Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/hT2-L8hFulaDLUXU0RAAiho3_aA.roa
File:                     hT2-L8hFulaDLUXU0RAAiho3_aA.roa (raw, json)
Hash identifier:          AiDTSrmMHQN+P05kk+iDPl8CBxupsyiAsLceJi6V/mk=
Subject key identifier:   85:3D:BE:2F:C8:45:BA:56:83:2D:45:D4:D1:10:00:8A:1A:37:FD:A0
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0194258FF6BA30531A4703BFA0ABB03C12F9
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/hT2-L8hFulaDLUXU0RAAiho3_aA.roa
Signing time:             Thu 02 Jan 2025 05:49:39 +0000
ROA not before:           Thu 02 Jan 2025 05:49:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205264
IP address blocks:        93.170.74.0/24 maxlen: 24
                          93.170.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:f6:ba:30:53:1a:47:03:bf:a0:ab:b0:3c:12:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=853dbe2fc845ba56832d45d4d110008a1a37fda0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:7c:df:cf:66:da:d9:bf:5c:1c:54:f1:e6:bf:
                    92:ad:6f:cb:cc:72:81:d1:96:96:f7:d5:81:a8:51:
                    ef:75:3f:9f:ec:80:0f:ad:89:06:df:23:bf:9c:dd:
                    42:71:e5:73:e0:9c:8f:89:63:7c:94:fc:d6:36:7b:
                    b3:01:f5:ce:b5:fd:30:a8:69:89:e2:08:03:f0:a3:
                    44:45:66:51:97:0b:62:11:d1:20:96:1e:1e:4b:89:
                    fa:9b:8d:f9:2b:3c:45:e7:7d:05:0e:54:7d:fc:7c:
                    46:7b:c9:69:c1:4d:f6:ba:c7:3e:85:c4:db:ad:2c:
                    bd:39:ce:40:f9:f6:64:2c:c9:ce:be:1b:1d:97:b4:
                    83:16:04:46:57:34:85:a8:93:20:6a:ae:de:c1:9b:
                    e5:ce:6d:47:f4:f7:12:9d:b4:b7:a1:f7:2b:15:35:
                    0e:ef:86:98:22:fc:49:80:11:b2:20:c4:bf:06:76:
                    ec:68:4c:6a:56:6e:31:b8:fa:85:01:f4:e1:59:e4:
                    29:21:71:5c:dc:fa:3b:8e:b2:b6:81:44:a8:ae:97:
                    5c:b7:4c:87:d6:cd:3d:2c:81:20:17:8c:50:c9:34:
                    38:d8:8e:03:59:61:b0:69:38:56:c1:b7:f8:07:9f:
                    f7:97:93:94:99:95:71:02:42:2a:39:ca:6e:0d:ae:
                    04:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:3D:BE:2F:C8:45:BA:56:83:2D:45:D4:D1:10:00:8A:1A:37:FD:A0
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/hT2-L8hFulaDLUXU0RAAiho3_aA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.170.74.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ab:ca:97:af:f9:4a:18:0a:09:7b:9f:83:f5:4c:71:3b:70:84:
         70:7c:c1:42:b2:ea:78:43:6e:5d:de:59:03:f1:62:21:d0:84:
         69:79:a8:a2:89:c5:9f:c7:c8:20:a4:c3:6d:b3:bd:9a:95:a5:
         d5:e0:77:95:86:e6:8a:32:eb:a3:4e:be:aa:54:9f:62:e8:9d:
         4c:04:ce:50:db:44:23:68:f5:71:e9:af:d2:4c:af:43:60:a8:
         32:d7:6b:47:a8:4c:a3:41:e4:6e:cf:61:dd:08:f8:fb:46:8a:
         ef:03:22:dc:7a:a6:6a:72:a6:d6:a1:fe:6f:04:02:3b:8f:d9:
         b6:e4:01:13:e6:07:d0:e1:6b:4f:90:71:3b:9e:1f:db:26:d2:
         33:0d:a8:24:c9:84:95:a2:b7:2c:d4:52:c6:26:b1:c8:cb:87:
         05:0b:1c:3a:81:c6:6c:06:eb:24:bf:2b:af:bd:03:7b:16:da:
         a5:d1:ef:ae:bc:98:e7:91:d7:c3:99:c0:d5:9a:89:f2:91:21:
         23:55:b3:00:ee:aa:4c:3b:8c:1d:77:55:21:29:d8:65:b0:fa:
         68:87:3b:e7:94:d0:a6:c2:89:cd:c6:45:00:5e:ca:01:aa:2b:
         d1:7f:c9:41:ff:80:40:93:c5:c7:a9:37:f6:bb:0c:1b:3b:68:
         c7:d2:ee:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj/a6MFMaRwO/oKuwPBL5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTNkYmUyZmM4NDViYTU2ODMyZDQ1ZDRkMTEwMDA4YTFhMzdmZGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHzfz2ba2b9cHFTx5r+SrW/LzHKB
0ZaW99WBqFHvdT+f7IAPrYkG3yO/nN1CceVz4JyPiWN8lPzWNnuzAfXOtf0wqGmJ
4ggD8KNERWZRlwtiEdEglh4eS4n6m435KzxF530FDlR9/HxGe8lpwU32usc+hcTb
rSy9Oc5A+fZkLMnOvhsdl7SDFgRGVzSFqJMgaq7ewZvlzm1H9PcSnbS3ofcrFTUO
74aYIvxJgBGyIMS/BnbsaExqVm4xuPqFAfThWeQpIXFc3Po7jrK2gUSorpdct0yH
1s09LIEgF4xQyTQ42I4DWWGwaThWwbf4B5/3l5OUmZVxAkIqOcpuDa4ENwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIU9vi/IRbpWgy1F1NEQAIoaN/2gMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvaFQyLUw4aEZ1bGFETFVYVTBSQUFpaG8zX2FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXapKMA0G
CSqGSIb3DQEBCwUAA4IBAQCrypev+UoYCgl7n4P1THE7cIRwfMFCsup4Q25d3lkD
8WIh0IRpeaiiicWfx8ggpMNts72alaXV4HeVhuaKMuujTr6qVJ9i6J1MBM5Q20Qj
aPVx6a/STK9DYKgy12tHqEyjQeRuz2HdCPj7RorvAyLceqZqcqbWof5vBAI7j9m2
5AET5gfQ4WtPkHE7nh/bJtIzDagkyYSVorcs1FLGJrHIy4cFCxw6gcZsBuskvyuv
vQN7Ftql0e+uvJjnkdfDmcDVmonykSEjVbMA7qpMO4wdd1UhKdhlsPpohzvnlNCm
wonNxkUAXsoBqivRf8lB/4BAk8XHqTf2uwwbO2jH0u4r
-----END CERTIFICATE-----