Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/vrH0b2k-uwRKqoo8p-yym3gv0rM.roa
File:                     vrH0b2k-uwRKqoo8p-yym3gv0rM.roa (raw, json)
Hash identifier:          lWxa3Z2CH5LM3zBefhja94O186dytNmXZ/uPNS7nvwo=
Subject key identifier:   BE:B1:F4:6F:69:3E:BB:04:4A:AA:8A:3C:A7:EC:B2:9B:78:2F:D2:B3
Certificate issuer:       /CN=74e3c336972094b1a8c13d41816857d197a3aae9
Certificate serial:       018CC7273F8DCA105AAEEF7B392F5449BE73
Authority key identifier: 74:E3:C3:36:97:20:94:B1:A8:C1:3D:41:81:68:57:D1:97:A3:AA:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dOPDNpcglLGowT1BgWhX0Zejquk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/vrH0b2k-uwRKqoo8p-yym3gv0rM.roa
Signing time:             Mon 01 Jan 2024 22:31:27 +0000
ROA not before:           Mon 01 Jan 2024 22:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208971
IP address blocks:        194.183.162.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/dOPDNpcglLGowT1BgWhX0Zejquk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/dOPDNpcglLGowT1BgWhX0Zejquk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dOPDNpcglLGowT1BgWhX0Zejquk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 04:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:3f:8d:ca:10:5a:ae:ef:7b:39:2f:54:49:be:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74e3c336972094b1a8c13d41816857d197a3aae9
        Validity
            Not Before: Jan  1 22:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=beb1f46f693ebb044aaa8a3ca7ecb29b782fd2b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:74:50:93:aa:4b:66:a8:0e:08:5e:00:42:bf:
                    c8:58:1f:b2:7c:b7:d0:56:5e:12:52:22:49:0f:ee:
                    a9:ac:f4:e0:46:b5:53:d4:1a:c5:e7:40:14:e8:d6:
                    3a:e8:21:49:6e:df:aa:9b:14:c4:b1:c5:14:91:66:
                    3f:35:24:a3:ae:c0:17:4b:bf:fc:31:ac:c5:04:6f:
                    3a:26:d0:30:97:a4:8a:87:96:3b:30:ef:06:f4:dd:
                    e9:c2:56:87:26:7e:1a:0a:d0:8f:14:da:13:f2:76:
                    ff:14:e1:90:fb:fb:ad:ac:00:d9:ec:0a:81:a7:f9:
                    73:52:6e:0b:b3:f5:4a:b9:fb:2d:0b:e3:fd:fc:01:
                    98:01:bd:c4:4c:54:9f:69:61:57:72:37:ad:73:47:
                    90:3a:e0:ad:9a:5c:d3:95:ba:ad:5b:c1:93:5a:4e:
                    14:42:d7:df:bb:52:2d:66:eb:ed:71:8a:af:d2:10:
                    44:77:59:04:1b:68:81:ed:00:11:b1:dc:3e:16:17:
                    7c:7a:64:6e:21:74:4d:40:3b:d4:a0:7d:5e:e7:72:
                    94:cc:0d:8b:83:32:28:1d:88:ab:9a:9b:df:1f:97:
                    18:21:f8:a1:64:fa:ce:ef:9b:b9:7b:ea:88:ce:76:
                    ce:e7:20:42:5d:91:73:22:e5:71:55:9a:f6:b1:28:
                    b0:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:B1:F4:6F:69:3E:BB:04:4A:AA:8A:3C:A7:EC:B2:9B:78:2F:D2:B3
            X509v3 Authority Key Identifier:
                keyid:74:E3:C3:36:97:20:94:B1:A8:C1:3D:41:81:68:57:D1:97:A3:AA:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dOPDNpcglLGowT1BgWhX0Zejquk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/vrH0b2k-uwRKqoo8p-yym3gv0rM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/dOPDNpcglLGowT1BgWhX0Zejquk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.183.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ce:a3:64:2b:20:b9:0e:15:fa:86:fc:8e:b9:d1:c5:7b:03:20:
         af:bf:2b:a3:a5:3f:61:50:0e:bd:05:18:75:93:2e:99:e8:c1:
         70:a5:8e:3c:31:a5:62:dc:04:98:48:2d:97:e4:9b:a2:5f:b7:
         ff:e0:b2:2a:9a:03:4e:0a:10:62:0d:48:fb:d9:22:df:99:c2:
         9c:4f:d2:75:1b:28:74:7a:7e:66:21:d3:64:76:67:c9:43:26:
         90:69:1d:68:fd:8a:d1:a3:ea:30:86:4f:6a:36:75:dd:cf:19:
         b9:39:e9:03:90:22:bc:80:04:1d:2f:da:21:b3:f6:6d:4a:03:
         4b:92:5a:9d:d7:53:f4:7f:05:de:f6:05:8a:e9:23:e6:d6:a9:
         7e:42:16:66:2c:71:5d:40:3b:2c:97:1d:a5:f6:af:77:c8:83:
         e8:87:b6:f8:ff:21:1e:c6:f4:fe:88:81:d8:16:c2:96:76:de:
         fd:41:17:d3:65:6e:dc:04:a1:34:51:53:a9:cb:32:02:39:13:
         e2:31:05:e6:86:3f:a3:eb:e3:d0:40:9b:25:8b:6a:18:bf:8e:
         67:0e:7d:b3:f8:85:27:08:26:18:ae:67:44:ac:2f:ce:a9:40:
         1c:44:b2:83:ae:36:c3:e5:f2:e8:23:bd:7e:55:e9:a2:6f:51:
         22:80:87:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJz+NyhBaru97OS9USb5zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0ZTNjMzM2OTcyMDk0YjFhOGMxM2Q0MTgxNjg1N2QxOTdh
M2FhZTkwHhcNMjQwMTAxMjIzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWIxZjQ2ZjY5M2ViYjA0NGFhYThhM2NhN2VjYjI5Yjc4MmZkMmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXRQk6pLZqgOCF4AQr/IWB+yfLfQ
Vl4SUiJJD+6prPTgRrVT1BrF50AU6NY66CFJbt+qmxTEscUUkWY/NSSjrsAXS7/8
MazFBG86JtAwl6SKh5Y7MO8G9N3pwlaHJn4aCtCPFNoT8nb/FOGQ+/utrADZ7AqB
p/lzUm4Ls/VKufstC+P9/AGYAb3ETFSfaWFXcjetc0eQOuCtmlzTlbqtW8GTWk4U
Qtffu1ItZuvtcYqv0hBEd1kEG2iB7QARsdw+Fhd8emRuIXRNQDvUoH1e53KUzA2L
gzIoHYirmpvfH5cYIfihZPrO75u5e+qIznbO5yBCXZFzIuVxVZr2sSiwcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL6x9G9pPrsESqqKPKfsspt4L9KzMB8GA1UdIwQY
MBaAFHTjwzaXIJSxqME9QYFoV9GXo6rpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZE9QRE5wY2dsTEdvd1QxQmdXaFgwWmVqcXVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8xOGM0OTgtMjE3MS00ZTFjLThkODAt
YTZjNDllYjI4Mjg3LzEvdnJIMGIyay11d1JLcW9vOHAteXltM2d2MHJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8xOGM0OTgtMjE3MS00ZTFjLThkODAtYTZjNDllYjI4Mjg3
LzEvZE9QRE5wY2dsTEdvd1QxQmdXaFgwWmVqcXVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwreiMA0G
CSqGSIb3DQEBCwUAA4IBAQDOo2QrILkOFfqG/I650cV7AyCvvyujpT9hUA69BRh1
ky6Z6MFwpY48MaVi3ASYSC2X5JuiX7f/4LIqmgNOChBiDUj72SLfmcKcT9J1Gyh0
en5mIdNkdmfJQyaQaR1o/YrRo+owhk9qNnXdzxm5OekDkCK8gAQdL9ohs/ZtSgNL
klqd11P0fwXe9gWK6SPm1ql+QhZmLHFdQDsslx2l9q93yIPoh7b4/yEexvT+iIHY
FsKWdt79QRfTZW7cBKE0UVOpyzICORPiMQXmhj+j6+PQQJsli2oYv45nDn2z+IUn
CCYYrmdErC/OqUAcRLKDrjbD5fLoI71+Vemib1EigIfc
-----END CERTIFICATE-----