Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/509d0b-acd1-4958-a3cd-375f2449a8c1/1/O7wVhYp5aN-EHbBcAt5o4QIzfyg.roa
File:                     O7wVhYp5aN-EHbBcAt5o4QIzfyg.roa (raw, json)
Hash identifier:          1pH3pLqu6QshZ8HwYPfHNSe335AW5zx9SMrVG3Y2btc=
Subject key identifier:   3B:BC:15:85:8A:79:68:DF:84:1D:B0:5C:02:DE:68:E1:02:33:7F:28
Certificate issuer:       /CN=543c7018034725963a971c96a8caab598cae638a
Certificate serial:       019421B2476AF1FA3D9FE602572ECEBC9F57
Authority key identifier: 54:3C:70:18:03:47:25:96:3A:97:1C:96:A8:CA:AB:59:8C:AE:63:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VDxwGANHJZY6lxyWqMqrWYyuY4o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/509d0b-acd1-4958-a3cd-375f2449a8c1/1/O7wVhYp5aN-EHbBcAt5o4QIzfyg.roa
Signing time:             Wed 01 Jan 2025 11:48:39 +0000
ROA not before:           Wed 01 Jan 2025 11:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204300
IP address blocks:        185.155.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/509d0b-acd1-4958-a3cd-375f2449a8c1/1/VDxwGANHJZY6lxyWqMqrWYyuY4o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/509d0b-acd1-4958-a3cd-375f2449a8c1/1/VDxwGANHJZY6lxyWqMqrWYyuY4o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VDxwGANHJZY6lxyWqMqrWYyuY4o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:47:6a:f1:fa:3d:9f:e6:02:57:2e:ce:bc:9f:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=543c7018034725963a971c96a8caab598cae638a
        Validity
            Not Before: Jan  1 11:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3bbc15858a7968df841db05c02de68e102337f28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:39:96:53:be:35:10:75:9a:40:e8:4c:ec:24:
                    a0:4d:8a:41:00:c6:d7:89:07:be:33:a8:c6:8c:59:
                    51:a8:5d:ef:2e:aa:9d:ee:d9:8a:82:3a:1d:85:49:
                    c0:4d:5d:c4:f3:a6:42:a8:f5:74:5d:b1:81:c6:0f:
                    67:8f:22:70:59:d4:da:a6:18:67:14:53:8e:4a:71:
                    4f:60:ed:20:ba:55:7e:a8:75:65:96:75:f7:1d:c1:
                    cf:f7:a6:d3:76:77:34:5b:4b:5c:21:7c:cd:f7:9c:
                    b8:e5:9f:89:6c:9d:d2:e4:8a:2c:98:45:f7:c4:84:
                    3f:c4:71:be:7b:c3:c4:05:72:9e:c4:67:3d:99:7b:
                    e2:a6:c6:74:0c:fe:ba:36:c7:9c:84:96:71:6d:fc:
                    6e:45:02:3c:da:68:52:79:63:8c:ad:e1:32:34:c8:
                    84:08:ec:fe:39:84:8b:9d:3a:bb:d9:33:31:66:96:
                    d8:ad:11:69:ae:f8:9e:26:61:24:00:6b:ea:2e:b2:
                    73:37:86:f5:7e:18:2d:c8:f5:79:4c:81:65:a2:ed:
                    b1:fc:db:ea:a6:f6:f7:b9:81:70:c1:a6:30:d8:5f:
                    b4:c7:d4:11:82:5d:19:13:a7:b2:ed:47:58:f4:1c:
                    87:e3:18:a7:ab:30:2e:29:3f:9e:02:cc:27:b3:96:
                    5b:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:BC:15:85:8A:79:68:DF:84:1D:B0:5C:02:DE:68:E1:02:33:7F:28
            X509v3 Authority Key Identifier:
                keyid:54:3C:70:18:03:47:25:96:3A:97:1C:96:A8:CA:AB:59:8C:AE:63:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VDxwGANHJZY6lxyWqMqrWYyuY4o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/509d0b-acd1-4958-a3cd-375f2449a8c1/1/O7wVhYp5aN-EHbBcAt5o4QIzfyg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/509d0b-acd1-4958-a3cd-375f2449a8c1/1/VDxwGANHJZY6lxyWqMqrWYyuY4o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:20:d4:2b:1f:38:6e:2a:e8:49:cf:b1:89:21:53:f7:4d:f1:
         9e:29:3e:62:b8:e7:81:80:2f:1f:37:49:57:06:4b:23:a0:c7:
         73:fe:f3:2d:96:2a:fc:29:91:87:ec:7f:9a:8f:0e:f0:39:ad:
         c1:58:de:d7:1f:eb:92:ec:be:c0:26:c1:25:3a:40:19:35:46:
         66:8d:5a:6e:4f:5c:9e:dc:6b:b4:46:72:57:c4:ca:19:d2:47:
         9a:91:63:7b:56:a8:e5:31:8d:bf:24:a6:a9:71:42:a0:d7:24:
         e5:c0:22:9f:94:4d:08:31:53:c6:9a:2c:4b:ea:73:3f:6e:d4:
         89:2b:30:d3:0e:a1:4b:cf:f7:80:d2:1b:cd:46:20:ae:ca:24:
         13:9f:b3:47:62:6f:ae:9f:19:5e:c0:39:dc:6f:d5:bd:f8:0b:
         77:e3:af:3f:f9:73:e2:a4:43:28:b4:ec:03:ee:20:d4:77:a7:
         27:fc:a8:08:78:95:56:39:5a:38:b0:52:ce:ed:cc:56:78:db:
         57:29:e6:55:ab:2c:7f:23:6b:5d:ba:ca:44:13:a1:8b:74:4e:
         bf:7f:63:dd:b7:bf:98:81:a2:0e:39:a7:d9:e9:e9:91:f7:20:
         82:2b:ed:5a:91:cb:21:eb:54:ea:ec:3a:09:6c:7f:fa:3b:8a:
         6b:5d:40:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhskdq8fo9n+YCVy7OvJ9XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0M2M3MDE4MDM0NzI1OTYzYTk3MWM5NmE4Y2FhYjU5OGNh
ZTYzOGEwHhcNMjUwMTAxMTE0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmJjMTU4NThhNzk2OGRmODQxZGIwNWMwMmRlNjhlMTAyMzM3ZjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjmWU741EHWaQOhM7CSgTYpBAMbX
iQe+M6jGjFlRqF3vLqqd7tmKgjodhUnATV3E86ZCqPV0XbGBxg9njyJwWdTaphhn
FFOOSnFPYO0gulV+qHVllnX3HcHP96bTdnc0W0tcIXzN95y45Z+JbJ3S5IosmEX3
xIQ/xHG+e8PEBXKexGc9mXvipsZ0DP66NsechJZxbfxuRQI82mhSeWOMreEyNMiE
COz+OYSLnTq72TMxZpbYrRFprvieJmEkAGvqLrJzN4b1fhgtyPV5TIFlou2x/Nvq
pvb3uYFwwaYw2F+0x9QRgl0ZE6ey7UdY9ByH4xinqzAuKT+eAswns5ZbnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDu8FYWKeWjfhB2wXALeaOECM38oMB8GA1UdIwQY
MBaAFFQ8cBgDRyWWOpcclqjKq1mMrmOKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkR4d0dBTkhKWlk2bHh5V3FNcXJXWXl1WTRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81MDlkMGItYWNkMS00OTU4LWEzY2Qt
Mzc1ZjI0NDlhOGMxLzEvTzd3VmhZcDVhTi1FSGJCY0F0NW80UUl6ZnlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81MDlkMGItYWNkMS00OTU4LWEzY2QtMzc1ZjI0NDlhOGMx
LzEvVkR4d0dBTkhKWlk2bHh5V3FNcXJXWXl1WTRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZtKMA0G
CSqGSIb3DQEBCwUAA4IBAQALINQrHzhuKuhJz7GJIVP3TfGeKT5iuOeBgC8fN0lX
BksjoMdz/vMtlir8KZGH7H+ajw7wOa3BWN7XH+uS7L7AJsElOkAZNUZmjVpuT1ye
3Gu0RnJXxMoZ0keakWN7VqjlMY2/JKapcUKg1yTlwCKflE0IMVPGmixL6nM/btSJ
KzDTDqFLz/eA0hvNRiCuyiQTn7NHYm+unxlewDncb9W9+At3468/+XPipEMotOwD
7iDUd6cn/KgIeJVWOVo4sFLO7cxWeNtXKeZVqyx/I2tduspEE6GLdE6/f2Pdt7+Y
gaIOOafZ6emR9yCCK+1akcsh61Tq7DoJbH/6O4prXUCc
-----END CERTIFICATE-----