Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/r7tGbhK4AT4cove5G-xIvbIZtgk.roa
File:                     r7tGbhK4AT4cove5G-xIvbIZtgk.roa (raw, json)
Hash identifier:          KkAkTl6nlbJ0tlcoumtqMtVczsJOg4Mn4Nq69TCEOe4=
Subject key identifier:   AF:BB:46:6E:12:B8:01:3E:1C:A2:F7:B9:1B:EC:48:BD:B2:19:B6:09
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A49112324D7BF7EBFB0A5F118CAE5
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/r7tGbhK4AT4cove5G-xIvbIZtgk.roa
Signing time:             Tue 02 Jan 2024 12:33:37 +0000
ROA not before:           Tue 02 Jan 2024 12:33:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208067
IP address blocks:        93.171.252.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 21:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:49:11:23:24:d7:bf:7e:bf:b0:a5:f1:18:ca:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=afbb466e12b8013e1ca2f7b91bec48bdb219b609
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:56:0c:cc:24:4d:07:8d:45:b5:a2:48:02:65:
                    38:6d:2b:17:be:23:e6:91:88:c8:a7:dd:26:80:d9:
                    d1:0f:c2:8b:a1:d2:be:7b:24:ca:16:47:97:7b:5a:
                    56:65:73:bf:d1:3b:5d:a5:e3:bf:b3:1c:b4:bf:d5:
                    4c:a5:26:8e:55:b9:28:b7:a8:9f:5a:43:28:d0:59:
                    6b:64:d4:17:56:7e:dd:83:27:2f:30:a7:93:d4:90:
                    4c:b5:af:c8:f6:2b:c9:08:46:bd:b9:a7:42:12:9d:
                    ec:91:21:02:17:cc:e1:4c:7f:50:43:78:16:02:f0:
                    a1:a5:58:8f:09:84:e6:f9:7b:99:2d:91:cd:f0:31:
                    81:64:0d:a1:10:2c:27:2f:87:bb:98:f5:98:37:0b:
                    40:c9:93:e0:a7:57:59:43:71:b9:93:be:0d:4a:41:
                    1e:64:ca:ec:f0:fd:e4:28:09:d1:a8:08:50:03:a3:
                    aa:63:eb:db:96:d1:3c:de:a5:20:d6:de:97:b9:a9:
                    1f:80:93:ac:5d:69:48:c6:a0:77:81:fc:85:f6:21:
                    4f:68:09:7a:19:d8:86:fe:a3:ec:5b:dd:5c:43:85:
                    03:d7:b2:16:3a:f5:90:a1:2d:4f:de:3d:6e:04:86:
                    9a:8b:f5:f6:1f:67:f6:63:03:35:5e:14:d3:e8:c7:
                    1d:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:BB:46:6E:12:B8:01:3E:1C:A2:F7:B9:1B:EC:48:BD:B2:19:B6:09
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/r7tGbhK4AT4cove5G-xIvbIZtgk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.171.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a7:b6:c4:13:87:a5:d0:fe:37:b6:72:87:6a:1d:40:20:48:07:
         b1:b7:4d:40:a1:a5:53:94:74:29:31:d3:13:97:3a:24:e8:5a:
         b6:77:20:a8:b2:1f:71:98:b4:18:0a:b2:d7:b7:ec:cb:6d:2a:
         5a:56:68:c8:95:ff:b6:22:38:54:0e:a7:ca:0c:99:ba:85:9b:
         14:ed:12:79:54:4e:b4:40:de:80:9a:aa:2a:b6:e3:9f:d6:fc:
         c7:8e:33:9c:17:e1:9b:5c:01:1e:b9:8f:c8:60:5b:8f:45:32:
         3a:9b:ba:88:13:d4:82:a2:95:cd:58:b2:82:ea:db:7a:4e:82:
         d5:25:3c:9b:87:d5:bb:0c:22:14:91:be:65:6d:da:91:d7:7d:
         18:49:bb:66:2d:d0:2c:db:bb:13:cc:d1:6d:bf:d6:da:13:18:
         36:98:57:70:18:6e:00:88:fb:e1:7d:53:7e:16:fe:1d:66:fc:
         45:4d:55:58:55:c2:d8:0e:34:af:af:92:0b:c0:89:60:bc:8b:
         ba:68:ea:4d:74:b3:b9:a4:55:8c:d6:06:ef:e8:e6:e2:e2:cb:
         bd:1c:8e:7c:33:4f:d6:e0:c5:59:83:7b:4c:ac:78:38:b8:5e:
         c3:84:93:01:fa:0d:41:fa:1d:a5:b3:82:fa:44:4e:9c:98:d4:
         10:52:92:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKkkRIyTXv36/sKXxGMrlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmJiNDY2ZTEyYjgwMTNlMWNhMmY3YjkxYmVjNDhiZGIyMTliNjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmVYMzCRNB41FtaJIAmU4bSsXviPm
kYjIp90mgNnRD8KLodK+eyTKFkeXe1pWZXO/0TtdpeO/sxy0v9VMpSaOVbkot6if
WkMo0FlrZNQXVn7dgycvMKeT1JBMta/I9ivJCEa9uadCEp3skSECF8zhTH9QQ3gW
AvChpViPCYTm+XuZLZHN8DGBZA2hECwnL4e7mPWYNwtAyZPgp1dZQ3G5k74NSkEe
ZMrs8P3kKAnRqAhQA6OqY+vbltE83qUg1t6XuakfgJOsXWlIxqB3gfyF9iFPaAl6
GdiG/qPsW91cQ4UD17IWOvWQoS1P3j1uBIaai/X2H2f2YwM1XhTT6Mcd7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK+7Rm4SuAE+HKL3uRvsSL2yGbYJMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvcjd0R2JoSzRBVDRjb3ZlNUcteEl2YkladGdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXav8MA0G
CSqGSIb3DQEBCwUAA4IBAQCntsQTh6XQ/je2codqHUAgSAext01AoaVTlHQpMdMT
lzok6Fq2dyCosh9xmLQYCrLXt+zLbSpaVmjIlf+2IjhUDqfKDJm6hZsU7RJ5VE60
QN6AmqoqtuOf1vzHjjOcF+GbXAEeuY/IYFuPRTI6m7qIE9SCopXNWLKC6tt6ToLV
JTybh9W7DCIUkb5lbdqR130YSbtmLdAs27sTzNFtv9baExg2mFdwGG4AiPvhfVN+
Fv4dZvxFTVVYVcLYDjSvr5ILwIlgvIu6aOpNdLO5pFWM1gbv6Obi4su9HI58M0/W
4MVZg3tMrHg4uF7DhJMB+g1B+h2ls4L6RE6cmNQQUpKS
-----END CERTIFICATE-----