Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/yYPY6ryUuKQb0dd2aySiOYltl88.roa
File:                     yYPY6ryUuKQb0dd2aySiOYltl88.roa (raw, json)
Hash identifier:          D0EqpzqGnqj5uFN9n1y+QYSiFuwnym8JpFMvYofM+Fw=
Subject key identifier:   C9:83:D8:EA:BC:94:B8:A4:1B:D1:D7:76:6B:24:A2:39:89:6D:97:CF
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0192D2D574669660F0D17536A4D453046F92
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/yYPY6ryUuKQb0dd2aySiOYltl88.roa
Signing time:             Mon 28 Oct 2024 11:14:17 +0000
ROA not before:           Mon 28 Oct 2024 11:14:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12389
IP address blocks:        95.47.152.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d2:d5:74:66:96:60:f0:d1:75:36:a4:d4:53:04:6f:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Oct 28 11:14:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c983d8eabc94b8a41bd1d7766b24a239896d97cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:29:73:48:55:e8:d9:38:a0:78:87:08:76:c3:
                    f2:be:6d:b5:53:b2:84:93:74:39:0a:3c:a1:f3:fc:
                    34:a6:3f:cb:da:bd:1f:3d:44:b2:84:d6:c2:ab:3c:
                    9c:12:c1:3a:1d:7e:5b:43:68:25:d3:3a:83:1c:b2:
                    3b:14:6c:0c:7c:af:64:de:89:fa:1d:e3:92:88:ce:
                    65:d0:7f:ee:b8:16:f4:4e:21:00:b8:d9:a7:62:d2:
                    c4:0c:48:bc:dc:fa:f9:11:93:ca:78:a8:00:5f:5b:
                    95:5c:85:d6:98:68:82:48:67:7d:2b:75:70:79:db:
                    09:34:c0:53:50:ac:bc:36:c0:41:07:6a:45:4e:2c:
                    eb:47:9c:23:0c:63:21:fd:2f:bc:85:f9:55:8b:84:
                    d9:66:ed:ba:f4:93:40:1b:3b:df:97:03:32:22:5b:
                    96:44:fc:67:98:c0:24:ea:28:ec:29:49:af:65:34:
                    ae:30:19:90:73:5b:ad:57:77:e6:89:80:a2:18:20:
                    65:16:87:e1:1a:cc:5a:47:09:a5:83:f5:ef:25:bf:
                    12:fd:85:ef:69:0e:1e:d4:76:9c:82:0a:05:1a:40:
                    99:76:28:2c:1b:38:33:9d:c6:53:d2:aa:1a:71:1a:
                    19:b9:8a:31:90:54:68:76:02:e7:f6:71:9f:4b:ab:
                    a2:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:83:D8:EA:BC:94:B8:A4:1B:D1:D7:76:6B:24:A2:39:89:6D:97:CF
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/yYPY6ryUuKQb0dd2aySiOYltl88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.47.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:e2:84:e2:c0:80:a0:58:51:b5:6e:6b:37:84:44:d4:75:e0:
         7e:10:1c:ce:9e:d7:77:1b:fe:5b:4a:4b:3f:eb:68:1f:cd:44:
         23:d2:1d:77:10:88:d8:64:ad:da:ec:3f:e6:10:a6:ca:21:b8:
         b3:ee:75:bb:56:82:05:9c:b9:5e:06:76:dd:7b:8a:a9:86:9a:
         e7:32:61:5f:c1:64:4a:e1:b0:67:a4:39:dc:97:16:40:31:67:
         02:9f:0b:c6:58:68:f5:d4:10:f4:bc:e9:4d:2e:eb:96:a4:d4:
         d1:23:52:d9:fb:83:f5:15:74:1d:12:78:fe:6c:7b:c5:9a:e4:
         7a:a8:c4:0d:3a:8c:45:63:9e:2b:91:c2:1e:6c:62:ba:24:c0:
         55:45:ab:62:b6:07:65:af:cb:7a:44:a9:42:97:5b:33:b9:f3:
         b2:bf:52:90:cb:c4:b1:e2:31:4e:a1:58:87:31:2d:6f:67:66:
         f0:cd:a0:28:a7:14:4a:92:dc:d5:1f:4e:46:e6:fa:23:88:01:
         03:e4:a9:0d:c8:24:ef:3f:df:3e:4c:eb:6a:e2:b1:61:a8:86:
         03:3c:d9:a9:a0:43:3e:f7:db:20:02:d8:cb:50:61:de:7f:a1:
         5b:38:4b:80:8e:8a:04:01:a6:39:63:a0:e4:d4:bf:96:2a:77:
         71:17:fd:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLS1XRmlmDw0XU2pNRTBG+SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQxMDI4MTExNDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTgzZDhlYWJjOTRiOGE0MWJkMWQ3NzY2YjI0YTIzOTg5NmQ5N2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3SlzSFXo2TigeIcIdsPyvm21U7KE
k3Q5Cjyh8/w0pj/L2r0fPUSyhNbCqzycEsE6HX5bQ2gl0zqDHLI7FGwMfK9k3on6
HeOSiM5l0H/uuBb0TiEAuNmnYtLEDEi83Pr5EZPKeKgAX1uVXIXWmGiCSGd9K3Vw
edsJNMBTUKy8NsBBB2pFTizrR5wjDGMh/S+8hflVi4TZZu269JNAGzvflwMyIluW
RPxnmMAk6ijsKUmvZTSuMBmQc1utV3fmiYCiGCBlFofhGsxaRwmlg/XvJb8S/YXv
aQ4e1HacggoFGkCZdigsGzgzncZT0qoacRoZuYoxkFRodgLn9nGfS6uiAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMmD2Oq8lLikG9HXdmskojmJbZfPMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEveVlQWTZyeVV1S1FiMGRkMmF5U2lPWWx0bDg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXy+YMA0G
CSqGSIb3DQEBCwUAA4IBAQCs4oTiwICgWFG1bms3hETUdeB+EBzOntd3G/5bSks/
62gfzUQj0h13EIjYZK3a7D/mEKbKIbiz7nW7VoIFnLleBnbde4qphprnMmFfwWRK
4bBnpDnclxZAMWcCnwvGWGj11BD0vOlNLuuWpNTRI1LZ+4P1FXQdEnj+bHvFmuR6
qMQNOoxFY54rkcIebGK6JMBVRatitgdlr8t6RKlCl1szufOyv1KQy8Sx4jFOoViH
MS1vZ2bwzaAopxRKktzVH05G5vojiAED5KkNyCTvP98+TOtq4rFhqIYDPNmpoEM+
99sgAtjLUGHef6FbOEuAjooEAaY5Y6Dk1L+WKndxF/3x
-----END CERTIFICATE-----