Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/ZmvPx5mK4ApMi2erNejCRdcoOkk.roa
File:                     ZmvPx5mK4ApMi2erNejCRdcoOkk.roa (raw, json)
Hash identifier:          u6FEpJ6mgMcChMci3pTwe4qO7fHPalgwnUWZM02yIE4=
Subject key identifier:   66:6B:CF:C7:99:8A:E0:0A:4C:8B:67:AB:35:E8:C2:45:D7:28:3A:49
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A25949A2B509ADB11C621DC85BC0D
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/ZmvPx5mK4ApMi2erNejCRdcoOkk.roa
Signing time:             Tue 02 Jan 2024 12:33:28 +0000
ROA not before:           Tue 02 Jan 2024 12:33:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61116
IP address blocks:        95.46.155.0/24 maxlen: 24
                          93.171.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:25:94:9a:2b:50:9a:db:11:c6:21:dc:85:bc:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=666bcfc7998ae00a4c8b67ab35e8c245d7283a49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:77:68:02:04:6d:ae:02:91:34:ab:fc:7a:73:
                    da:59:ae:6e:bf:cf:1c:f3:45:58:c0:18:46:bc:45:
                    ad:ad:0e:04:a8:44:ef:1c:5f:17:20:89:2b:a7:99:
                    b5:ab:36:8c:b1:91:88:d6:7f:65:2e:f3:ca:72:20:
                    eb:05:d6:1d:06:de:65:2a:60:5c:bf:16:95:28:2c:
                    58:be:e6:c1:c6:13:fc:5a:71:c4:f2:79:b2:35:7c:
                    72:08:2e:9b:29:46:ff:5d:9f:40:8c:db:e5:cf:34:
                    8a:6c:8c:e3:06:77:e2:42:19:96:47:35:de:1b:d0:
                    09:5f:99:5d:5d:92:0a:3b:79:5d:5e:32:bb:60:b1:
                    7b:28:88:9d:0c:c7:fd:a9:e5:91:4c:59:bd:b4:84:
                    6e:25:21:9a:4e:b9:c1:b5:b3:39:4c:f4:87:41:7e:
                    63:1d:41:a9:f6:42:b3:8c:89:d7:d8:9e:bc:03:65:
                    c2:ea:5b:87:7a:9e:a5:37:af:38:2f:48:90:d2:64:
                    9f:02:43:79:3c:57:8a:8d:d5:02:40:f0:08:f0:6a:
                    83:9f:32:ec:49:ae:8d:77:ac:e9:71:36:e0:0f:7a:
                    a7:51:b8:f2:e8:9b:5b:45:15:fd:cd:b5:ce:98:7e:
                    40:d5:38:cb:a6:79:b5:1b:97:ac:46:0b:59:99:79:
                    93:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:6B:CF:C7:99:8A:E0:0A:4C:8B:67:AB:35:E8:C2:45:D7:28:3A:49
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/ZmvPx5mK4ApMi2erNejCRdcoOkk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.171.225.0/24
                  95.46.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:d7:e7:1d:fc:bb:92:66:60:2e:e4:f7:89:09:cf:56:3c:3e:
         c2:7e:91:29:7d:85:f4:9d:ef:c7:f9:61:00:01:5b:e0:a3:77:
         65:43:92:10:bd:32:d1:64:0b:d0:0a:3f:1f:46:13:21:06:96:
         82:1a:a5:61:a4:00:f2:e5:eb:c6:aa:ac:39:20:ce:f7:1d:53:
         cb:a8:eb:6d:aa:69:0a:12:8e:77:00:08:cf:17:5a:89:ad:c4:
         a0:18:46:9d:7f:cb:27:91:ab:02:de:34:ec:4c:9e:68:f6:98:
         c2:0b:d5:f9:8f:8d:ab:4f:35:f1:74:15:05:d2:d5:5a:13:99:
         20:20:f0:1c:92:f6:fb:35:b0:0e:6b:98:09:33:ce:ef:1d:b8:
         f5:f0:89:19:bd:c1:04:2c:bc:2d:b9:21:35:d0:70:b3:6c:f3:
         a1:6b:7c:1b:40:8f:bd:37:29:a8:a4:ed:90:42:51:7a:1f:7b:
         2e:04:28:06:ae:87:16:ba:d8:8a:a0:d0:d6:80:c5:45:31:7c:
         88:42:38:91:e9:d7:44:51:59:82:e5:44:38:b5:f5:b0:1c:8c:
         6f:8b:58:ec:8b:04:93:5c:4d:a3:5d:c9:75:91:54:44:c3:5e:
         13:2e:dc:f4:65:af:09:81:1c:8e:3f:4f:e7:cc:33:dd:0d:17:
         03:ea:86:17
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKiWUmitQmtsRxiHchbwNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjZiY2ZjNzk5OGFlMDBhNGM4YjY3YWIzNWU4YzI0NWQ3MjgzYTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk3doAgRtrgKRNKv8enPaWa5uv88c
80VYwBhGvEWtrQ4EqETvHF8XIIkrp5m1qzaMsZGI1n9lLvPKciDrBdYdBt5lKmBc
vxaVKCxYvubBxhP8WnHE8nmyNXxyCC6bKUb/XZ9AjNvlzzSKbIzjBnfiQhmWRzXe
G9AJX5ldXZIKO3ldXjK7YLF7KIidDMf9qeWRTFm9tIRuJSGaTrnBtbM5TPSHQX5j
HUGp9kKzjInX2J68A2XC6luHep6lN684L0iQ0mSfAkN5PFeKjdUCQPAI8GqDnzLs
Sa6Nd6zpcTbgD3qnUbjy6JtbRRX9zbXOmH5A1TjLpnm1G5esRgtZmXmTdQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGZrz8eZiuAKTItnqzXowkXXKDpJMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvWm12UHg1bUs0QXBNaTJlck5lakNSZGNvT2trLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXavhAwQA
Xy6bMA0GCSqGSIb3DQEBCwUAA4IBAQAo1+cd/LuSZmAu5PeJCc9WPD7CfpEpfYX0
ne/H+WEAAVvgo3dlQ5IQvTLRZAvQCj8fRhMhBpaCGqVhpADy5evGqqw5IM73HVPL
qOttqmkKEo53AAjPF1qJrcSgGEadf8snkasC3jTsTJ5o9pjCC9X5j42rTzXxdBUF
0tVaE5kgIPAckvb7NbAOa5gJM87vHbj18IkZvcEELLwtuSE10HCzbPOha3wbQI+9
NymopO2QQlF6H3suBCgGrocWutiKoNDWgMVFMXyIQjiR6ddEUVmC5UQ4tfWwHIxv
i1jsiwSTXE2jXcl1kVREw14TLtz0Za8JgRyOP0/nzDPdDRcD6oYX
-----END CERTIFICATE-----