Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/ro8r807SFlHgEdC0lWiLqwHjeD4.roa
File:                     ro8r807SFlHgEdC0lWiLqwHjeD4.roa (raw, json)
Hash identifier:          mE0wCqZZDknJbdaExWoon366yl17A1XrryTH35EDcCU=
Subject key identifier:   AE:8F:2B:F3:4E:D2:16:51:E0:11:D0:B4:95:68:8B:AB:01:E3:78:3E
Certificate issuer:       /CN=359f0f5ff620e0db5311f64736909973ac60f6f3
Certificate serial:       018CC500717B93ABECEC5AB05860CC4E3BD3
Authority key identifier: 35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/ro8r807SFlHgEdC0lWiLqwHjeD4.roa
Signing time:             Mon 01 Jan 2024 12:29:49 +0000
ROA not before:           Mon 01 Jan 2024 12:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201464
IP address blocks:        185.74.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 08:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:71:7b:93:ab:ec:ec:5a:b0:58:60:cc:4e:3b:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=359f0f5ff620e0db5311f64736909973ac60f6f3
        Validity
            Not Before: Jan  1 12:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae8f2bf34ed21651e011d0b495688bab01e3783e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:c2:25:81:48:1c:53:ce:94:65:89:5b:9a:52:
                    88:19:06:9b:74:d0:02:b1:b5:48:3a:10:8f:76:00:
                    9f:22:ee:f0:93:a1:40:4f:54:07:29:0f:77:c5:57:
                    63:49:64:27:f5:32:71:e8:30:ba:b6:76:1c:68:1c:
                    07:61:ff:2e:3e:8e:98:8a:64:74:d7:4b:f6:c3:46:
                    9f:7c:65:23:57:68:dd:40:90:83:68:22:36:c4:af:
                    80:40:f2:77:c0:0e:d3:e9:2d:fa:0e:33:39:f8:7a:
                    82:6f:74:9b:85:05:03:76:0a:4c:04:4b:78:fa:9a:
                    01:5f:f9:c4:7a:fa:1a:0f:58:d4:3e:7a:ad:47:a2:
                    58:1d:2c:78:6c:f6:71:76:0d:29:e2:e2:7b:b6:bc:
                    6a:97:d9:44:f2:57:d3:fa:88:83:8c:9a:0a:7d:67:
                    97:db:7d:df:10:d4:fb:0d:c9:fa:f0:b0:da:9f:6a:
                    e8:6b:13:45:46:40:4d:de:b8:19:74:be:f1:b1:4f:
                    10:82:09:57:0a:b7:66:33:ff:80:34:47:05:c0:2b:
                    84:05:2d:b3:95:22:7a:0d:8f:2a:47:6b:4e:d5:c3:
                    85:51:30:c7:e9:f9:37:15:42:49:a1:9f:f3:6b:f0:
                    a5:fa:69:ef:a3:6b:aa:22:f4:98:a9:39:7c:e4:8a:
                    a9:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:8F:2B:F3:4E:D2:16:51:E0:11:D0:B4:95:68:8B:AB:01:E3:78:3E
            X509v3 Authority Key Identifier:
                keyid:35:9F:0F:5F:F6:20:E0:DB:53:11:F6:47:36:90:99:73:AC:60:F6:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/ro8r807SFlHgEdC0lWiLqwHjeD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/40d9a5-2566-49e1-a57b-d1abf4ee32cb/1/NZ8PX_Yg4NtTEfZHNpCZc6xg9vM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.74.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c5:27:95:53:6d:15:c6:54:a1:a4:66:bc:31:98:88:b1:76:6e:
         f0:f0:c9:ff:7c:3d:d4:1f:9f:2a:39:44:c9:2d:13:36:de:7e:
         30:d9:c0:e9:8c:7f:f2:99:50:d4:7d:47:78:37:7b:16:b1:c4:
         e0:c1:13:34:8d:d0:03:79:17:c4:73:65:a0:f8:cc:ab:bd:22:
         2c:e5:6e:51:90:9f:da:23:f6:f9:9a:0a:4f:95:ba:df:a3:73:
         20:2b:d3:b2:84:92:0d:e3:da:87:5b:8a:dd:aa:19:ae:d6:7e:
         b7:01:b5:36:ee:a8:03:e7:69:78:05:1c:63:ca:10:7e:f1:19:
         c4:6a:eb:7c:2c:ae:43:1c:18:23:61:83:34:66:3b:4b:6b:59:
         88:76:a8:8e:8b:2f:3c:e8:64:8f:01:30:6f:83:5c:18:4a:92:
         27:24:11:4d:e6:32:9a:5f:30:76:d2:08:24:8e:29:92:94:66:
         dc:87:d6:d8:9a:43:64:cc:2f:3f:de:34:4a:9f:2e:71:c7:60:
         0d:9c:34:36:da:05:bb:25:ce:5b:e4:59:e6:fe:b9:9c:af:31:
         85:bb:d9:e6:d3:2f:38:1f:08:e7:47:2d:be:81:99:b3:0a:2c:
         3d:4a:d8:02:7c:ff:70:88:ee:28:27:3c:8e:59:2c:c8:07:ff:
         a1:ff:d2:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAHF7k6vs7FqwWGDMTjvTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1OWYwZjVmZjYyMGUwZGI1MzExZjY0NzM2OTA5OTczYWM2
MGY2ZjMwHhcNMjQwMTAxMTIyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZThmMmJmMzRlZDIxNjUxZTAxMWQwYjQ5NTY4OGJhYjAxZTM3ODNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm8IlgUgcU86UZYlbmlKIGQabdNAC
sbVIOhCPdgCfIu7wk6FAT1QHKQ93xVdjSWQn9TJx6DC6tnYcaBwHYf8uPo6YimR0
10v2w0affGUjV2jdQJCDaCI2xK+AQPJ3wA7T6S36DjM5+HqCb3SbhQUDdgpMBEt4
+poBX/nEevoaD1jUPnqtR6JYHSx4bPZxdg0p4uJ7trxql9lE8lfT+oiDjJoKfWeX
233fENT7Dcn68LDan2roaxNFRkBN3rgZdL7xsU8QgglXCrdmM/+ANEcFwCuEBS2z
lSJ6DY8qR2tO1cOFUTDH6fk3FUJJoZ/za/Cl+mnvo2uqIvSYqTl85IqpdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK6PK/NO0hZR4BHQtJVoi6sB43g+MB8GA1UdIwQY
MBaAFDWfD1/2IODbUxH2RzaQmXOsYPbzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlo4UFhfWWc0TnRURWZaSE5wQ1pjNnhnOXZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS80MGQ5YTUtMjU2Ni00OWUxLWE1N2It
ZDFhYmY0ZWUzMmNiLzEvcm84cjgwN1NGbEhnRWRDMGxXaUxxd0hqZUQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS80MGQ5YTUtMjU2Ni00OWUxLWE1N2ItZDFhYmY0ZWUzMmNi
LzEvTlo4UFhfWWc0TnRURWZaSE5wQ1pjNnhnOXZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUo9MA0G
CSqGSIb3DQEBCwUAA4IBAQDFJ5VTbRXGVKGkZrwxmIixdm7w8Mn/fD3UH58qOUTJ
LRM23n4w2cDpjH/ymVDUfUd4N3sWscTgwRM0jdADeRfEc2Wg+MyrvSIs5W5RkJ/a
I/b5mgpPlbrfo3MgK9OyhJIN49qHW4rdqhmu1n63AbU27qgD52l4BRxjyhB+8RnE
aut8LK5DHBgjYYM0ZjtLa1mIdqiOiy886GSPATBvg1wYSpInJBFN5jKaXzB20ggk
jimSlGbch9bYmkNkzC8/3jRKny5xx2ANnDQ22gW7Jc5b5Fnm/rmcrzGFu9nm0y84
HwjnRy2+gZmzCiw9StgCfP9wiO4oJzyOWSzIB/+h/9J6
-----END CERTIFICATE-----