Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/saSCAxxC1yk8ga_XWPFzERiqUWw.roa
File:                     saSCAxxC1yk8ga_XWPFzERiqUWw.roa (raw, json)
Hash identifier:          ySuFmHtZMlKtQNzDsKDTJ8ei9PkNL2bX+V2qfFUMRjo=
Subject key identifier:   B1:A4:82:03:1C:42:D7:29:3C:81:AF:D7:58:F1:73:11:18:AA:51:6C
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A2B6D951C173B55AB27D899E6FA3A
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/saSCAxxC1yk8ga_XWPFzERiqUWw.roa
Signing time:             Tue 02 Jan 2024 12:33:30 +0000
ROA not before:           Tue 02 Jan 2024 12:33:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61979
IP address blocks:        92.38.44.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:2b:6d:95:1c:17:3b:55:ab:27:d8:99:e6:fa:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1a482031c42d7293c81afd758f1731118aa516c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:58:5c:4c:87:6d:e7:51:a8:b3:3c:bd:95:78:
                    e8:cd:dd:6b:ec:e5:8e:c9:f2:af:90:78:9a:66:e0:
                    64:10:8c:7e:90:f8:ed:d3:11:c6:62:c1:d1:2b:86:
                    e5:74:e0:23:7e:51:0c:a6:b6:b0:51:40:e2:b7:27:
                    82:dc:da:c2:f4:4f:78:ea:2a:99:2d:60:4a:5b:0b:
                    9d:04:a2:b8:b8:f1:48:15:b0:d2:3f:08:a2:3a:54:
                    71:c1:7d:0b:10:7a:7a:be:c2:e9:a6:f4:04:b5:80:
                    c1:80:25:c5:cb:fd:c2:5e:ad:e1:95:1e:33:f1:ff:
                    1d:f7:7f:5e:9a:84:09:f6:91:a8:28:ff:e1:ed:00:
                    3c:09:86:c5:d6:e6:c4:fb:ef:6c:ff:4c:d5:86:76:
                    7f:50:ef:5b:26:f7:6d:1b:b0:5b:ba:e2:45:23:74:
                    fa:ba:2c:84:13:61:e6:c1:5d:3e:34:8a:87:3c:98:
                    e3:2a:6c:4c:b2:d7:17:04:c4:0e:c2:7d:b7:3d:2a:
                    9b:18:dd:91:f0:06:06:cc:d1:65:a2:65:ca:12:ac:
                    89:ca:4f:30:bf:0e:32:db:7d:19:5f:5b:36:a1:f8:
                    c0:ad:6f:ce:52:2a:7a:8d:27:18:b6:4a:a6:3d:55:
                    d5:ca:0a:2c:35:6f:03:94:06:02:06:56:07:98:7f:
                    36:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:A4:82:03:1C:42:D7:29:3C:81:AF:D7:58:F1:73:11:18:AA:51:6C
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/saSCAxxC1yk8ga_XWPFzERiqUWw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.38.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         98:b7:e3:d6:96:ac:10:af:75:1c:8d:1e:f1:ce:61:32:d6:7a:
         7a:e1:1b:71:e0:e9:6c:f8:20:98:1e:87:0b:31:59:60:b8:9c:
         34:86:18:df:ba:fb:bd:50:65:99:9d:26:eb:c6:87:91:1d:c5:
         db:f9:81:7f:eb:fc:db:ed:56:63:c0:05:64:9b:d2:1e:0f:80:
         11:47:52:50:d6:28:99:ee:16:7d:73:ea:06:f8:cf:ea:42:ef:
         c3:22:c5:af:ca:e2:b5:c9:b9:f5:e1:16:ac:de:99:44:12:ac:
         d5:a5:bc:bb:28:2a:ae:7f:c7:8e:8f:d5:c5:ef:6b:f3:2f:1f:
         91:ee:74:55:4c:a2:de:81:80:bf:21:12:a4:89:e0:6b:8e:1f:
         51:fa:f9:f7:0b:b3:0a:6e:cb:8f:fa:c5:60:4f:0b:92:9d:d1:
         ee:94:20:2f:6d:00:cd:9f:1d:4a:0e:4b:3c:f4:4f:37:8d:ff:
         95:22:9c:b8:c6:ad:76:b2:d9:af:0e:a0:2b:09:dd:9b:e4:56:
         f6:87:70:bb:95:6d:30:63:43:3a:16:8f:ba:e7:77:db:e9:6b:
         a3:a6:97:9b:bc:04:f7:8f:ad:90:bd:48:4d:ea:b3:02:51:9a:
         73:26:a4:86:7d:f7:2e:19:fb:1a:52:72:b4:96:ea:42:9d:f0:
         23:f5:d7:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKittlRwXO1WrJ9iZ5vo6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWE0ODIwMzFjNDJkNzI5M2M4MWFmZDc1OGYxNzMxMTE4YWE1MTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1lhcTIdt51Goszy9lXjozd1r7OWO
yfKvkHiaZuBkEIx+kPjt0xHGYsHRK4bldOAjflEMprawUUDityeC3NrC9E946iqZ
LWBKWwudBKK4uPFIFbDSPwiiOlRxwX0LEHp6vsLppvQEtYDBgCXFy/3CXq3hlR4z
8f8d939emoQJ9pGoKP/h7QA8CYbF1ubE++9s/0zVhnZ/UO9bJvdtG7BbuuJFI3T6
uiyEE2HmwV0+NIqHPJjjKmxMstcXBMQOwn23PSqbGN2R8AYGzNFlomXKEqyJyk8w
vw4y230ZX1s2ofjArW/OUip6jScYtkqmPVXVygosNW8DlAYCBlYHmH82VwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLGkggMcQtcpPIGv11jxcxEYqlFsMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvc2FTQ0F4eEMxeWs4Z2FfWFdQRnpFUmlxVVd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXCYsMA0G
CSqGSIb3DQEBCwUAA4IBAQCYt+PWlqwQr3UcjR7xzmEy1np64Rtx4Ols+CCYHocL
MVlguJw0hhjfuvu9UGWZnSbrxoeRHcXb+YF/6/zb7VZjwAVkm9IeD4ARR1JQ1iiZ
7hZ9c+oG+M/qQu/DIsWvyuK1ybn14Ras3plEEqzVpby7KCquf8eOj9XF72vzLx+R
7nRVTKLegYC/IRKkieBrjh9R+vn3C7MKbsuP+sVgTwuSndHulCAvbQDNnx1KDks8
9E83jf+VIpy4xq12stmvDqArCd2b5Fb2h3C7lW0wY0M6Fo+653fb6WujppebvAT3
j62QvUhN6rMCUZpzJqSGffcuGfsaUnK0lupCnfAj9df7
-----END CERTIFICATE-----