Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/alBPNLvjWoliR_tkilYiKpIAL4o.roa
File:                     alBPNLvjWoliR_tkilYiKpIAL4o.roa (raw, json)
Hash identifier:          OolrBvdjcX8kPKbXBCBTunsgnpy0my0gFducGyNQ1xQ=
Subject key identifier:   6A:50:4F:34:BB:E3:5A:89:62:47:FB:64:8A:56:22:2A:92:00:2F:8A
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       01910E6068C36EA2E256BAEFFA73DBD71875
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/alBPNLvjWoliR_tkilYiKpIAL4o.roa
Signing time:             Thu 01 Aug 2024 14:38:04 +0000
ROA not before:           Thu 01 Aug 2024 14:38:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57562
IP address blocks:        93.171.166.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:0e:60:68:c3:6e:a2:e2:56:ba:ef:fa:73:db:d7:18:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Aug  1 14:38:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a504f34bbe35a896247fb648a56222a92002f8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ff:1a:0b:d9:9f:01:9d:d1:11:25:10:13:7a:
                    ec:c2:8e:72:81:9a:6e:6b:5b:51:18:b8:29:02:2d:
                    c4:ff:8e:eb:56:5e:6e:b1:30:8a:35:e2:73:25:32:
                    83:56:1e:df:4f:54:64:1f:4f:85:5c:0a:39:c5:02:
                    29:2a:2a:f9:78:52:3c:a9:96:e3:a5:cc:f8:a1:44:
                    c0:1c:1a:a0:61:65:9b:56:5f:2f:61:53:af:22:7f:
                    d3:c7:4b:d3:74:f6:cc:ad:c3:2e:e8:83:8c:4a:be:
                    e6:0e:fd:72:5b:48:19:ea:2a:1d:34:98:3a:9e:24:
                    99:89:e5:64:90:31:b6:55:c1:8e:be:3d:80:7c:8b:
                    dd:b1:a8:21:86:45:db:79:81:47:df:d2:b9:62:6b:
                    7d:5b:8c:2c:9f:ed:a4:ea:9d:44:86:7b:5d:1c:77:
                    58:cf:ff:a4:7b:1c:08:e4:5f:0b:81:9e:a6:94:6f:
                    94:97:74:24:93:15:cb:7e:13:93:f9:d4:3c:32:00:
                    b1:7d:54:28:58:de:02:b6:15:47:6f:9d:a1:d4:97:
                    57:59:ec:e4:7c:f5:62:df:27:8a:d6:3d:d6:fa:a4:
                    62:40:ea:9f:de:45:0d:24:e8:74:6a:08:d6:c9:18:
                    b1:9b:2c:ae:33:74:99:51:66:47:bd:1c:76:2e:75:
                    53:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:50:4F:34:BB:E3:5A:89:62:47:FB:64:8A:56:22:2A:92:00:2F:8A
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/alBPNLvjWoliR_tkilYiKpIAL4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.171.166.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9b:ff:93:22:c0:89:5c:94:83:a3:1d:c3:d3:8e:ef:f7:0b:96:
         31:79:8f:8b:a2:b4:44:3a:ca:a3:fb:e6:dd:75:a9:27:cb:cb:
         3a:53:e8:b6:4a:b9:05:92:5f:4a:ce:48:66:7e:33:04:7c:97:
         b6:9f:91:a8:4b:72:ed:4c:25:fb:43:e2:cd:8c:3c:81:f1:fb:
         13:18:81:a6:71:7c:79:90:32:4b:a6:0e:e1:4f:50:68:bf:db:
         33:93:87:3d:12:1d:a3:00:e3:86:34:2e:55:4a:2f:f9:94:cf:
         9b:10:31:c5:74:ec:2a:e9:12:e3:40:c1:bc:26:78:ee:29:e3:
         83:5c:53:be:30:68:8b:60:51:43:63:bf:80:42:68:6b:35:fb:
         9c:c6:fb:58:d3:49:f3:e8:b4:2c:1f:a3:f4:9a:58:1d:1d:33:
         75:72:eb:e3:fe:2a:5d:37:0b:22:8c:8a:29:27:97:53:0c:f8:
         d7:f3:61:d4:dc:36:8b:96:77:38:bf:34:d4:cf:65:3c:2b:48:
         d6:ae:a2:79:17:92:ae:48:97:a9:0c:e9:ef:e6:52:9e:b7:84:
         13:1b:98:74:c0:d3:43:4f:c9:b4:d6:b8:c4:be:86:22:25:68:
         af:a0:81:00:17:da:d8:8f:47:ae:64:de:4d:98:c3:22:5e:8b:
         4f:51:0e:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEOYGjDbqLiVrrv+nPb1xh1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwODAxMTQzODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTUwNGYzNGJiZTM1YTg5NjI0N2ZiNjQ4YTU2MjIyYTkyMDAyZjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/8aC9mfAZ3RESUQE3rswo5ygZpu
a1tRGLgpAi3E/47rVl5usTCKNeJzJTKDVh7fT1RkH0+FXAo5xQIpKir5eFI8qZbj
pcz4oUTAHBqgYWWbVl8vYVOvIn/Tx0vTdPbMrcMu6IOMSr7mDv1yW0gZ6iodNJg6
niSZieVkkDG2VcGOvj2AfIvdsaghhkXbeYFH39K5Ymt9W4wsn+2k6p1EhntdHHdY
z/+kexwI5F8LgZ6mlG+Ul3QkkxXLfhOT+dQ8MgCxfVQoWN4CthVHb52h1JdXWezk
fPVi3yeK1j3W+qRiQOqf3kUNJOh0agjWyRixmyyuM3SZUWZHvRx2LnVTQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGpQTzS741qJYkf7ZIpWIiqSAC+KMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvYWxCUE5MdmpXb2xpUl90a2lsWWlLcElBTDRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXaumMA0G
CSqGSIb3DQEBCwUAA4IBAQCb/5MiwIlclIOjHcPTju/3C5YxeY+LorREOsqj++bd
dakny8s6U+i2SrkFkl9KzkhmfjMEfJe2n5GoS3LtTCX7Q+LNjDyB8fsTGIGmcXx5
kDJLpg7hT1Bov9szk4c9Eh2jAOOGNC5VSi/5lM+bEDHFdOwq6RLjQMG8JnjuKeOD
XFO+MGiLYFFDY7+AQmhrNfucxvtY00nz6LQsH6P0mlgdHTN1cuvj/ipdNwsijIop
J5dTDPjX82HU3DaLlnc4vzTUz2U8K0jWrqJ5F5KuSJepDOnv5lKet4QTG5h0wNND
T8m01rjEvoYiJWivoIEAF9rYj0euZN5NmMMiXotPUQ7j
-----END CERTIFICATE-----