Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dO8uE6QhVMG63ytjz3kMK5BwlpE.roa
File:                     dO8uE6QhVMG63ytjz3kMK5BwlpE.roa (raw, json)
Hash identifier:          IDc5NT6okbJtqu2lnwtuqjG/MtshjP60nSP21B+IJXU=
Subject key identifier:   74:EF:2E:13:A4:21:54:C1:BA:DF:2B:63:CF:79:0C:2B:90:70:96:91
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0194258FB3C8263C5612F7EC858644D7BA7E
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dO8uE6QhVMG63ytjz3kMK5BwlpE.roa
Signing time:             Thu 02 Jan 2025 05:49:22 +0000
ROA not before:           Thu 02 Jan 2025 05:49:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49465
IP address blocks:        2a02:128:16::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:b3:c8:26:3c:56:12:f7:ec:85:86:44:d7:ba:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74ef2e13a42154c1badf2b63cf790c2b90709691
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:9c:f9:c9:cd:1b:54:13:f9:cd:05:c1:db:41:
                    25:3b:e3:ed:fa:86:eb:e9:b2:0c:5e:78:8f:b0:69:
                    8b:bd:e7:82:6e:be:11:67:38:ec:d3:4a:c4:58:e2:
                    80:ed:69:c5:1d:26:2a:f9:f5:24:eb:bb:fa:42:24:
                    64:bd:3e:ba:f9:75:24:15:a8:4c:8a:6d:aa:d3:21:
                    68:d9:6c:06:a2:4a:02:c6:36:58:fd:16:8e:2d:2a:
                    80:85:21:a2:5c:ae:ff:da:d6:55:1b:e5:1c:8e:5c:
                    44:81:d9:26:ac:1f:fe:cb:b1:87:33:4f:b2:18:95:
                    e6:92:47:86:29:c7:d6:32:3d:7c:9f:a4:27:66:cc:
                    b8:23:31:0f:dc:2d:17:eb:4f:6f:7d:36:6e:61:4e:
                    9e:37:3b:bd:5f:79:6b:88:af:b6:c7:30:7a:51:ab:
                    97:b7:84:0c:42:ff:8c:08:cf:53:15:0c:5a:78:62:
                    c9:35:7e:d5:0e:78:a3:97:d8:e5:06:41:e7:05:b0:
                    ef:f7:0d:64:ff:d3:26:e8:aa:ee:2d:b2:72:dd:75:
                    a5:67:ae:47:31:3f:25:fe:48:27:48:39:a6:53:15:
                    ca:be:07:d5:d8:65:8a:74:79:47:98:a9:80:23:a6:
                    6b:ac:6b:dc:15:5c:29:5b:97:8d:2e:48:ce:e2:02:
                    f8:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:EF:2E:13:A4:21:54:C1:BA:DF:2B:63:CF:79:0C:2B:90:70:96:91
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dO8uE6QhVMG63ytjz3kMK5BwlpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:128:16::/48

    Signature Algorithm: sha256WithRSAEncryption
         16:41:97:1d:9b:f5:aa:5c:0c:c5:ad:e7:e8:50:e8:9d:76:cb:
         66:5d:ef:26:65:b5:bd:78:ea:9a:96:1e:15:bf:8d:70:4f:88:
         4c:7a:92:eb:4a:69:b2:7c:2e:f8:b3:51:c7:24:66:25:0a:0e:
         9d:44:78:e5:f2:54:a7:bc:4c:f4:29:23:17:c8:95:4b:a8:6f:
         f0:fa:7b:a1:7b:f1:fb:f8:7a:97:ba:d1:ff:0c:ab:10:2d:25:
         94:5a:f4:3d:b8:bc:cf:62:db:58:d0:f4:7e:01:c1:90:75:c7:
         7f:12:58:04:14:6e:93:0f:2f:2a:db:79:87:87:8a:71:5b:5a:
         e8:a7:94:c3:4d:d3:99:55:58:fd:e4:bc:87:f6:87:ff:7c:90:
         25:83:82:2e:42:30:b7:3c:56:5f:ee:b0:d5:1b:1d:98:8a:09:
         8f:13:37:3f:80:84:be:3a:b8:df:54:0d:c7:1f:58:a2:89:e1:
         eb:82:36:50:d2:57:0b:ab:19:29:65:37:a8:d0:56:8a:77:d6:
         0f:ec:32:a8:c0:c1:1b:be:b7:36:ad:b9:f2:bf:4e:47:00:0e:
         3e:0d:01:c6:26:4f:f4:e8:09:fd:be:88:39:8d:d6:31:7e:3b:
         0c:ec:a3:f8:7c:93:2e:72:94:a0:45:f6:d7:e7:91:f4:d3:e9:
         44:6b:98:a7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlj7PIJjxWEvfshYZE17p+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGVmMmUxM2E0MjE1NGMxYmFkZjJiNjNjZjc5MGMyYjkwNzA5NjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJz5yc0bVBP5zQXB20ElO+Pt+obr
6bIMXniPsGmLveeCbr4RZzjs00rEWOKA7WnFHSYq+fUk67v6QiRkvT66+XUkFahM
im2q0yFo2WwGokoCxjZY/RaOLSqAhSGiXK7/2tZVG+UcjlxEgdkmrB/+y7GHM0+y
GJXmkkeGKcfWMj18n6QnZsy4IzEP3C0X609vfTZuYU6eNzu9X3lriK+2xzB6UauX
t4QMQv+MCM9TFQxaeGLJNX7VDnijl9jlBkHnBbDv9w1k/9Mm6KruLbJy3XWlZ65H
MT8l/kgnSDmmUxXKvgfV2GWKdHlHmKmAI6ZrrGvcFVwpW5eNLkjO4gL46wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHTvLhOkIVTBut8rY895DCuQcJaRMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvZE84dUU2UWhWTUc2M3l0anoza01LNUJ3bHBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIBKAAW
MA0GCSqGSIb3DQEBCwUAA4IBAQAWQZcdm/WqXAzFrefoUOiddstmXe8mZbW9eOqa
lh4Vv41wT4hMepLrSmmyfC74s1HHJGYlCg6dRHjl8lSnvEz0KSMXyJVLqG/w+nuh
e/H7+HqXutH/DKsQLSWUWvQ9uLzPYttY0PR+AcGQdcd/ElgEFG6TDy8q23mHh4px
W1rop5TDTdOZVVj95LyH9of/fJAlg4IuQjC3PFZf7rDVGx2YigmPEzc/gIS+Orjf
VA3HH1iiieHrgjZQ0lcLqxkpZTeo0FaKd9YP7DKowMEbvrc2rbnyv05HAA4+DQHG
Jk/06An9vog5jdYxfjsM7KP4fJMucpSgRfbX55H00+lEa5in
-----END CERTIFICATE-----