Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/9b240c-0d28-4690-89b4-1a8a4a38a805/1/aHVJ8Uam0mRlP7K0rCkm3Dcm6_k.roa
File:                     aHVJ8Uam0mRlP7K0rCkm3Dcm6_k.roa (raw, json)
Hash identifier:          vKfh9q3YB2jfqfXA+smPDKG9YgSjzzmFeD7L+bwm1XA=
Subject key identifier:   68:75:49:F1:46:A6:D2:64:65:3F:B2:B4:AC:29:26:DC:37:26:EB:F9
Certificate issuer:       /CN=747c2e3a51489f1b01b4371758099bc85dd90f07
Certificate serial:       018CC80223AF17ECC66CFCB80EBAEE469CE9
Authority key identifier: 74:7C:2E:3A:51:48:9F:1B:01:B4:37:17:58:09:9B:C8:5D:D9:0F:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dHwuOlFInxsBtDcXWAmbyF3ZDwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/9b240c-0d28-4690-89b4-1a8a4a38a805/1/aHVJ8Uam0mRlP7K0rCkm3Dcm6_k.roa
Signing time:             Tue 02 Jan 2024 02:30:32 +0000
ROA not before:           Tue 02 Jan 2024 02:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     135330
IP address blocks:        185.74.222.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/9b240c-0d28-4690-89b4-1a8a4a38a805/1/dHwuOlFInxsBtDcXWAmbyF3ZDwc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/9b240c-0d28-4690-89b4-1a8a4a38a805/1/dHwuOlFInxsBtDcXWAmbyF3ZDwc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dHwuOlFInxsBtDcXWAmbyF3ZDwc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:23:af:17:ec:c6:6c:fc:b8:0e:ba:ee:46:9c:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=747c2e3a51489f1b01b4371758099bc85dd90f07
        Validity
            Not Before: Jan  2 02:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=687549f146a6d264653fb2b4ac2926dc3726ebf9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:40:55:82:ef:ff:08:5f:fa:6f:6a:8a:f3:e6:
                    6a:bd:f9:f7:70:40:c8:b2:3c:4f:33:95:d4:34:d5:
                    ae:b2:2e:b0:d3:9d:18:43:10:ae:0c:b5:76:fb:8a:
                    24:34:93:87:eb:a0:d2:73:59:2a:e6:39:08:86:48:
                    e4:fb:43:86:18:6e:2e:61:a6:fe:de:12:0b:09:0a:
                    ea:05:e5:ce:48:9b:5e:1b:24:17:c8:27:c1:6d:af:
                    d0:65:71:0d:c8:0a:f7:db:4f:b6:e0:3d:66:10:b5:
                    be:b9:9d:c4:a1:a2:61:54:fa:58:ae:61:05:1a:3e:
                    a1:7e:ca:8f:9b:b6:15:91:17:f6:2c:59:06:cf:1e:
                    8f:60:20:21:84:03:bf:28:19:c0:22:f8:0b:77:a6:
                    8b:29:85:1f:41:2a:c0:43:fe:fd:27:ea:d9:7c:c2:
                    53:aa:0d:38:4d:d6:a8:8b:89:2b:fc:b3:54:7d:09:
                    3d:2d:33:75:f6:26:3e:0f:da:5f:fa:3e:19:ea:16:
                    15:e8:98:ed:24:38:5d:8c:1f:3e:41:ec:37:ff:c0:
                    1e:7d:25:f5:f4:a0:9d:15:1f:e1:69:59:3d:a3:67:
                    08:80:96:ec:4c:da:b5:65:bf:d8:62:4c:12:b1:60:
                    0e:32:0b:36:d2:03:33:10:57:58:c9:6e:d2:c7:9c:
                    a6:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:75:49:F1:46:A6:D2:64:65:3F:B2:B4:AC:29:26:DC:37:26:EB:F9
            X509v3 Authority Key Identifier:
                keyid:74:7C:2E:3A:51:48:9F:1B:01:B4:37:17:58:09:9B:C8:5D:D9:0F:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dHwuOlFInxsBtDcXWAmbyF3ZDwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9b240c-0d28-4690-89b4-1a8a4a38a805/1/aHVJ8Uam0mRlP7K0rCkm3Dcm6_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/9b240c-0d28-4690-89b4-1a8a4a38a805/1/dHwuOlFInxsBtDcXWAmbyF3ZDwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.74.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:83:e9:f9:15:2b:34:d1:84:f3:a4:03:cc:f8:d3:1c:dd:4d:
         00:6d:95:b0:35:68:66:ec:bc:b8:e1:3b:70:6e:18:a4:f4:1b:
         bb:68:83:c8:8c:0a:ce:3f:2d:ab:56:72:e6:50:a0:65:17:83:
         dc:2d:29:a4:c9:3c:66:98:1f:23:5f:45:cb:16:88:ac:21:d9:
         27:78:cf:01:66:a3:6e:b5:1b:5b:02:08:4e:66:ee:7a:bf:37:
         13:55:e3:32:dc:e1:9a:eb:72:eb:3d:f2:b1:9a:07:86:a5:a4:
         88:ad:56:52:ab:f6:77:a7:10:d2:81:21:31:2b:75:dd:4c:e4:
         f4:cf:56:07:53:f0:54:49:01:b7:ec:a4:1f:1b:dd:eb:50:a6:
         7a:96:91:a5:be:d5:fd:3f:8a:c3:f5:ea:a4:81:5c:a1:12:bf:
         76:b6:f5:10:0f:b8:3d:50:f7:12:c3:66:82:4a:6c:62:a5:ee:
         64:be:f1:e8:f1:51:c8:30:e4:e9:5b:15:0e:56:8f:26:92:90:
         c7:40:d5:be:a7:4a:17:22:8f:d7:98:a6:83:4a:9d:29:a8:3a:
         b7:fb:03:02:a6:4e:b5:01:21:84:45:b5:3e:d0:e5:88:7e:79:
         c3:2f:58:ef:2d:d6:05:30:f2:12:b3:4b:5e:21:08:c6:11:9c:
         b5:c3:cb:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAiOvF+zGbPy4DrruRpzpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0N2MyZTNhNTE0ODlmMWIwMWI0MzcxNzU4MDk5YmM4NWRk
OTBmMDcwHhcNMjQwMTAyMDIzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODc1NDlmMTQ2YTZkMjY0NjUzZmIyYjRhYzI5MjZkYzM3MjZlYmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkBVgu//CF/6b2qK8+Zqvfn3cEDI
sjxPM5XUNNWusi6w050YQxCuDLV2+4okNJOH66DSc1kq5jkIhkjk+0OGGG4uYab+
3hILCQrqBeXOSJteGyQXyCfBba/QZXENyAr320+24D1mELW+uZ3EoaJhVPpYrmEF
Gj6hfsqPm7YVkRf2LFkGzx6PYCAhhAO/KBnAIvgLd6aLKYUfQSrAQ/79J+rZfMJT
qg04Tdaoi4kr/LNUfQk9LTN19iY+D9pf+j4Z6hYV6JjtJDhdjB8+Qew3/8AefSX1
9KCdFR/haVk9o2cIgJbsTNq1Zb/YYkwSsWAOMgs20gMzEFdYyW7Sx5ymRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGh1SfFGptJkZT+ytKwpJtw3Juv5MB8GA1UdIwQY
MBaAFHR8LjpRSJ8bAbQ3F1gJm8hd2Q8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEh3dU9sRklueHNCdERjWFdBbWJ5RjNaRHdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85YjI0MGMtMGQyOC00NjkwLTg5YjQt
MWE4YTRhMzhhODA1LzEvYUhWSjhVYW0wbVJsUDdLMHJDa20zRGNtNl9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85YjI0MGMtMGQyOC00NjkwLTg5YjQtMWE4YTRhMzhhODA1
LzEvZEh3dU9sRklueHNCdERjWFdBbWJ5RjNaRHdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUreMA0G
CSqGSIb3DQEBCwUAA4IBAQBmg+n5FSs00YTzpAPM+NMc3U0AbZWwNWhm7Ly44Ttw
bhik9Bu7aIPIjArOPy2rVnLmUKBlF4PcLSmkyTxmmB8jX0XLFoisIdkneM8BZqNu
tRtbAghOZu56vzcTVeMy3OGa63LrPfKxmgeGpaSIrVZSq/Z3pxDSgSExK3XdTOT0
z1YHU/BUSQG37KQfG93rUKZ6lpGlvtX9P4rD9eqkgVyhEr92tvUQD7g9UPcSw2aC
Smxipe5kvvHo8VHIMOTpWxUOVo8mkpDHQNW+p0oXIo/XmKaDSp0pqDq3+wMCpk61
ASGERbU+0OWIfnnDL1jvLdYFMPISs0teIQjGEZy1w8th
-----END CERTIFICATE-----