Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/ujLo4-z08O2dB-DOAlXyJNb6i4o.roa
File:                     ujLo4-z08O2dB-DOAlXyJNb6i4o.roa (raw, json)
Hash identifier:          KuOsc0bf5BFMQJBykvFXsF067gq6S14GX1650FWTGa8=
Subject key identifier:   BA:32:E8:E3:EC:F4:F0:ED:9D:07:E0:CE:02:55:F2:24:D6:FA:8B:8A
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA29E6DC42155341B6622B8890895150
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/ujLo4-z08O2dB-DOAlXyJNb6i4o.roa
Signing time:             Tue 02 Jan 2024 12:33:12 +0000
ROA not before:           Tue 02 Jan 2024 12:33:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39631
IP address blocks:        93.170.244.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:e6:dc:42:15:53:41:b6:62:2b:88:90:89:51:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba32e8e3ecf4f0ed9d07e0ce0255f224d6fa8b8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:78:50:79:6f:f0:82:be:85:92:ed:4b:9a:82:
                    e7:33:2c:3d:eb:78:f4:94:f5:9d:3c:8d:8e:6c:7c:
                    32:2e:62:3b:90:58:f5:dc:60:0c:57:b0:de:0c:bc:
                    9d:77:21:fa:04:5a:c1:09:60:bb:03:2d:0d:2e:92:
                    e3:39:40:1e:6d:4b:96:3d:7e:03:22:ee:cb:dc:91:
                    c9:6f:ba:0c:4c:1c:61:3d:f1:9f:b0:89:12:a8:9c:
                    09:41:5c:42:f3:c1:55:de:3b:ef:9b:5c:34:77:33:
                    7f:87:d7:f3:fa:5e:8c:af:0a:08:0c:8c:ca:73:39:
                    ce:ce:67:94:e8:e9:d0:3b:79:93:65:fc:ac:5f:9c:
                    a3:40:06:ad:c8:7d:a3:e9:9e:76:79:bc:93:63:fe:
                    32:25:e5:95:bb:fc:be:71:3b:49:b9:bc:9f:3d:ef:
                    d9:38:a9:45:ba:c9:7f:6b:c8:d7:65:3d:c8:a5:b7:
                    f9:ff:10:8d:6e:d2:73:f0:d3:58:93:19:d5:54:61:
                    50:05:aa:60:d8:df:2c:22:d0:b3:fb:a4:53:d8:24:
                    56:a3:05:98:1b:ec:c1:7f:39:43:b6:24:12:97:e6:
                    c3:7d:1a:47:d3:1f:74:14:7d:a1:fe:13:b6:de:1e:
                    b5:36:de:12:51:37:69:33:c6:82:24:2b:24:5e:99:
                    99:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:32:E8:E3:EC:F4:F0:ED:9D:07:E0:CE:02:55:F2:24:D6:FA:8B:8A
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/ujLo4-z08O2dB-DOAlXyJNb6i4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.170.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:fa:e5:88:67:63:31:65:a1:43:a7:ac:15:8d:85:da:a8:6f:
         34:21:73:e4:83:08:c9:0e:bc:75:8c:e9:85:ea:cc:21:3c:ba:
         bb:a5:7e:e6:c5:49:a5:fc:f3:e9:06:c0:57:d0:94:90:b4:ee:
         ae:76:33:b7:a9:54:07:74:c9:eb:2f:a8:b9:9b:eb:37:82:1b:
         bb:95:56:46:0a:4e:f7:af:70:12:44:54:8f:3e:8a:ce:8e:fb:
         a7:91:d3:e5:3f:0b:55:66:38:46:2d:07:17:ef:97:79:fa:60:
         fd:9a:1f:1e:6c:b6:9e:26:80:8a:c6:f9:70:69:38:38:a0:03:
         2d:00:e4:31:c2:dc:fd:75:3f:1b:ce:cf:bd:9b:17:1c:f0:c1:
         5f:95:ed:59:ae:3b:f9:15:b3:f4:f4:58:ed:12:8e:5f:fd:0e:
         9d:3f:f5:33:6d:59:f7:6d:6f:f3:67:c1:b8:6f:9e:a6:46:76:
         94:2d:a2:e3:d8:ef:bc:37:c0:7d:c1:17:ba:5f:ae:23:cb:7d:
         86:51:63:9e:69:3b:35:b2:e6:57:d1:59:5a:1a:6d:0d:94:24:
         61:85:36:b2:7c:4c:97:0d:81:d2:17:36:09:52:1c:5b:62:f8:
         f2:cd:64:84:d6:4d:18:33:b1:70:8e:e4:7b:af:31:21:47:03:
         ca:6b:6e:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKebcQhVTQbZiK4iQiVFQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTMyZThlM2VjZjRmMGVkOWQwN2UwY2UwMjU1ZjIyNGQ2ZmE4YjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo3hQeW/wgr6Fku1LmoLnMyw963j0
lPWdPI2ObHwyLmI7kFj13GAMV7DeDLyddyH6BFrBCWC7Ay0NLpLjOUAebUuWPX4D
Iu7L3JHJb7oMTBxhPfGfsIkSqJwJQVxC88FV3jvvm1w0dzN/h9fz+l6MrwoIDIzK
cznOzmeU6OnQO3mTZfysX5yjQAatyH2j6Z52ebyTY/4yJeWVu/y+cTtJubyfPe/Z
OKlFusl/a8jXZT3Ipbf5/xCNbtJz8NNYkxnVVGFQBapg2N8sItCz+6RT2CRWowWY
G+zBfzlDtiQSl+bDfRpH0x90FH2h/hO23h61Nt4SUTdpM8aCJCskXpmZ6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLoy6OPs9PDtnQfgzgJV8iTW+ouKMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvdWpMbzQtejA4TzJkQi1ET0FsWHlKTmI2aTRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXar0MA0G
CSqGSIb3DQEBCwUAA4IBAQCs+uWIZ2MxZaFDp6wVjYXaqG80IXPkgwjJDrx1jOmF
6swhPLq7pX7mxUml/PPpBsBX0JSQtO6udjO3qVQHdMnrL6i5m+s3ghu7lVZGCk73
r3ASRFSPPorOjvunkdPlPwtVZjhGLQcX75d5+mD9mh8ebLaeJoCKxvlwaTg4oAMt
AOQxwtz9dT8bzs+9mxcc8MFfle1Zrjv5FbP09FjtEo5f/Q6dP/UzbVn3bW/zZ8G4
b56mRnaULaLj2O+8N8B9wRe6X64jy32GUWOeaTs1suZX0VlaGm0NlCRhhTayfEyX
DYHSFzYJUhxbYvjyzWSE1k0YM7FwjuR7rzEhRwPKa27u
-----END CERTIFICATE-----