Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/HIrwvqS4Wuk1y1NSgyirC2rFIjE.roa
File:                     HIrwvqS4Wuk1y1NSgyirC2rFIjE.roa (raw, json)
Hash identifier:          i9A2s0sA7TsEgg3oWKQY3YpxfDgnSCK/yFT5h6DfKFg=
Subject key identifier:   1C:8A:F0:BE:A4:B8:5A:E9:35:CB:53:52:83:28:AB:0B:6A:C5:22:31
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0194258FB9F30E3DD681EC833BDE612DC5E7
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/HIrwvqS4Wuk1y1NSgyirC2rFIjE.roa
Signing time:             Thu 02 Jan 2025 05:49:23 +0000
ROA not before:           Thu 02 Jan 2025 05:49:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50833
IP address blocks:        2a02:128:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:b9:f3:0e:3d:d6:81:ec:83:3b:de:61:2d:c5:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c8af0bea4b85ae935cb53528328ab0b6ac52231
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:5d:14:f7:84:78:2b:78:1c:13:2e:11:1b:17:
                    9d:ac:90:f9:c7:2b:ac:80:fc:23:03:d1:35:5c:19:
                    08:3f:ee:ac:2f:e1:46:98:c3:3d:1d:ba:be:a1:86:
                    1e:7b:35:a9:87:4f:5b:41:c0:dd:cc:ac:e9:0f:9b:
                    52:44:1c:8a:13:74:0e:68:be:7f:a1:4d:3f:97:9c:
                    05:b2:2b:2f:06:5b:44:db:41:a2:48:a9:cf:a3:db:
                    d0:26:e8:88:a7:9d:8b:7b:2f:33:cf:f0:dc:63:09:
                    93:b1:d4:bd:ba:a2:0f:a2:22:0d:b0:de:c9:b3:f0:
                    d5:f6:68:18:00:03:dd:0b:de:ac:95:31:21:25:be:
                    35:e5:14:0f:ff:17:f6:59:ad:6d:52:ee:ab:b0:cb:
                    5f:7b:e7:e9:e8:69:97:86:7c:b2:df:01:29:c1:dc:
                    6a:7f:bc:ba:10:49:e5:db:00:2f:1a:94:d9:22:7a:
                    a3:4f:26:b3:cf:01:8d:7e:10:32:38:8e:b8:40:d0:
                    70:f3:00:8b:d5:51:68:88:11:cc:d6:b4:28:ee:b1:
                    0c:d3:07:c3:c9:da:47:60:cd:58:a6:55:34:5f:de:
                    30:ac:42:db:f9:c3:88:3e:06:db:6c:c0:78:a8:82:
                    9b:e1:59:ae:41:86:a1:12:0d:7d:57:e8:f0:de:5c:
                    89:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:8A:F0:BE:A4:B8:5A:E9:35:CB:53:52:83:28:AB:0B:6A:C5:22:31
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/HIrwvqS4Wuk1y1NSgyirC2rFIjE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:128:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         6f:37:c7:f2:4e:cb:d8:48:a0:3d:ca:d9:c7:c6:21:35:50:85:
         20:6d:35:05:c0:f1:d3:91:43:f1:c6:0b:f8:ab:8d:b6:29:d1:
         a5:75:a9:a9:6c:53:c5:91:39:66:fc:69:91:c6:41:8b:95:dc:
         80:57:d2:3a:91:b8:5a:e8:76:f0:3e:22:16:5d:4b:56:79:b7:
         21:6b:d8:56:3d:ea:26:49:f5:98:44:f7:2c:7b:f7:25:83:b3:
         f5:04:68:eb:f4:38:a0:ea:d6:c2:49:6c:5f:01:41:72:78:97:
         49:e3:4e:95:86:81:ce:9d:c7:d3:ef:23:3c:62:89:72:80:57:
         04:ec:ca:36:be:9e:06:1e:70:17:0c:db:32:46:25:85:04:8b:
         93:e4:ef:0e:d0:a0:30:bb:25:1c:9d:a0:4e:a3:e2:08:e2:6b:
         25:f7:f3:ba:11:20:58:6f:69:25:6e:47:07:1b:b0:33:fe:db:
         26:2c:61:02:22:43:62:e0:a4:5f:89:21:4a:02:89:d3:57:fb:
         30:f6:ea:45:ac:34:92:ea:ef:3e:c9:87:10:41:6d:6d:10:8e:
         84:2b:aa:65:ab:7a:44:fc:f3:27:d0:c8:f3:75:10:eb:38:40:
         89:a6:51:34:c5:5d:9e:22:35:c7:d5:3f:68:95:fb:9b:d3:a7:
         6d:e5:df:a8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlj7nzDj3WgeyDO95hLcXnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzhhZjBiZWE0Yjg1YWU5MzVjYjUzNTI4MzI4YWIwYjZhYzUyMjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu10U94R4K3gcEy4RGxedrJD5xyus
gPwjA9E1XBkIP+6sL+FGmMM9Hbq+oYYeezWph09bQcDdzKzpD5tSRByKE3QOaL5/
oU0/l5wFsisvBltE20GiSKnPo9vQJuiIp52Ley8zz/DcYwmTsdS9uqIPoiINsN7J
s/DV9mgYAAPdC96slTEhJb415RQP/xf2Wa1tUu6rsMtfe+fp6GmXhnyy3wEpwdxq
f7y6EEnl2wAvGpTZInqjTyazzwGNfhAyOI64QNBw8wCL1VFoiBHM1rQo7rEM0wfD
ydpHYM1YplU0X94wrELb+cOIPgbbbMB4qIKb4VmuQYahEg19V+jw3lyJBwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFByK8L6kuFrpNctTUoMoqwtqxSIxMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvSElyd3ZxUzRXdWsxeTFOU2d5aXJDMnJGSWpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIBKAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQBvN8fyTsvYSKA9ytnHxiE1UIUgbTUFwPHTkUPx
xgv4q422KdGldampbFPFkTlm/GmRxkGLldyAV9I6kbha6HbwPiIWXUtWebcha9hW
PeomSfWYRPcse/clg7P1BGjr9Dig6tbCSWxfAUFyeJdJ406VhoHOncfT7yM8Yoly
gFcE7Mo2vp4GHnAXDNsyRiWFBIuT5O8O0KAwuyUcnaBOo+II4msl9/O6ESBYb2kl
bkcHG7Az/tsmLGECIkNi4KRfiSFKAonTV/sw9upFrDSS6u8+yYcQQW1tEI6EK6pl
q3pE/PMn0MjzdRDrOECJplE0xV2eIjXH1T9olfub06dt5d+o
-----END CERTIFICATE-----