Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/hTv_TRo7mIruKc2TPAJwFiHdNdI.roa
File:                     hTv_TRo7mIruKc2TPAJwFiHdNdI.roa (raw, json)
Hash identifier:          zOhCJeDLZ8jcTEHDodLozQw8SnbQKiuTKgoN2yKIkAU=
Subject key identifier:   85:3B:FF:4D:1A:3B:98:8A:EE:29:CD:93:3C:02:70:16:21:DD:35:D2
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A4E6F310B5BDFED1831D3BCD2DBA2
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/hTv_TRo7mIruKc2TPAJwFiHdNdI.roa
Signing time:             Tue 02 Jan 2024 12:33:39 +0000
ROA not before:           Tue 02 Jan 2024 12:33:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209229
IP address blocks:        92.253.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:4e:6f:31:0b:5b:df:ed:18:31:d3:bc:d2:db:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=853bff4d1a3b988aee29cd933c02701621dd35d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:8d:31:79:b3:cf:20:af:e6:d0:8a:ad:22:c3:
                    fe:00:c9:78:b0:61:5d:12:0a:a8:0f:10:f7:fe:42:
                    9d:b3:0b:a9:0b:70:dc:15:d5:51:e7:3d:d2:22:09:
                    5b:70:ac:a7:e8:06:8a:2a:50:74:33:bb:94:89:2a:
                    22:8e:be:1b:9c:32:f8:24:27:76:c0:d7:8b:c2:49:
                    fb:7f:63:ec:e6:10:48:6c:a5:85:07:e7:ba:06:e0:
                    30:91:88:dc:c8:f8:4c:31:d9:35:1d:72:f3:9f:7e:
                    17:b2:98:58:76:b7:9c:11:d3:7f:74:66:6b:2f:bc:
                    b7:bf:42:52:db:20:c3:02:e3:67:c9:be:cf:fc:72:
                    ad:54:e7:e3:f4:a6:77:3a:81:35:49:ee:0e:41:8b:
                    ee:aa:ae:0e:0a:6d:df:3c:b7:44:af:e5:a1:c1:03:
                    35:da:13:45:21:b9:c7:9d:6c:68:7c:bf:89:69:e0:
                    d2:e9:8e:03:08:f4:63:d3:45:70:15:a5:43:52:40:
                    1c:2d:1a:cd:71:29:83:e4:04:06:db:54:4b:5c:ab:
                    4c:39:01:18:67:a7:21:e8:bc:9c:5a:bd:48:2b:2e:
                    62:a5:92:a1:8d:0e:2a:1b:39:bd:64:9b:ef:24:e5:
                    ee:2c:10:6b:fc:f8:78:ec:0f:44:cb:47:59:ad:dc:
                    4d:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:3B:FF:4D:1A:3B:98:8A:EE:29:CD:93:3C:02:70:16:21:DD:35:D2
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/hTv_TRo7mIruKc2TPAJwFiHdNdI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.253.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:7f:39:c9:8a:d1:85:87:cc:74:57:a8:b5:d4:7c:36:77:dd:
         dc:db:8e:77:9f:fe:0f:61:0c:a6:a5:8c:63:45:9b:77:14:da:
         73:3d:c7:ce:3d:a6:fc:9b:02:a3:e0:f0:0e:40:37:eb:f6:fa:
         70:40:86:2d:f3:95:d2:ad:05:4f:b1:d1:c6:03:25:b5:ea:18:
         bd:f3:a8:a6:3f:e0:cd:bd:43:74:a1:05:1c:9c:98:e4:9d:e9:
         92:3a:03:15:67:84:6e:fb:36:10:ed:9f:71:02:70:3c:d8:68:
         45:55:70:35:fd:bb:44:d9:c3:a1:6e:1f:8d:e5:40:fa:bd:d9:
         c7:b9:d8:1e:79:da:72:4b:f2:9d:65:ac:1d:d3:14:e9:b7:a4:
         36:24:fa:1a:7c:c4:20:ad:57:e9:96:f9:2b:ed:d7:60:02:15:
         f2:a7:8f:af:3f:d7:29:bb:e9:47:9d:76:76:3a:02:66:38:2a:
         4f:93:c3:be:e4:f4:0c:3c:ce:58:db:22:da:04:05:05:74:02:
         cf:f4:0f:d9:e0:17:e5:cc:16:a7:86:c3:97:2e:38:2d:18:35:
         89:76:7d:56:3a:71:a6:21:77:bb:e1:14:90:76:71:8c:37:2c:
         d2:aa:88:0c:c9:d4:89:11:21:07:54:66:ab:b4:1c:b6:0d:a8:
         b0:0d:18:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKk5vMQtb3+0YMdO80tuiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTNiZmY0ZDFhM2I5ODhhZWUyOWNkOTMzYzAyNzAxNjIxZGQzNWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8I0xebPPIK/m0IqtIsP+AMl4sGFd
EgqoDxD3/kKdswupC3DcFdVR5z3SIglbcKyn6AaKKlB0M7uUiSoijr4bnDL4JCd2
wNeLwkn7f2Ps5hBIbKWFB+e6BuAwkYjcyPhMMdk1HXLzn34XsphYdrecEdN/dGZr
L7y3v0JS2yDDAuNnyb7P/HKtVOfj9KZ3OoE1Se4OQYvuqq4OCm3fPLdEr+WhwQM1
2hNFIbnHnWxofL+JaeDS6Y4DCPRj00VwFaVDUkAcLRrNcSmD5AQG21RLXKtMOQEY
Z6ch6LycWr1IKy5ipZKhjQ4qGzm9ZJvvJOXuLBBr/Ph47A9Ey0dZrdxNPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIU7/00aO5iK7inNkzwCcBYh3TXSMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvaFR2X1RSbzdtSXJ1S2MyVFBBSndGaUhkTmRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXP3pMA0G
CSqGSIb3DQEBCwUAA4IBAQBYfznJitGFh8x0V6i11Hw2d93c2453n/4PYQympYxj
RZt3FNpzPcfOPab8mwKj4PAOQDfr9vpwQIYt85XSrQVPsdHGAyW16hi986imP+DN
vUN0oQUcnJjknemSOgMVZ4Ru+zYQ7Z9xAnA82GhFVXA1/btE2cOhbh+N5UD6vdnH
udgeedpyS/KdZawd0xTpt6Q2JPoafMQgrVfplvkr7ddgAhXyp4+vP9cpu+lHnXZ2
OgJmOCpPk8O+5PQMPM5Y2yLaBAUFdALP9A/Z4BflzBanhsOXLjgtGDWJdn1WOnGm
IXe74RSQdnGMNyzSqogMydSJESEHVGartBy2DaiwDRid
-----END CERTIFICATE-----