Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/anBrGhqpTJmbWAl2JinTwzZTxhw.roa
File:                     anBrGhqpTJmbWAl2JinTwzZTxhw.roa (raw, json)
Hash identifier:          zrSUCtxOWZnGhKJpqo0p76E/KTD5Oy/d1Ef5XzVUacA=
Subject key identifier:   6A:70:6B:1A:1A:A9:4C:99:9B:58:09:76:26:29:D3:C3:36:53:C6:1C
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018E1E3A71E812C7EFB96232334BBEA6CE45
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/anBrGhqpTJmbWAl2JinTwzZTxhw.roa
Signing time:             Fri 08 Mar 2024 13:22:10 +0000
ROA not before:           Fri 08 Mar 2024 13:22:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215349
IP address blocks:        92.253.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:1e:3a:71:e8:12:c7:ef:b9:62:32:33:4b:be:a6:ce:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Mar  8 13:22:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a706b1a1aa94c999b5809762629d3c33653c61c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:70:04:f4:3d:31:56:ab:da:85:c7:a3:12:90:
                    91:30:f4:f3:36:c0:33:02:53:b3:57:a2:dd:00:86:
                    e1:2f:92:38:4e:40:da:28:e5:8d:b8:b4:aa:53:2d:
                    99:86:b2:05:cc:12:4b:b4:6b:a0:d8:30:a4:21:8c:
                    d6:07:fa:2c:22:f3:5a:63:60:d0:12:94:60:e9:04:
                    61:31:0f:bc:24:e5:24:f1:67:99:4c:9a:94:35:66:
                    10:ce:f4:45:27:02:90:b3:fb:30:13:7f:34:60:e4:
                    bb:9f:41:bc:25:ce:62:12:d2:b6:5f:45:7c:41:0a:
                    35:4a:1e:d0:e7:1d:fa:03:8d:5a:c8:ab:9c:09:e7:
                    f9:64:dc:d9:09:cd:0a:e1:f4:85:29:1c:a4:d3:ea:
                    9d:0d:2f:49:7a:b7:fc:16:79:93:bb:8c:50:f2:04:
                    3e:3e:8d:8e:26:1d:52:7f:ef:87:94:3d:91:14:68:
                    f4:ec:c4:96:49:e2:fe:27:fa:37:b8:61:1f:64:6e:
                    39:ba:1b:f8:59:da:cd:55:65:d7:b1:a5:08:4e:19:
                    93:cf:4e:7c:b0:0a:eb:4a:b0:69:d7:ac:f4:bd:76:
                    f9:ce:c2:05:e2:f2:38:21:00:3d:45:90:29:26:48:
                    4a:d9:fc:41:0e:94:1e:96:c6:ca:cc:a5:79:e4:8a:
                    25:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:70:6B:1A:1A:A9:4C:99:9B:58:09:76:26:29:D3:C3:36:53:C6:1C
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/anBrGhqpTJmbWAl2JinTwzZTxhw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.253.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:ab:7d:ba:2f:81:b3:ef:21:51:91:26:17:02:76:df:f8:d8:
         7b:f3:bd:3b:8b:e3:e1:3e:5a:e7:23:01:5c:ed:2c:61:00:b4:
         d6:ab:c2:b1:b7:dc:67:e8:6a:32:83:bb:eb:6b:fb:b7:66:8c:
         a6:27:4c:0b:b3:ec:98:ec:39:0d:96:45:9f:5f:c6:6f:2f:b7:
         11:4e:bb:77:7c:37:98:6f:9d:e5:02:12:ac:1c:5f:65:a8:be:
         f4:b2:ed:04:94:d3:ca:34:37:42:57:34:14:57:53:98:9c:15:
         a7:53:0a:0c:37:8e:51:57:3f:bd:7a:4a:f0:7e:29:8e:11:63:
         f4:14:cf:9c:5d:20:14:9c:06:9e:45:48:d3:41:9f:fd:02:76:
         97:7a:fb:03:05:d9:13:d0:83:70:15:48:e1:4b:45:78:7f:f8:
         a5:b3:19:7e:3e:a5:6b:49:f7:56:f6:c5:f5:cb:16:3b:80:c5:
         26:ba:fb:ff:a0:4d:62:67:51:5b:d4:6c:47:0b:36:1f:c4:11:
         39:51:55:a1:00:a8:ca:35:52:c6:96:c9:59:58:b5:31:d6:4c:
         61:88:97:7c:de:ba:43:6d:59:62:ed:ec:ad:9d:5e:1c:a1:10:
         a9:8d:92:fc:32:ff:31:c0:b6:58:dd:45:c4:ef:cd:72:5e:bd:
         c2:78:c7:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4eOnHoEsfvuWIyM0u+ps5FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMzA4MTMyMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTcwNmIxYTFhYTk0Yzk5OWI1ODA5NzYyNjI5ZDNjMzM2NTNjNjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3nAE9D0xVqvahcejEpCRMPTzNsAz
AlOzV6LdAIbhL5I4TkDaKOWNuLSqUy2ZhrIFzBJLtGug2DCkIYzWB/osIvNaY2DQ
EpRg6QRhMQ+8JOUk8WeZTJqUNWYQzvRFJwKQs/swE380YOS7n0G8Jc5iEtK2X0V8
QQo1Sh7Q5x36A41ayKucCef5ZNzZCc0K4fSFKRyk0+qdDS9Jerf8FnmTu4xQ8gQ+
Po2OJh1Sf++HlD2RFGj07MSWSeL+J/o3uGEfZG45uhv4WdrNVWXXsaUIThmTz058
sArrSrBp16z0vXb5zsIF4vI4IQA9RZApJkhK2fxBDpQelsbKzKV55IolPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGpwaxoaqUyZm1gJdiYp08M2U8YcMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvYW5CckdocXBUSm1iV0FsMkppblR3elpUeGh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXP3oMA0G
CSqGSIb3DQEBCwUAA4IBAQBkq326L4Gz7yFRkSYXAnbf+Nh78707i+PhPlrnIwFc
7SxhALTWq8Kxt9xn6Goyg7vra/u3ZoymJ0wLs+yY7DkNlkWfX8ZvL7cRTrt3fDeY
b53lAhKsHF9lqL70su0ElNPKNDdCVzQUV1OYnBWnUwoMN45RVz+9ekrwfimOEWP0
FM+cXSAUnAaeRUjTQZ/9AnaXevsDBdkT0INwFUjhS0V4f/ilsxl+PqVrSfdW9sX1
yxY7gMUmuvv/oE1iZ1Fb1GxHCzYfxBE5UVWhAKjKNVLGlslZWLUx1kxhiJd83rpD
bVli7eytnV4coRCpjZL8Mv8xwLZY3UXE781yXr3CeMfH
-----END CERTIFICATE-----