Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/gv8El0QmF2vJzTvZwQYxyKSjp4w.roa
File:                     gv8El0QmF2vJzTvZwQYxyKSjp4w.roa (raw, json)
Hash identifier:          KoxNXYLBGTP2bx6ARzPNhIMOQ6iUQx3UamTGEFtg4Jw=
Subject key identifier:   82:FF:04:97:44:26:17:6B:C9:CD:3B:D9:C1:06:31:C8:A4:A3:A7:8C
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA29E5859B969AE8ADEE74319412BE10
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/gv8El0QmF2vJzTvZwQYxyKSjp4w.roa
Signing time:             Tue 02 Jan 2024 12:33:12 +0000
ROA not before:           Tue 02 Jan 2024 12:33:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34503
IP address blocks:        31.148.217.0/24 maxlen: 24
                          93.170.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:e5:85:9b:96:9a:e8:ad:ee:74:31:94:12:be:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82ff04974426176bc9cd3bd9c10631c8a4a3a78c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:16:42:b5:c0:f3:bc:57:c3:3c:55:09:b9:44:
                    0a:d1:02:75:b6:e4:a2:bd:86:cf:10:23:60:5a:86:
                    1f:85:33:0f:a0:48:6d:2f:a1:96:1f:84:6c:3c:15:
                    6f:39:7c:4a:4e:15:42:3d:6e:66:ec:61:8e:c4:61:
                    ce:7f:a5:2b:61:ec:2e:3c:14:1c:10:6a:2b:7f:06:
                    5d:5b:dc:4b:21:49:7b:8a:8b:c4:9a:ef:a4:ca:31:
                    e0:e1:8d:70:36:45:f4:f8:e2:ca:f3:d6:c8:e7:65:
                    c5:c7:45:de:b5:63:65:8b:a6:af:91:89:0d:62:92:
                    3a:83:e8:19:d7:71:be:33:78:d0:c8:07:fd:d3:95:
                    20:80:8a:cb:5c:dc:10:55:98:e8:6f:1f:a5:a4:33:
                    a6:9c:24:1c:fa:ec:a0:32:f8:33:9e:19:1b:4f:c7:
                    de:2a:91:32:de:da:46:84:20:bb:d7:76:05:02:60:
                    2c:39:a8:79:ad:f3:24:18:20:c8:10:a6:95:d0:e9:
                    10:a9:e5:1e:3a:db:9e:10:10:0e:2e:30:21:0e:73:
                    be:b4:1f:b3:1d:42:08:16:b4:1e:40:d1:9b:07:63:
                    15:ee:ef:f9:aa:6d:87:ef:93:98:73:46:ae:40:1c:
                    04:5f:e6:66:8d:64:ca:7b:71:4f:01:58:48:98:95:
                    87:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:FF:04:97:44:26:17:6B:C9:CD:3B:D9:C1:06:31:C8:A4:A3:A7:8C
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/gv8El0QmF2vJzTvZwQYxyKSjp4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.148.217.0/24
                  93.170.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:eb:53:fc:5a:61:94:c1:d4:f0:84:f7:fb:c4:52:4f:09:b0:
         65:e0:ac:9b:2b:51:07:b9:b0:65:71:e7:25:6e:57:41:6a:8b:
         25:27:3a:55:e2:89:f9:d1:ab:9d:15:03:c1:18:1c:e8:85:a3:
         24:e2:f7:9e:3e:de:3e:29:86:af:38:62:69:a8:0c:91:ba:1f:
         be:6a:d0:f5:f9:1c:0b:ac:35:94:51:64:56:d9:e2:6e:37:f7:
         16:fd:98:ca:96:1a:2c:66:ec:0b:7b:38:68:dc:ea:bc:af:7a:
         5f:fd:a5:2d:04:0c:67:e5:8a:85:91:e6:66:45:9b:78:62:ad:
         7c:8c:5c:26:5a:6e:17:97:b6:46:b0:17:b5:ec:92:17:c8:75:
         e3:13:5d:e1:a8:c2:f7:2f:0e:5c:c8:7d:d6:ad:07:00:e0:38:
         ef:a4:18:f7:ef:27:6d:e3:7d:54:e8:d9:1e:33:d5:e4:45:44:
         d9:5c:de:9c:d2:d7:b7:59:6d:b1:52:3e:56:cd:a2:a5:9b:4f:
         1f:21:50:e3:95:49:f6:63:79:5e:93:ae:7b:d8:2b:e9:82:f9:
         4e:4e:da:7c:56:b9:02:93:57:f8:1f:50:e5:02:41:b0:1b:5a:
         03:7a:ec:75:4e:93:b2:da:62:88:2d:1f:f5:31:22:7b:ab:9a:
         c5:1a:49:ef
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKeWFm5aa6K3udDGUEr4QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmZmMDQ5NzQ0MjYxNzZiYzljZDNiZDljMTA2MzFjOGE0YTNhNzhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAghZCtcDzvFfDPFUJuUQK0QJ1tuSi
vYbPECNgWoYfhTMPoEhtL6GWH4RsPBVvOXxKThVCPW5m7GGOxGHOf6UrYewuPBQc
EGorfwZdW9xLIUl7iovEmu+kyjHg4Y1wNkX0+OLK89bI52XFx0XetWNli6avkYkN
YpI6g+gZ13G+M3jQyAf905UggIrLXNwQVZjobx+lpDOmnCQc+uygMvgznhkbT8fe
KpEy3tpGhCC713YFAmAsOah5rfMkGCDIEKaV0OkQqeUeOtueEBAOLjAhDnO+tB+z
HUIIFrQeQNGbB2MV7u/5qm2H75OYc0auQBwEX+ZmjWTKe3FPAVhImJWHDQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIL/BJdEJhdryc072cEGMciko6eMMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvZ3Y4RWwwUW1GMnZKelR2WndRWXh5S1NqcDR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAH5TZAwQA
XapnMA0GCSqGSIb3DQEBCwUAA4IBAQBb61P8WmGUwdTwhPf7xFJPCbBl4KybK1EH
ubBlceclbldBaoslJzpV4on50audFQPBGBzohaMk4veePt4+KYavOGJpqAyRuh++
atD1+RwLrDWUUWRW2eJuN/cW/ZjKlhosZuwLezho3Oq8r3pf/aUtBAxn5YqFkeZm
RZt4Yq18jFwmWm4Xl7ZGsBe17JIXyHXjE13hqML3Lw5cyH3WrQcA4DjvpBj37ydt
431U6NkeM9XkRUTZXN6c0te3WW2xUj5WzaKlm08fIVDjlUn2Y3lek6572CvpgvlO
Ttp8VrkCk1f4H1DlAkGwG1oDeux1TpOy2mKILR/1MSJ7q5rFGknv
-----END CERTIFICATE-----