Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/Po-xudB0HE48UZHOpupwvz9yrbQ.roa
File:                     Po-xudB0HE48UZHOpupwvz9yrbQ.roa (raw, json)
Hash identifier:          lVFatq2L+Iy6QmpWtRbFHS1vI3rllhStxmnJByjduMY=
Subject key identifier:   3E:8F:B1:B9:D0:74:1C:4E:3C:51:91:CE:A6:EA:70:BF:3F:72:AD:B4
Certificate issuer:       /CN=cdb83cfe5489835f294d0af4dd4db6e3dc25f1f3
Certificate serial:       0194221F6A985BAE1B78DFC05EB669D95A37
Authority key identifier: CD:B8:3C:FE:54:89:83:5F:29:4D:0A:F4:DD:4D:B6:E3:DC:25:F1:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/Po-xudB0HE48UZHOpupwvz9yrbQ.roa
Signing time:             Wed 01 Jan 2025 13:47:51 +0000
ROA not before:           Wed 01 Jan 2025 13:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6505
IP address blocks:        57.74.0.0/16 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:6a:98:5b:ae:1b:78:df:c0:5e:b6:69:d9:5a:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdb83cfe5489835f294d0af4dd4db6e3dc25f1f3
        Validity
            Not Before: Jan  1 13:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3e8fb1b9d0741c4e3c5191cea6ea70bf3f72adb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:4b:7a:55:bd:a8:74:2e:9b:48:5c:b4:b7:e7:
                    a2:77:23:b6:cb:7e:f7:fb:0c:5f:91:05:dc:29:70:
                    e1:a1:ab:26:7e:e5:d4:1b:fb:e1:a2:3e:b0:fe:46:
                    9c:16:d9:cb:c9:eb:16:fb:7e:61:0b:ee:31:7a:61:
                    e4:fa:c4:f5:b2:97:c3:17:77:42:0f:78:04:8e:19:
                    49:20:d2:bb:a0:7e:d7:a4:15:18:85:29:81:6e:db:
                    e6:74:b0:64:da:1d:6f:de:b5:ff:8f:d9:bc:cc:2e:
                    d5:3a:63:0e:46:5f:29:3d:36:a8:e8:92:3b:44:b4:
                    06:49:88:8b:21:5f:f2:f0:d9:ca:c5:5e:6e:82:12:
                    31:d4:b1:12:93:98:70:2b:a4:7a:31:fc:a3:d4:02:
                    3b:56:5e:01:0c:25:c8:d0:9e:4c:11:f2:ed:1e:32:
                    fe:d6:dc:52:16:b5:93:82:ff:52:61:20:eb:95:39:
                    cd:ce:52:ba:d1:ee:cc:a1:8d:78:97:11:b0:3e:30:
                    fb:cc:4e:5f:8d:62:90:f3:7d:00:8d:11:c5:bb:37:
                    7d:25:3b:ad:96:25:dd:5b:9f:1c:7f:a5:b8:03:13:
                    02:20:dc:d5:8a:c4:67:d7:1e:0f:39:fe:a1:60:95:
                    62:87:e3:52:7c:97:e2:91:73:07:07:d4:13:db:db:
                    2c:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:8F:B1:B9:D0:74:1C:4E:3C:51:91:CE:A6:EA:70:BF:3F:72:AD:B4
            X509v3 Authority Key Identifier:
                keyid:CD:B8:3C:FE:54:89:83:5F:29:4D:0A:F4:DD:4D:B6:E3:DC:25:F1:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zbg8_lSJg18pTQr03U2249wl8fM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/Po-xudB0HE48UZHOpupwvz9yrbQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/739716-9af2-47f5-a6f1-a3b74f9641ac/1/zbg8_lSJg18pTQr03U2249wl8fM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.74.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         ab:5e:5b:98:62:25:5d:90:06:fa:76:7a:7e:9a:35:00:2b:ff:
         67:88:c8:b6:59:d0:b9:2d:a9:0e:c5:03:03:c1:86:5a:c5:3a:
         92:17:ee:05:a8:fc:be:5b:4d:cc:eb:8f:e8:f3:b4:a1:70:0e:
         70:6d:e5:35:10:0c:3d:27:fc:46:58:bc:23:d0:8b:6d:10:c2:
         73:1b:9c:ef:60:01:55:c3:1a:4e:ed:8d:a6:f4:50:55:d7:ba:
         0f:be:c0:6a:b6:d1:38:3b:bc:e8:fb:20:a6:c9:35:95:7a:c3:
         a8:2c:b9:a0:85:b5:90:37:7a:b1:0b:ce:0e:c4:f6:7e:49:e7:
         48:93:e8:00:19:1f:58:c4:0f:d9:92:d5:71:07:26:b6:2f:b3:
         3c:5d:65:60:63:10:32:06:c0:d9:75:60:3c:45:3d:9f:90:a9:
         b0:e8:b2:a8:53:d5:05:54:bc:6f:00:b9:77:2e:20:a6:8e:ee:
         91:40:54:0e:18:b2:c7:c3:a7:32:0e:57:cb:2d:9f:fb:ba:d5:
         39:32:a9:69:2b:54:ea:2e:8b:62:bb:b2:6a:ab:4a:db:5f:53:
         f8:12:8e:55:ba:db:7e:91:af:97:fa:48:76:91:9a:2a:b8:39:
         fb:e6:ae:29:ac:25:43:1e:77:d0:f0:87:e3:6f:d3:54:47:97:
         39:da:c7:87
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQiH2qYW64beN/AXrZp2Vo3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYjgzY2ZlNTQ4OTgzNWYyOTRkMGFmNGRkNGRiNmUzZGMy
NWYxZjMwHhcNMjUwMTAxMTM0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZThmYjFiOWQwNzQxYzRlM2M1MTkxY2VhNmVhNzBiZjNmNzJhZGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkEt6Vb2odC6bSFy0t+eidyO2y373
+wxfkQXcKXDhoasmfuXUG/vhoj6w/kacFtnLyesW+35hC+4xemHk+sT1spfDF3dC
D3gEjhlJINK7oH7XpBUYhSmBbtvmdLBk2h1v3rX/j9m8zC7VOmMORl8pPTao6JI7
RLQGSYiLIV/y8NnKxV5ughIx1LESk5hwK6R6Mfyj1AI7Vl4BDCXI0J5MEfLtHjL+
1txSFrWTgv9SYSDrlTnNzlK60e7MoY14lxGwPjD7zE5fjWKQ830AjRHFuzd9JTut
liXdW58cf6W4AxMCINzVisRn1x4POf6hYJVih+NSfJfikXMHB9QT29ssRQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFD6PsbnQdBxOPFGRzqbqcL8/cq20MB8GA1UdIwQY
MBaAFM24PP5UiYNfKU0K9N1NtuPcJfHzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemJnOF9sU0pnMThwVFFyMDNVMjI0OXdsOGZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS83Mzk3MTYtOWFmMi00N2Y1LWE2ZjEt
YTNiNzRmOTY0MWFjLzEvUG8teHVkQjBIRTQ4VVpIT3B1cHd2ejl5cmJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS83Mzk3MTYtOWFmMi00N2Y1LWE2ZjEtYTNiNzRmOTY0MWFj
LzEvemJnOF9sU0pnMThwVFFyMDNVMjI0OXdsOGZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAOUowDQYJ
KoZIhvcNAQELBQADggEBAKteW5hiJV2QBvp2en6aNQAr/2eIyLZZ0LktqQ7FAwPB
hlrFOpIX7gWo/L5bTczrj+jztKFwDnBt5TUQDD0n/EZYvCPQi20QwnMbnO9gAVXD
Gk7tjab0UFXXug++wGq20Tg7vOj7IKbJNZV6w6gsuaCFtZA3erELzg7E9n5J50iT
6AAZH1jED9mS1XEHJrYvszxdZWBjEDIGwNl1YDxFPZ+QqbDosqhT1QVUvG8AuXcu
IKaO7pFAVA4YssfDpzIOV8stn/u61TkyqWkrVOoui2K7smqrSttfU/gSjlW6236R
r5f6SHaRmiq4OfvmrimsJUMed9Dwh+Nv01RHlznax4c=
-----END CERTIFICATE-----