Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/gcqpI2hwyzKgdeO4kjqAs_leC64.roa
File:                     gcqpI2hwyzKgdeO4kjqAs_leC64.roa (raw, json)
Hash identifier:          j2URNBSdBjdKyCpjAPiu2d+wJpQcJLqBWWJQwwp5Shk=
Subject key identifier:   81:CA:A9:23:68:70:CB:32:A0:75:E3:B8:92:3A:80:B3:F9:5E:0B:AE
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA29DFCBE8EED6C6DB4CF94880A36BA9
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/gcqpI2hwyzKgdeO4kjqAs_leC64.roa
Signing time:             Tue 02 Jan 2024 12:33:11 +0000
ROA not before:           Tue 02 Jan 2024 12:33:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3279
IP address blocks:        95.46.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:df:cb:e8:ee:d6:c6:db:4c:f9:48:80:a3:6b:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81caa9236870cb32a075e3b8923a80b3f95e0bae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:f4:28:4e:15:a2:48:fa:70:1e:27:45:f8:74:
                    61:13:44:c2:c9:25:3f:5c:04:81:09:ad:56:bd:6a:
                    94:3f:13:96:82:e5:44:ec:6b:c0:30:a3:8d:e9:b3:
                    62:60:bc:a4:ee:90:f3:de:ef:b8:37:22:9a:fa:c4:
                    95:4c:d6:6e:f6:68:0e:b0:c7:d3:52:91:03:2e:6a:
                    9c:23:2c:c2:b6:06:80:ba:b8:08:23:bc:b9:73:6f:
                    d9:2c:24:f7:bb:b5:9d:3d:23:ec:e8:59:5a:31:1c:
                    86:6f:0f:94:5a:8d:ce:56:0f:ee:02:56:15:c1:f8:
                    9a:61:3d:3e:b1:4e:7e:e6:77:24:ab:96:97:ff:aa:
                    6a:72:53:78:61:32:ea:a1:40:be:8b:b4:90:78:6a:
                    76:84:52:86:b4:78:8c:9f:a2:c7:2d:ca:72:17:25:
                    61:c8:3b:2d:3e:04:ed:12:cb:2d:dd:a3:c4:36:0e:
                    cf:46:dc:3a:98:c7:e3:20:96:ad:f6:42:1d:3e:97:
                    30:26:4a:5c:1c:bc:c2:87:85:ad:b9:1c:ca:72:8c:
                    c9:d2:2a:fb:f8:6c:ab:89:73:68:26:bc:c1:6f:07:
                    85:6d:08:c6:77:7b:38:63:2b:3a:84:94:c9:0f:17:
                    93:bc:95:d7:1d:ab:1a:5e:2f:71:c9:f8:f1:b0:22:
                    03:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:CA:A9:23:68:70:CB:32:A0:75:E3:B8:92:3A:80:B3:F9:5E:0B:AE
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/gcqpI2hwyzKgdeO4kjqAs_leC64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.46.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:47:43:df:54:c2:42:27:bf:84:44:b7:61:c7:49:6b:20:d7:
         ee:62:07:fc:6c:79:ee:d3:07:2f:c0:59:37:79:2a:02:3b:cc:
         ff:d0:51:20:e4:c8:fa:8f:1e:38:93:83:28:a6:21:87:48:fe:
         96:fa:9a:f7:71:06:da:12:4d:12:32:6d:1f:05:9e:37:bb:5b:
         a5:e7:e9:29:43:2f:e0:1f:93:05:40:02:ff:81:d9:bd:29:33:
         af:eb:15:a0:cc:51:9c:7f:1f:8d:c8:45:58:96:e1:fd:10:5b:
         6a:58:18:2f:8b:1c:97:0c:d2:62:b9:0d:40:69:b3:8c:1d:1e:
         bc:6e:11:ce:2b:a4:94:f2:b6:ee:7a:f2:65:80:9b:bd:90:42:
         0a:f2:ef:db:6e:54:71:56:e3:a2:8e:9a:35:1e:37:37:bf:01:
         61:df:0c:50:55:50:c8:f1:42:a2:04:d4:e8:c2:04:5f:83:fd:
         15:fa:0c:81:ee:0e:da:b5:82:3f:3f:40:5c:c6:09:d5:39:76:
         5b:b2:d5:fc:8a:0f:0d:ff:68:23:09:26:48:23:73:71:b6:8a:
         7f:4e:ab:b3:41:3a:0e:6c:41:a3:b7:77:6d:30:3b:e9:01:de:
         2e:37:87:cf:25:59:15:c5:cd:d0:e8:6b:71:54:ab:56:7a:83:
         ac:c2:d1:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKd/L6O7WxttM+UiAo2upMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWNhYTkyMzY4NzBjYjMyYTA3NWUzYjg5MjNhODBiM2Y5NWUwYmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/QoThWiSPpwHidF+HRhE0TCySU/
XASBCa1WvWqUPxOWguVE7GvAMKON6bNiYLyk7pDz3u+4NyKa+sSVTNZu9mgOsMfT
UpEDLmqcIyzCtgaAurgII7y5c2/ZLCT3u7WdPSPs6FlaMRyGbw+UWo3OVg/uAlYV
wfiaYT0+sU5+5nckq5aX/6pqclN4YTLqoUC+i7SQeGp2hFKGtHiMn6LHLcpyFyVh
yDstPgTtEsst3aPENg7PRtw6mMfjIJat9kIdPpcwJkpcHLzCh4WtuRzKcozJ0ir7
+GyriXNoJrzBbweFbQjGd3s4Yys6hJTJDxeTvJXXHasaXi9xyfjxsCIDcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIHKqSNocMsyoHXjuJI6gLP5XguuMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvZ2NxcEkyaHd5ektnZGVPNGtqcUFzX2xlQzY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXy4GMA0G
CSqGSIb3DQEBCwUAA4IBAQAgR0PfVMJCJ7+ERLdhx0lrINfuYgf8bHnu0wcvwFk3
eSoCO8z/0FEg5Mj6jx44k4MopiGHSP6W+pr3cQbaEk0SMm0fBZ43u1ul5+kpQy/g
H5MFQAL/gdm9KTOv6xWgzFGcfx+NyEVYluH9EFtqWBgvixyXDNJiuQ1AabOMHR68
bhHOK6SU8rbuevJlgJu9kEIK8u/bblRxVuOijpo1Hjc3vwFh3wxQVVDI8UKiBNTo
wgRfg/0V+gyB7g7atYI/P0BcxgnVOXZbstX8ig8N/2gjCSZII3Nxtop/TquzQToO
bEGjt3dtMDvpAd4uN4fPJVkVxc3Q6GtxVKtWeoOswtEo
-----END CERTIFICATE-----