Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/F380krUTC-zihGe9AQGZ8czb_4o.roa
File:                     F380krUTC-zihGe9AQGZ8czb_4o.roa (raw, json)
Hash identifier:          geNl9mUxy8SZYVGEBgyh8yDng80zu7gsJU2CRa5Wk5Q=
Subject key identifier:   17:7F:34:92:B5:13:0B:EC:E2:84:67:BD:01:01:99:F1:CC:DB:FF:8A
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0194258FABB28690BBFBBF4C6B155C2F8DAA
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/F380krUTC-zihGe9AQGZ8czb_4o.roa
Signing time:             Thu 02 Jan 2025 05:49:19 +0000
ROA not before:           Thu 02 Jan 2025 05:49:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47673
IP address blocks:        31.148.28.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:ab:b2:86:90:bb:fb:bf:4c:6b:15:5c:2f:8d:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=177f3492b5130bece28467bd010199f1ccdbff8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:53:82:9b:04:0c:9e:a7:fc:c3:fa:e6:85:28:
                    c9:84:43:b8:dc:91:1b:e9:79:18:55:cb:c0:6a:cc:
                    41:81:32:23:0d:f0:97:a7:a5:54:7d:04:38:3b:72:
                    fe:96:5c:85:98:ec:9e:d5:d7:98:f0:9e:fa:a2:26:
                    b9:5e:84:85:e5:90:30:11:53:e5:60:23:ff:20:ec:
                    71:ab:9b:01:51:72:f8:fc:43:86:55:47:e0:8f:b2:
                    b2:a4:af:a1:41:5b:87:01:96:be:b1:42:8f:7c:0f:
                    97:1c:ab:a1:93:eb:7d:d4:8f:11:83:95:e0:24:a5:
                    11:a4:0f:36:65:80:8e:0f:0a:8c:fa:f2:fd:da:d1:
                    a4:a5:be:bd:7d:ca:e2:0e:43:1b:15:01:cf:b7:94:
                    90:38:05:6c:62:7f:93:eb:9b:6e:df:d4:0d:9f:1d:
                    96:af:e9:dd:b3:7b:d7:83:55:11:08:5a:7d:ed:f8:
                    73:db:8f:11:00:f0:19:26:ec:7c:c3:a9:9c:5c:b3:
                    8a:50:e7:ad:7f:e7:63:24:a1:ea:14:7b:69:55:9c:
                    68:b3:03:2c:dd:00:99:98:db:d5:71:ae:cf:57:77:
                    c5:91:b2:e9:e4:3b:db:bb:a7:51:84:70:26:e2:e5:
                    c6:5a:a3:8f:a9:3f:b8:a9:20:0f:3b:7c:a2:bc:d3:
                    1c:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:7F:34:92:B5:13:0B:EC:E2:84:67:BD:01:01:99:F1:CC:DB:FF:8A
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/F380krUTC-zihGe9AQGZ8czb_4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.148.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         39:5e:79:91:1b:48:c5:bb:db:5a:c1:dd:42:69:39:5b:32:a8:
         49:e6:31:e2:29:65:fb:e2:51:54:1f:70:dd:6c:a5:b7:43:77:
         5d:f7:6e:a4:48:e5:1f:25:67:32:4e:a5:b9:ed:b0:0f:00:fb:
         9b:b5:ab:65:9a:4b:78:f1:ab:82:3d:41:d0:09:db:c5:d2:64:
         36:4e:6a:15:b5:46:cf:4b:c9:42:f7:ee:27:98:ee:5c:ee:7f:
         78:4d:f6:40:61:60:ac:3a:ab:4c:33:65:5e:ac:3f:2d:d8:75:
         62:b7:04:00:6d:1b:7d:a7:f3:9c:3a:ae:10:a1:67:08:20:5e:
         2c:32:98:1c:2f:40:61:c6:b2:47:6f:81:91:03:93:c9:05:38:
         1f:50:dd:78:fb:99:f2:08:a6:38:83:c4:2d:37:3d:14:b0:60:
         82:f3:f7:3d:e3:3a:f5:a7:5b:9a:d6:20:73:39:44:2a:d0:3f:
         54:f0:43:45:e6:6a:6c:f1:c4:14:5e:44:f6:86:70:01:a0:82:
         32:3a:08:8d:db:f3:ad:c1:64:97:a8:d9:e5:67:97:7c:47:b7:
         15:d8:91:2b:90:30:cd:21:74:58:af:11:b0:d3:be:9f:60:4b:
         e6:84:72:36:f4:89:29:f0:b5:1f:0f:cc:cf:4d:a8:e7:8f:44:
         b2:ce:3f:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj6uyhpC7+79MaxVcL42qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzdmMzQ5MmI1MTMwYmVjZTI4NDY3YmQwMTAxOTlmMWNjZGJmZjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAslOCmwQMnqf8w/rmhSjJhEO43JEb
6XkYVcvAasxBgTIjDfCXp6VUfQQ4O3L+llyFmOye1deY8J76oia5XoSF5ZAwEVPl
YCP/IOxxq5sBUXL4/EOGVUfgj7KypK+hQVuHAZa+sUKPfA+XHKuhk+t91I8Rg5Xg
JKURpA82ZYCODwqM+vL92tGkpb69fcriDkMbFQHPt5SQOAVsYn+T65tu39QNnx2W
r+nds3vXg1URCFp97fhz248RAPAZJux8w6mcXLOKUOetf+djJKHqFHtpVZxoswMs
3QCZmNvVca7PV3fFkbLp5Dvbu6dRhHAm4uXGWqOPqT+4qSAPO3yivNMcgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBd/NJK1Ewvs4oRnvQEBmfHM2/+KMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvRjM4MGtyVVRDLXppaEdlOUFRR1o4Y3piXzRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBH5QcMA0G
CSqGSIb3DQEBCwUAA4IBAQA5XnmRG0jFu9tawd1CaTlbMqhJ5jHiKWX74lFUH3Dd
bKW3Q3dd926kSOUfJWcyTqW57bAPAPubtatlmkt48auCPUHQCdvF0mQ2TmoVtUbP
S8lC9+4nmO5c7n94TfZAYWCsOqtMM2VerD8t2HVitwQAbRt9p/OcOq4QoWcIIF4s
MpgcL0BhxrJHb4GRA5PJBTgfUN14+5nyCKY4g8QtNz0UsGCC8/c94zr1p1ua1iBz
OUQq0D9U8ENF5mps8cQUXkT2hnABoIIyOgiN2/OtwWSXqNnlZ5d8R7cV2JErkDDN
IXRYrxGw076fYEvmhHI29Ikp8LUfD8zPTajnj0Syzj8Z
-----END CERTIFICATE-----