Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/LqbFynuv1EPjfeCsZkIm8y4C7wE.roa
File:                     LqbFynuv1EPjfeCsZkIm8y4C7wE.roa (raw, json)
Hash identifier:          v6BnAePQ2ZcEYQ4mT21YuzvLOWrHRKzSTLJ4qyT4cv0=
Subject key identifier:   2E:A6:C5:CA:7B:AF:D4:43:E3:7D:E0:AC:66:42:26:F3:2E:02:EF:01
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0194258FAF4C97E2E09603E86365E0F29DA7
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/LqbFynuv1EPjfeCsZkIm8y4C7wE.roa
Signing time:             Thu 02 Jan 2025 05:49:21 +0000
ROA not before:           Thu 02 Jan 2025 05:49:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48511
IP address blocks:        95.46.196.0/24 maxlen: 24
                          146.120.223.0/24 maxlen: 24
                          2a02:128:22::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:af:4c:97:e2:e0:96:03:e8:63:65:e0:f2:9d:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ea6c5ca7bafd443e37de0ac664226f32e02ef01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:a2:62:da:53:3c:0b:15:ca:ff:f2:5c:35:0d:
                    09:1c:1b:fd:29:67:4d:44:28:53:d5:ce:4f:ea:86:
                    ec:d1:08:ab:66:b8:53:c6:9e:22:ab:4d:f3:70:d9:
                    e4:05:cc:21:14:68:12:ca:2a:b3:ce:54:ec:07:60:
                    5b:d5:c9:d9:b1:f8:c1:e6:1a:39:cd:b6:3d:1f:fd:
                    c3:68:0b:57:7f:59:8a:f5:5a:61:fe:fa:64:70:5e:
                    9a:dd:0c:55:0f:4c:16:e6:c1:dd:68:38:86:99:4e:
                    49:5e:5d:1a:1c:92:fb:c3:a5:6d:ff:e7:c6:a7:cb:
                    a0:f5:c6:22:e5:00:25:cb:ed:bc:05:74:a5:d7:23:
                    b2:ea:39:db:e3:bf:9e:86:00:30:fc:45:61:8a:38:
                    6f:8a:b9:53:a3:0c:00:a7:d0:f9:54:cb:9e:f3:12:
                    73:46:25:cd:f4:39:b5:ea:ae:35:b8:f3:cb:27:90:
                    ab:29:ac:5c:27:49:25:04:18:d4:aa:c5:70:0a:8b:
                    5c:76:64:9a:12:99:b2:19:ce:25:9e:17:55:2a:bc:
                    aa:9c:da:fe:f6:b6:e5:31:10:96:d6:25:47:95:fd:
                    1e:c7:72:c4:cb:0e:65:7b:f4:5e:cc:ee:c3:79:eb:
                    4a:c3:96:79:00:f9:13:ec:51:e5:b6:12:86:7b:34:
                    06:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:A6:C5:CA:7B:AF:D4:43:E3:7D:E0:AC:66:42:26:F3:2E:02:EF:01
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/LqbFynuv1EPjfeCsZkIm8y4C7wE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.46.196.0/24
                  146.120.223.0/24
                IPv6:
                  2a02:128:22::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:00:c7:e2:c7:29:2f:a4:b7:b3:c1:a4:c2:1d:96:42:26:9c:
         9c:d9:76:89:7f:b3:3f:c1:9a:71:49:69:d9:4f:93:bb:3c:5e:
         0a:a8:ec:a6:85:eb:a9:99:a6:2a:3f:9f:a4:b7:0e:b2:55:39:
         cd:d0:6a:d9:d3:1a:d1:94:48:81:25:0b:37:72:09:f4:b8:44:
         6e:48:26:7e:dc:20:79:0d:88:c5:30:ef:c2:d4:4e:ec:6d:a3:
         6e:13:db:55:7b:72:91:28:2a:b9:b4:fb:8c:09:4a:1f:10:83:
         c0:52:bd:1c:bf:c3:1d:bc:ba:c2:70:f4:2b:20:4c:a1:74:91:
         9a:8a:5b:2c:6e:e0:48:47:54:79:e3:65:81:e4:ef:6c:e9:fd:
         be:f9:19:d3:ed:49:df:2e:90:c6:72:02:80:e8:e4:f5:9c:74:
         06:2d:13:bd:2c:a3:99:1c:56:66:34:94:62:ca:21:70:3e:d6:
         a2:a8:0e:41:34:f6:4e:9c:e3:f8:bf:a1:56:b5:58:37:2d:e2:
         17:98:05:24:59:1d:e2:90:59:45:a3:fb:d5:f0:38:cc:a6:a6:
         9f:ad:4b:53:e7:20:d1:a9:3e:62:f6:88:3f:32:4a:3e:b2:59:
         0b:03:b0:dd:55:f1:34:02:a2:e9:75:1a:f7:fd:04:3e:98:85:
         53:08:af:4d
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZQlj69Ml+LglgPoY2Xg8p2nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWE2YzVjYTdiYWZkNDQzZTM3ZGUwYWM2NjQyMjZmMzJlMDJlZjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9aJi2lM8CxXK//JcNQ0JHBv9KWdN
RChT1c5P6obs0QirZrhTxp4iq03zcNnkBcwhFGgSyiqzzlTsB2Bb1cnZsfjB5ho5
zbY9H/3DaAtXf1mK9Vph/vpkcF6a3QxVD0wW5sHdaDiGmU5JXl0aHJL7w6Vt/+fG
p8ug9cYi5QAly+28BXSl1yOy6jnb47+ehgAw/EVhijhvirlTowwAp9D5VMue8xJz
RiXN9Dm16q41uPPLJ5CrKaxcJ0klBBjUqsVwCotcdmSaEpmyGc4lnhdVKryqnNr+
9rblMRCW1iVHlf0ex3LEyw5le/RezO7DeetKw5Z5APkT7FHlthKGezQGWQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFC6mxcp7r9RD433grGZCJvMuAu8BMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvTHFiRnludXYxRVBqZmVDc1prSW04eTRDN3dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAXy7EAwQA
knjfMA8EAgACMAkDBwAqAgEoACIwDQYJKoZIhvcNAQELBQADggEBAFYAx+LHKS+k
t7PBpMIdlkImnJzZdol/sz/BmnFJadlPk7s8Xgqo7KaF66mZpio/n6S3DrJVOc3Q
atnTGtGUSIElCzdyCfS4RG5IJn7cIHkNiMUw78LUTuxto24T21V7cpEoKrm0+4wJ
Sh8Qg8BSvRy/wx28usJw9CsgTKF0kZqKWyxu4EhHVHnjZYHk72zp/b75GdPtSd8u
kMZyAoDo5PWcdAYtE70so5kcVmY0lGLKIXA+1qKoDkE09k6c4/i/oVa1WDct4heY
BSRZHeKQWUWj+9XwOMympp+tS1PnINGpPmL2iD8ySj6yWQsDsN1V8TQCoul1Gvf9
BD6YhVMIr00=
-----END CERTIFICATE-----