Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/8e206b-e987-461a-ad00-fbbc76ea96d5/1/gX33RndK-vfUB8vyVKm6SlYQRYQ.roa
File:                     gX33RndK-vfUB8vyVKm6SlYQRYQ.roa (raw, json)
Hash identifier:          zQZdZkQE0fWrtIb5Wrm+JOKQkirwQvGsHtspHPipPJM=
Subject key identifier:   81:7D:F7:46:77:4A:FA:F7:D4:07:CB:F2:54:A9:BA:4A:56:10:45:84
Certificate issuer:       /CN=b3d307a986092cd65fc93419863e03d98944011a
Certificate serial:       018CC425628D13EC1E5656B53AC556356C13
Authority key identifier: B3:D3:07:A9:86:09:2C:D6:5F:C9:34:19:86:3E:03:D9:89:44:01:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s9MHqYYJLNZfyTQZhj4D2YlEARo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/8e206b-e987-461a-ad00-fbbc76ea96d5/1/gX33RndK-vfUB8vyVKm6SlYQRYQ.roa
Signing time:             Mon 01 Jan 2024 08:30:33 +0000
ROA not before:           Mon 01 Jan 2024 08:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48551
IP address blocks:        185.74.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/8e206b-e987-461a-ad00-fbbc76ea96d5/1/s9MHqYYJLNZfyTQZhj4D2YlEARo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/8e206b-e987-461a-ad00-fbbc76ea96d5/1/s9MHqYYJLNZfyTQZhj4D2YlEARo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s9MHqYYJLNZfyTQZhj4D2YlEARo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:62:8d:13:ec:1e:56:56:b5:3a:c5:56:35:6c:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3d307a986092cd65fc93419863e03d98944011a
        Validity
            Not Before: Jan  1 08:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=817df746774afaf7d407cbf254a9ba4a56104584
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:8c:04:0f:19:df:65:03:13:2b:49:3c:84:fe:
                    00:94:53:1e:7f:0d:51:13:40:79:89:e4:4b:9f:7f:
                    88:a9:cd:bc:5f:f4:86:ad:ea:71:5c:d3:61:1d:04:
                    08:4d:b5:f8:ac:53:71:8a:3a:76:d9:b5:12:cc:ba:
                    52:22:bd:d2:77:96:08:0f:f0:fa:15:60:c5:fd:7a:
                    f9:18:eb:9c:dc:73:7b:05:c3:fd:64:1c:86:4c:3b:
                    4f:7e:9b:db:2f:2f:1e:bc:fe:12:86:e3:ea:9e:7d:
                    3f:d6:81:fc:81:dd:31:e9:3b:d7:14:de:13:6c:80:
                    56:f7:a0:9c:e3:48:18:7d:a9:3b:f2:6c:fe:24:3d:
                    2b:04:7a:d7:98:ef:1f:e5:b8:25:06:41:07:91:9b:
                    e6:fb:df:b6:c2:f4:52:c9:18:a3:8f:50:7a:b6:ab:
                    8f:d7:89:12:07:13:f0:71:eb:de:58:ed:a0:1e:d9:
                    31:1f:32:ac:32:eb:20:d8:82:8b:e5:6b:90:e7:fb:
                    9d:57:ed:1b:1b:5c:fd:98:eb:de:11:23:67:57:23:
                    d1:70:1e:7b:17:89:2d:3e:e7:d2:aa:13:3f:23:40:
                    c0:9d:02:8d:f9:8a:c5:76:0d:ca:e3:4a:3e:51:85:
                    f4:a5:80:21:0f:06:7b:fe:2c:93:05:8e:7b:78:d9:
                    88:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:7D:F7:46:77:4A:FA:F7:D4:07:CB:F2:54:A9:BA:4A:56:10:45:84
            X509v3 Authority Key Identifier:
                keyid:B3:D3:07:A9:86:09:2C:D6:5F:C9:34:19:86:3E:03:D9:89:44:01:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s9MHqYYJLNZfyTQZhj4D2YlEARo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/8e206b-e987-461a-ad00-fbbc76ea96d5/1/gX33RndK-vfUB8vyVKm6SlYQRYQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/8e206b-e987-461a-ad00-fbbc76ea96d5/1/s9MHqYYJLNZfyTQZhj4D2YlEARo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.74.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:ce:c9:f7:42:d2:78:17:6b:33:38:3e:3a:e3:4b:b1:27:55:
         c4:f2:70:4e:69:99:b3:e5:44:36:16:97:02:49:51:5e:57:84:
         22:46:2c:98:63:73:a1:44:02:98:8e:f8:0d:5f:9b:ed:b8:31:
         8a:12:a2:2a:46:a1:eb:40:17:45:43:b4:40:8a:c6:5e:8e:8b:
         c7:8f:ef:8a:b2:0c:b1:17:9a:82:55:8a:7b:57:b8:0b:da:cc:
         24:88:d7:84:eb:ad:b7:a8:71:c8:0f:66:12:33:19:5c:1f:d4:
         c4:b9:9b:dd:65:68:04:9f:fb:d5:29:15:58:eb:db:98:df:d4:
         4e:0a:09:7d:2e:a2:3b:d8:44:b8:a2:b9:c1:6d:17:1d:7c:ea:
         cd:db:8a:ce:92:f4:04:e9:fb:fe:b2:3a:02:44:3c:cd:57:31:
         64:e2:14:5d:70:f0:b1:5b:13:0a:0f:23:30:5f:ec:56:d6:76:
         c4:38:3d:30:7e:66:49:32:5b:a3:f3:48:07:2d:b7:aa:fc:4a:
         98:04:cf:f5:84:17:42:31:e0:00:e7:05:7f:9f:e5:21:ea:88:
         aa:8b:0d:ef:02:a5:a4:80:79:ad:4f:22:f5:50:9e:1a:ce:d9:
         e2:de:2f:f8:06:4b:76:ca:ff:86:e6:eb:a8:23:0a:1a:11:64:
         ef:1a:34:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJWKNE+weVla1OsVWNWwTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzZDMwN2E5ODYwOTJjZDY1ZmM5MzQxOTg2M2UwM2Q5ODk0
NDAxMWEwHhcNMjQwMTAxMDgzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTdkZjc0Njc3NGFmYWY3ZDQwN2NiZjI1NGE5YmE0YTU2MTA0NTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyYwEDxnfZQMTK0k8hP4AlFMefw1R
E0B5ieRLn3+Iqc28X/SGrepxXNNhHQQITbX4rFNxijp22bUSzLpSIr3Sd5YID/D6
FWDF/Xr5GOuc3HN7BcP9ZByGTDtPfpvbLy8evP4ShuPqnn0/1oH8gd0x6TvXFN4T
bIBW96Cc40gYfak78mz+JD0rBHrXmO8f5bglBkEHkZvm+9+2wvRSyRijj1B6tquP
14kSBxPwceveWO2gHtkxHzKsMusg2IKL5WuQ5/udV+0bG1z9mOveESNnVyPRcB57
F4ktPufSqhM/I0DAnQKN+YrFdg3K40o+UYX0pYAhDwZ7/iyTBY57eNmI/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIF990Z3Svr31AfL8lSpukpWEEWEMB8GA1UdIwQY
MBaAFLPTB6mGCSzWX8k0GYY+A9mJRAEaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczlNSHFZWUpMTlpmeVRRWmhqNEQyWWxFQVJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC84ZTIwNmItZTk4Ny00NjFhLWFkMDAt
ZmJiYzc2ZWE5NmQ1LzEvZ1gzM1JuZEstdmZVQjh2eVZLbTZTbFlRUllRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC84ZTIwNmItZTk4Ny00NjFhLWFkMDAtZmJiYzc2ZWE5NmQ1
LzEvczlNSHFZWUpMTlpmeVRRWmhqNEQyWWxFQVJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUrdMA0G
CSqGSIb3DQEBCwUAA4IBAQABzsn3QtJ4F2szOD4640uxJ1XE8nBOaZmz5UQ2FpcC
SVFeV4QiRiyYY3OhRAKYjvgNX5vtuDGKEqIqRqHrQBdFQ7RAisZejovHj++Ksgyx
F5qCVYp7V7gL2swkiNeE6623qHHID2YSMxlcH9TEuZvdZWgEn/vVKRVY69uY39RO
Cgl9LqI72ES4ornBbRcdfOrN24rOkvQE6fv+sjoCRDzNVzFk4hRdcPCxWxMKDyMw
X+xW1nbEOD0wfmZJMluj80gHLbeq/EqYBM/1hBdCMeAA5wV/n+Uh6oiqiw3vAqWk
gHmtTyL1UJ4aztni3i/4Bkt2yv+G5uuoIwoaEWTvGjS4
-----END CERTIFICATE-----