Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/ul1Ig68nbAdGVIZCf2B7oHtjqXI.roa
File:                     ul1Ig68nbAdGVIZCf2B7oHtjqXI.roa (raw, json)
Hash identifier:          C731McOaD9u84up7oRZPDTGTiAzFO7R7Zhv7SiOmazI=
Subject key identifier:   BA:5D:48:83:AF:27:6C:07:46:54:86:42:7F:60:7B:A0:7B:63:A9:72
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0194258FAC4961E83968767069EA3F0D1AB1
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/ul1Ig68nbAdGVIZCf2B7oHtjqXI.roa
Signing time:             Thu 02 Jan 2025 05:49:20 +0000
ROA not before:           Thu 02 Jan 2025 05:49:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47845
IP address blocks:        95.47.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:ac:49:61:e8:39:68:76:70:69:ea:3f:0d:1a:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba5d4883af276c07465486427f607ba07b63a972
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:8c:42:21:4e:4f:96:bd:eb:77:7b:b9:a3:47:
                    dd:6f:28:e0:b6:89:05:8f:7b:5c:82:0b:93:c5:65:
                    96:53:5d:23:d1:72:51:62:55:7a:04:6b:85:e5:da:
                    e0:54:3e:cf:02:17:f6:47:bc:0a:39:f1:05:11:9d:
                    e1:28:66:dd:ca:d1:7d:99:4a:53:19:e6:a8:3d:6d:
                    b3:a3:b1:2b:8e:05:0a:2e:b9:30:d8:2e:8e:49:74:
                    31:59:53:89:76:f8:7b:38:a6:a7:86:f6:92:a5:ad:
                    54:9b:17:7a:83:6a:73:a4:e9:cc:6d:ce:32:8f:cc:
                    a9:48:4a:a1:51:d6:45:28:14:47:44:38:d6:30:c7:
                    cc:09:2e:e4:1c:49:43:8f:b9:6e:08:1d:63:5d:ab:
                    68:cf:e7:56:c5:ab:8c:fe:9d:32:21:42:75:16:ff:
                    6f:17:bb:c0:40:5a:63:39:c1:e0:a1:fb:92:f8:b0:
                    b4:b5:fc:a7:24:12:5d:47:66:f1:1a:dc:d0:8b:c8:
                    e6:28:6d:56:1c:94:a8:90:5d:84:31:80:d9:ad:af:
                    f8:45:d5:f3:82:e3:d2:ca:75:fe:95:a7:e1:63:06:
                    e5:d4:b9:0d:d9:b2:02:f6:d6:7b:6d:05:fa:d3:07:
                    f0:0b:96:3d:95:ec:23:af:61:60:94:51:9e:34:90:
                    fb:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:5D:48:83:AF:27:6C:07:46:54:86:42:7F:60:7B:A0:7B:63:A9:72
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/ul1Ig68nbAdGVIZCf2B7oHtjqXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.47.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:66:45:a5:68:3c:4d:4b:3a:c9:4e:f5:43:c3:6b:e2:21:48:
         0c:ef:0d:93:d3:c7:7d:fe:cf:f1:24:a3:27:3d:81:ad:6f:48:
         9b:13:21:06:52:be:b2:98:f2:82:6a:5f:d5:a5:d1:eb:8f:b4:
         3b:1a:3b:5b:43:ea:2a:c4:68:52:52:5e:79:6d:7d:c4:5b:c3:
         46:b0:d5:a9:a7:ad:06:de:40:d4:e4:13:96:f8:7c:5d:af:53:
         5e:20:4e:d2:7a:6f:f1:be:a7:f7:0f:8b:60:0e:59:b6:57:83:
         80:38:1e:b8:aa:09:c4:5e:79:f8:62:5b:d1:f6:8a:51:27:b4:
         c7:da:d0:d4:30:81:b1:40:0f:89:88:45:a3:d8:17:a8:14:7d:
         85:75:4c:07:9a:65:aa:24:b7:81:28:35:d0:f0:32:76:3e:d7:
         5d:30:46:47:82:ca:68:84:ec:0f:e1:50:6d:fc:7a:4a:7f:ca:
         3e:36:70:cd:53:8d:e8:0f:db:bb:d4:6b:2e:68:01:b7:b8:a4:
         69:d4:ea:87:62:e6:27:31:2a:19:04:d8:95:00:22:87:c5:76:
         40:8e:bf:e7:14:ae:7a:b5:59:fe:47:39:34:65:6f:c1:4b:f9:
         28:a0:df:9c:46:dc:58:e3:6f:10:3a:00:23:5e:bf:d7:05:b5:
         59:a3:87:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj6xJYeg5aHZwaeo/DRqxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTVkNDg4M2FmMjc2YzA3NDY1NDg2NDI3ZjYwN2JhMDdiNjNhOTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA04xCIU5Plr3rd3u5o0fdbyjgtokF
j3tcgguTxWWWU10j0XJRYlV6BGuF5drgVD7PAhf2R7wKOfEFEZ3hKGbdytF9mUpT
GeaoPW2zo7ErjgUKLrkw2C6OSXQxWVOJdvh7OKanhvaSpa1Umxd6g2pzpOnMbc4y
j8ypSEqhUdZFKBRHRDjWMMfMCS7kHElDj7luCB1jXatoz+dWxauM/p0yIUJ1Fv9v
F7vAQFpjOcHgofuS+LC0tfynJBJdR2bxGtzQi8jmKG1WHJSokF2EMYDZra/4RdXz
guPSynX+lafhYwbl1LkN2bIC9tZ7bQX60wfwC5Y9lewjr2FglFGeNJD79wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLpdSIOvJ2wHRlSGQn9ge6B7Y6lyMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvdWwxSWc2OG5iQWRHVklaQ2YyQjdvSHRqcVhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXy/2MA0G
CSqGSIb3DQEBCwUAA4IBAQCpZkWlaDxNSzrJTvVDw2viIUgM7w2T08d9/s/xJKMn
PYGtb0ibEyEGUr6ymPKCal/VpdHrj7Q7GjtbQ+oqxGhSUl55bX3EW8NGsNWpp60G
3kDU5BOW+Hxdr1NeIE7Sem/xvqf3D4tgDlm2V4OAOB64qgnEXnn4YlvR9opRJ7TH
2tDUMIGxQA+JiEWj2BeoFH2FdUwHmmWqJLeBKDXQ8DJ2PtddMEZHgspohOwP4VBt
/HpKf8o+NnDNU43oD9u71GsuaAG3uKRp1OqHYuYnMSoZBNiVACKHxXZAjr/nFK56
tVn+Rzk0ZW/BS/kooN+cRtxY428QOgAjXr/XBbVZo4dr
-----END CERTIFICATE-----