Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/X72BEs2nuOmCDd-O-ZBod8Vj9WA.roa
File:                     X72BEs2nuOmCDd-O-ZBod8Vj9WA.roa (raw, json)
Hash identifier:          Bu3WTV7xcVaT+AHyaQX4vyrMH2b25MvLRjHr3Afz4k8=
Subject key identifier:   5F:BD:81:12:CD:A7:B8:E9:82:0D:DF:8E:F9:90:68:77:C5:63:F5:60
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0194258FA0FE503FE4D038674581E062D123
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/X72BEs2nuOmCDd-O-ZBod8Vj9WA.roa
Signing time:             Thu 02 Jan 2025 05:49:17 +0000
ROA not before:           Thu 02 Jan 2025 05:49:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43680
IP address blocks:        185.67.254.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:a0:fe:50:3f:e4:d0:38:67:45:81:e0:62:d1:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5fbd8112cda7b8e9820ddf8ef9906877c563f560
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:66:b6:a6:09:9b:89:6c:fb:0e:88:10:81:f7:
                    1d:b1:fc:4d:d2:63:b2:a0:80:89:89:99:33:76:58:
                    57:9c:c3:76:5d:e0:12:f4:63:39:a8:be:59:91:10:
                    40:46:ef:46:c9:3a:62:e7:2d:fd:e7:64:70:b9:7b:
                    13:c1:8e:20:02:71:5c:4d:41:9d:93:7a:da:0f:ed:
                    59:82:a9:e4:44:bf:70:2b:ff:7c:1b:d0:53:4e:59:
                    3d:7e:d9:40:49:75:38:5e:0b:18:32:b0:06:cc:ab:
                    87:5b:ec:6b:24:d3:f2:6a:bc:31:5d:71:d1:67:90:
                    48:8a:c9:0d:d0:7c:b5:33:1a:bc:47:30:b4:6e:14:
                    ba:67:10:e5:57:73:38:6c:33:c9:0c:d2:6d:ec:21:
                    d7:80:49:50:32:59:5d:a9:cc:eb:e1:8a:f2:37:58:
                    b6:76:a3:2c:69:05:39:e5:1a:8e:38:d8:26:5c:85:
                    d4:a9:d3:1b:47:5f:45:d9:46:59:fb:b3:48:07:7e:
                    e7:15:22:1f:ee:c1:eb:d0:c1:11:06:e6:54:3c:e9:
                    2a:50:ee:34:18:f0:94:73:13:33:fb:e7:48:dd:fd:
                    6c:98:fc:4a:08:4a:08:f3:60:b2:d7:88:13:da:d1:
                    51:20:d0:53:50:f0:3f:8d:ae:43:ae:25:76:18:e2:
                    9f:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:BD:81:12:CD:A7:B8:E9:82:0D:DF:8E:F9:90:68:77:C5:63:F5:60
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/X72BEs2nuOmCDd-O-ZBod8Vj9WA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.67.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8c:b6:ca:c8:1b:d3:42:cf:84:5b:50:9c:cc:e2:eb:c4:9d:df:
         1b:fb:da:b9:28:3a:4b:2b:45:53:23:f7:64:f7:58:37:6f:2f:
         02:e1:92:5a:a2:fc:f2:4f:b5:60:81:ad:73:ea:b0:a4:8e:73:
         1a:4f:38:12:9f:7a:ff:0e:8d:54:6b:38:19:29:40:b0:00:c2:
         e3:32:17:2e:c3:64:66:22:db:f2:62:4d:5b:f0:b6:1c:09:4d:
         95:60:e2:e5:06:0d:0f:24:62:8e:39:aa:69:85:8e:d7:f7:f3:
         60:ba:e0:7e:0e:4d:69:03:cc:7b:7c:32:e0:c9:cd:00:47:df:
         42:dc:b8:b2:8c:ba:a5:2c:9b:4b:f7:7a:5e:28:78:05:1f:a3:
         8d:7d:52:e6:55:46:e9:50:66:a3:cc:ed:6b:27:7d:46:f4:a4:
         3f:ef:ad:00:fe:5b:f1:41:5d:a7:fb:d2:46:ae:00:ab:30:47:
         d6:5a:11:fd:f8:2c:31:3b:e1:0f:5a:70:8a:c7:74:87:3e:d0:
         a1:9f:48:9d:5f:2f:29:d3:7b:57:1c:0e:70:b8:15:6c:11:36:
         8c:af:90:a3:da:90:b6:bc:89:4b:20:fe:39:87:ad:4d:8f:65:
         d4:d3:c6:14:2d:f7:6c:0b:a7:55:97:48:69:0f:37:a9:d2:e8:
         df:fa:bb:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj6D+UD/k0DhnRYHgYtEjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmJkODExMmNkYTdiOGU5ODIwZGRmOGVmOTkwNjg3N2M1NjNmNTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2a2pgmbiWz7DogQgfcdsfxN0mOy
oICJiZkzdlhXnMN2XeAS9GM5qL5ZkRBARu9GyTpi5y3952RwuXsTwY4gAnFcTUGd
k3raD+1ZgqnkRL9wK/98G9BTTlk9ftlASXU4XgsYMrAGzKuHW+xrJNPyarwxXXHR
Z5BIiskN0Hy1Mxq8RzC0bhS6ZxDlV3M4bDPJDNJt7CHXgElQMlldqczr4YryN1i2
dqMsaQU55RqOONgmXIXUqdMbR19F2UZZ+7NIB37nFSIf7sHr0MERBuZUPOkqUO40
GPCUcxMz++dI3f1smPxKCEoI82Cy14gT2tFRINBTUPA/ja5DriV2GOKf7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF+9gRLNp7jpgg3fjvmQaHfFY/VgMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvWDcyQkVzMm51T21DRGQtTy1aQm9kOFZqOVdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuUP+MA0G
CSqGSIb3DQEBCwUAA4IBAQCMtsrIG9NCz4RbUJzM4uvEnd8b+9q5KDpLK0VTI/dk
91g3by8C4ZJaovzyT7Vgga1z6rCkjnMaTzgSn3r/Do1UazgZKUCwAMLjMhcuw2Rm
ItvyYk1b8LYcCU2VYOLlBg0PJGKOOapphY7X9/NguuB+Dk1pA8x7fDLgyc0AR99C
3LiyjLqlLJtL93peKHgFH6ONfVLmVUbpUGajzO1rJ31G9KQ/760A/lvxQV2n+9JG
rgCrMEfWWhH9+CwxO+EPWnCKx3SHPtChn0idXy8p03tXHA5wuBVsETaMr5Cj2pC2
vIlLIP45h61Nj2XU08YULfdsC6dVl0hpDzep0ujf+rt9
-----END CERTIFICATE-----