1f:7b:9f:f8:a4:1a:61:32:
                    5e:9c:a0:e5:b9:a7:ec:0c:e1:63:4b:69:55:6b:98:
                    e8:5c:8c:6a:ea:b3:d5:a2:58:99:a5:d1:f6:6e:e1:
                    5c:82:0a:65:5f:5d:df:29:9e:ce:57:51:97:d3:43:
                    e8:38:02:79:74:fe:92:a7:fe:37:59:99:6c:09:0b:
                    12:a9:3f:d1:16:64:39:fa:2e:a6:96:84:3e:58:3f:
                    fd:73:b7:61:7e:61:d5:d2:cf:0b:06:af:ea:39:fc:
                    c0:83:2d:dd:d6:fb:00:75:5f:e7:c3:af:b2:e2:ba:
                    cb:46:33:2d:1e:19:b3:9c:f7:bc:32:75:0d:d6:ec:
                    db:19:00:6d:f9:eb:47:68:b4:26:a2:89:80:43:ed:
                    6a:f0:ef:e2:ad:0a:89:e6:1e:2f:db:72:ff:14:dc:
                    b2:99:7b:f7:e6:21:0e:8a:ed:7f:dc:52:7d:e4:f3:
                    ed:55:2b:54:66:31:02:81:36:ce:b4:d2:38:65:c6:
                    74:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:D6:C3:69:F0:BD:FB:4E:55:87:EB:E8:37:49:4E:96:AB:CF:BD:EE
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/ZNbDafC9-05Vh-voN0lOlqvPve4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.46.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:d5:55:6c:2e:2e:c9:04:0f:87:5a:0e:23:51:ad:d5:4b:e5:
         64:50:de:47:36:89:46:cf:ea:43:2d:35:8d:61:17:0c:a9:ae:
         7f:73:31:30:bc:8f:6e:5d:d3:0f:f4:00:55:51:81:23:ca:c2:
         f7:28:b0:c3:4a:7f:a5:8c:5f:26:98:74:48:97:97:19:03:69:
         02:b9:7f:54:04:90:8f:5d:d6:e7:ec:5e:a1:c7:de:5a:fe:a1:
         80:42:0f:98:ec:c1:be:38:f1:25:53:dc:32:9c:d9:d3:ec:eb:
         be:57:73:7f:2a:d9:b0:04:42:24:53:df:e6:ce:48:b5:63:f8:
         ff:95:e4:1e:35:60:91:81:9c:4b:08:a6:be:27:c1:e9:39:76:
         b9:90:6e:dd:1b:f7:36:e0:a7:1c:73:f2:2c:b1:3a:f3:0f:2b:
         f2:bd:7d:b6:94:ec:d5:9c:5a:66:1d:ef:bb:d8:a3:4d:6f:8e:
         ea:cd:77:e3:4a:bb:39:f4:11:92:49:b3:3f:8a:1c:74:e7:c8:
         d2:18:c7:39:c0:90:c3:fc:ff:1a:be:b3:2d:a0:38:db:c9:ee:
         f5:f4:17:a9:ee:4a:4c:05:ee:2b:2a:2a:d1:9b:7e:8a:8d:48:
         92:9f:b7:bf:d7:f9:ec:af:4e:90:2b:ee:41:13:06:13:eb:9e:
         ed:25:b2:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKf6HDtODcC3yqJfXT6uWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGQ2YzM2OWYwYmRmYjRlNTU4N2ViZTgzNzQ5NGU5NmFiY2ZiZGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlplY59sveGwiBPgvx16gjb2l2xl+
pj7LxamTeG68K0kZV9rkl0r+m0wFy2zrUm5zhHh9UtbcC7TcxIurY1N1OVa3H3uf
+KQaYTJenKDluafsDOFjS2lVa5joXIxq6rPVoliZpdH2buFcggplX13fKZ7OV1GX
00PoOAJ5dP6Sp/43WZlsCQsSqT/RFmQ5+i6mloQ+WD/9c7dhfmHV0s8LBq/qOfzA
gy3d1vsAdV/nw6+y4rrLRjMtHhmznPe8MnUN1uzbGQBt+etHaLQmoomAQ+1q8O/i
rQqJ5h4v23L/FNyymXv35iEOiu1/3FJ95PPtVStUZjECgTbOtNI4ZcZ0OwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGTWw2nwvftOVYfr6DdJTparz73uMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvWk5iRGFmQzktMDVWaC12b04wbE9scXZQdmU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXy6cMA0G
CSqGSIb3DQEBCwUAA4IBAQCB1VVsLi7JBA+HWg4jUa3VS+VkUN5HNolGz+pDLTWN
YRcMqa5/czEwvI9uXdMP9ABVUYEjysL3KLDDSn+ljF8mmHRIl5cZA2kCuX9UBJCP
Xdbn7F6hx95a/qGAQg+Y7MG+OPElU9wynNnT7Ou+V3N/KtmwBEIkU9/mzki1Y/j/
leQeNWCRgZxLCKa+J8HpOXa5kG7dG/c24Kccc/IssTrzDyvyvX22lOzVnFpmHe+7
2KNNb47qzXfjSrs59BGSSbM/ihx058jSGMc5wJDD/P8avrMtoDjbye719Bep7kpM
Be4rKirRm36KjUiSn7e/1/nsr06QK+5BEwYT657tJbJt
-----END CERTIFICATE-----