Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/5b0342-5e52-4c56-81b3-dc0dc5d5141f/1/u-3w4zWbtbkXWMPP-wYP0nuSnzo.roa
File:                     u-3w4zWbtbkXWMPP-wYP0nuSnzo.roa (raw, json)
Hash identifier:          ooyc3ovl8cBIlDlO7a2zmIn/z0KixaSB4l7wcKfWpCw=
Subject key identifier:   BB:ED:F0:E3:35:9B:B5:B9:17:58:C3:CF:FB:06:0F:D2:7B:92:9F:3A
Certificate issuer:       /CN=6f86c9f7cd173bbcd1db61e0f1b4ebe05c1b9ca1
Certificate serial:       018CC2DADB37DEF49420F1DBAF18E8FF404C
Authority key identifier: 6F:86:C9:F7:CD:17:3B:BC:D1:DB:61:E0:F1:B4:EB:E0:5C:1B:9C:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4bJ980XO7zR22Hg8bTr4FwbnKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/5b0342-5e52-4c56-81b3-dc0dc5d5141f/1/u-3w4zWbtbkXWMPP-wYP0nuSnzo.roa
Signing time:             Mon 01 Jan 2024 02:29:31 +0000
ROA not before:           Mon 01 Jan 2024 02:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64482
IP address blocks:        185.189.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/5b0342-5e52-4c56-81b3-dc0dc5d5141f/1/b4bJ980XO7zR22Hg8bTr4FwbnKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/5b0342-5e52-4c56-81b3-dc0dc5d5141f/1/b4bJ980XO7zR22Hg8bTr4FwbnKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4bJ980XO7zR22Hg8bTr4FwbnKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:03:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:db:37:de:f4:94:20:f1:db:af:18:e8:ff:40:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f86c9f7cd173bbcd1db61e0f1b4ebe05c1b9ca1
        Validity
            Not Before: Jan  1 02:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bbedf0e3359bb5b91758c3cffb060fd27b929f3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:0e:de:17:91:02:07:23:ce:70:e6:e6:b9:27:
                    96:91:c5:0d:22:a3:da:96:b2:3e:71:a1:65:48:af:
                    d6:54:51:75:3e:1e:d3:f7:9d:c5:29:bb:51:2c:a9:
                    a4:29:20:56:26:a5:1a:48:77:88:21:f5:9f:83:b5:
                    2e:9b:7b:7f:e3:e6:6c:b2:02:cc:4e:1f:46:7d:51:
                    8d:5e:ca:d8:df:9f:5c:d8:61:7f:09:0b:fb:99:ae:
                    56:fa:96:ff:82:52:1a:42:2b:74:fc:76:11:7a:f4:
                    6f:9b:9d:1e:88:c9:d5:c2:15:23:af:68:de:84:23:
                    51:e7:2a:eb:db:e8:e6:8f:f3:03:25:a8:0b:21:51:
                    3a:50:fd:7f:72:e6:49:be:8f:5f:ce:30:25:d8:e2:
                    4b:90:44:43:29:7b:38:0f:c3:6f:0e:d0:88:d6:66:
                    95:ed:87:ac:1c:f8:a9:3e:d7:9d:25:9d:f8:d2:d6:
                    fc:0b:d4:0b:96:72:06:7e:5b:50:c2:72:a8:e5:17:
                    e7:84:ba:38:52:5f:9e:75:d2:af:cc:ec:4e:d9:97:
                    f9:d9:fa:9a:01:7f:19:03:c7:5c:7e:c8:d6:07:b7:
                    ad:5e:f5:b1:46:f1:4e:b7:76:2e:30:79:47:2f:67:
                    44:ab:dc:0e:6f:0f:96:b4:2e:f4:35:6f:05:a7:5c:
                    4c:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:ED:F0:E3:35:9B:B5:B9:17:58:C3:CF:FB:06:0F:D2:7B:92:9F:3A
            X509v3 Authority Key Identifier:
                keyid:6F:86:C9:F7:CD:17:3B:BC:D1:DB:61:E0:F1:B4:EB:E0:5C:1B:9C:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4bJ980XO7zR22Hg8bTr4FwbnKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/5b0342-5e52-4c56-81b3-dc0dc5d5141f/1/u-3w4zWbtbkXWMPP-wYP0nuSnzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/5b0342-5e52-4c56-81b3-dc0dc5d5141f/1/b4bJ980XO7zR22Hg8bTr4FwbnKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.189.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:df:8a:d2:2a:c8:d6:bf:f0:62:30:0c:bb:0b:a7:25:5a:8e:
         87:ee:a3:45:24:69:16:5f:08:ac:b7:7c:29:6e:e8:18:f7:c5:
         e3:ea:58:9b:34:8d:92:ea:b4:29:b3:46:f2:30:ab:5a:1e:93:
         be:86:84:ad:9f:c3:4c:69:90:bd:fd:72:b7:ec:23:c4:33:23:
         0c:50:cd:ff:06:5c:94:92:f0:bf:b0:40:11:c5:5e:44:c4:74:
         47:36:d5:55:89:6b:bf:86:90:9b:c1:e1:18:52:e4:31:54:92:
         c9:a5:17:9d:15:6b:2b:2d:33:76:4d:69:7a:d2:1c:0a:03:c3:
         ac:02:af:ed:32:86:a3:5a:f8:70:b1:28:0d:67:ae:3f:19:89:
         10:01:cd:d5:40:fd:96:b8:a9:bb:90:6a:54:60:aa:d7:ed:24:
         78:a6:64:b7:a6:98:04:db:7d:bf:4c:62:f2:88:e9:2a:cf:2f:
         ca:8b:21:28:0b:51:51:5e:fb:3d:b2:01:72:e6:94:c6:5f:a4:
         b5:47:f1:52:bb:54:b5:04:ef:b8:ca:29:c3:4b:ed:36:2b:11:
         f4:08:5a:4f:bf:06:a2:1b:34:23:24:bb:dc:1d:6e:c9:56:23:
         a7:07:1c:02:2e:22:29:4d:1d:83:73:aa:0e:06:fa:02:4f:1b:
         5c:4c:d2:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2ts33vSUIPHbrxjo/0BMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODZjOWY3Y2QxNzNiYmNkMWRiNjFlMGYxYjRlYmUwNWMx
YjljYTEwHhcNMjQwMTAxMDIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmVkZjBlMzM1OWJiNWI5MTc1OGMzY2ZmYjA2MGZkMjdiOTI5ZjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2w7eF5ECByPOcObmuSeWkcUNIqPa
lrI+caFlSK/WVFF1Ph7T953FKbtRLKmkKSBWJqUaSHeIIfWfg7Uum3t/4+ZssgLM
Th9GfVGNXsrY359c2GF/CQv7ma5W+pb/glIaQit0/HYRevRvm50eiMnVwhUjr2je
hCNR5yrr2+jmj/MDJagLIVE6UP1/cuZJvo9fzjAl2OJLkERDKXs4D8NvDtCI1maV
7YesHPipPtedJZ340tb8C9QLlnIGfltQwnKo5RfnhLo4Ul+eddKvzOxO2Zf52fqa
AX8ZA8dcfsjWB7etXvWxRvFOt3YuMHlHL2dEq9wObw+WtC70NW8Fp1xMdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLvt8OM1m7W5F1jDz/sGD9J7kp86MB8GA1UdIwQY
MBaAFG+GyffNFzu80dth4PG06+BcG5yhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRiSjk4MFhPN3pSMjJIZzhiVHI0RndibktFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC81YjAzNDItNWU1Mi00YzU2LTgxYjMt
ZGMwZGM1ZDUxNDFmLzEvdS0zdzR6V2J0YmtYV01QUC13WVAwbnVTbnpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC81YjAzNDItNWU1Mi00YzU2LTgxYjMtZGMwZGM1ZDUxNDFm
LzEvYjRiSjk4MFhPN3pSMjJIZzhiVHI0RndibktFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAub1KMA0G
CSqGSIb3DQEBCwUAA4IBAQAy34rSKsjWv/BiMAy7C6clWo6H7qNFJGkWXwist3wp
bugY98Xj6libNI2S6rQps0byMKtaHpO+hoStn8NMaZC9/XK37CPEMyMMUM3/BlyU
kvC/sEARxV5ExHRHNtVViWu/hpCbweEYUuQxVJLJpRedFWsrLTN2TWl60hwKA8Os
Aq/tMoajWvhwsSgNZ64/GYkQAc3VQP2WuKm7kGpUYKrX7SR4pmS3ppgE232/TGLy
iOkqzy/KiyEoC1FRXvs9sgFy5pTGX6S1R/FSu1S1BO+4yinDS+02KxH0CFpPvwai
GzQjJLvcHW7JViOnBxwCLiIpTR2Dc6oOBvoCTxtcTNJW
-----END CERTIFICATE-----