Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/bYgwzJIT1e2We66ozwPE2Rqt-MY.roa
File:                     bYgwzJIT1e2We66ozwPE2Rqt-MY.roa (raw, json)
Hash identifier:          KD6QfszYWtABt83tWjhWCzG2BwBfvC9xY5Hd8XHZ5uY=
Subject key identifier:   6D:88:30:CC:92:13:D5:ED:96:7B:AE:A8:CF:03:C4:D9:1A:AD:F8:C6
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A0153A6774985FFA91DD86F7FE8C7
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/bYgwzJIT1e2We66ozwPE2Rqt-MY.roa
Signing time:             Tue 02 Jan 2024 12:33:19 +0000
ROA not before:           Tue 02 Jan 2024 12:33:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49098
IP address blocks:        93.171.168.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:01:53:a6:77:49:85:ff:a9:1d:d8:6f:7f:e8:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d8830cc9213d5ed967baea8cf03c4d91aadf8c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:76:4b:23:2c:55:3c:ea:29:43:7d:b6:4e:bc:
                    98:55:b6:23:6d:c3:d6:a6:e0:c7:03:63:7e:83:e0:
                    a1:cc:04:d3:a9:78:b4:4e:f6:7c:9e:67:68:e9:30:
                    03:ce:5a:79:2b:45:1c:fe:70:87:36:85:f0:bb:b8:
                    2f:21:76:11:c0:95:3b:e9:49:c8:83:56:33:c8:33:
                    51:4e:1d:bb:7b:b1:d8:17:ef:83:b1:38:47:c7:7f:
                    49:65:99:50:ce:5c:6d:12:75:e9:30:12:72:a8:31:
                    16:af:1a:3b:b2:a6:db:6d:c5:1f:ee:0d:46:65:68:
                    60:b5:f9:a4:bb:94:91:2b:15:c2:e9:69:9d:9d:70:
                    bc:e2:ce:e2:35:4b:44:d7:2c:75:ad:85:b5:cc:72:
                    f0:db:87:22:91:17:59:b3:92:06:07:36:5b:81:19:
                    c5:45:f4:c7:9d:52:a5:64:21:7d:7c:9f:bd:1b:7b:
                    58:2e:d9:ed:20:67:4f:53:4a:1e:2d:6d:c1:3b:fa:
                    6f:e5:5d:d6:40:76:36:37:b2:a3:92:ce:88:65:7c:
                    b3:bb:6e:68:b7:f1:8f:ce:19:e3:09:aa:aa:c0:d7:
                    4a:5b:17:8f:41:2b:21:97:c0:ee:45:54:26:f0:a2:
                    e2:6b:86:ae:eb:d3:f9:af:a6:34:3b:3f:69:03:05:
                    53:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:88:30:CC:92:13:D5:ED:96:7B:AE:A8:CF:03:C4:D9:1A:AD:F8:C6
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/bYgwzJIT1e2We66ozwPE2Rqt-MY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.171.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:a0:b2:38:37:54:b7:fe:2b:03:e9:ce:e4:a1:92:7b:f9:19:
         22:20:ac:26:cb:6f:61:23:d4:56:eb:a5:8c:49:ea:ca:aa:ca:
         57:ac:2e:75:e5:92:24:e1:47:c7:79:a6:7a:85:c8:6d:3c:a0:
         85:5e:88:2c:68:2e:13:19:d4:92:67:4e:54:a1:9b:fd:38:5a:
         55:84:74:88:b7:2c:3f:a6:69:03:ba:03:e3:c7:91:d4:21:78:
         98:60:2d:53:fd:3d:70:4d:ee:13:f8:8a:23:56:fc:c8:3f:d4:
         ba:dc:5b:b3:ac:d0:83:f8:d3:9a:1d:03:29:74:74:a9:57:84:
         79:08:cf:3c:aa:ad:c3:85:7a:8e:87:3c:66:99:b7:22:a1:d5:
         68:46:65:08:82:e7:4b:1a:11:9d:44:35:15:f3:3a:f5:20:f7:
         f7:f1:fb:2a:e8:e4:c4:32:61:fe:80:c1:47:59:12:8e:b4:70:
         6a:cf:60:0b:33:1f:af:1b:67:d9:1f:79:4d:85:6f:64:73:84:
         74:f8:71:d9:38:37:b5:a0:67:86:1f:d6:4a:69:8d:f9:bb:66:
         9d:fc:9c:b4:7d:bf:4e:d5:e9:3f:3f:4e:3d:50:af:8e:6f:6f:
         06:17:32:41:1e:78:ab:23:39:0e:61:4c:d5:f4:c8:4a:ea:d6:
         9f:43:89:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKgFTpndJhf+pHdhvf+jHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDg4MzBjYzkyMTNkNWVkOTY3YmFlYThjZjAzYzRkOTFhYWRmOGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAonZLIyxVPOopQ322TryYVbYjbcPW
puDHA2N+g+ChzATTqXi0TvZ8nmdo6TADzlp5K0Uc/nCHNoXwu7gvIXYRwJU76UnI
g1YzyDNRTh27e7HYF++DsThHx39JZZlQzlxtEnXpMBJyqDEWrxo7sqbbbcUf7g1G
ZWhgtfmku5SRKxXC6WmdnXC84s7iNUtE1yx1rYW1zHLw24cikRdZs5IGBzZbgRnF
RfTHnVKlZCF9fJ+9G3tYLtntIGdPU0oeLW3BO/pv5V3WQHY2N7Kjks6IZXyzu25o
t/GPzhnjCaqqwNdKWxePQSshl8DuRVQm8KLia4au69P5r6Y0Oz9pAwVT0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG2IMMySE9XtlnuuqM8DxNkarfjGMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvYllnd3pKSVQxZTJXZTY2b3p3UEUyUnF0LU1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXauoMA0G
CSqGSIb3DQEBCwUAA4IBAQBioLI4N1S3/isD6c7koZJ7+RkiIKwmy29hI9RW66WM
SerKqspXrC515ZIk4UfHeaZ6hchtPKCFXogsaC4TGdSSZ05UoZv9OFpVhHSItyw/
pmkDugPjx5HUIXiYYC1T/T1wTe4T+IojVvzIP9S63FuzrNCD+NOaHQMpdHSpV4R5
CM88qq3DhXqOhzxmmbciodVoRmUIgudLGhGdRDUV8zr1IPf38fsq6OTEMmH+gMFH
WRKOtHBqz2ALMx+vG2fZH3lNhW9kc4R0+HHZODe1oGeGH9ZKaY35u2ad/Jy0fb9O
1ek/P049UK+Ob28GFzJBHnirIzkOYUzV9MhK6tafQ4my
-----END CERTIFICATE-----