Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/qj6irHs-S0TQIt-kxmCxHGsZX3s.roa
File:                     qj6irHs-S0TQIt-kxmCxHGsZX3s.roa (raw, json)
Hash identifier:          Uhjjx5mcg67nnttSLPSAntd6tJHqNLEHNgOAs9Xsz4w=
Subject key identifier:   AA:3E:A2:AC:7B:3E:4B:44:D0:22:DF:A4:C6:60:B1:1C:6B:19:5F:7B
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A27F459A6ED6C4D163BCC63ABBC76
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/qj6irHs-S0TQIt-kxmCxHGsZX3s.roa
Signing time:             Tue 02 Jan 2024 12:33:29 +0000
ROA not before:           Tue 02 Jan 2024 12:33:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61277
IP address blocks:        93.171.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:27:f4:59:a6:ed:6c:4d:16:3b:cc:63:ab:bc:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa3ea2ac7b3e4b44d022dfa4c660b11c6b195f7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:15:cc:26:13:e7:fc:96:01:b0:2f:ed:e3:8a:
                    ce:b5:bd:52:29:01:ad:33:ab:36:63:0d:0c:43:ed:
                    2c:ba:da:96:7f:4b:41:31:f5:42:1c:35:30:ce:ff:
                    6c:e9:e5:ff:d9:d6:cc:83:61:a7:03:57:c6:5d:df:
                    de:b1:e3:4d:e3:93:c1:17:2a:34:a9:99:72:73:ee:
                    26:a0:bf:da:46:49:20:fe:25:3a:01:ac:7a:d6:7f:
                    66:03:1d:2b:57:66:5d:bf:63:7c:64:91:c6:ba:27:
                    8a:f0:14:2d:55:2a:47:74:04:a6:a7:ea:9d:10:2b:
                    23:d0:b2:e1:c8:31:91:f3:65:81:90:5c:b6:8f:0f:
                    d5:46:da:e7:e9:80:71:c1:93:ef:32:7e:dd:dc:40:
                    96:e7:fc:82:f9:80:df:d0:e1:6e:7a:0d:7d:ad:bd:
                    cb:e4:a1:d9:97:f5:38:c7:18:89:57:72:83:2e:fd:
                    81:d7:6a:dd:1c:6a:56:1e:6a:7b:3f:a2:31:9c:f2:
                    dd:5f:da:c8:3e:22:58:b3:53:7a:b0:0d:a8:df:29:
                    f3:7a:48:89:47:28:06:57:a5:db:4b:de:e7:be:9a:
                    df:5c:72:28:6c:a0:92:ea:e6:5d:6f:12:97:2b:6e:
                    9c:cc:ce:0a:fd:d7:a4:a0:01:8a:49:c9:8b:33:47:
                    b2:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:3E:A2:AC:7B:3E:4B:44:D0:22:DF:A4:C6:60:B1:1C:6B:19:5F:7B
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/qj6irHs-S0TQIt-kxmCxHGsZX3s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.171.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:12:4a:48:32:7b:10:74:b7:81:2f:d5:56:15:c5:2d:56:09:
         6c:af:89:86:c1:eb:85:a6:4a:14:50:5f:4e:67:f8:be:d3:d9:
         51:84:78:80:18:86:ed:4a:ed:de:af:7f:02:d8:79:b9:03:6d:
         d9:8e:97:46:10:89:6b:03:ee:82:c7:97:23:da:a4:3d:a6:51:
         af:8e:48:69:99:97:bd:91:d3:3c:1c:2b:d4:00:57:a4:62:e6:
         cd:65:32:de:2b:03:fb:e9:f4:32:17:98:f1:3f:93:bc:56:f3:
         b0:0b:95:69:a1:c9:0e:10:7c:d7:ae:47:1a:d8:28:e4:b6:33:
         5c:26:25:64:8e:23:c7:3b:e0:1e:8a:c6:70:62:48:af:8e:57:
         6e:2e:e9:c1:f0:33:cd:b1:fd:31:d3:11:7a:33:a9:75:13:57:
         3e:03:2f:9a:70:9a:c0:bb:44:df:cc:39:66:b8:d9:ee:6b:81:
         10:bb:2e:4a:9d:90:e0:57:a1:62:df:b6:be:17:8c:80:17:be:
         8e:95:15:fe:4d:d1:a8:fc:d1:6d:a9:ec:0f:8e:de:fe:4d:01:
         2a:47:eb:39:b5:6c:8d:34:27:f9:e7:96:33:5b:dc:c1:f1:21:
         5f:b7:36:af:28:55:aa:97:ac:74:b4:16:13:9d:8e:e9:74:48:
         c3:90:13:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKif0WabtbE0WO8xjq7x2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTNlYTJhYzdiM2U0YjQ0ZDAyMmRmYTRjNjYwYjExYzZiMTk1ZjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhBXMJhPn/JYBsC/t44rOtb1SKQGt
M6s2Yw0MQ+0sutqWf0tBMfVCHDUwzv9s6eX/2dbMg2GnA1fGXd/eseNN45PBFyo0
qZlyc+4moL/aRkkg/iU6Aax61n9mAx0rV2Zdv2N8ZJHGuieK8BQtVSpHdASmp+qd
ECsj0LLhyDGR82WBkFy2jw/VRtrn6YBxwZPvMn7d3ECW5/yC+YDf0OFueg19rb3L
5KHZl/U4xxiJV3KDLv2B12rdHGpWHmp7P6IxnPLdX9rIPiJYs1N6sA2o3ynzekiJ
RygGV6XbS97nvprfXHIobKCS6uZdbxKXK26czM4K/dekoAGKScmLM0eyiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKo+oqx7PktE0CLfpMZgsRxrGV97MB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvcWo2aXJIcy1TMFRRSXQta3htQ3hIR3NaWDNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXavPMA0G
CSqGSIb3DQEBCwUAA4IBAQAGEkpIMnsQdLeBL9VWFcUtVglsr4mGweuFpkoUUF9O
Z/i+09lRhHiAGIbtSu3er38C2Hm5A23ZjpdGEIlrA+6Cx5cj2qQ9plGvjkhpmZe9
kdM8HCvUAFekYubNZTLeKwP76fQyF5jxP5O8VvOwC5VpockOEHzXrkca2CjktjNc
JiVkjiPHO+AeisZwYkivjlduLunB8DPNsf0x0xF6M6l1E1c+Ay+acJrAu0TfzDlm
uNnua4EQuy5KnZDgV6Fi37a+F4yAF76OlRX+TdGo/NFtqewPjt7+TQEqR+s5tWyN
NCf555YzW9zB8SFftzavKFWql6x0tBYTnY7pdEjDkBPj
-----END CERTIFICATE-----