Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/74-XyhwIkSbY3Vpuw4HiRsXtkjo.roa
File:                     74-XyhwIkSbY3Vpuw4HiRsXtkjo.roa (raw, json)
Hash identifier:          V/j8k82CIFhm0wEfegFtdhmC4+lEdPnNjD+CPe3/Sws=
Subject key identifier:   EF:8F:97:CA:1C:08:91:26:D8:DD:5A:6E:C3:81:E2:46:C5:ED:92:3A
Certificate issuer:       /CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
Certificate serial:       0192D97503029C6C0FD07DBE9356A670AC51
Authority key identifier: 0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/74-XyhwIkSbY3Vpuw4HiRsXtkjo.roa
Signing time:             Tue 29 Oct 2024 18:06:17 +0000
ROA not before:           Tue 29 Oct 2024 18:06:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     10929
IP address blocks:        2a02:c6c1:1::/48 maxlen: 48
                          2a02:c6c1:142::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d9:75:03:02:9c:6c:0f:d0:7d:be:93:56:a6:70:ac:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
        Validity
            Not Before: Oct 29 18:06:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef8f97ca1c089126d8dd5a6ec381e246c5ed923a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:e2:f3:0a:dd:32:47:86:50:9c:d4:99:7f:66:
                    bd:8e:75:61:7d:c9:55:ad:36:ac:2e:b7:b5:fd:79:
                    db:d8:62:7d:2f:41:d5:d6:ba:85:16:20:5b:19:df:
                    d6:b1:48:a5:6d:60:a9:43:a0:00:5e:dd:e3:3a:fe:
                    52:05:98:b6:1d:48:43:40:7d:08:d0:1d:36:a2:22:
                    a6:41:70:fc:8c:67:55:0d:3c:48:80:04:f5:d0:de:
                    dd:b1:b0:72:24:c3:03:9a:5b:67:f7:d9:a5:a6:4b:
                    6c:47:72:66:68:40:15:9b:a1:dc:d5:1f:0d:81:20:
                    82:9e:9c:e6:e9:ce:df:05:0c:5f:53:ed:d5:cb:53:
                    09:43:f6:4b:a7:e8:e2:bf:6e:d5:bb:bc:e3:4c:a1:
                    e1:5a:91:aa:e5:ff:d2:0f:37:85:c3:74:52:96:e8:
                    23:8d:82:97:43:55:50:36:8b:dd:b4:89:bc:db:69:
                    2e:d2:de:bb:9c:27:82:36:1f:21:71:6e:36:40:5c:
                    cc:64:03:c6:62:a4:b9:3a:52:86:8d:2b:d5:10:bb:
                    72:93:7c:29:22:0e:e7:5e:34:06:b7:f3:53:5a:bd:
                    c0:6a:68:fd:03:43:71:82:31:da:40:1e:76:a9:19:
                    37:30:a8:49:0d:6f:c9:20:a3:9a:82:db:e7:05:4e:
                    48:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:8F:97:CA:1C:08:91:26:D8:DD:5A:6E:C3:81:E2:46:C5:ED:92:3A
            X509v3 Authority Key Identifier:
                keyid:0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/74-XyhwIkSbY3Vpuw4HiRsXtkjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:c6c1:1::/48
                  2a02:c6c1:142::/48

    Signature Algorithm: sha256WithRSAEncryption
         71:a6:23:8c:af:ae:50:63:43:7b:c0:c5:25:6a:ee:2e:75:09:
         7a:8b:bd:fa:26:ea:1a:74:7e:89:57:b7:08:45:9a:bf:56:43:
         5b:13:38:0a:f8:d8:b1:d2:0a:1c:dd:5b:54:a5:be:5d:12:23:
         0b:73:79:eb:73:a4:a3:b0:8c:16:8d:65:b9:87:5e:c0:e3:e9:
         b9:37:c9:e4:df:99:e9:1c:32:1b:e4:60:53:c2:cf:6a:76:01:
         75:eb:68:54:db:09:2a:6c:0f:c3:b8:d8:77:b4:12:36:f9:ab:
         ee:eb:43:25:e8:bd:dc:77:f7:67:00:24:92:0d:21:a0:a9:3f:
         61:33:9c:a7:45:64:6e:39:00:e0:0a:dc:08:e1:69:e4:08:8c:
         14:df:f6:15:79:f9:c9:bf:a9:94:a4:f7:91:c1:1c:65:e8:6b:
         42:1e:b0:be:c0:30:57:e7:69:e5:d8:79:89:cd:08:92:28:0a:
         53:83:65:1d:2a:12:74:71:e5:0c:ac:3e:48:d1:d0:0c:31:c5:
         f1:73:f6:01:5a:74:e7:ee:43:f2:0f:ed:0f:e9:0f:28:79:62:
         10:96:03:b9:c3:a6:b8:e7:7d:90:b4:d5:ca:7e:3c:fe:2d:16:
         57:b6:ac:bc:0a:e4:ed:f1:67:e2:2c:40:07:94:cd:d8:17:d8:
         e6:10:14:f8
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZLZdQMCnGwP0H2+k1amcKxRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZjVjYjJmNTkwZDA0MTY1NGY0ZGZkYjYwYTI4ZjlhMTU0
NGY0NDQwHhcNMjQxMDI5MTgwNjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjhmOTdjYTFjMDg5MTI2ZDhkZDVhNmVjMzgxZTI0NmM1ZWQ5MjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyeLzCt0yR4ZQnNSZf2a9jnVhfclV
rTasLre1/Xnb2GJ9L0HV1rqFFiBbGd/WsUilbWCpQ6AAXt3jOv5SBZi2HUhDQH0I
0B02oiKmQXD8jGdVDTxIgAT10N7dsbByJMMDmltn99mlpktsR3JmaEAVm6Hc1R8N
gSCCnpzm6c7fBQxfU+3Vy1MJQ/ZLp+jiv27Vu7zjTKHhWpGq5f/SDzeFw3RSlugj
jYKXQ1VQNovdtIm822ku0t67nCeCNh8hcW42QFzMZAPGYqS5OlKGjSvVELtyk3wp
Ig7nXjQGt/NTWr3Aamj9A0NxgjHaQB52qRk3MKhJDW/JIKOagtvnBU5IUwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFO+Pl8ocCJEm2N1absOB4kbF7ZI6MB8GA1UdIwQY
MBaAFA71yy9ZDQQWVPTf22Cij5oVRPREMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmIt
ZWU0MzVkM2NkNTg1LzEvNzQtWHlod0lrU2JZM1ZwdXc0SGlSc1h0a2pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmItZWU0MzVkM2NkNTg1
LzEvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgLGwQAB
AwcAKgLGwQFCMA0GCSqGSIb3DQEBCwUAA4IBAQBxpiOMr65QY0N7wMUlau4udQl6
i736JuoadH6JV7cIRZq/VkNbEzgK+Nix0goc3VtUpb5dEiMLc3nrc6SjsIwWjWW5
h17A4+m5N8nk35npHDIb5GBTws9qdgF162hU2wkqbA/DuNh3tBI2+avu60Ml6L3c
d/dnACSSDSGgqT9hM5ynRWRuOQDgCtwI4WnkCIwU3/YVefnJv6mUpPeRwRxl6GtC
HrC+wDBX52nl2HmJzQiSKApTg2UdKhJ0ceUMrD5I0dAMMcXxc/YBWnTn7kPyD+0P
6Q8oeWIQlgO5w6a4532QtNXKfjz+LRZXtqy8CuTt8WfiLEAHlM3YF9jmEBT4
-----END CERTIFICATE-----