Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/16a12e-8b5a-4649-a03c-71cd6af072a5/1/4u1S0VMC36lEEBNfrnQa2WkFu4I.roa
File:                     4u1S0VMC36lEEBNfrnQa2WkFu4I.roa (raw, json)
Hash identifier:          JUesEmfiUdwtB2Oh/S1vCPWU9SA7G1nBV/ncFMb9TZg=
Subject key identifier:   E2:ED:52:D1:53:02:DF:A9:44:10:13:5F:AE:74:1A:D9:69:05:BB:82
Certificate issuer:       /CN=b8f4be41054eaf787eaa3833ffcae8f1ed7faa80
Certificate serial:       018CC3B70D6B64F7867F0DE202899919529A
Authority key identifier: B8:F4:BE:41:05:4E:AF:78:7E:AA:38:33:FF:CA:E8:F1:ED:7F:AA:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uPS-QQVOr3h-qjgz_8ro8e1_qoA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/16a12e-8b5a-4649-a03c-71cd6af072a5/1/4u1S0VMC36lEEBNfrnQa2WkFu4I.roa
Signing time:             Mon 01 Jan 2024 06:30:02 +0000
ROA not before:           Mon 01 Jan 2024 06:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31027
IP address blocks:        185.73.74.0/24 maxlen: 24
                          185.73.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/16a12e-8b5a-4649-a03c-71cd6af072a5/1/uPS-QQVOr3h-qjgz_8ro8e1_qoA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/16a12e-8b5a-4649-a03c-71cd6af072a5/1/uPS-QQVOr3h-qjgz_8ro8e1_qoA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uPS-QQVOr3h-qjgz_8ro8e1_qoA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 15:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:0d:6b:64:f7:86:7f:0d:e2:02:89:99:19:52:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8f4be41054eaf787eaa3833ffcae8f1ed7faa80
        Validity
            Not Before: Jan  1 06:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2ed52d15302dfa94410135fae741ad96905bb82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:6b:01:bd:8a:bc:e5:fd:77:0f:e1:ff:ae:70:
                    19:dc:ef:19:4d:79:7a:ef:e6:40:e8:5e:38:90:3e:
                    80:47:f6:1a:23:04:3f:7f:48:d4:22:bb:a1:8a:60:
                    6d:80:e7:48:b3:d9:e2:e1:8e:49:77:39:00:39:04:
                    43:ac:0f:b6:80:ca:e2:b9:c1:09:44:47:4c:44:08:
                    24:e7:94:9f:3b:90:d8:8f:da:65:8a:b0:7b:a4:b4:
                    3a:b2:7a:b2:84:70:a2:ec:7c:fd:be:cf:2f:4e:82:
                    cf:28:52:37:e2:fe:92:5e:ee:75:9e:76:c4:67:a0:
                    f2:29:9e:8f:47:5a:d7:af:b5:be:14:d2:f4:23:ad:
                    d5:42:88:d7:b9:2c:c7:bd:36:41:a4:e6:65:78:0f:
                    05:59:10:29:89:a7:16:b5:c6:38:b4:e6:8a:4e:1b:
                    ae:42:9f:70:1f:8b:40:5b:b2:f1:7e:ac:67:c3:b2:
                    84:cf:4f:8c:06:00:b9:8f:17:6f:87:3b:eb:f8:d8:
                    27:ac:76:24:cb:2f:ed:d8:bb:a2:31:01:d6:86:17:
                    ad:91:8c:fe:c2:86:32:8e:a3:4e:66:f6:54:6d:40:
                    b7:fb:c1:95:66:24:73:7a:c9:a8:cf:d5:1a:b3:e3:
                    a1:7d:d1:9b:bc:0b:48:da:92:76:a8:68:8b:43:af:
                    6e:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:ED:52:D1:53:02:DF:A9:44:10:13:5F:AE:74:1A:D9:69:05:BB:82
            X509v3 Authority Key Identifier:
                keyid:B8:F4:BE:41:05:4E:AF:78:7E:AA:38:33:FF:CA:E8:F1:ED:7F:AA:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uPS-QQVOr3h-qjgz_8ro8e1_qoA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/16a12e-8b5a-4649-a03c-71cd6af072a5/1/4u1S0VMC36lEEBNfrnQa2WkFu4I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/16a12e-8b5a-4649-a03c-71cd6af072a5/1/uPS-QQVOr3h-qjgz_8ro8e1_qoA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.73.72.0/24
                  185.73.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:a2:66:cd:bd:d9:32:c7:f2:f0:64:c1:0f:cc:70:f0:bf:a4:
         02:02:9f:0c:29:7d:45:00:a2:5a:0a:16:a9:45:d5:1d:7f:e4:
         a4:5c:69:ac:cc:1e:ba:c7:5d:3f:3c:11:29:e2:50:cd:ea:40:
         3f:6f:88:19:6c:f4:f9:a9:f0:63:bb:e7:b7:0e:5f:c3:2e:89:
         d2:07:07:91:9b:05:b0:28:24:b9:ef:c6:04:32:ea:f2:d7:d3:
         40:27:c1:ba:9c:5f:20:fb:d0:81:9d:74:49:7f:27:3f:6e:28:
         da:22:21:6c:e6:6a:f5:e9:7b:d3:c0:5c:20:16:4d:37:b9:69:
         60:de:9b:93:42:83:d5:e7:c4:c7:64:9d:30:e2:9d:2c:12:77:
         29:5a:d9:c9:fa:ff:c8:26:16:10:fa:a2:16:f1:ed:42:c7:a1:
         ce:90:bd:6d:bd:a6:9f:99:6a:fe:45:bb:79:a2:3a:a2:1e:1f:
         88:c2:55:7c:87:44:14:ec:c7:52:71:d5:20:58:4f:12:d5:3f:
         03:55:6c:50:8d:e7:ef:0d:f1:84:81:12:7d:f1:66:bc:b2:44:
         2b:e6:e3:eb:06:a2:0b:8a:c1:7c:61:55:b0:5f:b7:f2:d4:6a:
         d3:07:31:54:0e:e5:a4:e0:9e:dc:2d:e5:91:1b:25:53:c0:1e:
         2f:31:16:b7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtw1rZPeGfw3iAomZGVKaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4ZjRiZTQxMDU0ZWFmNzg3ZWFhMzgzM2ZmY2FlOGYxZWQ3
ZmFhODAwHhcNMjQwMTAxMDYzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmVkNTJkMTUzMDJkZmE5NDQxMDEzNWZhZTc0MWFkOTY5MDViYjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyWsBvYq85f13D+H/rnAZ3O8ZTXl6
7+ZA6F44kD6AR/YaIwQ/f0jUIruhimBtgOdIs9ni4Y5JdzkAOQRDrA+2gMriucEJ
REdMRAgk55SfO5DYj9plirB7pLQ6snqyhHCi7Hz9vs8vToLPKFI34v6SXu51nnbE
Z6DyKZ6PR1rXr7W+FNL0I63VQojXuSzHvTZBpOZleA8FWRApiacWtcY4tOaKThuu
Qp9wH4tAW7Lxfqxnw7KEz0+MBgC5jxdvhzvr+NgnrHYkyy/t2LuiMQHWhhetkYz+
woYyjqNOZvZUbUC3+8GVZiRzesmoz9Uas+OhfdGbvAtI2pJ2qGiLQ69uzQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOLtUtFTAt+pRBATX650GtlpBbuCMB8GA1UdIwQY
MBaAFLj0vkEFTq94fqo4M//K6PHtf6qAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVBTLVFRVk9yM2gtcWpnel84cm84ZTFfcW9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni8xNmExMmUtOGI1YS00NjQ5LWEwM2Mt
NzFjZDZhZjA3MmE1LzEvNHUxUzBWTUMzNmxFRUJOZnJuUWEyV2tGdTRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni8xNmExMmUtOGI1YS00NjQ5LWEwM2MtNzFjZDZhZjA3MmE1
LzEvdVBTLVFRVk9yM2gtcWpnel84cm84ZTFfcW9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuUlIAwQA
uUlKMA0GCSqGSIb3DQEBCwUAA4IBAQBIombNvdkyx/LwZMEPzHDwv6QCAp8MKX1F
AKJaChapRdUdf+SkXGmszB66x10/PBEp4lDN6kA/b4gZbPT5qfBju+e3Dl/DLonS
BweRmwWwKCS578YEMury19NAJ8G6nF8g+9CBnXRJfyc/bijaIiFs5mr16XvTwFwg
Fk03uWlg3puTQoPV58THZJ0w4p0sEncpWtnJ+v/IJhYQ+qIW8e1Cx6HOkL1tvaaf
mWr+Rbt5ojqiHh+IwlV8h0QU7MdScdUgWE8S1T8DVWxQjefvDfGEgRJ98Wa8skQr
5uPrBqILisF8YVWwX7fy1GrTBzFUDuWk4J7cLeWRGyVTwB4vMRa3
-----END CERTIFICATE-----