Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/d37915-6a39-44d1-8e21-4ba3fc3484ce/1/rFTeutv7ncosyVELsjBPuGUWPXg.roa
File:                     rFTeutv7ncosyVELsjBPuGUWPXg.roa (raw, json)
Hash identifier:          3jWkW9UXoO4OT59nEwZcfLNgs2xPr0SGvuTbiF7V2WA=
Subject key identifier:   AC:54:DE:BA:DB:FB:9D:CA:2C:C9:51:0B:B2:30:4F:B8:65:16:3D:78
Certificate issuer:       /CN=064983d3a4a1c26aa295034869c584f757380b2b
Certificate serial:       018CC64AB4D3D6582D8B0B83659D2F627D67
Authority key identifier: 06:49:83:D3:A4:A1:C2:6A:A2:95:03:48:69:C5:84:F7:57:38:0B:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BkmD06ShwmqilQNIacWE91c4Cys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/d37915-6a39-44d1-8e21-4ba3fc3484ce/1/rFTeutv7ncosyVELsjBPuGUWPXg.roa
Signing time:             Mon 01 Jan 2024 18:30:33 +0000
ROA not before:           Mon 01 Jan 2024 18:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42065
IP address blocks:        185.26.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/d37915-6a39-44d1-8e21-4ba3fc3484ce/1/BkmD06ShwmqilQNIacWE91c4Cys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/d37915-6a39-44d1-8e21-4ba3fc3484ce/1/BkmD06ShwmqilQNIacWE91c4Cys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BkmD06ShwmqilQNIacWE91c4Cys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 19:03:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:b4:d3:d6:58:2d:8b:0b:83:65:9d:2f:62:7d:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=064983d3a4a1c26aa295034869c584f757380b2b
        Validity
            Not Before: Jan  1 18:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac54debadbfb9dca2cc9510bb2304fb865163d78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:7e:14:03:c4:9c:1b:a1:43:14:66:53:a1:93:
                    61:85:df:60:4c:0f:01:28:4a:8c:69:42:2e:33:a0:
                    3e:16:fc:5e:61:29:24:6f:c3:4a:88:31:27:be:a5:
                    19:e7:c6:6d:e1:76:a2:63:0a:de:05:60:e0:ab:28:
                    5e:5f:8c:19:63:56:f8:0f:2b:90:5e:7c:22:7b:bf:
                    c1:5a:00:9a:d1:93:e7:5b:e3:48:5a:eb:ef:b0:d9:
                    c9:f6:25:b3:7d:80:0e:aa:10:2f:eb:92:a2:24:a3:
                    00:cb:47:b0:40:c9:86:e3:63:84:f4:66:6d:54:df:
                    20:32:fc:87:35:d9:48:4d:98:c9:3e:a5:66:04:58:
                    90:39:1d:fa:73:3e:21:22:ac:ab:f5:ca:2a:2a:c3:
                    41:a2:56:e4:5d:4e:12:34:5a:2c:ef:8f:ce:59:dd:
                    60:90:22:f7:cb:d6:82:df:e7:fa:5c:00:fb:ec:3d:
                    2e:a9:5b:f1:6a:59:88:1c:1e:88:19:cc:43:b3:b5:
                    94:f9:e2:d4:b3:1e:49:70:a5:d1:c1:11:9b:b0:9e:
                    dd:d6:be:aa:2b:e9:a0:df:64:0d:ec:8f:42:e1:9c:
                    1e:bb:d6:cc:05:e6:39:b3:c4:98:e9:aa:00:95:bb:
                    94:25:89:fd:41:97:24:9f:c3:10:35:c2:69:6d:a3:
                    c8:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:54:DE:BA:DB:FB:9D:CA:2C:C9:51:0B:B2:30:4F:B8:65:16:3D:78
            X509v3 Authority Key Identifier:
                keyid:06:49:83:D3:A4:A1:C2:6A:A2:95:03:48:69:C5:84:F7:57:38:0B:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BkmD06ShwmqilQNIacWE91c4Cys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/d37915-6a39-44d1-8e21-4ba3fc3484ce/1/rFTeutv7ncosyVELsjBPuGUWPXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/d37915-6a39-44d1-8e21-4ba3fc3484ce/1/BkmD06ShwmqilQNIacWE91c4Cys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.26.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:c7:4f:b8:13:c1:1c:45:72:87:ee:f7:e5:4e:7f:fd:77:f7:
         8a:dd:f5:ba:bb:b7:8a:dd:1f:a4:79:fe:85:e3:21:26:90:0f:
         d2:41:3d:73:f1:71:70:de:8d:c9:86:77:d5:4e:2b:e3:eb:be:
         b8:c3:0a:3c:66:67:2d:4d:77:a8:ab:7a:67:88:51:3c:21:92:
         17:61:89:07:82:bd:63:0d:25:e2:85:fb:63:fb:5a:8e:1e:3e:
         0c:f2:04:6b:e0:f3:f8:e9:c5:7f:a2:5a:ff:8e:a0:a4:c1:0e:
         e2:77:b9:91:c1:21:fb:6d:ac:40:e6:57:a0:25:a0:73:7c:d9:
         ac:66:dd:76:55:31:ef:32:da:6f:a8:1f:f5:ea:d6:99:08:c2:
         87:fd:77:fe:22:f4:7b:bd:f8:b2:c4:d7:d3:64:0c:58:0d:18:
         c5:6b:36:e8:b4:4f:01:b2:b0:62:05:d5:cf:e4:23:bc:38:97:
         9a:4e:3d:5c:47:7b:31:ad:43:aa:fa:d0:1b:bd:df:fa:0a:b3:
         8f:3f:f6:b1:3a:14:95:44:8e:b8:5b:3e:4b:0c:8f:36:0e:41:
         b4:3b:6e:51:c5:fc:40:f2:88:97:df:a0:c2:63:0c:2e:78:b0:
         e0:b2:0f:7e:3b:c9:5e:ad:86:70:64:b7:74:71:aa:2b:2b:18:
         7c:cd:e1:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSrTT1lgtiwuDZZ0vYn1nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NDk4M2QzYTRhMWMyNmFhMjk1MDM0ODY5YzU4NGY3NTcz
ODBiMmIwHhcNMjQwMTAxMTgzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzU0ZGViYWRiZmI5ZGNhMmNjOTUxMGJiMjMwNGZiODY1MTYzZDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhH4UA8ScG6FDFGZToZNhhd9gTA8B
KEqMaUIuM6A+FvxeYSkkb8NKiDEnvqUZ58Zt4XaiYwreBWDgqyheX4wZY1b4DyuQ
Xnwie7/BWgCa0ZPnW+NIWuvvsNnJ9iWzfYAOqhAv65KiJKMAy0ewQMmG42OE9GZt
VN8gMvyHNdlITZjJPqVmBFiQOR36cz4hIqyr9coqKsNBolbkXU4SNFos74/OWd1g
kCL3y9aC3+f6XAD77D0uqVvxalmIHB6IGcxDs7WU+eLUsx5JcKXRwRGbsJ7d1r6q
K+mg32QN7I9C4Zweu9bMBeY5s8SY6aoAlbuUJYn9QZckn8MQNcJpbaPIAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKxU3rrb+53KLMlRC7IwT7hlFj14MB8GA1UdIwQY
MBaAFAZJg9OkocJqopUDSGnFhPdXOAsrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmttRDA2U2h3bXFpbFFOSWFjV0U5MWM0Q3lzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi9kMzc5MTUtNmEzOS00NGQxLThlMjEt
NGJhM2ZjMzQ4NGNlLzEvckZUZXV0djduY29zeVZFTHNqQlB1R1VXUFhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi9kMzc5MTUtNmEzOS00NGQxLThlMjEtNGJhM2ZjMzQ4NGNl
LzEvQmttRDA2U2h3bXFpbFFOSWFjV0U5MWM0Q3lzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRpKMA0G
CSqGSIb3DQEBCwUAA4IBAQAjx0+4E8EcRXKH7vflTn/9d/eK3fW6u7eK3R+kef6F
4yEmkA/SQT1z8XFw3o3JhnfVTivj6764wwo8ZmctTXeoq3pniFE8IZIXYYkHgr1j
DSXihftj+1qOHj4M8gRr4PP46cV/olr/jqCkwQ7id7mRwSH7baxA5legJaBzfNms
Zt12VTHvMtpvqB/16taZCMKH/Xf+IvR7vfiyxNfTZAxYDRjFazbotE8BsrBiBdXP
5CO8OJeaTj1cR3sxrUOq+tAbvd/6CrOPP/axOhSVRI64Wz5LDI82DkG0O25RxfxA
8oiX36DCYwwueLDgsg9+O8lerYZwZLd0caorKxh8zeEI
-----END CERTIFICATE-----