Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/O2Ge10i5K6X95lLPIRsyBozz_Oo.roa
File:                     O2Ge10i5K6X95lLPIRsyBozz_Oo.roa (raw, json)
Hash identifier:          g1FklavNgDcGcqGZmFR/uHiPZZGovqQJraKptVYUIQQ=
Subject key identifier:   3B:61:9E:D7:48:B9:2B:A5:FD:E6:52:CF:21:1B:32:06:8C:F3:FC:EA
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0194258F956E2DF2E71E64B910ECB7931545
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/O2Ge10i5K6X95lLPIRsyBozz_Oo.roa
Signing time:             Thu 02 Jan 2025 05:49:14 +0000
ROA not before:           Thu 02 Jan 2025 05:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41177
IP address blocks:        146.120.102.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:95:6e:2d:f2:e7:1e:64:b9:10:ec:b7:93:15:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b619ed748b92ba5fde652cf211b32068cf3fcea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:a7:cc:a8:26:0a:1e:db:f3:19:27:55:74:54:
                    85:b2:ab:68:54:8b:f5:c2:3d:64:1d:25:cd:8e:52:
                    27:fb:e5:44:8b:ce:cc:87:08:f9:2c:00:31:78:9e:
                    1f:a4:cf:5e:69:83:1a:88:89:9d:4a:46:12:a9:55:
                    02:c6:c8:2e:05:b4:2e:57:1d:cc:3a:ce:e3:5f:34:
                    49:49:3e:16:58:b4:30:21:cb:bb:b9:d5:4a:3f:f4:
                    5f:dd:ff:28:69:23:0f:33:26:0a:0a:06:26:28:5f:
                    b8:04:03:e9:ad:ed:b6:92:ee:2b:c1:60:50:5d:a6:
                    79:d6:0d:45:00:d5:87:0c:22:6a:da:c5:92:19:8f:
                    7e:72:c9:89:54:73:45:8f:2a:b3:4e:1c:3b:e9:55:
                    57:85:04:bc:cb:46:1e:b8:ed:d0:5d:7f:49:04:ea:
                    d6:38:9c:31:61:40:82:d0:f8:e4:fb:e5:5f:e9:3b:
                    d2:d4:df:6b:be:45:9e:51:06:62:84:9a:75:67:c9:
                    c1:9e:45:8d:9e:fd:6e:fc:76:99:ca:13:ed:ae:a1:
                    34:f1:09:64:9a:e3:0a:d1:0b:f1:c1:7f:d2:35:3a:
                    80:e7:0f:f4:ed:20:c7:ed:2d:a4:ce:99:93:04:c4:
                    74:9d:f4:7d:fe:fe:63:37:47:92:d4:d6:f4:33:a9:
                    d1:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:61:9E:D7:48:B9:2B:A5:FD:E6:52:CF:21:1B:32:06:8C:F3:FC:EA
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/O2Ge10i5K6X95lLPIRsyBozz_Oo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.120.102.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5e:b4:47:3b:ee:4e:82:52:9a:43:03:d3:a4:a2:d5:0c:5f:f8:
         b5:06:29:0a:2c:f4:4d:d4:df:5d:3f:a7:df:a8:9a:86:19:f1:
         7e:82:8f:7d:53:44:23:a1:2f:0b:1a:86:4e:b4:31:21:3c:fb:
         d4:7d:dd:27:1d:5e:de:4d:ec:20:e0:bb:47:42:a7:30:fe:c5:
         fb:34:77:bb:52:4f:fe:55:5a:28:be:c2:7f:7c:91:f0:16:3f:
         69:ac:0f:14:bf:4e:3f:81:12:36:a1:23:ec:32:ae:c4:dc:19:
         b5:2a:81:d3:67:83:e9:58:75:51:ee:05:a5:f7:f9:58:c8:e7:
         0f:4b:a9:97:1e:f8:e7:23:49:dc:26:e8:a6:27:7a:67:71:0d:
         48:41:01:a8:21:c6:55:3e:87:35:ca:f3:ef:7b:ab:5a:0b:e3:
         8c:97:09:01:69:cd:bb:c1:49:dc:3e:01:31:52:48:34:0a:bd:
         56:0e:b4:07:ff:3e:d7:11:71:76:03:7d:ea:fa:39:72:ac:6a:
         fe:f4:b0:2d:3d:3a:97:0c:5e:36:45:94:5a:6c:63:92:83:76:
         d7:f0:c6:06:a5:5f:8d:e4:cf:1c:39:35:1a:d1:be:9f:89:23:
         8f:3a:47:81:89:57:fc:4f:ba:c7:7f:a2:fa:9f:f3:ae:c6:23:
         c6:74:78:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj5VuLfLnHmS5EOy3kxVFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjYxOWVkNzQ4YjkyYmE1ZmRlNjUyY2YyMTFiMzIwNjhjZjNmY2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnKfMqCYKHtvzGSdVdFSFsqtoVIv1
wj1kHSXNjlIn++VEi87Mhwj5LAAxeJ4fpM9eaYMaiImdSkYSqVUCxsguBbQuVx3M
Os7jXzRJST4WWLQwIcu7udVKP/Rf3f8oaSMPMyYKCgYmKF+4BAPpre22ku4rwWBQ
XaZ51g1FANWHDCJq2sWSGY9+csmJVHNFjyqzThw76VVXhQS8y0YeuO3QXX9JBOrW
OJwxYUCC0Pjk++Vf6TvS1N9rvkWeUQZihJp1Z8nBnkWNnv1u/HaZyhPtrqE08Qlk
muMK0QvxwX/SNTqA5w/07SDH7S2kzpmTBMR0nfR9/v5jN0eS1Nb0M6nRaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDthntdIuSul/eZSzyEbMgaM8/zqMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvTzJHZTEwaTVLNlg5NWxMUElSc3lCb3p6X09vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBknhmMA0G
CSqGSIb3DQEBCwUAA4IBAQBetEc77k6CUppDA9OkotUMX/i1BikKLPRN1N9dP6ff
qJqGGfF+go99U0QjoS8LGoZOtDEhPPvUfd0nHV7eTewg4LtHQqcw/sX7NHe7Uk/+
VVoovsJ/fJHwFj9prA8Uv04/gRI2oSPsMq7E3Bm1KoHTZ4PpWHVR7gWl9/lYyOcP
S6mXHvjnI0ncJuimJ3pncQ1IQQGoIcZVPoc1yvPve6taC+OMlwkBac27wUncPgEx
Ukg0Cr1WDrQH/z7XEXF2A33q+jlyrGr+9LAtPTqXDF42RZRabGOSg3bX8MYGpV+N
5M8cOTUa0b6fiSOPOkeBiVf8T7rHf6L6n/OuxiPGdHgz
-----END CERTIFICATE-----