Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/sjkIta7N7AQQhUqxgktGEs02Tzk.roa
File:                     sjkIta7N7AQQhUqxgktGEs02Tzk.roa (raw, json)
Hash identifier:          O2KgoPzKSTjEnUxQSabxFkJgcfISorPMgcXddDPbxq8=
Subject key identifier:   B2:39:08:B5:AE:CD:EC:04:10:85:4A:B1:82:4B:46:12:CD:36:4F:39
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A23D3B8C1DF42F6CC5D007D0967FD
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/sjkIta7N7AQQhUqxgktGEs02Tzk.roa
Signing time:             Tue 02 Jan 2024 12:33:28 +0000
ROA not before:           Tue 02 Jan 2024 12:33:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60573
IP address blocks:        146.120.172.0/23 maxlen: 24
                          93.170.2.0/24 maxlen: 24
                          95.46.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 12:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:23:d3:b8:c1:df:42:f6:cc:5d:00:7d:09:67:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b23908b5aecdec0410854ab1824b4612cd364f39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:1c:58:b8:e5:fd:0b:f8:de:9e:dc:b4:2d:45:
                    be:2f:da:5a:4d:eb:fc:7e:b8:99:9f:e6:58:0a:4d:
                    04:f6:61:40:47:15:ce:95:26:83:83:b1:b9:0a:df:
                    96:4a:91:6f:4b:4c:48:1a:be:64:cb:da:ee:f9:5e:
                    9f:72:d0:cf:18:07:88:af:cb:71:d2:3a:5a:bb:dc:
                    fd:86:fb:bc:f7:0f:31:ff:38:87:cf:83:60:b3:ea:
                    27:44:f6:64:4d:13:b3:92:cb:18:50:e4:fd:3c:bc:
                    1c:c4:cd:e5:5e:9d:92:26:66:d1:92:7d:39:bd:2a:
                    56:5c:59:12:8f:96:1f:21:44:d0:93:3f:62:e5:96:
                    20:86:c0:03:ab:cb:f0:6d:f1:35:0f:7b:83:2a:59:
                    ea:03:53:1b:2e:62:69:c0:d2:27:53:bb:22:f2:9f:
                    19:0e:75:18:e0:23:d3:00:58:cf:7a:64:0b:05:b0:
                    2f:11:b4:d5:ab:e2:ac:00:06:5a:60:5b:8e:b6:b3:
                    56:18:0b:ff:5f:6f:3a:2b:ce:bd:8b:26:d6:c6:13:
                    56:dc:31:d3:ae:83:a6:45:ed:2b:df:83:95:ab:81:
                    12:57:be:ee:0c:2a:37:a8:ab:ec:c5:68:94:f8:af:
                    13:28:46:98:d8:d8:4b:93:44:78:d9:34:d1:32:4d:
                    71:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:39:08:B5:AE:CD:EC:04:10:85:4A:B1:82:4B:46:12:CD:36:4F:39
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/sjkIta7N7AQQhUqxgktGEs02Tzk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.170.2.0/24
                  95.46.77.0/24
                  146.120.172.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9c:83:4c:4f:b1:94:c8:6d:be:36:43:20:4a:70:c6:59:ca:e9:
         89:68:37:9a:30:6a:57:f1:ad:92:09:e4:15:e1:c5:31:61:cb:
         3c:77:89:8f:55:c4:7b:fc:bf:68:3f:5e:6c:31:6d:b1:c1:1b:
         50:52:4a:4c:2d:2d:d7:d6:5c:04:37:d0:b4:8f:86:53:61:31:
         7e:e4:41:3e:0d:56:03:88:31:2a:df:7c:4e:e4:86:61:0e:d6:
         7e:55:74:6e:63:fc:0d:1b:75:ca:89:84:f5:d5:8f:e1:15:4b:
         c3:0e:50:cd:1e:8f:d9:03:8d:ea:a2:81:e2:54:86:52:9b:34:
         96:ab:09:5f:bc:84:d2:db:2b:1d:6b:17:16:02:3e:a8:80:0b:
         11:cc:b0:25:31:00:39:7c:5b:93:2e:a4:0d:7b:ac:6d:e5:20:
         fa:d5:bb:1e:10:75:9e:b3:ff:b7:1b:cd:95:0b:50:ed:93:ea:
         89:1a:88:c4:80:81:f2:cc:ff:d2:b7:47:a9:7f:29:ac:34:2c:
         fa:8f:d4:b6:a3:b7:74:4d:01:5f:d6:96:41:d0:ff:f5:f2:50:
         c6:08:aa:58:12:76:70:d8:f1:d8:09:a9:75:12:44:92:f7:eb:
         28:11:62:46:c3:56:8f:f4:52:68:6e:e2:ff:56:e4:fd:5e:8c:
         5d:77:48:8d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzKKiPTuMHfQvbMXQB9CWf9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjM5MDhiNWFlY2RlYzA0MTA4NTRhYjE4MjRiNDYxMmNkMzY0ZjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlBxYuOX9C/jenty0LUW+L9paTev8
friZn+ZYCk0E9mFARxXOlSaDg7G5Ct+WSpFvS0xIGr5ky9ru+V6fctDPGAeIr8tx
0jpau9z9hvu89w8x/ziHz4Ngs+onRPZkTROzkssYUOT9PLwcxM3lXp2SJmbRkn05
vSpWXFkSj5YfIUTQkz9i5ZYghsADq8vwbfE1D3uDKlnqA1MbLmJpwNInU7si8p8Z
DnUY4CPTAFjPemQLBbAvEbTVq+KsAAZaYFuOtrNWGAv/X286K869iybWxhNW3DHT
roOmRe0r34OVq4ESV77uDCo3qKvsxWiU+K8TKEaY2NhLk0R42TTRMk1x3wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLI5CLWuzewEEIVKsYJLRhLNNk85MB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvc2prSXRhN043QVFRaFVxeGdrdEdFczAyVHprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXaoCAwQA
Xy5NAwQBknisMA0GCSqGSIb3DQEBCwUAA4IBAQCcg0xPsZTIbb42QyBKcMZZyumJ
aDeaMGpX8a2SCeQV4cUxYcs8d4mPVcR7/L9oP15sMW2xwRtQUkpMLS3X1lwEN9C0
j4ZTYTF+5EE+DVYDiDEq33xO5IZhDtZ+VXRuY/wNG3XKiYT11Y/hFUvDDlDNHo/Z
A43qooHiVIZSmzSWqwlfvITS2ysdaxcWAj6ogAsRzLAlMQA5fFuTLqQNe6xt5SD6
1bseEHWes/+3G82VC1Dtk+qJGojEgIHyzP/St0epfymsNCz6j9S2o7d0TQFf1pZB
0P/18lDGCKpYEnZw2PHYCal1EkSS9+soEWJGw1aP9FJobuL/VuT9Xoxdd0iN
-----END CERTIFICATE-----