Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/oLaLh10---y4csSDmbGeKvE8FF4.roa
File:                     oLaLh10---y4csSDmbGeKvE8FF4.roa (raw, json)
Hash identifier:          RH9SCrN2bjeess8yvtBMgttP+OCVm+drdx3SbrODUrs=
Subject key identifier:   A0:B6:8B:87:5D:3E:FB:EC:B8:72:C4:83:99:B1:9E:2A:F1:3C:14:5E
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0194258FBBF5F3F4280357388EF018F75BF9
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/oLaLh10---y4csSDmbGeKvE8FF4.roa
Signing time:             Thu 02 Jan 2025 05:49:24 +0000
ROA not before:           Thu 02 Jan 2025 05:49:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51495
IP address blocks:        93.171.220.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:bb:f5:f3:f4:28:03:57:38:8e:f0:18:f7:5b:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a0b68b875d3efbecb872c48399b19e2af13c145e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:7e:28:88:b9:d2:82:a3:7c:ec:6d:01:02:04:
                    91:8b:5d:ef:50:d1:0b:c1:76:96:f1:ab:07:cb:6e:
                    f1:5e:6a:65:b3:9a:d5:39:8d:5c:31:80:3b:e3:ad:
                    a8:00:16:58:e0:0b:5e:b5:75:37:a6:9f:6e:fe:11:
                    9b:79:f0:31:12:c0:f3:1e:64:c6:18:6a:c6:67:fe:
                    ba:da:20:99:91:43:5f:13:64:d2:f3:1f:a0:8d:96:
                    c2:51:a4:a8:05:05:a0:f7:00:3c:43:12:45:e0:d7:
                    5e:b9:aa:08:a0:e8:2d:11:64:c1:9e:31:4b:77:ac:
                    c9:e6:4d:26:b3:1e:1a:51:9b:cc:66:b6:b7:0e:41:
                    ea:0e:7a:e2:e6:b6:ea:d5:d8:50:a5:71:9b:17:18:
                    bd:aa:32:01:26:16:9d:51:cd:12:61:81:ac:b8:e2:
                    39:9d:c8:ef:64:58:2b:45:f1:66:70:c0:fa:54:e7:
                    78:88:15:90:07:2a:95:38:a2:8d:83:bc:e3:63:6b:
                    f8:db:40:40:32:e2:bd:de:b4:85:c3:0d:b5:f1:7c:
                    92:30:b6:9d:3f:4f:93:82:05:4a:32:cc:b3:f3:11:
                    1e:1b:7f:ad:2a:c3:d9:80:75:f8:1f:35:72:85:ba:
                    35:a7:01:e3:fe:2f:29:06:36:6e:83:c6:c6:56:69:
                    01:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:B6:8B:87:5D:3E:FB:EC:B8:72:C4:83:99:B1:9E:2A:F1:3C:14:5E
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/oLaLh10---y4csSDmbGeKvE8FF4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.171.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         21:25:64:2e:e0:d0:05:30:fe:26:22:55:1e:b1:66:be:c8:75:
         06:39:2d:01:03:66:be:99:6d:6c:64:32:d2:cb:eb:cd:f1:ad:
         ac:d6:0c:8e:9e:e9:05:db:70:a8:c2:74:a9:02:e3:90:ef:0a:
         08:eb:28:df:55:0a:98:4a:08:8d:bc:a5:9f:50:b0:f6:34:85:
         98:b4:ba:77:85:b5:bb:f8:ac:02:28:79:e8:ce:be:2a:00:e8:
         41:44:af:05:f7:c3:c3:1c:ba:e0:e4:49:ed:90:1f:3a:11:a1:
         40:e4:f9:5a:02:03:cf:66:9c:01:b9:02:c2:1c:79:1f:4b:f6:
         41:c1:ac:8d:ee:c7:3b:d2:71:28:b8:8f:8d:a7:d0:57:ea:f8:
         f6:56:c5:ec:c2:f9:10:0e:19:ae:ff:a2:0d:af:be:fe:b2:3b:
         8e:44:b0:e1:46:4c:79:dc:bd:8a:db:b0:b4:8b:a0:cc:a5:42:
         84:66:18:84:3f:f1:93:d2:73:9e:c8:8d:67:f4:40:59:60:cf:
         51:a7:af:11:fa:12:9d:d0:86:e7:e2:0e:71:74:41:f0:bd:d0:
         63:23:f6:e4:fc:a5:ad:65:55:3f:53:d3:7d:81:dd:0c:76:ed:
         fe:5a:5b:7b:a9:53:a4:63:fc:71:60:d4:69:47:83:0c:be:6e:
         bf:11:fe:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj7v18/QoA1c4jvAY91v5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGI2OGI4NzVkM2VmYmVjYjg3MmM0ODM5OWIxOWUyYWYxM2MxNDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyn4oiLnSgqN87G0BAgSRi13vUNEL
wXaW8asHy27xXmpls5rVOY1cMYA7462oABZY4AtetXU3pp9u/hGbefAxEsDzHmTG
GGrGZ/662iCZkUNfE2TS8x+gjZbCUaSoBQWg9wA8QxJF4NdeuaoIoOgtEWTBnjFL
d6zJ5k0msx4aUZvMZra3DkHqDnri5rbq1dhQpXGbFxi9qjIBJhadUc0SYYGsuOI5
ncjvZFgrRfFmcMD6VOd4iBWQByqVOKKNg7zjY2v420BAMuK93rSFww218XySMLad
P0+TggVKMsyz8xEeG3+tKsPZgHX4HzVyhbo1pwHj/i8pBjZug8bGVmkBmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKC2i4ddPvvsuHLEg5mxnirxPBReMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvb0xhTGgxMC0tLXk0Y3NTRG1iR2VLdkU4RkY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXavcMA0G
CSqGSIb3DQEBCwUAA4IBAQAhJWQu4NAFMP4mIlUesWa+yHUGOS0BA2a+mW1sZDLS
y+vN8a2s1gyOnukF23CownSpAuOQ7woI6yjfVQqYSgiNvKWfULD2NIWYtLp3hbW7
+KwCKHnozr4qAOhBRK8F98PDHLrg5EntkB86EaFA5PlaAgPPZpwBuQLCHHkfS/ZB
wayN7sc70nEouI+Np9BX6vj2VsXswvkQDhmu/6INr77+sjuORLDhRkx53L2K27C0
i6DMpUKEZhiEP/GT0nOeyI1n9EBZYM9Rp68R+hKd0Ibn4g5xdEHwvdBjI/bk/KWt
ZVU/U9N9gd0Mdu3+Wlt7qVOkY/xxYNRpR4MMvm6/Ef77
-----END CERTIFICATE-----