Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/e84CaycEJYNtruXGY5zwimUSlgk.roa
File:                     e84CaycEJYNtruXGY5zwimUSlgk.roa (raw, json)
Hash identifier:          FJdOR11THvGaXBZw893656K4EgEk39aIr+3FvOp1CTs=
Subject key identifier:   7B:CE:02:6B:27:04:25:83:6D:AE:E5:C6:63:9C:F0:8A:65:12:96:09
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0194258FABFC39DA88DAB926BD6EB4D8E970
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/e84CaycEJYNtruXGY5zwimUSlgk.roa
Signing time:             Thu 02 Jan 2025 05:49:20 +0000
ROA not before:           Thu 02 Jan 2025 05:49:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47726
IP address blocks:        92.38.8.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:ab:fc:39:da:88:da:b9:26:bd:6e:b4:d8:e9:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7bce026b270425836daee5c6639cf08a65129609
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:1c:d6:dd:fe:42:d0:1f:0e:d7:bc:40:1f:c2:
                    34:b3:cb:c3:ad:86:b7:5d:c3:f9:0d:7a:e6:99:10:
                    c2:cc:d8:1b:17:39:4e:d7:e2:67:94:17:da:62:60:
                    90:8c:82:2e:9c:aa:5b:1e:ad:61:54:14:02:fe:93:
                    91:d9:71:4d:97:8d:0b:9e:67:9a:06:a6:1e:f4:1e:
                    33:48:ab:df:1b:c8:ca:bc:42:cd:d1:fa:4f:e6:5d:
                    72:66:73:2d:98:c6:86:e8:1f:8c:81:1e:e0:83:35:
                    e6:a1:61:07:4a:45:f2:cc:ac:d3:67:91:be:c1:b8:
                    b2:33:53:a8:47:24:d6:96:c4:60:22:5b:8d:ca:5f:
                    03:5f:97:f6:e9:26:99:c3:e8:4e:0b:e8:c1:a1:91:
                    98:6f:6a:aa:c7:c7:fb:31:5a:1f:51:49:6c:fe:0f:
                    12:a2:dd:05:81:5f:51:fe:fb:0f:25:9f:bd:c9:ac:
                    f8:58:34:df:fa:66:16:6d:f3:f9:71:44:e8:4e:88:
                    35:2d:73:62:1c:49:36:f7:bd:59:4d:d9:2a:89:25:
                    aa:e9:9b:8c:0f:e9:f5:ec:e3:82:ad:5b:3c:86:ce:
                    87:b0:a4:a8:28:34:f9:7d:f3:14:0c:b8:74:75:43:
                    a1:86:29:f3:76:4d:69:f5:9d:e9:1f:36:29:ce:21:
                    a5:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:CE:02:6B:27:04:25:83:6D:AE:E5:C6:63:9C:F0:8A:65:12:96:09
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/e84CaycEJYNtruXGY5zwimUSlgk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.38.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         6f:60:91:2e:6b:27:64:2f:25:f5:7e:fa:65:86:40:b5:a0:82:
         34:57:aa:3b:03:7c:60:fd:73:02:4f:3f:18:91:92:df:4e:56:
         47:37:a4:65:19:e8:b7:6c:a9:f1:6a:58:a1:2e:3f:95:11:25:
         b2:84:80:30:b3:f8:ce:00:07:19:f3:29:0b:81:ff:b5:a9:14:
         54:f3:a4:a8:2b:60:76:e9:b0:6d:80:42:2f:5f:66:e3:58:a1:
         c1:1d:fc:9c:6a:f3:a8:ed:36:0a:1d:9f:b5:97:55:a4:62:8c:
         b6:8c:57:34:d5:78:55:f2:64:ef:b5:d4:41:a1:05:e1:59:9f:
         2c:86:17:ae:47:2b:94:e2:f4:af:10:94:fe:e1:31:d5:36:1e:
         cd:df:ac:b9:0f:58:f6:eb:f9:ca:8d:da:38:6e:f1:cd:cb:09:
         d8:e6:76:9c:24:ce:af:8c:03:9a:66:02:ba:e8:df:fe:ee:bb:
         52:af:53:d7:b7:f3:6f:9f:f1:a5:df:10:b6:6a:21:78:c5:fb:
         4e:dd:d6:d0:0a:59:d4:8a:8b:56:f8:28:d0:87:f6:0e:25:85:
         84:06:7b:f7:a2:2e:6c:63:30:c8:cd:73:66:13:b7:39:75:30:
         fc:c6:e6:9c:ed:50:06:b9:70:f8:93:51:8a:00:99:fd:2d:92:
         62:a2:a4:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj6v8OdqI2rkmvW602OlwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmNlMDI2YjI3MDQyNTgzNmRhZWU1YzY2MzljZjA4YTY1MTI5NjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2hzW3f5C0B8O17xAH8I0s8vDrYa3
XcP5DXrmmRDCzNgbFzlO1+JnlBfaYmCQjIIunKpbHq1hVBQC/pOR2XFNl40Lnmea
BqYe9B4zSKvfG8jKvELN0fpP5l1yZnMtmMaG6B+MgR7ggzXmoWEHSkXyzKzTZ5G+
wbiyM1OoRyTWlsRgIluNyl8DX5f26SaZw+hOC+jBoZGYb2qqx8f7MVofUUls/g8S
ot0FgV9R/vsPJZ+9yaz4WDTf+mYWbfP5cUToTog1LXNiHEk2971ZTdkqiSWq6ZuM
D+n17OOCrVs8hs6HsKSoKDT5ffMUDLh0dUOhhinzdk1p9Z3pHzYpziGlkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHvOAmsnBCWDba7lxmOc8IplEpYJMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvZTg0Q2F5Y0VKWU50cnVYR1k1endpbVVTbGdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDXCYIMA0G
CSqGSIb3DQEBCwUAA4IBAQBvYJEuaydkLyX1fvplhkC1oII0V6o7A3xg/XMCTz8Y
kZLfTlZHN6RlGei3bKnxalihLj+VESWyhIAws/jOAAcZ8ykLgf+1qRRU86SoK2B2
6bBtgEIvX2bjWKHBHfycavOo7TYKHZ+1l1WkYoy2jFc01XhV8mTvtdRBoQXhWZ8s
hheuRyuU4vSvEJT+4THVNh7N36y5D1j26/nKjdo4bvHNywnY5nacJM6vjAOaZgK6
6N/+7rtSr1PXt/Nvn/Gl3xC2aiF4xftO3dbQClnUiotW+CjQh/YOJYWEBnv3oi5s
YzDIzXNmE7c5dTD8xuac7VAGuXD4k1GKAJn9LZJioqRK
-----END CERTIFICATE-----