Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/s6mmVNZlMIa95HzH8f-PuBLaQcc.roa
File:                     s6mmVNZlMIa95HzH8f-PuBLaQcc.roa (raw, json)
Hash identifier:          +ykK+78+pJVXPAGgvObM+f/78m3zbzN4gYWZHBhBYAQ=
Subject key identifier:   B3:A9:A6:54:D6:65:30:86:BD:E4:7C:C7:F1:FF:8F:B8:12:DA:41:C7
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0194258F946CC6EC0FA08BC06E07FE263CAF
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/s6mmVNZlMIa95HzH8f-PuBLaQcc.roa
Signing time:             Thu 02 Jan 2025 05:49:14 +0000
ROA not before:           Thu 02 Jan 2025 05:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41119
IP address blocks:        93.170.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:94:6c:c6:ec:0f:a0:8b:c0:6e:07:fe:26:3c:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b3a9a654d6653086bde47cc7f1ff8fb812da41c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:d4:54:9c:5f:1a:fd:37:c3:15:85:f7:dc:c7:
                    a5:38:f4:ce:89:0d:82:29:35:86:9e:68:9b:5e:d1:
                    02:d4:63:b9:ba:a3:ba:a6:0d:c4:b3:8e:b4:ac:e4:
                    91:33:5f:bb:9c:bb:80:56:48:23:1d:fe:62:f7:6e:
                    3f:75:8a:37:10:cd:a5:b8:d4:f3:70:fb:01:67:b4:
                    62:88:f9:dc:27:a0:79:82:ef:18:8b:f5:d5:6a:dc:
                    78:ec:6d:42:96:b1:6a:25:37:bc:b3:57:a6:46:47:
                    e9:3d:1f:90:2b:dc:5f:87:19:e5:99:19:7f:97:6b:
                    68:75:a5:fa:f6:01:ff:5b:2e:e2:8f:6c:a5:92:41:
                    01:e9:37:dd:be:2b:65:d7:8b:63:b5:1c:ee:55:fb:
                    3a:2d:22:17:b8:4a:6b:54:66:d0:7f:3e:ec:ef:03:
                    4b:1f:b0:9a:bc:59:3c:2a:db:ee:45:5b:72:72:1b:
                    1a:e7:ba:f9:5c:09:70:8e:93:81:52:df:51:84:4b:
                    78:b7:49:72:35:ee:04:39:c9:f4:e2:1f:e9:06:ee:
                    7c:f3:c5:64:21:32:15:48:d4:05:ae:ae:69:41:59:
                    dc:e2:06:27:cd:c1:a2:64:2a:a7:15:c8:c6:1f:1b:
                    b0:59:60:1e:65:cf:df:f1:dd:38:df:90:05:83:03:
                    ce:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:A9:A6:54:D6:65:30:86:BD:E4:7C:C7:F1:FF:8F:B8:12:DA:41:C7
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/s6mmVNZlMIa95HzH8f-PuBLaQcc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.170.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:65:81:c2:51:35:1b:df:ef:fe:2e:2f:6f:c8:a7:91:c7:46:
         a6:8a:4c:8a:09:0d:e9:d6:ef:c8:9c:76:6d:86:b9:c2:bd:59:
         c8:fc:6e:25:ca:83:ef:29:51:ee:5c:be:01:4f:03:7e:69:d4:
         9b:22:5d:72:71:9a:1a:12:82:a3:16:84:80:bd:c8:f4:19:d6:
         02:5a:d8:61:82:e0:e6:89:87:18:d3:57:14:dd:0c:e7:ba:de:
         c1:03:4a:e0:fc:5d:ae:5f:44:7b:42:56:a0:e9:f4:0f:da:fe:
         87:45:a8:55:86:33:3c:3b:9a:67:93:d3:36:42:30:01:b5:3c:
         4e:28:52:25:23:61:89:6b:40:52:df:27:47:ea:0b:5a:55:86:
         a1:33:e8:fc:c7:b5:7f:a1:25:79:32:fc:8b:3a:38:54:a2:df:
         0f:ca:c8:c5:bf:3d:42:c7:7c:5b:72:39:5f:9c:67:43:07:47:
         9a:5f:77:1e:82:98:88:10:82:5f:da:f7:d8:b6:11:74:35:49:
         40:3a:ef:b4:16:c4:a5:10:5c:3e:c4:a0:39:30:8f:01:f7:88:
         93:b4:f7:9e:79:b8:32:8f:fd:02:39:a5:8e:6a:6f:f8:b9:b0:
         6e:72:12:55:2a:d2:85:65:b3:37:f1:24:c3:cc:13:e3:11:1e:
         9c:0e:0b:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj5RsxuwPoIvAbgf+JjyvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2E5YTY1NGQ2NjUzMDg2YmRlNDdjYzdmMWZmOGZiODEyZGE0MWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyNRUnF8a/TfDFYX33MelOPTOiQ2C
KTWGnmibXtEC1GO5uqO6pg3Es460rOSRM1+7nLuAVkgjHf5i924/dYo3EM2luNTz
cPsBZ7RiiPncJ6B5gu8Yi/XVatx47G1ClrFqJTe8s1emRkfpPR+QK9xfhxnlmRl/
l2todaX69gH/Wy7ij2ylkkEB6Tfdvitl14tjtRzuVfs6LSIXuEprVGbQfz7s7wNL
H7CavFk8KtvuRVtychsa57r5XAlwjpOBUt9RhEt4t0lyNe4EOcn04h/pBu5888Vk
ITIVSNQFrq5pQVnc4gYnzcGiZCqnFcjGHxuwWWAeZc/f8d0435AFgwPOyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLOpplTWZTCGveR8x/H/j7gS2kHHMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvczZtbVZOWmxNSWE5NUh6SDhmLVB1QkxhUWNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXarbMA0G
CSqGSIb3DQEBCwUAA4IBAQBWZYHCUTUb3+/+Li9vyKeRx0amikyKCQ3p1u/InHZt
hrnCvVnI/G4lyoPvKVHuXL4BTwN+adSbIl1ycZoaEoKjFoSAvcj0GdYCWthhguDm
iYcY01cU3Qznut7BA0rg/F2uX0R7Qlag6fQP2v6HRahVhjM8O5pnk9M2QjABtTxO
KFIlI2GJa0BS3ydH6gtaVYahM+j8x7V/oSV5MvyLOjhUot8PysjFvz1Cx3xbcjlf
nGdDB0eaX3cegpiIEIJf2vfYthF0NUlAOu+0FsSlEFw+xKA5MI8B94iTtPeeebgy
j/0COaWOam/4ubBuchJVKtKFZbM38STDzBPjER6cDgsV
-----END CERTIFICATE-----