Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/deb064-a922-46a6-86ca-e43523983793/1/1-MOd61mqzzUd3k7RQR0FdOI1Nn0.roa
File:                     1-MOd61mqzzUd3k7RQR0FdOI1Nn0.roa (raw, json)
Hash identifier:          Ney+qmboFEb3EnQIoVOu45+2AwAnlZ+xcFMz6UpUYIw=
Subject key identifier:   F8:C3:9D:EB:59:AA:CF:35:1D:DE:4E:D1:41:1D:05:74:E2:35:36:7D
Certificate issuer:       /CN=bf4b51b0bac45fa226bd2dcff11730ed40ec2149
Certificate serial:       019426D93D8D1396C0EF4020EC2B741EE990
Authority key identifier: BF:4B:51:B0:BA:C4:5F:A2:26:BD:2D:CF:F1:17:30:ED:40:EC:21:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v0tRsLrEX6ImvS3P8Rcw7UDsIUk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/deb064-a922-46a6-86ca-e43523983793/1/1-MOd61mqzzUd3k7RQR0FdOI1Nn0.roa
Signing time:             Thu 02 Jan 2025 11:49:18 +0000
ROA not before:           Thu 02 Jan 2025 11:49:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        141.74.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/deb064-a922-46a6-86ca-e43523983793/1/v0tRsLrEX6ImvS3P8Rcw7UDsIUk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/deb064-a922-46a6-86ca-e43523983793/1/v0tRsLrEX6ImvS3P8Rcw7UDsIUk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v0tRsLrEX6ImvS3P8Rcw7UDsIUk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:3d:8d:13:96:c0:ef:40:20:ec:2b:74:1e:e9:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf4b51b0bac45fa226bd2dcff11730ed40ec2149
        Validity
            Not Before: Jan  2 11:49:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f8c39deb59aacf351dde4ed1411d0574e235367d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:dd:a3:df:cc:51:40:ce:51:3c:04:86:2f:a0:
                    ea:16:c9:82:9d:20:04:64:45:ee:54:d3:b2:a2:83:
                    30:36:03:80:4c:ca:c9:13:22:71:5f:2d:f1:ed:93:
                    19:30:66:d4:ef:89:e3:ec:c3:2a:f9:a1:11:0e:01:
                    c9:54:45:f6:da:20:7a:b5:5e:45:ff:17:cd:51:78:
                    1b:4b:94:7e:a9:f9:cc:07:c0:6e:da:ed:f7:9c:7f:
                    6c:1c:0a:99:04:6b:c5:24:8d:b7:f0:1b:0d:e0:b8:
                    aa:64:77:39:27:02:20:9f:ff:ae:61:31:51:1a:f6:
                    ef:92:39:2d:8f:59:33:78:7c:47:66:2f:c7:41:c9:
                    22:e0:7b:b6:b8:63:ad:b6:d0:c9:26:79:9e:2f:3c:
                    aa:df:9d:50:f3:c0:bf:bd:1e:72:92:61:2e:93:7a:
                    58:65:00:7d:58:bf:9a:9c:a1:3c:91:86:b6:24:e7:
                    48:58:8c:62:3c:00:a2:22:33:72:d4:7c:b4:2a:3c:
                    cf:80:b8:ac:d4:90:99:3b:56:88:ec:07:f8:6c:5e:
                    fe:d2:14:c2:cb:e8:8a:c0:b2:3c:e1:bd:8a:02:69:
                    70:5d:ce:02:c4:83:42:2b:bf:f2:7e:fd:f5:21:3a:
                    d6:c7:b6:81:84:8c:dc:d8:0e:bc:37:7d:8a:ae:01:
                    f9:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:C3:9D:EB:59:AA:CF:35:1D:DE:4E:D1:41:1D:05:74:E2:35:36:7D
            X509v3 Authority Key Identifier:
                keyid:BF:4B:51:B0:BA:C4:5F:A2:26:BD:2D:CF:F1:17:30:ED:40:EC:21:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v0tRsLrEX6ImvS3P8Rcw7UDsIUk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/deb064-a922-46a6-86ca-e43523983793/1/1-MOd61mqzzUd3k7RQR0FdOI1Nn0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/deb064-a922-46a6-86ca-e43523983793/1/v0tRsLrEX6ImvS3P8Rcw7UDsIUk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.74.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         14:8c:9b:b8:3e:8d:12:d2:44:6e:f1:f3:35:55:f2:32:e1:78:
         04:59:39:0e:2a:44:d6:4b:fd:28:fc:b3:8c:9a:e3:cc:ad:3b:
         3d:2a:c5:f0:01:af:fb:b2:f0:4c:4d:d7:d6:fe:e1:a0:8c:1d:
         86:49:54:21:25:f9:bd:4c:52:6c:3b:57:52:61:de:5a:42:88:
         2f:0b:81:64:85:27:c2:88:e0:73:77:26:a8:a6:61:76:d9:f0:
         6b:b9:8f:ef:7b:03:d4:82:78:3f:8a:f0:e5:ad:8c:f5:87:61:
         5e:e0:1e:b6:f5:2d:44:04:40:be:fb:2a:b5:8f:30:f5:5f:67:
         52:3d:ac:ef:b6:f0:ba:46:52:8f:03:47:42:b7:ae:b5:d8:c7:
         ae:5e:2d:af:75:55:fa:72:eb:df:93:7d:3a:92:6a:ee:f0:e2:
         02:9b:43:d9:a1:01:f5:8c:61:ee:fa:aa:3e:84:b1:62:b6:68:
         63:6a:87:75:17:f6:c6:71:dd:bb:2c:d3:28:42:c3:65:76:b5:
         21:e3:1d:71:f9:8d:06:7f:14:53:36:d1:06:7b:c5:b5:77:c5:
         3b:ff:27:76:6e:f3:0c:ca:03:12:89:6d:2b:13:49:f0:8e:e4:
         18:21:60:02:e4:f3:ae:94:98:73:f4:56:ca:d3:c2:f9:b8:dd:
         27:8c:54:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2T2NE5bA70Ag7Ct0HumQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmNGI1MWIwYmFjNDVmYTIyNmJkMmRjZmYxMTczMGVkNDBl
YzIxNDkwHhcNMjUwMTAyMTE0OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGMzOWRlYjU5YWFjZjM1MWRkZTRlZDE0MTFkMDU3NGUyMzUzNjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnd2j38xRQM5RPASGL6DqFsmCnSAE
ZEXuVNOyooMwNgOATMrJEyJxXy3x7ZMZMGbU74nj7MMq+aERDgHJVEX22iB6tV5F
/xfNUXgbS5R+qfnMB8Bu2u33nH9sHAqZBGvFJI238BsN4LiqZHc5JwIgn/+uYTFR
Gvbvkjktj1kzeHxHZi/HQcki4Hu2uGOtttDJJnmeLzyq351Q88C/vR5ykmEuk3pY
ZQB9WL+anKE8kYa2JOdIWIxiPACiIjNy1Hy0KjzPgLis1JCZO1aI7Af4bF7+0hTC
y+iKwLI84b2KAmlwXc4CxINCK7/yfv31ITrWx7aBhIzc2A68N32KrgH5iQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPjDnetZqs81Hd5O0UEdBXTiNTZ9MB8GA1UdIwQY
MBaAFL9LUbC6xF+iJr0tz/EXMO1A7CFJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjB0UnNMckVYNkltdlMzUDhSY3c3VURzSVVrLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9kZWIwNjQtYTkyMi00NmE2LTg2Y2Et
ZTQzNTIzOTgzNzkzLzEvMS1NT2Q2MW1xenpVZDNrN1JRUjBGZE9JMU5uMC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjgvZGViMDY0LWE5MjItNDZhNi04NmNhLWU0MzUyMzk4Mzc5
My8xL3YwdFJzTHJFWDZJbXZTM1A4UmN3N1VEc0lVay5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAI1KMA0G
CSqGSIb3DQEBCwUAA4IBAQAUjJu4Po0S0kRu8fM1VfIy4XgEWTkOKkTWS/0o/LOM
muPMrTs9KsXwAa/7svBMTdfW/uGgjB2GSVQhJfm9TFJsO1dSYd5aQogvC4FkhSfC
iOBzdyaopmF22fBruY/vewPUgng/ivDlrYz1h2Fe4B629S1EBEC++yq1jzD1X2dS
PazvtvC6RlKPA0dCt6612MeuXi2vdVX6cuvfk306kmru8OICm0PZoQH1jGHu+qo+
hLFitmhjaod1F/bGcd27LNMoQsNldrUh4x1x+Y0GfxRTNtEGe8W1d8U7/yd2bvMM
ygMSiW0rE0nwjuQYIWAC5POulJhz9FbK08L5uN0njFQM
-----END CERTIFICATE-----