Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/bVZaio7DdI5Hs-zlUBzQtDy1CT4.roa
File:                     bVZaio7DdI5Hs-zlUBzQtDy1CT4.roa (raw, json)
Hash identifier:          cSFnIUW3un7IGvBsN58peN7tf6hTNZYuPuMVi1zltS8=
Subject key identifier:   6D:56:5A:8A:8E:C3:74:8E:47:B3:EC:E5:50:1C:D0:B4:3C:B5:09:3E
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A43DA06C7E7CA5D5992565872DBD2
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/bVZaio7DdI5Hs-zlUBzQtDy1CT4.roa
Signing time:             Tue 02 Jan 2024 12:33:36 +0000
ROA not before:           Tue 02 Jan 2024 12:33:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204889
IP address blocks:        31.148.20.0/24 maxlen: 24
                          92.253.204.0/24 maxlen: 24
                          93.170.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:12:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:43:da:06:c7:e7:ca:5d:59:92:56:58:72:db:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d565a8a8ec3748e47b3ece5501cd0b43cb5093e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:7f:da:0d:c8:52:f7:1d:8b:ab:74:a0:0a:9d:
                    84:9f:cd:1b:1b:cc:44:64:a1:3a:cc:9c:39:a4:5b:
                    4f:65:13:dd:a5:14:e6:5a:3d:0b:90:2d:4d:fd:06:
                    e1:19:71:88:92:f8:0d:92:c1:7c:44:a4:8b:df:5c:
                    29:24:54:37:91:d9:18:d4:86:d4:7b:bd:9a:5b:83:
                    6d:ab:55:fd:2c:3e:6f:07:e8:73:41:b6:1b:94:52:
                    9f:1e:0e:8f:56:02:c3:ce:08:f4:36:25:27:2b:e8:
                    9d:fb:5f:da:de:b5:e2:04:a9:1b:01:69:fe:fd:4a:
                    f2:2f:bf:d9:75:66:70:1b:68:4c:df:1d:6b:9e:1d:
                    b4:f3:b3:45:78:1d:e9:de:1a:92:fa:9e:b7:49:72:
                    85:0a:81:4f:90:ff:ff:05:d3:67:65:47:38:e5:ef:
                    0d:cb:93:fc:ae:9d:2d:32:92:0e:dc:5e:b5:36:1a:
                    20:93:0f:bd:ce:5e:97:77:31:e4:9e:31:e8:1e:f1:
                    f7:38:00:dd:f3:e1:30:92:97:2d:bd:ba:bc:91:1a:
                    b3:c6:f3:c3:4b:fa:c2:42:d6:42:25:8e:b8:a0:67:
                    1e:7e:e2:32:b9:8e:35:bf:ae:d4:64:35:4e:5d:52:
                    5f:6e:bd:43:ba:26:58:cd:55:ec:5a:b5:77:ac:dc:
                    c7:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:56:5A:8A:8E:C3:74:8E:47:B3:EC:E5:50:1C:D0:B4:3C:B5:09:3E
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/bVZaio7DdI5Hs-zlUBzQtDy1CT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.148.20.0/24
                  92.253.204.0/24
                  93.170.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:44:2e:bd:40:a2:5f:9a:8e:d9:7d:d7:95:f8:16:b3:9a:ee:
         fe:0c:0b:2f:6e:0f:ac:83:2c:8f:da:c9:2c:68:fa:4f:f2:d4:
         fc:0d:38:92:d6:8b:f2:ea:93:ea:93:ea:7e:f7:5d:f5:23:e4:
         6d:ed:ce:60:e5:d1:98:d8:b7:db:e9:d9:eb:5b:88:1c:63:01:
         21:55:9a:c5:68:5b:bc:1e:28:6a:3b:18:db:95:74:43:20:3b:
         88:b9:bd:ce:3b:2d:96:c5:e7:86:72:63:0b:c6:93:c2:da:19:
         58:8f:b6:01:17:13:82:ad:72:de:3e:d8:0a:32:50:70:32:10:
         ba:70:cb:37:c3:ec:98:19:09:22:9b:3d:f4:af:79:7a:16:0d:
         87:97:10:d8:67:be:c4:28:d8:6c:9b:98:0a:3f:a0:32:57:2b:
         1e:8f:16:0d:dd:4e:43:1c:1d:1d:fd:fe:d4:14:9d:c7:ee:d5:
         32:98:7f:f4:4c:b1:8a:72:c0:ff:e9:c4:cc:48:b3:39:56:e6:
         3a:70:d9:8e:6b:32:a0:0e:00:78:a7:c9:62:ab:8f:1b:a1:a1:
         b1:a4:8b:d6:38:14:82:69:a5:88:69:0f:95:c5:ed:3b:0e:63:
         80:f7:85:6f:5f:40:14:d1:bc:43:c6:60:64:2e:14:a7:42:1a:
         9a:b6:70:54
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzKKkPaBsfnyl1ZklZYctvSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDU2NWE4YThlYzM3NDhlNDdiM2VjZTU1MDFjZDBiNDNjYjUwOTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqH/aDchS9x2Lq3SgCp2En80bG8xE
ZKE6zJw5pFtPZRPdpRTmWj0LkC1N/QbhGXGIkvgNksF8RKSL31wpJFQ3kdkY1IbU
e72aW4Ntq1X9LD5vB+hzQbYblFKfHg6PVgLDzgj0NiUnK+id+1/a3rXiBKkbAWn+
/UryL7/ZdWZwG2hM3x1rnh2087NFeB3p3hqS+p63SXKFCoFPkP//BdNnZUc45e8N
y5P8rp0tMpIO3F61Nhogkw+9zl6XdzHknjHoHvH3OADd8+Ewkpctvbq8kRqzxvPD
S/rCQtZCJY64oGcefuIyuY41v67UZDVOXVJfbr1DuiZYzVXsWrV3rNzHEQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFG1WWoqOw3SOR7Ps5VAc0LQ8tQk+MB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvYlZaYWlvN0RkSTVIcy16bFVCelF0RHkxQ1Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAH5QUAwQA
XP3MAwQAXaoPMA0GCSqGSIb3DQEBCwUAA4IBAQCRRC69QKJfmo7ZfdeV+Bazmu7+
DAsvbg+sgyyP2sksaPpP8tT8DTiS1ovy6pPqk+p+9131I+Rt7c5g5dGY2Lfb6dnr
W4gcYwEhVZrFaFu8HihqOxjblXRDIDuIub3OOy2WxeeGcmMLxpPC2hlYj7YBFxOC
rXLePtgKMlBwMhC6cMs3w+yYGQkimz30r3l6Fg2HlxDYZ77EKNhsm5gKP6AyVyse
jxYN3U5DHB0d/f7UFJ3H7tUymH/0TLGKcsD/6cTMSLM5VuY6cNmOazKgDgB4p8li
q48boaGxpIvWOBSCaaWIaQ+Vxe07DmOA94VvX0AU0bxDxmBkLhSnQhqatnBU
-----END CERTIFICATE-----