Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dBV8TG2stw1pp-ca8amzmLTzfoY.roa
File:                     dBV8TG2stw1pp-ca8amzmLTzfoY.roa (raw, json)
Hash identifier:          zyL4onkW+Nyn/sJoJdBA+zwgOy4HbhLktTX627z+PHU=
Subject key identifier:   74:15:7C:4C:6D:AC:B7:0D:69:A7:E7:1A:F1:A9:B3:98:B4:F3:7E:86
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A146E6D8ACD667FDBC0AAB88FC91C
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dBV8TG2stw1pp-ca8amzmLTzfoY.roa
Signing time:             Tue 02 Jan 2024 12:33:24 +0000
ROA not before:           Tue 02 Jan 2024 12:33:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56592
IP address blocks:        31.148.8.0/22 maxlen: 24
                          95.47.190.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 May 2024 00:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:14:6e:6d:8a:cd:66:7f:db:c0:aa:b8:8f:c9:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=74157c4c6dacb70d69a7e71af1a9b398b4f37e86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:15:1f:de:99:1f:23:77:c0:96:29:f2:94:cf:
                    d1:e5:07:fd:a1:0f:55:08:9e:17:cb:85:da:30:a5:
                    87:84:37:16:98:3f:22:21:c6:62:b1:84:a7:44:6d:
                    18:cd:ea:08:f5:d3:b7:91:f5:7c:58:68:06:64:ca:
                    01:81:3a:70:11:61:78:b3:d1:ab:cd:78:83:ec:20:
                    cf:5f:bb:b3:87:e8:cb:d7:e4:00:07:47:56:d4:03:
                    f9:5e:43:dc:cb:55:5c:bf:6e:bc:b0:51:dd:16:05:
                    f9:d9:21:20:eb:a5:b1:4a:00:23:32:d0:f6:92:0b:
                    f4:be:7b:61:60:4c:57:55:f6:5b:c4:db:74:52:88:
                    e3:13:1b:5c:9a:de:2a:87:c1:ea:e2:38:6a:35:f1:
                    f9:01:00:fd:aa:1f:fc:5e:03:92:f5:9f:37:83:15:
                    e1:c6:30:a4:55:ec:75:90:3e:f4:ca:b0:19:24:8b:
                    bc:03:62:eb:fa:31:8d:32:25:a9:5f:65:19:aa:2a:
                    87:58:87:5d:d9:dc:17:f0:3a:be:36:67:25:89:51:
                    8e:f7:86:d7:ac:ff:ef:d1:61:58:f5:32:19:7e:5f:
                    8d:f4:ba:fe:ba:a4:4c:31:61:b6:9e:f7:f5:9a:d0:
                    9d:39:3f:75:15:1f:69:b2:8b:1a:91:ce:cf:f3:75:
                    1d:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:15:7C:4C:6D:AC:B7:0D:69:A7:E7:1A:F1:A9:B3:98:B4:F3:7E:86
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dBV8TG2stw1pp-ca8amzmLTzfoY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.148.8.0/22
                  95.47.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:a7:d5:67:52:44:4c:c5:47:61:da:49:4a:c9:bb:c8:b9:8d:
         dd:7f:1a:95:b9:80:c4:ff:68:f3:9a:46:eb:37:b3:05:8a:89:
         cc:03:cf:1a:88:e9:78:b4:5f:17:06:2b:88:3e:6c:90:5e:81:
         2d:95:b5:87:ef:f4:40:05:0e:f2:0c:89:a3:f6:84:d4:55:d2:
         32:58:8e:f8:39:c0:df:a3:6c:18:3d:dd:c7:b9:37:d9:a3:3d:
         94:c6:f2:37:9d:71:94:da:4b:f4:05:11:e4:7e:97:1a:15:93:
         e3:fa:4a:1a:da:70:5b:13:da:00:85:8a:f8:6e:5a:23:47:f4:
         55:71:9b:ae:0d:cf:4d:17:3a:06:5c:66:ba:bd:32:ce:87:38:
         3a:1a:f0:3b:12:ee:25:3c:f5:b2:71:74:5a:96:f4:58:d7:42:
         c3:7e:3c:34:1b:93:c9:4d:85:67:6f:a6:33:5d:d3:25:2e:b3:
         c8:96:46:70:87:d5:63:27:da:17:9e:49:f9:a0:6c:26:b3:af:
         f2:9b:90:14:c3:bb:de:40:c4:a4:e0:a3:71:a1:58:0b:29:dd:
         e8:f1:02:0a:3a:8e:e6:fd:92:d0:a6:b6:19:52:97:48:fc:9e:
         17:d1:27:89:3b:ea:07:38:52:53:27:5c:8a:78:51:6a:53:b9:
         31:10:ea:67
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKhRubYrNZn/bwKq4j8kcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDE1N2M0YzZkYWNiNzBkNjlhN2U3MWFmMWE5YjM5OGI0ZjM3ZTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhhUf3pkfI3fAlinylM/R5Qf9oQ9V
CJ4Xy4XaMKWHhDcWmD8iIcZisYSnRG0YzeoI9dO3kfV8WGgGZMoBgTpwEWF4s9Gr
zXiD7CDPX7uzh+jL1+QAB0dW1AP5XkPcy1Vcv268sFHdFgX52SEg66WxSgAjMtD2
kgv0vnthYExXVfZbxNt0UojjExtcmt4qh8Hq4jhqNfH5AQD9qh/8XgOS9Z83gxXh
xjCkVex1kD70yrAZJIu8A2Lr+jGNMiWpX2UZqiqHWIdd2dwX8Dq+NmcliVGO94bX
rP/v0WFY9TIZfl+N9Lr+uqRMMWG2nvf1mtCdOT91FR9psosakc7P83UdTQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHQVfExtrLcNaafnGvGps5i0836GMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvZEJWOFRHMnN0dzFwcC1jYThhbXptTFR6Zm9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCH5QIAwQA
Xy++MA0GCSqGSIb3DQEBCwUAA4IBAQA8p9VnUkRMxUdh2klKybvIuY3dfxqVuYDE
/2jzmkbrN7MFionMA88aiOl4tF8XBiuIPmyQXoEtlbWH7/RABQ7yDImj9oTUVdIy
WI74OcDfo2wYPd3HuTfZoz2UxvI3nXGU2kv0BRHkfpcaFZPj+koa2nBbE9oAhYr4
blojR/RVcZuuDc9NFzoGXGa6vTLOhzg6GvA7Eu4lPPWycXRalvRY10LDfjw0G5PJ
TYVnb6YzXdMlLrPIlkZwh9VjJ9oXnkn5oGwms6/ym5AUw7veQMSk4KNxoVgLKd3o
8QIKOo7m/ZLQprYZUpdI/J4X0SeJO+oHOFJTJ1yKeFFqU7kxEOpn
-----END CERTIFICATE-----