Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/chLaIi3gAaVMs7r_6rOJbbEtl0k.roa
File:                     chLaIi3gAaVMs7r_6rOJbbEtl0k.roa (raw, json)
Hash identifier:          XkhivysPhFaD/Z1/JjdxDrywu0F3J2nE9VBftUEBBrw=
Subject key identifier:   72:12:DA:22:2D:E0:01:A5:4C:B3:BA:FF:EA:B3:89:6D:B1:2D:97:49
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0194258FD270944ED63B89B138A59D23FAA9
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/chLaIi3gAaVMs7r_6rOJbbEtl0k.roa
Signing time:             Thu 02 Jan 2025 05:49:29 +0000
ROA not before:           Thu 02 Jan 2025 05:49:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60510
IP address blocks:        95.47.146.0/24 maxlen: 24
                          95.47.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:d2:70:94:4e:d6:3b:89:b1:38:a5:9d:23:fa:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7212da222de001a54cb3baffeab3896db12d9749
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:93:fe:d2:0d:6f:a1:37:ae:5d:d5:a4:46:ff:
                    35:e9:4e:24:97:37:45:5c:56:61:ec:5f:cf:dc:c3:
                    da:00:03:95:61:a0:35:fd:62:59:0f:dc:15:ba:19:
                    a6:5a:c1:c5:15:e5:0f:1c:97:c1:d2:3f:4c:92:17:
                    88:3e:50:36:3d:cc:d9:19:6d:0b:6f:62:28:d5:7d:
                    3b:52:58:13:1a:95:1f:ff:e5:30:79:9a:2b:e7:45:
                    04:40:a3:f4:6e:34:ff:c7:02:2c:6e:04:4f:78:54:
                    30:86:fa:ba:4e:50:ce:9c:2f:fe:dd:a4:ef:cd:01:
                    1a:bd:29:83:14:f0:18:3a:4b:5e:b5:43:cc:ba:be:
                    87:f7:a8:b9:da:93:5f:4d:3d:7c:e9:45:5f:15:30:
                    a1:9d:8b:ab:c3:12:35:56:29:c6:f2:88:1d:5c:df:
                    11:4d:08:10:2b:54:ea:cf:26:15:82:22:fe:57:01:
                    b1:e9:b2:7e:5f:bc:2f:ab:6e:15:df:e3:e2:e7:27:
                    22:21:89:77:80:93:d3:b4:5c:df:33:18:5d:41:c0:
                    c0:a0:d2:cc:35:17:f4:60:b4:eb:fc:e5:37:59:42:
                    61:95:c0:d5:79:c3:9d:af:1e:58:49:98:9c:58:56:
                    21:d1:6f:0c:d2:a3:c8:42:10:c5:29:09:ba:3e:8d:
                    cf:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:12:DA:22:2D:E0:01:A5:4C:B3:BA:FF:EA:B3:89:6D:B1:2D:97:49
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/chLaIi3gAaVMs7r_6rOJbbEtl0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.47.146.0/24
                  95.47.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:02:98:e0:df:ef:c6:af:70:c0:7a:0a:e0:79:b4:5b:e1:ba:
         02:4c:27:c0:13:3c:32:ef:89:e3:a9:a2:1e:a7:02:74:e2:fd:
         18:2c:03:33:c6:69:0a:95:c8:4b:37:df:85:99:2b:3f:d4:0e:
         a4:0b:7b:bb:89:5d:d6:34:d9:7c:88:29:ec:ad:92:2c:56:96:
         4f:59:61:b6:0d:66:42:d0:39:f8:df:08:d2:69:a1:44:7a:66:
         ae:ec:15:1d:7d:2a:26:7c:0d:c7:89:da:54:ba:af:31:c3:a0:
         f6:ed:34:93:73:4d:e9:09:11:7c:be:8a:78:6b:31:46:61:ae:
         a9:c7:ff:f2:98:b4:f9:4e:a7:17:69:a3:29:4f:00:bd:c1:b6:
         66:39:40:63:63:6e:72:1f:3f:f1:11:06:83:59:af:53:08:4d:
         21:9d:e1:ed:b1:3d:a0:97:2f:6a:ac:5a:87:37:e0:22:c4:22:
         12:92:60:be:b9:7e:93:89:80:6e:3b:77:36:bd:72:71:93:7d:
         63:63:23:cc:98:c9:2d:e8:f0:a2:c8:ee:ea:3f:47:10:52:28:
         ba:a8:b1:c5:14:d8:8f:f9:73:b3:e5:8d:03:26:01:ef:e6:89:
         c2:d6:a7:ad:03:1e:f1:e4:cd:d1:e8:50:17:99:d3:c0:92:14:
         ca:f9:a4:ae
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQlj9JwlE7WO4mxOKWdI/qpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjEyZGEyMjJkZTAwMWE1NGNiM2JhZmZlYWIzODk2ZGIxMmQ5NzQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjJP+0g1voTeuXdWkRv816U4klzdF
XFZh7F/P3MPaAAOVYaA1/WJZD9wVuhmmWsHFFeUPHJfB0j9MkheIPlA2PczZGW0L
b2Io1X07UlgTGpUf/+UweZor50UEQKP0bjT/xwIsbgRPeFQwhvq6TlDOnC/+3aTv
zQEavSmDFPAYOktetUPMur6H96i52pNfTT186UVfFTChnYurwxI1VinG8ogdXN8R
TQgQK1TqzyYVgiL+VwGx6bJ+X7wvq24V3+Pi5yciIYl3gJPTtFzfMxhdQcDAoNLM
NRf0YLTr/OU3WUJhlcDVecOdrx5YSZicWFYh0W8M0qPIQhDFKQm6Po3PmwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHIS2iIt4AGlTLO6/+qziW2xLZdJMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvY2hMYUlpM2dBYVZNczdyXzZyT0piYkV0bDBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXy+SAwQA
Xy+bMA0GCSqGSIb3DQEBCwUAA4IBAQAbApjg3+/Gr3DAegrgebRb4boCTCfAEzwy
74njqaIepwJ04v0YLAMzxmkKlchLN9+FmSs/1A6kC3u7iV3WNNl8iCnsrZIsVpZP
WWG2DWZC0Dn43wjSaaFEemau7BUdfSomfA3HidpUuq8xw6D27TSTc03pCRF8vop4
azFGYa6px//ymLT5TqcXaaMpTwC9wbZmOUBjY25yHz/xEQaDWa9TCE0hneHtsT2g
ly9qrFqHN+AixCISkmC+uX6TiYBuO3c2vXJxk31jYyPMmMkt6PCiyO7qP0cQUii6
qLHFFNiP+XOz5Y0DJgHv5onC1qetAx7x5M3R6FAXmdPAkhTK+aSu
-----END CERTIFICATE-----