Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/7OFHj8AX0gZeZ5OjpEnblfjTQIs.roa
File:                     7OFHj8AX0gZeZ5OjpEnblfjTQIs.roa (raw, json)
Hash identifier:          ZAnJBeYMpBIglgJPHsFqFJAyLlLegploi/dJoaYVJcI=
Subject key identifier:   EC:E1:47:8F:C0:17:D2:06:5E:67:93:A3:A4:49:DB:95:F8:D3:40:8B
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       019639F26B9199D7A9EF802C4D2EE14D80C3
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/7OFHj8AX0gZeZ5OjpEnblfjTQIs.roa
Signing time:             Tue 15 Apr 2025 14:55:10 +0000
ROA not before:           Tue 15 Apr 2025 14:55:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60770
IP address blocks:        2a02:128:1000::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 May 2025 20:38:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:39:f2:6b:91:99:d7:a9:ef:80:2c:4d:2e:e1:4d:80:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Apr 15 14:55:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ece1478fc017d2065e6793a3a449db95f8d3408b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:79:31:ce:24:02:96:a4:7d:92:e7:73:87:38:
                    f7:0b:b4:8e:49:4e:c6:64:46:bc:ad:6c:08:6f:32:
                    95:4b:e5:c9:dc:00:ae:ee:fc:5a:e0:c9:6e:9a:f3:
                    70:89:c0:ee:20:21:7e:97:c3:f1:84:fb:d1:71:27:
                    6b:76:5d:44:d6:51:e8:c7:98:97:d2:b2:09:62:34:
                    1f:a0:20:d7:41:15:84:f7:ab:84:6f:0c:5c:0f:09:
                    12:34:22:0c:94:c2:ef:b4:e3:5e:a5:f3:10:86:6d:
                    2d:ee:2f:75:67:bb:0f:3b:85:c3:4c:2a:8a:23:0e:
                    23:77:e8:13:53:2a:f9:0c:a5:2d:a8:20:4b:25:46:
                    23:ab:d8:fd:28:af:b5:6a:28:22:21:39:69:41:4a:
                    38:3a:c9:e1:28:09:ce:d1:e2:fe:59:ec:59:9a:14:
                    1e:bb:a8:94:db:5b:6c:25:13:aa:9d:5e:a6:2b:b2:
                    1a:85:a2:5a:f6:26:1a:68:34:e4:8d:53:dd:61:2a:
                    40:97:31:7e:e1:de:a7:dd:1d:0a:fd:b0:bd:82:42:
                    d7:71:0f:aa:f0:f5:f4:50:00:4b:ab:7c:2b:12:8b:
                    5a:31:52:9b:1b:1d:a1:b4:ba:4a:c9:9a:c1:c7:96:
                    0c:27:b9:5b:a5:c4:e7:cf:42:03:df:b7:14:8a:e0:
                    62:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:E1:47:8F:C0:17:D2:06:5E:67:93:A3:A4:49:DB:95:F8:D3:40:8B
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/7OFHj8AX0gZeZ5OjpEnblfjTQIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:128:1000::/44

    Signature Algorithm: sha256WithRSAEncryption
         94:b8:a0:5d:bf:fc:ba:18:09:04:37:5d:3c:ad:90:f8:02:5e:
         df:28:b9:9e:5b:a4:8d:16:9f:c2:63:ae:8f:c0:34:10:c6:a8:
         6c:22:19:35:44:0c:e6:d3:e4:da:2f:b6:58:04:c9:19:c8:c6:
         b0:04:30:72:f1:a0:45:aa:58:8f:e0:e8:d9:9f:74:9f:af:d8:
         dc:f0:10:9d:07:05:44:67:7e:6a:14:66:80:ff:12:e1:16:b7:
         e6:93:85:3b:5f:3a:f1:3e:51:41:28:82:bd:59:82:a0:05:bb:
         87:f6:cb:30:92:56:69:42:37:b3:7d:be:ff:cd:b9:cb:51:37:
         30:2b:96:12:63:f4:3b:3f:f8:0d:17:4a:fb:8b:07:78:88:9c:
         3f:bb:84:68:f0:5b:4b:2d:44:33:9f:0c:08:f4:9c:d1:c8:37:
         0b:1f:8a:b4:bc:1c:e4:0f:b6:e2:7a:97:96:9a:8b:c3:70:a5:
         61:16:a9:dd:2a:ce:5d:8b:12:b4:ed:df:ee:ce:e8:2f:7b:bf:
         1a:34:e8:ed:56:6f:57:b4:ac:24:43:1c:fb:a1:00:ec:16:c5:
         e7:3b:83:fb:6b:d2:ce:73:48:76:78:a2:41:f6:0c:08:b8:a7:
         3f:20:a9:8f:86:eb:f0:2f:96:39:79:17:28:85:f3:d0:70:c3:
         de:07:32:af
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZY58muRmdep74AsTS7hTYDDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwNDE1MTQ1NTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2UxNDc4ZmMwMTdkMjA2NWU2NzkzYTNhNDQ5ZGI5NWY4ZDM0MDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3kxziQClqR9kudzhzj3C7SOSU7G
ZEa8rWwIbzKVS+XJ3ACu7vxa4MlumvNwicDuICF+l8PxhPvRcSdrdl1E1lHox5iX
0rIJYjQfoCDXQRWE96uEbwxcDwkSNCIMlMLvtONepfMQhm0t7i91Z7sPO4XDTCqK
Iw4jd+gTUyr5DKUtqCBLJUYjq9j9KK+1aigiITlpQUo4OsnhKAnO0eL+WexZmhQe
u6iU21tsJROqnV6mK7IahaJa9iYaaDTkjVPdYSpAlzF+4d6n3R0K/bC9gkLXcQ+q
8PX0UABLq3wrEotaMVKbGx2htLpKyZrBx5YMJ7lbpcTnz0ID37cUiuBiNQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOzhR4/AF9IGXmeTo6RJ25X400CLMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvN09GSGo4QVgwZ1plWjVPanBFbmJsZmpUUUlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgIBKBAA
MA0GCSqGSIb3DQEBCwUAA4IBAQCUuKBdv/y6GAkEN108rZD4Al7fKLmeW6SNFp/C
Y66PwDQQxqhsIhk1RAzm0+TaL7ZYBMkZyMawBDBy8aBFqliP4OjZn3Sfr9jc8BCd
BwVEZ35qFGaA/xLhFrfmk4U7XzrxPlFBKIK9WYKgBbuH9sswklZpQjezfb7/zbnL
UTcwK5YSY/Q7P/gNF0r7iwd4iJw/u4Ro8FtLLUQznwwI9JzRyDcLH4q0vBzkD7bi
epeWmovDcKVhFqndKs5dixK07d/uzugve78aNOjtVm9XtKwkQxz7oQDsFsXnO4P7
a9LOc0h2eKJB9gwIuKc/IKmPhuvwL5Y5eRcohfPQcMPeBzKv
-----END CERTIFICATE-----