Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/axgIYXN7Tz3tE8q4phFfT-icxF0.roa
File:                     axgIYXN7Tz3tE8q4phFfT-icxF0.roa (raw, json)
Hash identifier:          Evfv/PORiQ+Fycz5QkRBNHI6o5FLNBDiMsiuGU0xJvQ=
Subject key identifier:   6B:18:08:61:73:7B:4F:3D:ED:13:CA:B8:A6:11:5F:4F:E8:9C:C4:5D
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       019836C1804A0BE07BD57EEEB8F4F42F5F14
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/axgIYXN7Tz3tE8q4phFfT-icxF0.roa
Signing time:             Wed 23 Jul 2025 10:08:27 +0000
ROA not before:           Wed 23 Jul 2025 10:08:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212243
IP address blocks:        146.120.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 14:07:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:36:c1:80:4a:0b:e0:7b:d5:7e:ee:b8:f4:f4:2f:5f:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jul 23 10:08:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6b180861737b4f3ded13cab8a6115f4fe89cc45d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:c4:a4:8d:1d:d6:cc:7d:b5:29:14:f5:32:52:
                    9d:4f:92:b7:f0:b4:c5:f0:4e:53:35:77:bb:e5:e5:
                    79:6d:79:4b:60:ec:73:10:1b:49:fc:5b:36:4a:53:
                    07:12:49:22:26:02:81:04:46:bb:fe:1c:a2:50:48:
                    ac:9b:fe:50:67:2a:25:81:a0:94:22:b8:bb:af:3e:
                    43:d7:bb:8b:2d:88:7b:ab:26:2e:06:b3:f0:09:ee:
                    06:2e:be:fc:3a:b3:91:97:e5:c7:bb:22:49:d5:af:
                    b6:38:2d:ef:5d:7a:c6:e4:3a:39:e1:fc:9f:34:16:
                    ae:aa:7a:a6:49:dd:31:6a:c0:ac:b3:39:87:0f:ae:
                    c2:4b:52:03:81:a1:c5:5d:58:3e:99:ff:56:ca:37:
                    64:33:c9:aa:8d:6c:ad:f9:61:de:51:50:c6:c8:06:
                    4c:81:2e:42:2f:b0:64:84:bd:96:7c:da:bf:b5:d0:
                    a7:d8:27:98:f7:84:92:62:1e:f7:02:55:6a:48:2b:
                    e8:5f:69:a9:92:95:2b:02:cf:75:5d:b7:79:19:8b:
                    dc:ce:bd:a6:49:11:e2:33:9c:69:7c:7d:e4:f9:44:
                    99:7e:5b:47:39:2c:f9:86:42:c1:41:07:8e:c4:20:
                    7f:82:e3:51:5d:a7:84:d2:7d:fd:33:fc:80:57:33:
                    c2:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:18:08:61:73:7B:4F:3D:ED:13:CA:B8:A6:11:5F:4F:E8:9C:C4:5D
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/axgIYXN7Tz3tE8q4phFfT-icxF0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.120.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:ca:11:0a:c6:5b:80:6f:60:13:89:8d:b6:5b:a3:9b:e9:53:
         5a:2a:41:3b:69:34:70:0a:7f:83:cd:2a:71:ae:a2:19:01:b5:
         1c:d0:37:85:82:91:c0:68:80:6b:7a:c5:be:e3:2b:cd:53:ba:
         7f:4e:0d:85:56:2d:0f:97:e0:31:1d:5b:e3:05:70:5b:e3:6d:
         02:2c:c9:3f:4f:06:3e:6a:8c:d1:34:9f:62:b1:91:2e:82:c1:
         de:37:70:31:a5:a0:16:90:cc:fd:79:67:e5:bd:3d:1c:f5:98:
         7d:f6:09:54:b7:c2:02:ab:d8:e2:7c:7c:4e:d4:b3:45:af:6c:
         42:c6:52:68:7d:d6:80:c3:48:ba:aa:b5:64:a1:55:c7:60:1b:
         0c:6a:1b:f8:02:c0:7a:a1:0c:32:b2:76:85:ab:55:d9:e2:7a:
         cb:b9:6b:ed:07:96:7b:71:05:55:a8:13:89:7e:24:41:8d:8e:
         88:55:64:4f:48:79:1c:42:99:d1:54:18:67:fe:75:3a:24:2a:
         bb:a0:04:51:3d:3a:da:82:15:e1:a1:3e:c0:77:f0:e4:d7:32:
         f3:0a:96:f3:36:36:84:28:59:bb:5b:cc:6b:18:4f:99:ec:e2:
         37:4e:1c:6d:65:53:90:6b:5f:b6:35:a5:f8:88:16:07:89:ed:
         1d:53:72:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZg2wYBKC+B71X7uuPT0L18UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwNzIzMTAwODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjE4MDg2MTczN2I0ZjNkZWQxM2NhYjhhNjExNWY0ZmU4OWNjNDVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMSkjR3WzH21KRT1MlKdT5K38LTF
8E5TNXe75eV5bXlLYOxzEBtJ/Fs2SlMHEkkiJgKBBEa7/hyiUEism/5QZyolgaCU
Iri7rz5D17uLLYh7qyYuBrPwCe4GLr78OrORl+XHuyJJ1a+2OC3vXXrG5Do54fyf
NBauqnqmSd0xasCsszmHD67CS1IDgaHFXVg+mf9WyjdkM8mqjWyt+WHeUVDGyAZM
gS5CL7BkhL2WfNq/tdCn2CeY94SSYh73AlVqSCvoX2mpkpUrAs91Xbd5GYvczr2m
SRHiM5xpfH3k+USZfltHOSz5hkLBQQeOxCB/guNRXaeE0n39M/yAVzPCcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGsYCGFze0897RPKuKYRX0/onMRdMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvYXhnSVlYTjdUejN0RThxNHBoRmZULWljeEYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAknirMA0G
CSqGSIb3DQEBCwUAA4IBAQBKyhEKxluAb2ATiY22W6Ob6VNaKkE7aTRwCn+DzSpx
rqIZAbUc0DeFgpHAaIBresW+4yvNU7p/Tg2FVi0Pl+AxHVvjBXBb420CLMk/TwY+
aozRNJ9isZEugsHeN3AxpaAWkMz9eWflvT0c9Zh99glUt8ICq9jifHxO1LNFr2xC
xlJofdaAw0i6qrVkoVXHYBsMahv4AsB6oQwysnaFq1XZ4nrLuWvtB5Z7cQVVqBOJ
fiRBjY6IVWRPSHkcQpnRVBhn/nU6JCq7oARRPTraghXhoT7Ad/Dk1zLzCpbzNjaE
KFm7W8xrGE+Z7OI3ThxtZVOQa1+2NaX4iBYHie0dU3JR
-----END CERTIFICATE-----