Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/3ip74V50qs0h4ZWMyydEYUb3bSU.roa
File:                     3ip74V50qs0h4ZWMyydEYUb3bSU.roa (raw, json)
Hash identifier:          VaRHvi6F7wj7omvIXL/64w09nFe4kau8+GxnnxHfyXI=
Subject key identifier:   DE:2A:7B:E1:5E:74:AA:CD:21:E1:95:8C:CB:27:44:61:46:F7:6D:25
Certificate issuer:       /CN=29be02dea0a086e9880f564c86872bbc597cc672
Certificate serial:       018CC7944740B7B5E07234BC488E34AA99E6
Authority key identifier: 29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/3ip74V50qs0h4ZWMyydEYUb3bSU.roa
Signing time:             Tue 02 Jan 2024 00:30:32 +0000
ROA not before:           Tue 02 Jan 2024 00:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28886
IP address blocks:        217.28.48.0/20 maxlen: 20
                          2a02:2880::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:47:40:b7:b5:e0:72:34:bc:48:8e:34:aa:99:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29be02dea0a086e9880f564c86872bbc597cc672
        Validity
            Not Before: Jan  2 00:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de2a7be15e74aacd21e1958ccb27446146f76d25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:c2:00:a4:0a:0d:e6:c1:db:8f:a6:42:69:01:
                    f5:a5:98:a4:ca:21:55:f9:d2:6a:d4:7c:d3:b6:49:
                    98:8e:74:f0:d3:83:65:41:6d:e6:59:4d:6c:97:4f:
                    af:c6:cf:55:93:f3:b9:df:50:f6:97:32:ce:bf:66:
                    77:01:c5:61:bd:5b:69:25:be:a7:1e:07:61:a4:15:
                    7a:2c:76:49:43:93:63:15:8e:58:a1:5e:8b:2d:22:
                    8a:b5:71:c4:87:4b:db:43:47:ef:46:9c:45:05:35:
                    7c:46:d2:f1:30:54:ab:fe:fc:10:de:f4:8f:71:bb:
                    fa:a9:75:a7:52:c7:21:7b:ef:b0:a9:2f:ea:e2:4c:
                    98:66:b0:1d:c6:7b:db:0d:d4:bf:f3:ea:ea:04:47:
                    c5:a2:b6:49:37:e1:17:79:e6:44:36:b9:a5:bb:03:
                    00:f9:9e:9c:7e:98:99:f4:2a:68:8d:7b:2a:a4:45:
                    0d:ca:0b:cc:ab:5c:fa:cd:05:97:86:9b:64:9d:22:
                    c3:29:64:5f:a0:79:28:db:42:29:54:1a:25:14:85:
                    77:00:7b:8a:0a:97:8a:cf:eb:94:87:ca:75:80:7b:
                    28:ce:fa:b6:26:12:ba:6e:75:15:fb:3d:e7:61:71:
                    5d:38:2d:f2:d6:b9:0b:79:af:84:61:0b:c9:46:7b:
                    10:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:2A:7B:E1:5E:74:AA:CD:21:E1:95:8C:CB:27:44:61:46:F7:6D:25
            X509v3 Authority Key Identifier:
                keyid:29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/3ip74V50qs0h4ZWMyydEYUb3bSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.28.48.0/20
                IPv6:
                  2a02:2880::/32

    Signature Algorithm: sha256WithRSAEncryption
         59:39:7f:33:84:50:7f:a4:4e:9d:2d:b1:f0:60:e2:74:7e:be:
         0c:a6:0c:56:75:b2:95:be:a1:72:20:14:2d:dc:6b:be:43:4d:
         6a:41:ce:b9:31:b4:99:77:b8:1f:b1:3c:bc:d8:b2:df:67:53:
         92:74:39:52:e7:7c:5a:11:6a:55:9b:b7:b2:1d:0a:25:90:8e:
         c1:ef:0a:c8:fd:de:91:51:1a:84:de:74:78:87:22:63:ab:41:
         8e:43:4c:4b:db:01:64:06:1f:e5:8c:c2:f2:9e:17:35:0b:a4:
         a9:a3:a2:ee:d9:4b:a6:06:ca:9d:fd:cd:91:86:49:b8:2c:fc:
         42:6d:e7:ca:da:87:da:50:3f:ae:52:53:16:d1:b0:a0:2f:78:
         58:ec:d4:65:aa:40:27:7e:30:4f:f0:99:13:76:0e:37:fb:83:
         c3:5a:c7:6d:35:2d:5d:f0:dc:34:bc:08:65:ff:51:93:2f:4b:
         2b:2f:4c:0f:88:c5:ab:67:83:a1:56:1a:e3:5b:26:db:39:4e:
         93:fe:84:3a:b6:a8:4a:b2:44:d7:3a:4b:d6:31:60:79:6c:fc:
         61:b2:a1:d5:8c:f9:10:17:c6:96:83:21:c5:21:29:34:36:f7:
         a7:9d:45:52:b4:95:28:70:c0:43:41:8d:4b:48:00:c6:6d:04:
         d5:0a:bf:17
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlEdAt7XgcjS8SI40qpnmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YmUwMmRlYTBhMDg2ZTk4ODBmNTY0Yzg2ODcyYmJjNTk3
Y2M2NzIwHhcNMjQwMTAyMDAzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTJhN2JlMTVlNzRhYWNkMjFlMTk1OGNjYjI3NDQ2MTQ2Zjc2ZDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg8IApAoN5sHbj6ZCaQH1pZikyiFV
+dJq1HzTtkmYjnTw04NlQW3mWU1sl0+vxs9Vk/O531D2lzLOv2Z3AcVhvVtpJb6n
HgdhpBV6LHZJQ5NjFY5YoV6LLSKKtXHEh0vbQ0fvRpxFBTV8RtLxMFSr/vwQ3vSP
cbv6qXWnUsche++wqS/q4kyYZrAdxnvbDdS/8+rqBEfForZJN+EXeeZENrmluwMA
+Z6cfpiZ9CpojXsqpEUNygvMq1z6zQWXhptknSLDKWRfoHko20IpVBolFIV3AHuK
CpeKz+uUh8p1gHsozvq2JhK6bnUV+z3nYXFdOC3y1rkLea+EYQvJRnsQeQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFN4qe+FedKrNIeGVjMsnRGFG920lMB8GA1UdIwQY
MBaAFCm+At6goIbpiA9WTIaHK7xZfMZyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMt
MDAzYTE1NjhiZjNmLzEvM2lwNzRWNTBxczBoNFpXTXl5ZEVZVWIzYlNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMtMDAzYTE1NjhiZjNm
LzEvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQE2RwwMA0E
AgACMAcDBQAqAiiAMA0GCSqGSIb3DQEBCwUAA4IBAQBZOX8zhFB/pE6dLbHwYOJ0
fr4MpgxWdbKVvqFyIBQt3Gu+Q01qQc65MbSZd7gfsTy82LLfZ1OSdDlS53xaEWpV
m7eyHQolkI7B7wrI/d6RURqE3nR4hyJjq0GOQ0xL2wFkBh/ljMLynhc1C6Spo6Lu
2UumBsqd/c2Rhkm4LPxCbefK2ofaUD+uUlMW0bCgL3hY7NRlqkAnfjBP8JkTdg43
+4PDWsdtNS1d8Nw0vAhl/1GTL0srL0wPiMWrZ4OhVhrjWybbOU6T/oQ6tqhKskTX
OkvWMWB5bPxhsqHVjPkQF8aWgyHFISk0NvennUVStJUocMBDQY1LSADGbQTVCr8X
-----END CERTIFICATE-----