Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/sjQKvZmURVp6orqgxEwH1WRjJqE.roa
File:                     sjQKvZmURVp6orqgxEwH1WRjJqE.roa (raw, json)
Hash identifier:          xkiG1WNTO1QOfs8UvHmcyct4svgUO4NpQ5a+ZbiiVKg=
Subject key identifier:   B2:34:0A:BD:99:94:45:5A:7A:A2:BA:A0:C4:4C:07:D5:64:63:26:A1
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A1FBB4B95BB85D223E9EC7BD870AF
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/sjQKvZmURVp6orqgxEwH1WRjJqE.roa
Signing time:             Tue 02 Jan 2024 12:33:27 +0000
ROA not before:           Tue 02 Jan 2024 12:33:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59825
IP address blocks:        93.171.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:1f:bb:4b:95:bb:85:d2:23:e9:ec:7b:d8:70:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b2340abd9994455a7aa2baa0c44c07d5646326a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:61:c6:31:d6:5f:65:08:02:e6:b4:87:6b:73:
                    84:84:d7:7c:5e:16:f9:0a:c1:a8:d9:3a:2e:30:9d:
                    ec:59:0f:2f:f8:24:59:2c:f6:7c:d1:e0:6c:bf:0a:
                    c1:94:a0:0b:22:ea:5b:ef:6d:c5:28:9e:6a:26:a9:
                    31:ff:6c:33:b2:2f:42:2f:f1:fe:18:7b:ca:0b:75:
                    54:9b:a9:93:cf:7c:d1:56:3c:85:82:2e:33:ba:96:
                    90:29:f9:3f:6a:57:52:3a:40:09:14:35:21:b9:dd:
                    81:78:fc:f8:99:c2:b6:ab:56:c3:2a:b4:c7:c4:56:
                    74:37:5e:be:80:81:64:8c:ab:ec:6c:f4:ed:92:6f:
                    f6:64:59:f8:d2:45:10:1d:dd:2e:7e:eb:78:1c:c0:
                    73:3b:40:51:d4:d0:94:5a:e8:33:17:57:2e:12:4c:
                    3b:21:7a:b5:b5:96:d3:a5:b4:8b:84:5b:fe:a0:df:
                    7c:be:d9:40:81:32:9d:d3:86:23:64:3a:8c:5a:a2:
                    08:9a:70:0c:93:4d:5f:47:60:5b:a2:34:4d:8e:2d:
                    17:05:90:18:09:0f:54:58:18:c9:f2:a5:76:2d:d0:
                    75:12:2f:81:d6:60:47:5e:6e:df:97:58:f4:3e:97:
                    1c:71:6d:cc:7c:89:7a:df:1b:6d:8e:9e:8b:5d:36:
                    58:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:34:0A:BD:99:94:45:5A:7A:A2:BA:A0:C4:4C:07:D5:64:63:26:A1
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/sjQKvZmURVp6orqgxEwH1WRjJqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.171.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:49:cb:c0:5a:39:10:30:c5:95:57:75:fa:6b:68:cf:11:f3:
         b2:4e:93:22:8f:0e:eb:17:4b:44:88:9c:43:bd:56:6d:8e:15:
         0b:23:d0:90:73:66:48:2b:5e:15:86:e0:59:4a:8b:27:81:bf:
         6a:83:4d:94:39:e4:ef:79:0a:09:d7:c7:2b:8b:ee:da:bb:44:
         59:69:f9:e9:9c:46:4c:ad:c5:39:91:a8:55:ff:09:02:aa:d0:
         b3:06:58:08:15:b1:33:e7:5b:28:7e:65:3d:ad:d1:d6:8e:fd:
         af:a0:95:99:74:43:c5:8a:95:ad:e5:91:be:fc:f5:a2:f1:89:
         55:b4:b0:6b:5d:ca:10:bb:7b:33:a6:80:85:06:93:4e:3d:76:
         7d:91:c6:a8:23:d8:27:df:5e:05:c6:fd:c1:c4:33:5a:7d:a7:
         55:a1:22:c6:22:3f:58:20:80:44:a2:fa:f8:40:d7:61:fc:97:
         51:cb:4b:2d:89:5f:2f:a2:99:e7:df:96:2a:5d:5b:c4:46:7b:
         ae:f4:01:a5:28:97:a2:cf:82:5e:75:1e:b9:bf:d3:c8:a1:d5:
         a6:b4:07:11:31:40:e8:66:2b:16:7f:c3:2d:7c:58:4c:76:76:
         9b:38:91:61:f1:1f:d0:d5:ee:07:1d:dc:db:0f:99:60:b9:cb:
         3c:bd:c9:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKh+7S5W7hdIj6ex72HCvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjM0MGFiZDk5OTQ0NTVhN2FhMmJhYTBjNDRjMDdkNTY0NjMyNmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2HGMdZfZQgC5rSHa3OEhNd8Xhb5
CsGo2TouMJ3sWQ8v+CRZLPZ80eBsvwrBlKALIupb723FKJ5qJqkx/2wzsi9CL/H+
GHvKC3VUm6mTz3zRVjyFgi4zupaQKfk/aldSOkAJFDUhud2BePz4mcK2q1bDKrTH
xFZ0N16+gIFkjKvsbPTtkm/2ZFn40kUQHd0ufut4HMBzO0BR1NCUWugzF1cuEkw7
IXq1tZbTpbSLhFv+oN98vtlAgTKd04YjZDqMWqIImnAMk01fR2BbojRNji0XBZAY
CQ9UWBjJ8qV2LdB1Ei+B1mBHXm7fl1j0PpcccW3MfIl63xttjp6LXTZYKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLI0Cr2ZlEVaeqK6oMRMB9VkYyahMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvc2pRS3ZabVVSVnA2b3JxZ3hFd0gxV1JqSnFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXautMA0G
CSqGSIb3DQEBCwUAA4IBAQA4ScvAWjkQMMWVV3X6a2jPEfOyTpMijw7rF0tEiJxD
vVZtjhULI9CQc2ZIK14VhuBZSosngb9qg02UOeTveQoJ18cri+7au0RZafnpnEZM
rcU5kahV/wkCqtCzBlgIFbEz51sofmU9rdHWjv2voJWZdEPFipWt5ZG+/PWi8YlV
tLBrXcoQu3szpoCFBpNOPXZ9kcaoI9gn314Fxv3BxDNafadVoSLGIj9YIIBEovr4
QNdh/JdRy0stiV8vopnn35YqXVvERnuu9AGlKJeiz4JedR65v9PIodWmtAcRMUDo
ZisWf8MtfFhMdnabOJFh8R/Q1e4HHdzbD5lgucs8vcnx
-----END CERTIFICATE-----