Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/z0kUYPidzsxlqiqvMpL4j_5TmuE.roa
File:                     z0kUYPidzsxlqiqvMpL4j_5TmuE.roa (raw, json)
Hash identifier:          j78waP7Ng3rn+TklTtZ1xEru/9415kmvgH8FvzaE8N4=
Subject key identifier:   CF:49:14:60:F8:9D:CE:CC:65:AA:2A:AF:32:92:F8:8F:FE:53:9A:E1
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A0D2AF19C32D19A5B3EA80E411E60
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/z0kUYPidzsxlqiqvMpL4j_5TmuE.roa
Signing time:             Tue 02 Jan 2024 12:33:22 +0000
ROA not before:           Tue 02 Jan 2024 12:33:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50833
IP address blocks:        2a02:128:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:0d:2a:f1:9c:32:d1:9a:5b:3e:a8:0e:41:1e:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf491460f89dcecc65aa2aaf3292f88ffe539ae1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:cb:fb:2f:e7:72:bf:b2:c9:16:1e:c9:b4:1d:
                    0e:80:9e:4b:74:4b:3b:97:b6:be:6d:2d:22:16:b5:
                    df:45:2d:3d:1c:6e:70:42:d5:e4:42:c0:ff:62:13:
                    d4:31:4c:52:d3:5e:b1:5a:76:4c:69:08:95:25:b2:
                    57:cf:07:30:d4:03:53:c6:3f:8b:cd:a4:af:9d:54:
                    86:ed:b1:97:d8:0a:e4:e4:42:00:8e:72:b1:8d:3a:
                    3a:60:4a:91:0d:65:96:fe:6d:fc:7c:6a:81:f1:41:
                    a6:10:67:6b:85:43:73:2b:62:01:93:1c:8b:ac:46:
                    06:24:b2:56:6f:3d:d0:10:23:9c:95:bd:e6:c7:44:
                    3e:8d:b1:f1:ad:04:c2:ad:ef:ab:28:c7:f2:1c:87:
                    79:40:71:8d:ba:2e:8c:f4:cc:76:13:5c:08:19:78:
                    e2:17:e3:4e:0c:aa:9e:0c:74:65:ea:10:6f:53:90:
                    87:94:48:5a:c5:eb:c5:e9:b2:02:2a:c2:46:15:3d:
                    14:da:4f:bc:5c:5e:b0:69:2e:7c:7e:1d:2d:bd:67:
                    f3:f6:fb:78:ec:d2:45:f1:b6:d3:90:cd:25:5e:9c:
                    a2:56:33:8c:3b:fb:88:09:37:75:23:c1:34:a0:d1:
                    94:4a:3d:73:b7:4f:f2:48:55:fe:2d:94:37:c1:98:
                    71:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:49:14:60:F8:9D:CE:CC:65:AA:2A:AF:32:92:F8:8F:FE:53:9A:E1
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/z0kUYPidzsxlqiqvMpL4j_5TmuE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:128:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         a9:82:3a:01:f2:53:9e:fb:4f:e9:46:7d:cb:3e:69:92:b4:65:
         5e:00:45:3b:f0:68:14:14:2c:2e:fa:8c:9b:f3:2c:44:93:c4:
         09:41:34:7c:72:ca:50:95:c0:c3:55:5e:1b:f5:96:c2:c0:6e:
         18:b5:47:52:db:73:ea:e2:2e:cf:55:ba:83:eb:5c:ce:46:0c:
         2b:3a:27:4e:9b:ab:3e:c6:e7:58:f4:c5:df:3c:66:c9:c8:ac:
         40:58:63:e6:0b:01:50:1e:4f:13:36:4f:44:b9:88:1a:53:5c:
         9c:01:f0:9f:b6:83:fd:6a:1e:03:b3:58:88:d0:85:c5:a2:d4:
         1b:e6:c0:c8:f7:66:00:d3:1f:d0:06:21:2d:0e:1f:5c:b1:f8:
         18:ed:5e:45:38:0c:0f:51:b7:e8:cc:be:3d:b4:17:38:97:80:
         ba:23:ed:6e:da:4d:3e:d6:fa:58:ef:38:7c:80:ec:f0:16:50:
         66:79:e5:03:80:25:d8:5b:b8:1a:84:f3:06:40:81:a1:de:f7:
         b3:bd:7d:5a:d4:fa:0d:e3:bd:42:d3:5d:73:67:40:ed:02:78:
         58:dc:7e:d9:15:fe:5b:f2:52:d3:94:90:dc:f2:94:43:f9:2b:
         28:d0:ad:1c:fb:bc:6a:ab:8c:b4:04:a3:f4:a8:39:fe:6b:d6:
         7e:a4:e7:70
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKg0q8Zwy0ZpbPqgOQR5gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjQ5MTQ2MGY4OWRjZWNjNjVhYTJhYWYzMjkyZjg4ZmZlNTM5YWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMv7L+dyv7LJFh7JtB0OgJ5LdEs7
l7a+bS0iFrXfRS09HG5wQtXkQsD/YhPUMUxS016xWnZMaQiVJbJXzwcw1ANTxj+L
zaSvnVSG7bGX2Ark5EIAjnKxjTo6YEqRDWWW/m38fGqB8UGmEGdrhUNzK2IBkxyL
rEYGJLJWbz3QECOclb3mx0Q+jbHxrQTCre+rKMfyHId5QHGNui6M9Mx2E1wIGXji
F+NODKqeDHRl6hBvU5CHlEhaxevF6bICKsJGFT0U2k+8XF6waS58fh0tvWfz9vt4
7NJF8bbTkM0lXpyiVjOMO/uICTd1I8E0oNGUSj1zt0/ySFX+LZQ3wZhxVwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFM9JFGD4nc7MZaoqrzKS+I/+U5rhMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvejBrVVlQaWR6c3hscWlxdk1wTDRqXzVUbXVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIBKAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQCpgjoB8lOe+0/pRn3LPmmStGVeAEU78GgUFCwu
+oyb8yxEk8QJQTR8cspQlcDDVV4b9ZbCwG4YtUdS23Pq4i7PVbqD61zORgwrOidO
m6s+xudY9MXfPGbJyKxAWGPmCwFQHk8TNk9EuYgaU1ycAfCftoP9ah4Ds1iI0IXF
otQb5sDI92YA0x/QBiEtDh9csfgY7V5FOAwPUbfozL49tBc4l4C6I+1u2k0+1vpY
7zh8gOzwFlBmeeUDgCXYW7gahPMGQIGh3vezvX1a1PoN471C011zZ0DtAnhY3H7Z
Ff5b8lLTlJDc8pRD+Sso0K0c+7xqq4y0BKP0qDn+a9Z+pOdw
-----END CERTIFICATE-----