Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/bpAeUkzwTZO5rgQ224G0gy4PW0E.roa
File:                     bpAeUkzwTZO5rgQ224G0gy4PW0E.roa (raw, json)
Hash identifier:          ILDgPiFpDXeg/NfO+qNQAaMXxIkm8eeXdyrKCD8ncYU=
Subject key identifier:   6E:90:1E:52:4C:F0:4D:93:B9:AE:04:36:DB:81:B4:83:2E:0F:5B:41
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0194258FE5D498B610CB86FCDE8F729B4E63
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/bpAeUkzwTZO5rgQ224G0gy4PW0E.roa
Signing time:             Thu 02 Jan 2025 05:49:34 +0000
ROA not before:           Thu 02 Jan 2025 05:49:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197971
IP address blocks:        92.38.86.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:e5:d4:98:b6:10:cb:86:fc:de:8f:72:9b:4e:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6e901e524cf04d93b9ae0436db81b4832e0f5b41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f0:7d:13:c5:3a:fa:f0:44:ac:59:74:94:99:
                    e4:27:0a:de:11:c6:ab:57:01:72:c8:8e:84:8f:6a:
                    1d:59:18:f0:d5:da:28:3a:bd:b9:fe:22:d7:33:cd:
                    a9:d4:2d:2d:59:9d:79:fa:83:e6:66:07:5f:2a:8c:
                    e0:df:68:61:1d:be:9c:7b:43:f5:3b:53:24:42:b3:
                    63:49:e8:82:7f:76:1a:f7:15:94:c7:dd:e4:c1:2b:
                    e3:44:17:95:6e:a8:ce:f4:fd:d5:2b:96:93:ff:9b:
                    a3:c4:72:bf:f5:ea:54:0e:1e:61:04:30:61:8d:f9:
                    6a:b0:7e:bb:23:75:22:c5:99:71:d2:52:d7:a0:c0:
                    4d:20:0a:4c:61:f5:7a:1d:ff:10:df:14:f2:94:64:
                    ff:cf:b4:ac:9f:8c:c0:5b:0e:c4:44:2f:b0:59:4f:
                    d6:ea:3c:d5:e1:56:77:17:98:1c:8a:8c:1b:b0:72:
                    41:ba:02:4b:bd:22:de:19:53:f8:9d:68:43:0c:a5:
                    62:ff:0d:96:68:10:d5:b8:e3:69:cb:de:c2:e9:83:
                    e4:ac:c9:57:fe:a4:d2:b1:5f:64:7a:64:39:69:1b:
                    ac:9d:ea:40:26:94:ed:03:17:2a:12:00:95:70:2d:
                    ae:f9:3f:2c:a6:3e:d7:4b:9f:c0:95:83:d8:74:53:
                    fb:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:90:1E:52:4C:F0:4D:93:B9:AE:04:36:DB:81:B4:83:2E:0F:5B:41
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/bpAeUkzwTZO5rgQ224G0gy4PW0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.38.86.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0c:1b:33:d7:8f:21:17:a4:eb:af:b6:0d:b8:fd:40:21:ed:c2:
         8f:26:8f:a1:96:23:b7:12:b4:d3:82:e8:0f:1b:bf:63:30:68:
         cd:ab:f4:29:fa:2a:93:d1:fc:48:3d:78:25:ab:5a:23:03:3d:
         3d:e1:25:24:56:59:93:53:58:65:03:78:64:af:ce:db:c0:c1:
         18:c7:46:22:8e:24:0e:44:00:7f:e6:d1:ce:17:a2:03:6a:66:
         13:96:11:9e:0b:49:56:f9:df:52:bd:ff:88:9c:8a:19:44:60:
         02:54:13:da:96:3f:d0:90:52:b3:57:db:1c:3e:59:91:06:1d:
         5b:91:84:81:fc:68:cb:51:5b:97:25:95:55:f0:76:72:3e:c7:
         65:9d:94:b6:2c:2a:87:1a:74:e3:6e:71:1b:0d:6a:34:71:36:
         ee:ce:6e:c0:f7:d2:c0:b4:b9:8a:62:52:a1:ce:1a:8a:84:82:
         d6:38:8d:7d:47:05:35:fa:50:fb:58:26:b0:ed:ca:16:aa:a1:
         fb:13:f4:a7:91:12:6a:9c:91:c8:cf:ae:f7:77:d1:74:73:75:
         81:72:c2:6b:c5:c7:41:49:39:ab:f7:83:a4:2c:08:03:60:11:
         e7:06:f2:2e:40:81:61:2a:ac:bf:57:c7:71:7f:7f:b3:59:93:
         19:8e:1a:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj+XUmLYQy4b83o9ym05jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTkwMWU1MjRjZjA0ZDkzYjlhZTA0MzZkYjgxYjQ4MzJlMGY1YjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvB9E8U6+vBErFl0lJnkJwreEcar
VwFyyI6Ej2odWRjw1dooOr25/iLXM82p1C0tWZ15+oPmZgdfKozg32hhHb6ce0P1
O1MkQrNjSeiCf3Ya9xWUx93kwSvjRBeVbqjO9P3VK5aT/5ujxHK/9epUDh5hBDBh
jflqsH67I3UixZlx0lLXoMBNIApMYfV6Hf8Q3xTylGT/z7Ssn4zAWw7ERC+wWU/W
6jzV4VZ3F5gciowbsHJBugJLvSLeGVP4nWhDDKVi/w2WaBDVuONpy97C6YPkrMlX
/qTSsV9kemQ5aRusnepAJpTtAxcqEgCVcC2u+T8spj7XS5/AlYPYdFP7NwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG6QHlJM8E2Tua4ENtuBtIMuD1tBMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvYnBBZVVrendUWk81cmdRMjI0RzBneTRQVzBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXCZWMA0G
CSqGSIb3DQEBCwUAA4IBAQAMGzPXjyEXpOuvtg24/UAh7cKPJo+hliO3ErTTgugP
G79jMGjNq/Qp+iqT0fxIPXglq1ojAz094SUkVlmTU1hlA3hkr87bwMEYx0YijiQO
RAB/5tHOF6IDamYTlhGeC0lW+d9Svf+InIoZRGACVBPalj/QkFKzV9scPlmRBh1b
kYSB/GjLUVuXJZVV8HZyPsdlnZS2LCqHGnTjbnEbDWo0cTbuzm7A99LAtLmKYlKh
zhqKhILWOI19RwU1+lD7WCaw7coWqqH7E/SnkRJqnJHIz673d9F0c3WBcsJrxcdB
STmr94OkLAgDYBHnBvIuQIFhKqy/V8dxf3+zWZMZjhro
-----END CERTIFICATE-----