Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/5b92a7-2837-469e-8214-e811e23c1804/1/r816-sGxaSURDTSpC0B66tGRbZs.roa
File:                     r816-sGxaSURDTSpC0B66tGRbZs.roa (raw, json)
Hash identifier:          Cpfj6jfuACJLukpFk9QhkAV4pZmQtjlQ3iLHO8mpk3E=
Subject key identifier:   AF:CD:7A:FA:C1:B1:69:25:11:0D:34:A9:0B:40:7A:EA:D1:91:6D:9B
Certificate issuer:       /CN=918901662a8ec5ff4d3f48d29099230a0575ec8a
Certificate serial:       019425FC45F84570AD5EEB551461EC920389
Authority key identifier: 91:89:01:66:2A:8E:C5:FF:4D:3F:48:D2:90:99:23:0A:05:75:EC:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kYkBZiqOxf9NP0jSkJkjCgV17Io.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/5b92a7-2837-469e-8214-e811e23c1804/1/r816-sGxaSURDTSpC0B66tGRbZs.roa
Signing time:             Thu 02 Jan 2025 07:47:57 +0000
ROA not before:           Thu 02 Jan 2025 07:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39402
IP address blocks:        185.128.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/5b92a7-2837-469e-8214-e811e23c1804/1/kYkBZiqOxf9NP0jSkJkjCgV17Io.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/5b92a7-2837-469e-8214-e811e23c1804/1/kYkBZiqOxf9NP0jSkJkjCgV17Io.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kYkBZiqOxf9NP0jSkJkjCgV17Io.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:45:f8:45:70:ad:5e:eb:55:14:61:ec:92:03:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=918901662a8ec5ff4d3f48d29099230a0575ec8a
        Validity
            Not Before: Jan  2 07:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=afcd7afac1b16925110d34a90b407aead1916d9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:2b:28:ad:97:c1:94:aa:66:22:53:56:30:ef:
                    84:b2:49:a3:84:60:fb:76:63:b6:8c:83:68:12:2b:
                    d1:eb:bf:b8:c9:87:ba:a3:8b:5a:d1:f1:af:93:5e:
                    58:a6:b3:31:23:43:52:42:56:2f:cf:82:4b:76:6a:
                    83:bd:c8:ed:e4:96:02:f3:49:90:a8:ff:95:f2:4e:
                    26:3c:91:26:e0:ce:fb:d6:cd:07:0f:aa:89:9b:76:
                    6e:d0:76:31:a6:f5:47:b4:5c:e0:53:be:ad:1b:2b:
                    98:96:25:9e:f0:29:49:6b:79:7c:9d:6e:df:74:e9:
                    22:07:aa:15:a6:7d:09:45:94:de:8d:21:91:03:73:
                    50:44:3f:07:dc:06:82:86:ca:2d:a3:5f:9e:f9:53:
                    b6:d5:1f:cc:4a:59:a8:7c:fe:ec:8e:1a:45:51:52:
                    65:da:9e:2f:69:9b:cd:6c:80:bc:19:67:43:dd:95:
                    40:65:28:ff:e2:e8:ab:df:52:81:8d:73:0a:9f:c9:
                    b7:0c:fe:e3:14:1b:3b:37:fd:11:0e:59:72:6d:62:
                    8b:aa:07:5c:af:f1:e5:c4:dd:a7:01:a4:96:aa:8b:
                    06:97:7b:13:9f:0e:45:2a:dd:2a:6b:f2:0d:b9:b2:
                    c6:7a:28:7f:b4:c6:d2:9b:cb:ec:a6:46:bb:e0:8c:
                    32:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:CD:7A:FA:C1:B1:69:25:11:0D:34:A9:0B:40:7A:EA:D1:91:6D:9B
            X509v3 Authority Key Identifier:
                keyid:91:89:01:66:2A:8E:C5:FF:4D:3F:48:D2:90:99:23:0A:05:75:EC:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kYkBZiqOxf9NP0jSkJkjCgV17Io.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/5b92a7-2837-469e-8214-e811e23c1804/1/r816-sGxaSURDTSpC0B66tGRbZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/5b92a7-2837-469e-8214-e811e23c1804/1/kYkBZiqOxf9NP0jSkJkjCgV17Io.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.128.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:48:4a:2a:00:ac:fc:9c:38:49:60:7d:08:a2:d5:8b:1b:5d:
         d6:2b:43:2a:c2:f4:e0:fa:b9:3f:16:c2:52:fa:b3:ba:1f:e6:
         5a:d1:92:8c:d4:e1:7c:1f:a8:32:68:77:71:19:29:17:21:08:
         d8:78:00:3b:cb:e1:57:e6:49:a4:21:b1:6c:d2:85:cd:5b:c5:
         9a:d5:2c:94:74:c7:8e:5e:ce:25:d6:58:25:81:cb:34:be:e9:
         bd:f7:27:ec:38:53:c6:84:40:7d:2b:87:8c:91:5f:38:86:72:
         97:15:ee:97:0a:bd:fb:98:17:cf:8f:9a:e9:3b:0a:fc:7f:9a:
         a5:bd:79:a3:88:46:6f:07:6f:1d:8f:42:40:c5:23:17:92:33:
         5f:3c:c6:7f:62:ff:c6:20:a0:56:53:e9:7e:92:d9:16:50:84:
         39:ef:46:be:24:16:66:cb:ae:30:d4:ca:1d:44:a3:58:cf:51:
         75:6c:c4:90:be:79:6c:f2:e2:2a:8a:e3:bc:27:30:06:5c:12:
         7c:12:72:93:dd:d6:4d:0a:70:13:68:b3:d1:2a:21:04:b2:4f:
         08:2b:aa:01:eb:8e:c7:b4:b7:88:c0:a4:ae:cc:2c:b0:a0:35:
         09:b8:60:f1:f9:9d:94:ca:57:4d:78:8b:16:cb:12:32:ca:60:
         7f:32:30:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/EX4RXCtXutVFGHskgOJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxODkwMTY2MmE4ZWM1ZmY0ZDNmNDhkMjkwOTkyMzBhMDU3
NWVjOGEwHhcNMjUwMTAyMDc0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmNkN2FmYWMxYjE2OTI1MTEwZDM0YTkwYjQwN2FlYWQxOTE2ZDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3CsorZfBlKpmIlNWMO+EskmjhGD7
dmO2jINoEivR67+4yYe6o4ta0fGvk15YprMxI0NSQlYvz4JLdmqDvcjt5JYC80mQ
qP+V8k4mPJEm4M771s0HD6qJm3Zu0HYxpvVHtFzgU76tGyuYliWe8ClJa3l8nW7f
dOkiB6oVpn0JRZTejSGRA3NQRD8H3AaChsoto1+e+VO21R/MSlmofP7sjhpFUVJl
2p4vaZvNbIC8GWdD3ZVAZSj/4uir31KBjXMKn8m3DP7jFBs7N/0RDllybWKLqgdc
r/HlxN2nAaSWqosGl3sTnw5FKt0qa/INubLGeih/tMbSm8vspka74Iwy1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK/NevrBsWklEQ00qQtAeurRkW2bMB8GA1UdIwQY
MBaAFJGJAWYqjsX/TT9I0pCZIwoFdeyKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1lrQlppcU94ZjlOUDBqU2tKa2pDZ1YxN0lvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC81YjkyYTctMjgzNy00NjllLTgyMTQt
ZTgxMWUyM2MxODA0LzEvcjgxNi1zR3hhU1VSRFRTcEMwQjY2dEdSYlpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC81YjkyYTctMjgzNy00NjllLTgyMTQtZTgxMWUyM2MxODA0
LzEva1lrQlppcU94ZjlOUDBqU2tKa2pDZ1YxN0lvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYB8MA0G
CSqGSIb3DQEBCwUAA4IBAQBNSEoqAKz8nDhJYH0IotWLG13WK0MqwvTg+rk/FsJS
+rO6H+Za0ZKM1OF8H6gyaHdxGSkXIQjYeAA7y+FX5kmkIbFs0oXNW8Wa1SyUdMeO
Xs4l1lglgcs0vum99yfsOFPGhEB9K4eMkV84hnKXFe6XCr37mBfPj5rpOwr8f5ql
vXmjiEZvB28dj0JAxSMXkjNfPMZ/Yv/GIKBWU+l+ktkWUIQ570a+JBZmy64w1Mod
RKNYz1F1bMSQvnls8uIqiuO8JzAGXBJ8EnKT3dZNCnATaLPRKiEEsk8IK6oB647H
tLeIwKSuzCywoDUJuGDx+Z2UyldNeIsWyxIyymB/MjCg
-----END CERTIFICATE-----