Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/w1zkDfDsKLKxn3cVp66BkPDXfIo.roa
File:                     w1zkDfDsKLKxn3cVp66BkPDXfIo.roa (raw, json)
Hash identifier:          6hElah+0U4+tu5CyfB4d5wtwq9wdMGRLSR5mNLYPaa8=
Subject key identifier:   C3:5C:E4:0D:F0:EC:28:B2:B1:9F:77:15:A7:AE:81:90:F0:D7:7C:8A
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A211014761D229CA62753C0B33DA2
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/w1zkDfDsKLKxn3cVp66BkPDXfIo.roa
Signing time:             Tue 02 Jan 2024 12:33:27 +0000
ROA not before:           Tue 02 Jan 2024 12:33:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60075
IP address blocks:        31.148.2.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:21:10:14:76:1d:22:9c:a6:27:53:c0:b3:3d:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c35ce40df0ec28b2b19f7715a7ae8190f0d77c8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:da:0e:e8:6f:4b:40:e5:30:08:bd:af:e9:2a:
                    60:d9:90:2a:e5:8d:a2:27:de:d8:aa:15:cc:4d:3b:
                    64:8f:c8:96:c5:8b:5b:de:73:46:3b:0a:bc:8c:1f:
                    87:11:65:0d:b5:bb:54:37:20:9d:47:90:ee:c5:09:
                    83:cf:10:08:1f:68:3e:ca:29:7a:25:c0:43:db:93:
                    54:a2:14:e0:9e:3f:da:4f:59:70:c1:06:ac:67:47:
                    82:54:87:59:35:46:b2:91:a7:cd:77:f0:1e:54:80:
                    ee:19:f2:32:1e:94:38:84:45:ec:64:cc:2c:d0:37:
                    34:1b:98:16:53:3e:db:7e:45:f6:cc:4f:fb:77:45:
                    36:11:54:0d:3e:68:ce:80:86:58:c8:38:62:50:e7:
                    e2:66:0b:dc:ff:39:2b:c1:be:45:01:3a:71:80:94:
                    b4:c5:bf:5c:2e:78:d2:0f:cb:6b:c9:46:8e:95:5c:
                    14:b7:a5:97:cf:62:2d:13:5f:62:b1:2d:97:5b:ac:
                    0c:44:89:7a:69:66:99:25:3f:05:cd:71:92:0c:df:
                    31:78:73:22:59:eb:a2:da:09:e2:16:26:9d:19:dd:
                    54:85:88:16:91:c0:c9:27:35:25:e7:7f:cb:35:1d:
                    d0:42:86:15:6a:e6:95:d4:e0:25:db:0e:07:98:4e:
                    f4:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:5C:E4:0D:F0:EC:28:B2:B1:9F:77:15:A7:AE:81:90:F0:D7:7C:8A
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/w1zkDfDsKLKxn3cVp66BkPDXfIo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.148.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b1:18:09:80:25:a2:95:6e:d3:5f:f4:01:d1:84:d6:2a:c3:f8:
         c6:54:00:45:98:87:22:bd:5b:ee:66:90:61:06:c2:66:3e:21:
         76:90:da:46:aa:ac:3f:c0:91:1f:71:99:a5:20:e2:61:6e:5e:
         6c:35:34:39:d7:10:e4:88:fa:17:6e:10:23:4c:e0:bf:9a:56:
         fa:fa:ab:8a:81:43:98:a2:7a:10:ed:d3:79:c1:bc:d2:13:7f:
         41:7e:13:e0:ae:d8:8d:b6:f3:c6:4a:b6:f7:db:39:45:f7:4f:
         c3:b7:d7:3f:12:0f:79:b4:44:da:0e:56:76:b0:3e:8f:0b:50:
         e1:55:6d:1d:e1:60:81:db:b6:f0:d7:df:9b:84:ad:96:cd:a8:
         4d:7f:12:b2:10:d6:5b:1e:e9:29:eb:30:72:ad:5f:73:f5:67:
         6e:78:cd:71:bb:a9:8e:e8:66:6c:a9:fd:3b:76:61:93:24:ff:
         4d:00:26:c3:b5:7c:e2:99:a7:05:27:8f:b2:6e:7f:99:af:d5:
         d5:d8:5e:df:78:23:19:8f:57:ec:c6:28:03:6b:fd:e5:75:45:
         56:98:90:34:ca:c6:6c:04:11:73:91:b5:3d:af:9b:a7:19:e7:
         95:d1:63:f7:2d:3e:94:f1:4d:fa:a1:11:74:fa:cb:15:7d:29:
         3f:0b:1e:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKiEQFHYdIpymJ1PAsz2iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzVjZTQwZGYwZWMyOGIyYjE5Zjc3MTVhN2FlODE5MGYwZDc3YzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9oO6G9LQOUwCL2v6Spg2ZAq5Y2i
J97YqhXMTTtkj8iWxYtb3nNGOwq8jB+HEWUNtbtUNyCdR5DuxQmDzxAIH2g+yil6
JcBD25NUohTgnj/aT1lwwQasZ0eCVIdZNUaykafNd/AeVIDuGfIyHpQ4hEXsZMws
0Dc0G5gWUz7bfkX2zE/7d0U2EVQNPmjOgIZYyDhiUOfiZgvc/zkrwb5FATpxgJS0
xb9cLnjSD8tryUaOlVwUt6WXz2ItE19isS2XW6wMRIl6aWaZJT8FzXGSDN8xeHMi
Weui2gniFiadGd1UhYgWkcDJJzUl53/LNR3QQoYVauaV1OAl2w4HmE70rQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMNc5A3w7CiysZ93FaeugZDw13yKMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvdzF6a0RmRHNLTEt4bjNjVnA2NkJrUERYZklvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBH5QCMA0G
CSqGSIb3DQEBCwUAA4IBAQCxGAmAJaKVbtNf9AHRhNYqw/jGVABFmIcivVvuZpBh
BsJmPiF2kNpGqqw/wJEfcZmlIOJhbl5sNTQ51xDkiPoXbhAjTOC/mlb6+quKgUOY
onoQ7dN5wbzSE39BfhPgrtiNtvPGSrb32zlF90/Dt9c/Eg95tETaDlZ2sD6PC1Dh
VW0d4WCB27bw19+bhK2WzahNfxKyENZbHukp6zByrV9z9WdueM1xu6mO6GZsqf07
dmGTJP9NACbDtXzimacFJ4+ybn+Zr9XV2F7feCMZj1fsxigDa/3ldUVWmJA0ysZs
BBFzkbU9r5unGeeV0WP3LT6U8U36oRF0+ssVfSk/Cx5o
-----END CERTIFICATE-----