Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/vtzwMjamhIddsbL9Vw27BNE8juI.roa
File:                     vtzwMjamhIddsbL9Vw27BNE8juI.roa (raw, json)
Hash identifier:          QDmaU+HM37KbSmQcoARlD+DLZYMtPoJggtLHVMq7//M=
Subject key identifier:   BE:DC:F0:32:36:A6:84:87:5D:B1:B2:FD:57:0D:BB:04:D1:3C:8E:E2
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A14EBA6AAE90285D402AC751EA827
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/vtzwMjamhIddsbL9Vw27BNE8juI.roa
Signing time:             Tue 02 Jan 2024 12:33:24 +0000
ROA not before:           Tue 02 Jan 2024 12:33:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56639
IP address blocks:        95.46.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:14:eb:a6:aa:e9:02:85:d4:02:ac:75:1e:a8:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bedcf03236a684875db1b2fd570dbb04d13c8ee2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:09:cc:f2:d3:3e:a3:33:24:78:76:d3:1e:a8:
                    58:e5:64:87:22:88:40:0d:cf:dc:d3:b3:90:f4:8c:
                    d3:ee:80:7b:e3:1c:e3:17:44:0a:61:11:0b:7a:a8:
                    a7:da:7d:99:45:68:70:0a:af:4c:dc:b1:32:c0:bd:
                    ae:76:5b:31:97:c1:14:6e:e8:2b:73:f0:ef:32:9f:
                    25:f1:d5:45:2f:4b:0d:8d:16:a6:a9:a7:d5:8b:07:
                    f9:c4:2b:14:75:6c:79:e6:4e:dc:c4:bb:a9:1b:e3:
                    c7:b9:6c:8b:03:9f:e0:1c:a4:c2:e9:dc:aa:09:3b:
                    01:a8:2a:96:46:5e:6c:4a:2b:c2:5b:a9:65:af:fb:
                    79:e8:35:f3:3e:14:dd:2d:db:4d:01:4d:6e:2b:28:
                    fa:f3:93:8d:15:de:47:8c:10:35:cb:da:c4:c8:04:
                    e4:37:b3:05:3c:d5:85:2d:3a:de:11:b1:5b:82:4b:
                    3c:10:20:82:6a:f0:36:c1:e0:b2:4f:5a:bc:a7:59:
                    c6:d8:f3:63:57:2f:e6:69:3c:b8:1f:a2:47:a2:31:
                    d3:af:2b:4c:89:fe:ef:45:f1:8d:01:4d:34:8f:b6:
                    e1:a0:28:08:e7:41:82:3b:4e:93:1a:3d:f3:3b:87:
                    e2:ef:27:95:67:cf:77:ce:d9:c5:27:76:2b:fc:dd:
                    af:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:DC:F0:32:36:A6:84:87:5D:B1:B2:FD:57:0D:BB:04:D1:3C:8E:E2
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/vtzwMjamhIddsbL9Vw27BNE8juI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.46.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:3e:e5:ec:8b:ef:8f:05:48:cb:d4:a7:30:4a:52:e5:c7:02:
         94:6f:1f:c6:f2:a9:7d:05:14:98:dc:e3:ac:df:68:80:aa:b9:
         3d:4d:5c:d8:c3:97:0a:14:4d:19:35:25:f8:a0:50:ae:84:cd:
         40:29:a2:13:c7:69:ee:6c:12:c8:f2:6a:30:20:6e:7b:54:00:
         15:da:54:31:34:cc:6a:f9:4f:74:37:46:e7:28:40:43:c7:1f:
         e3:41:4a:b9:77:44:59:56:41:dd:57:6b:60:ff:f9:ac:64:9a:
         16:41:49:6a:fd:d8:64:b2:62:ed:d9:c4:ff:d2:74:c7:87:1c:
         96:e3:2a:e6:02:34:01:df:d1:e1:7f:39:90:5a:96:64:99:b0:
         f4:d4:06:41:c7:57:83:08:c5:07:3b:3e:ec:5e:52:fe:13:f4:
         16:7f:95:f5:95:81:26:02:02:b1:c1:a8:01:eb:a8:bc:fd:cc:
         ac:06:9d:2b:3a:f7:0c:c2:43:15:2a:bd:fe:37:63:81:33:28:
         e6:0f:3d:c5:a0:fd:c0:ce:b6:09:be:82:d3:1e:f5:dd:c3:44:
         97:3c:5c:aa:3d:01:43:ea:74:70:8e:9b:07:f9:cc:44:0c:8f:
         69:f6:ae:de:59:a1:a9:7f:80:9c:f1:f4:86:03:b7:c3:b0:74:
         28:45:4a:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKhTrpqrpAoXUAqx1HqgnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWRjZjAzMjM2YTY4NDg3NWRiMWIyZmQ1NzBkYmIwNGQxM2M4ZWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgwnM8tM+ozMkeHbTHqhY5WSHIohA
Dc/c07OQ9IzT7oB74xzjF0QKYRELeqin2n2ZRWhwCq9M3LEywL2udlsxl8EUbugr
c/DvMp8l8dVFL0sNjRamqafViwf5xCsUdWx55k7cxLupG+PHuWyLA5/gHKTC6dyq
CTsBqCqWRl5sSivCW6llr/t56DXzPhTdLdtNAU1uKyj685ONFd5HjBA1y9rEyATk
N7MFPNWFLTreEbFbgks8ECCCavA2weCyT1q8p1nG2PNjVy/maTy4H6JHojHTrytM
if7vRfGNAU00j7bhoCgI50GCO06TGj3zO4fi7yeVZ893ztnFJ3Yr/N2vjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL7c8DI2poSHXbGy/VcNuwTRPI7iMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvdnR6d01qYW1oSWRkc2JMOVZ3MjdCTkU4anVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXy6PMA0G
CSqGSIb3DQEBCwUAA4IBAQCCPuXsi++PBUjL1KcwSlLlxwKUbx/G8ql9BRSY3OOs
32iAqrk9TVzYw5cKFE0ZNSX4oFCuhM1AKaITx2nubBLI8mowIG57VAAV2lQxNMxq
+U90N0bnKEBDxx/jQUq5d0RZVkHdV2tg//msZJoWQUlq/dhksmLt2cT/0nTHhxyW
4yrmAjQB39HhfzmQWpZkmbD01AZBx1eDCMUHOz7sXlL+E/QWf5X1lYEmAgKxwagB
66i8/cysBp0rOvcMwkMVKr3+N2OBMyjmDz3FoP3AzrYJvoLTHvXdw0SXPFyqPQFD
6nRwjpsH+cxEDI9p9q7eWaGpf4Cc8fSGA7fDsHQoRUqW
-----END CERTIFICATE-----