Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/e5556c-cfea-4972-aaf8-17a1dcdcc6e0/1/dM8kA9UdpYik4eGdd4p2YObVlEA.roa
File:                     dM8kA9UdpYik4eGdd4p2YObVlEA.roa (raw, json)
Hash identifier:          09Lj5oy/dbzOsXRPbe2C4Tko7I3Jb+mI9jtmELQT9g8=
Subject key identifier:   74:CF:24:03:D5:1D:A5:88:A4:E1:E1:9D:77:8A:76:60:E6:D5:94:40
Certificate issuer:       /CN=74b42a6de4e01fc31250d1bbe322281046ee61aa
Certificate serial:       01948803EFF6B91B6F7B03326681B9608E87
Authority key identifier: 74:B4:2A:6D:E4:E0:1F:C3:12:50:D1:BB:E3:22:28:10:46:EE:61:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dLQqbeTgH8MSUNG74yIoEEbuYao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/e5556c-cfea-4972-aaf8-17a1dcdcc6e0/1/dM8kA9UdpYik4eGdd4p2YObVlEA.roa
Signing time:             Tue 21 Jan 2025 08:39:06 +0000
ROA not before:           Tue 21 Jan 2025 08:39:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39686
IP address blocks:        2a10:dac0:102::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/e5556c-cfea-4972-aaf8-17a1dcdcc6e0/1/dLQqbeTgH8MSUNG74yIoEEbuYao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/e5556c-cfea-4972-aaf8-17a1dcdcc6e0/1/dLQqbeTgH8MSUNG74yIoEEbuYao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dLQqbeTgH8MSUNG74yIoEEbuYao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:88:03:ef:f6:b9:1b:6f:7b:03:32:66:81:b9:60:8e:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74b42a6de4e01fc31250d1bbe322281046ee61aa
        Validity
            Not Before: Jan 21 08:39:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74cf2403d51da588a4e1e19d778a7660e6d59440
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:d2:1b:dc:ff:56:94:5f:b0:1d:a0:d5:24:64:
                    0a:9a:61:1c:32:ac:3d:3c:23:42:71:a8:94:68:ae:
                    92:e7:63:3f:4c:77:99:ba:96:c7:98:24:aa:85:29:
                    5b:1a:3d:45:ed:88:f4:4d:a3:31:ca:53:87:da:ee:
                    0b:6a:64:41:b4:73:f7:62:e0:92:5d:52:36:10:51:
                    4a:2a:58:9c:b1:53:e1:91:6e:3c:50:47:38:0d:f9:
                    83:5a:51:a0:33:ee:a0:8b:a5:ee:98:15:d2:38:48:
                    de:75:c1:fa:5c:99:5c:07:da:3c:42:c3:6e:63:23:
                    ac:4f:c7:f0:4a:5a:b2:30:00:f8:49:13:43:b5:fe:
                    18:9e:31:10:7b:06:fb:2b:81:cc:5c:49:1d:86:75:
                    ff:90:81:f6:2d:a5:cb:b1:cb:73:54:56:21:c3:25:
                    5c:3a:86:d0:6d:8d:d4:98:dc:0f:98:2e:80:44:a1:
                    93:6c:6a:d3:e9:33:f6:aa:1f:a0:5c:37:a7:09:19:
                    32:b8:6d:90:bb:f9:07:11:72:97:88:4b:f6:44:2a:
                    6d:fc:9f:a2:08:bc:c0:c8:75:bc:f5:ed:84:44:b2:
                    1d:29:21:d2:ea:95:7f:7d:55:00:b7:97:82:59:40:
                    bb:0c:7d:33:b3:6f:5c:41:89:23:5d:34:4b:2d:86:
                    d0:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:CF:24:03:D5:1D:A5:88:A4:E1:E1:9D:77:8A:76:60:E6:D5:94:40
            X509v3 Authority Key Identifier:
                keyid:74:B4:2A:6D:E4:E0:1F:C3:12:50:D1:BB:E3:22:28:10:46:EE:61:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dLQqbeTgH8MSUNG74yIoEEbuYao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/e5556c-cfea-4972-aaf8-17a1dcdcc6e0/1/dM8kA9UdpYik4eGdd4p2YObVlEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/e5556c-cfea-4972-aaf8-17a1dcdcc6e0/1/dLQqbeTgH8MSUNG74yIoEEbuYao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:dac0:102::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:d2:e6:3a:62:4b:01:ba:8f:9d:e5:a0:98:5b:f3:0d:4d:77:
         79:df:f1:31:be:37:9c:9f:c8:9f:80:80:51:15:47:81:0f:a9:
         d3:ec:20:c9:1d:ba:38:53:9c:09:4e:66:ba:5d:06:f5:59:f3:
         76:f9:ca:98:a3:c0:28:5b:f0:99:53:04:5f:da:e4:09:86:c1:
         b6:34:63:18:77:a1:c1:01:4f:d8:bb:94:3f:9b:7d:4d:32:36:
         f1:7b:4c:89:31:9c:8d:38:47:0d:f1:90:95:7f:12:34:8c:21:
         18:d7:5f:aa:68:1e:2f:ac:73:02:dc:bf:3d:d0:a8:5b:49:e8:
         19:43:55:50:f3:2b:f3:03:4b:9e:0d:73:7a:b1:96:26:1b:6a:
         8c:49:1b:58:b4:8b:c6:cb:7a:3b:3f:dd:74:79:9c:03:c4:54:
         d0:d0:12:ee:a3:a7:d8:07:b8:c6:c1:45:0e:fd:77:bc:e9:ff:
         be:12:15:54:ec:00:22:52:e2:a0:7e:95:0e:b2:04:48:53:cc:
         c5:e9:1f:be:4c:7f:c9:c3:52:82:2d:c0:9a:8b:75:d8:d6:e4:
         56:1d:08:e3:97:e8:4b:9b:9f:cc:a2:d8:af:e3:c1:91:86:1c:
         bf:24:3b:4d:8d:bc:77:59:cc:5d:ea:5e:26:6a:0f:c7:c7:30:
         84:e7:7e:76
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZSIA+/2uRtvewMyZoG5YI6HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0YjQyYTZkZTRlMDFmYzMxMjUwZDFiYmUzMjIyODEwNDZl
ZTYxYWEwHhcNMjUwMTIxMDgzOTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGNmMjQwM2Q1MWRhNTg4YTRlMWUxOWQ3NzhhNzY2MGU2ZDU5NDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdIb3P9WlF+wHaDVJGQKmmEcMqw9
PCNCcaiUaK6S52M/THeZupbHmCSqhSlbGj1F7Yj0TaMxylOH2u4LamRBtHP3YuCS
XVI2EFFKKlicsVPhkW48UEc4DfmDWlGgM+6gi6XumBXSOEjedcH6XJlcB9o8QsNu
YyOsT8fwSlqyMAD4SRNDtf4YnjEQewb7K4HMXEkdhnX/kIH2LaXLsctzVFYhwyVc
OobQbY3UmNwPmC6ARKGTbGrT6TP2qh+gXDenCRkyuG2Qu/kHEXKXiEv2RCpt/J+i
CLzAyHW89e2ERLIdKSHS6pV/fVUAt5eCWUC7DH0zs29cQYkjXTRLLYbQxwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHTPJAPVHaWIpOHhnXeKdmDm1ZRAMB8GA1UdIwQY
MBaAFHS0Km3k4B/DElDRu+MiKBBG7mGqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZExRcWJlVGdIOE1TVU5HNzR5SW9FRWJ1WWFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9lNTU1NmMtY2ZlYS00OTcyLWFhZjgt
MTdhMWRjZGNjNmUwLzEvZE04a0E5VWRwWWlrNGVHZGQ0cDJZT2JWbEVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9lNTU1NmMtY2ZlYS00OTcyLWFhZjgtMTdhMWRjZGNjNmUw
LzEvZExRcWJlVGdIOE1TVU5HNzR5SW9FRWJ1WWFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhDawAEC
MA0GCSqGSIb3DQEBCwUAA4IBAQAt0uY6YksBuo+d5aCYW/MNTXd53/Exvjecn8if
gIBRFUeBD6nT7CDJHbo4U5wJTma6XQb1WfN2+cqYo8AoW/CZUwRf2uQJhsG2NGMY
d6HBAU/Yu5Q/m31NMjbxe0yJMZyNOEcN8ZCVfxI0jCEY11+qaB4vrHMC3L890Khb
SegZQ1VQ8yvzA0ueDXN6sZYmG2qMSRtYtIvGy3o7P910eZwDxFTQ0BLuo6fYB7jG
wUUO/Xe86f++EhVU7AAiUuKgfpUOsgRIU8zF6R++TH/Jw1KCLcCai3XY1uRWHQjj
l+hLm5/Motiv48GRhhy/JDtNjbx3Wcxd6l4mag/HxzCE5352
-----END CERTIFICATE-----