Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/JOdkDpvp0vkWhvJ9lV0dWUTL_74.roa
File:                     JOdkDpvp0vkWhvJ9lV0dWUTL_74.roa (raw, json)
Hash identifier:          Yn5hV+sSL6Zg2EJjKD6GZsY1cY5bsq3d8VKm7ARDueo=
Subject key identifier:   24:E7:64:0E:9B:E9:D2:F9:16:86:F2:7D:95:5D:1D:59:44:CB:FF:BE
Certificate issuer:       /CN=d31dd1a514d3a7e3dfdb8bfb75d7d24ed98d479f
Certificate serial:       01942143F9D9C3824691D8AEB63B62515771
Authority key identifier: D3:1D:D1:A5:14:D3:A7:E3:DF:DB:8B:FB:75:D7:D2:4E:D9:8D:47:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0x3RpRTTp-Pf24v7ddfSTtmNR58.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/JOdkDpvp0vkWhvJ9lV0dWUTL_74.roa
Signing time:             Wed 01 Jan 2025 09:48:10 +0000
ROA not before:           Wed 01 Jan 2025 09:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        2a01:6f8:c2e0::/48 maxlen: 50
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/0x3RpRTTp-Pf24v7ddfSTtmNR58.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/0x3RpRTTp-Pf24v7ddfSTtmNR58.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0x3RpRTTp-Pf24v7ddfSTtmNR58.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:f9:d9:c3:82:46:91:d8:ae:b6:3b:62:51:57:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d31dd1a514d3a7e3dfdb8bfb75d7d24ed98d479f
        Validity
            Not Before: Jan  1 09:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=24e7640e9be9d2f91686f27d955d1d5944cbffbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:b3:40:7e:a4:0b:70:d4:b7:8b:81:8e:6b:46:
                    a0:94:10:95:e8:71:97:7a:35:b1:60:dd:95:11:bc:
                    34:b3:fe:44:3e:bb:a9:36:29:e4:15:fe:bd:97:4a:
                    d3:65:d7:7c:67:7a:e3:4d:74:dd:76:0c:04:ab:e4:
                    f2:b8:e2:09:4a:4c:80:bf:37:06:54:f5:d4:24:08:
                    1d:69:b0:7a:0a:d6:a1:a6:f1:d6:fc:3a:8d:70:ba:
                    f9:70:98:4a:3c:ef:ab:47:71:08:36:23:00:ad:0e:
                    c2:a6:db:7c:dc:0c:78:42:50:1c:75:fc:bd:8f:31:
                    74:65:b9:90:a9:c9:49:57:c1:33:05:51:38:f6:40:
                    c0:a5:75:e5:18:c2:31:39:41:af:c2:3d:50:6a:23:
                    ad:28:16:bb:9c:3e:a4:9b:9e:a5:d8:fc:63:fb:40:
                    23:6a:2f:a7:69:b1:8a:39:7d:b4:f3:82:a1:16:68:
                    cb:9f:a5:66:00:00:47:45:c8:90:19:99:4f:9d:f7:
                    e1:fa:c8:41:bb:f9:62:51:7e:f5:0b:b4:17:f0:db:
                    2a:f4:da:b7:30:9f:88:7f:15:22:e3:cf:a7:fd:17:
                    31:85:73:17:a5:65:37:ed:c7:71:f2:b8:02:8e:59:
                    49:e6:e1:9f:63:7a:b8:14:90:1e:8e:58:72:50:36:
                    f7:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:E7:64:0E:9B:E9:D2:F9:16:86:F2:7D:95:5D:1D:59:44:CB:FF:BE
            X509v3 Authority Key Identifier:
                keyid:D3:1D:D1:A5:14:D3:A7:E3:DF:DB:8B:FB:75:D7:D2:4E:D9:8D:47:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0x3RpRTTp-Pf24v7ddfSTtmNR58.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/JOdkDpvp0vkWhvJ9lV0dWUTL_74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/0x3RpRTTp-Pf24v7ddfSTtmNR58.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:6f8:c2e0::/48

    Signature Algorithm: sha256WithRSAEncryption
         a2:67:b2:65:9e:24:b0:e2:d8:62:a8:e1:1d:64:93:be:03:af:
         8e:ec:3f:ef:06:41:46:80:da:e7:fa:a8:9f:f6:eb:6d:bc:3d:
         99:32:a2:f9:3e:a8:c8:09:e2:95:2d:70:93:27:09:c4:c4:b4:
         df:22:89:46:0c:2c:3f:4a:dc:e4:fa:db:ca:ef:7c:1e:21:06:
         86:0a:c2:05:4e:fd:2e:0a:25:3a:81:64:e6:bd:b0:54:65:23:
         f5:11:4f:26:d7:58:5d:d4:75:a1:aa:cc:95:71:8a:4c:0f:70:
         43:0b:bd:a0:f3:7b:13:e3:d8:a5:74:ce:86:50:b3:4a:d9:11:
         fe:18:73:ce:bb:b6:28:50:e0:4e:17:db:3b:62:72:cc:e3:d5:
         02:45:4b:82:4e:e4:17:c3:bb:aa:5b:45:88:a1:b0:90:08:8d:
         40:95:50:02:da:36:0b:1d:28:3c:c5:e3:87:c1:16:1c:b6:67:
         05:70:b6:80:b6:42:6c:25:eb:08:6f:d6:e7:64:9c:c3:19:d9:
         8a:8b:b2:0a:d7:9e:2e:12:79:f4:fc:34:32:1d:57:7c:1d:25:
         e8:3b:80:25:9d:07:9e:0b:aa:f8:a2:0a:4f:0d:65:d7:94:39:
         27:57:2e:c5:d3:f7:83:4c:6b:21:40:ec:e3:aa:42:1b:2f:2b:
         99:b5:23:30
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQhQ/nZw4JGkdiutjtiUVdxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzMWRkMWE1MTRkM2E3ZTNkZmRiOGJmYjc1ZDdkMjRlZDk4
ZDQ3OWYwHhcNMjUwMTAxMDk0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGU3NjQwZTliZTlkMmY5MTY4NmYyN2Q5NTVkMWQ1OTQ0Y2JmZmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLNAfqQLcNS3i4GOa0aglBCV6HGX
ejWxYN2VEbw0s/5EPrupNinkFf69l0rTZdd8Z3rjTXTddgwEq+TyuOIJSkyAvzcG
VPXUJAgdabB6CtahpvHW/DqNcLr5cJhKPO+rR3EINiMArQ7Cptt83Ax4QlAcdfy9
jzF0ZbmQqclJV8EzBVE49kDApXXlGMIxOUGvwj1QaiOtKBa7nD6km56l2Pxj+0Aj
ai+nabGKOX2084KhFmjLn6VmAABHRciQGZlPnffh+shBu/liUX71C7QX8Nsq9Nq3
MJ+IfxUi48+n/RcxhXMXpWU37cdx8rgCjllJ5uGfY3q4FJAejlhyUDb3xQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCTnZA6b6dL5FobyfZVdHVlEy/++MB8GA1UdIwQY
MBaAFNMd0aUU06fj39uL+3XX0k7ZjUefMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHgzUnBSVFRwLVBmMjR2N2RkZlNUdG1OUjU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9mMjQ3OGYtYzUwMy00MmMyLTk0YjIt
YjE2NmFlMmVmMjg3LzEvSk9ka0RwdnAwdmtXaHZKOWxWMGRXVVRMXzc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9mMjQ3OGYtYzUwMy00MmMyLTk0YjItYjE2NmFlMmVmMjg3
LzEvMHgzUnBSVFRwLVBmMjR2N2RkZlNUdG1OUjU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgEG+MLg
MA0GCSqGSIb3DQEBCwUAA4IBAQCiZ7JlniSw4thiqOEdZJO+A6+O7D/vBkFGgNrn
+qif9uttvD2ZMqL5PqjICeKVLXCTJwnExLTfIolGDCw/Stzk+tvK73weIQaGCsIF
Tv0uCiU6gWTmvbBUZSP1EU8m11hd1HWhqsyVcYpMD3BDC72g83sT49ildM6GULNK
2RH+GHPOu7YoUOBOF9s7YnLM49UCRUuCTuQXw7uqW0WIobCQCI1AlVAC2jYLHSg8
xeOHwRYctmcFcLaAtkJsJesIb9bnZJzDGdmKi7IK154uEnn0/DQyHVd8HSXoO4Al
nQeeC6r4ogpPDWXXlDknVy7F0/eDTGshQOzjqkIbLyuZtSMw
-----END CERTIFICATE-----