Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/bR6pN29QFHvNkYOIFVyp3DjVDmI.roa
File:                     bR6pN29QFHvNkYOIFVyp3DjVDmI.roa (raw, json)
Hash identifier:          6jWzFVSh+7F38X5aZyy+HbC9JxGR0yRqXRQr4hDwubk=
Subject key identifier:   6D:1E:A9:37:6F:50:14:7B:CD:91:83:88:15:5C:A9:DC:38:D5:0E:62
Certificate issuer:       /CN=352f8919e6bc1ef5663489018fc875be34c0f24c
Certificate serial:       018CC349294BF3F38E9DCF395DA94C41F185
Authority key identifier: 35:2F:89:19:E6:BC:1E:F5:66:34:89:01:8F:C8:75:BE:34:C0:F2:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NS-JGea8HvVmNIkBj8h1vjTA8kw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/bR6pN29QFHvNkYOIFVyp3DjVDmI.roa
Signing time:             Mon 01 Jan 2024 04:30:00 +0000
ROA not before:           Mon 01 Jan 2024 04:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        185.74.54.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/NS-JGea8HvVmNIkBj8h1vjTA8kw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/NS-JGea8HvVmNIkBj8h1vjTA8kw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NS-JGea8HvVmNIkBj8h1vjTA8kw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:29:4b:f3:f3:8e:9d:cf:39:5d:a9:4c:41:f1:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=352f8919e6bc1ef5663489018fc875be34c0f24c
        Validity
            Not Before: Jan  1 04:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d1ea9376f50147bcd918388155ca9dc38d50e62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:c0:af:b4:09:c2:b1:6b:d0:3d:e6:66:5c:4c:
                    78:b8:3a:9b:c4:a8:a1:c7:1e:bb:b5:11:58:c4:1c:
                    c0:a0:5a:80:57:e8:74:e8:54:8c:1b:cf:e2:03:0d:
                    09:21:79:c9:9d:21:c4:0d:93:81:16:62:35:71:60:
                    a6:33:0d:3c:84:0a:69:c1:78:95:8b:5f:b8:4f:fb:
                    fd:8c:9b:ed:d8:41:a5:01:97:e2:3a:3f:df:53:f5:
                    8f:0e:58:1d:47:7f:52:12:25:48:f6:f7:c1:46:52:
                    b4:fe:c8:fe:5f:ca:cc:3e:d0:d3:f9:fa:34:c5:b8:
                    8c:3f:f5:1f:2b:c0:46:d4:cb:bf:f5:6a:55:52:72:
                    5e:a9:76:c5:20:e6:d5:11:fe:13:9e:4a:33:c4:78:
                    4a:67:6e:a5:3b:0e:5a:55:b9:11:f1:58:fd:2e:db:
                    8f:30:c6:ae:43:59:2d:1c:e5:63:5b:74:59:06:06:
                    0f:8e:58:23:f9:b6:f5:30:38:8f:1c:b8:d0:74:ec:
                    3c:be:23:34:35:b2:2e:47:04:cc:aa:68:2d:0f:3d:
                    e2:e8:8f:ba:db:3f:f9:aa:2e:a0:0f:29:74:8f:f8:
                    48:6c:b8:29:ec:ad:ba:84:89:5a:05:34:6f:12:8b:
                    5b:d1:8e:75:52:2c:38:fa:68:85:67:f5:bc:f0:a3:
                    af:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:1E:A9:37:6F:50:14:7B:CD:91:83:88:15:5C:A9:DC:38:D5:0E:62
            X509v3 Authority Key Identifier:
                keyid:35:2F:89:19:E6:BC:1E:F5:66:34:89:01:8F:C8:75:BE:34:C0:F2:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NS-JGea8HvVmNIkBj8h1vjTA8kw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/bR6pN29QFHvNkYOIFVyp3DjVDmI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/NS-JGea8HvVmNIkBj8h1vjTA8kw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.74.54.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6d:0b:8d:99:05:50:ff:ef:73:7f:c6:db:d5:d6:ce:02:8a:e6:
         80:07:79:0e:57:4d:78:93:e6:52:d6:d3:aa:eb:24:24:e0:ef:
         41:06:00:99:79:dd:c1:33:82:b2:f4:4d:5f:52:a9:5c:bb:1b:
         5b:b4:5d:4e:d7:ca:90:c5:05:22:14:6a:fa:35:07:82:85:36:
         62:a3:e4:c9:a1:d2:94:2a:44:95:d7:d8:f1:d6:57:62:a2:b3:
         29:c9:3d:92:ff:1c:22:7e:03:52:b3:7e:74:06:17:11:ec:44:
         da:5d:1c:35:60:e5:4f:41:df:d3:b6:c4:40:5d:dd:91:3f:20:
         19:36:63:a4:13:cf:7d:1d:ca:74:19:b1:72:93:0c:50:df:3e:
         df:0b:02:8a:a7:9e:5a:fe:76:01:30:34:71:e6:5b:30:2f:09:
         e1:69:a6:23:35:27:6e:a4:c4:c1:0c:e6:56:1a:a8:ea:31:53:
         42:ac:74:fb:1c:f3:6b:31:d3:4c:fc:60:08:a3:34:63:39:7d:
         32:9e:2e:61:2c:f9:f8:15:96:3f:25:c7:e4:c5:f8:d5:bd:b2:
         96:d0:53:c9:58:b4:e7:59:79:30:ba:58:62:c8:19:79:8b:f5:
         be:e9:6f:d9:c3:a2:eb:19:09:1c:f7:1b:bc:27:cc:b9:e0:5d:
         14:4a:f7:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSSlL8/OOnc85XalMQfGFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MmY4OTE5ZTZiYzFlZjU2NjM0ODkwMThmYzg3NWJlMzRj
MGYyNGMwHhcNMjQwMTAxMDQzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDFlYTkzNzZmNTAxNDdiY2Q5MTgzODgxNTVjYTlkYzM4ZDUwZTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgsCvtAnCsWvQPeZmXEx4uDqbxKih
xx67tRFYxBzAoFqAV+h06FSMG8/iAw0JIXnJnSHEDZOBFmI1cWCmMw08hAppwXiV
i1+4T/v9jJvt2EGlAZfiOj/fU/WPDlgdR39SEiVI9vfBRlK0/sj+X8rMPtDT+fo0
xbiMP/UfK8BG1Mu/9WpVUnJeqXbFIObVEf4TnkozxHhKZ26lOw5aVbkR8Vj9LtuP
MMauQ1ktHOVjW3RZBgYPjlgj+bb1MDiPHLjQdOw8viM0NbIuRwTMqmgtDz3i6I+6
2z/5qi6gDyl0j/hIbLgp7K26hIlaBTRvEotb0Y51Uiw4+miFZ/W88KOvYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG0eqTdvUBR7zZGDiBVcqdw41Q5iMB8GA1UdIwQY
MBaAFDUviRnmvB71ZjSJAY/Idb40wPJMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlMtSkdlYThIdlZtTklrQmo4aDF2alRBOGt3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9jZjk0M2QtYzkyMS00ZWY3LTlhYTAt
ZTNmY2IyM2UzNDM4LzEvYlI2cE4yOVFGSHZOa1lPSUZWeXAzRGpWRG1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9jZjk0M2QtYzkyMS00ZWY3LTlhYTAtZTNmY2IyM2UzNDM4
LzEvTlMtSkdlYThIdlZtTklrQmo4aDF2alRBOGt3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuUo2MA0G
CSqGSIb3DQEBCwUAA4IBAQBtC42ZBVD/73N/xtvV1s4CiuaAB3kOV014k+ZS1tOq
6yQk4O9BBgCZed3BM4Ky9E1fUqlcuxtbtF1O18qQxQUiFGr6NQeChTZio+TJodKU
KkSV19jx1ldiorMpyT2S/xwifgNSs350BhcR7ETaXRw1YOVPQd/TtsRAXd2RPyAZ
NmOkE899Hcp0GbFykwxQ3z7fCwKKp55a/nYBMDRx5lswLwnhaaYjNSdupMTBDOZW
GqjqMVNCrHT7HPNrMdNM/GAIozRjOX0yni5hLPn4FZY/JcfkxfjVvbKW0FPJWLTn
WXkwulhiyBl5i/W+6W/Zw6LrGQkc9xu8J8y54F0USvfq
-----END CERTIFICATE-----