Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/319c7b-28c6-49a3-ac1b-fae0e5d2eebf/1/fDhOPpSfrcPSNnAqSm_kw-Oipz8.roa
File:                     fDhOPpSfrcPSNnAqSm_kw-Oipz8.roa (raw, json)
Hash identifier:          0FJDdYSlP5D3eHJ/rPYFzXj5Ca5e/p02UwQc5jCqekY=
Subject key identifier:   7C:38:4E:3E:94:9F:AD:C3:D2:36:70:2A:4A:6F:E4:C3:E3:A2:A7:3F
Certificate issuer:       /CN=e777bc8e3ec250ce85fb90913c2c49051043ebc5
Certificate serial:       018CC8018222B2B2B6B7AB026F9D5C5D525A
Authority key identifier: E7:77:BC:8E:3E:C2:50:CE:85:FB:90:91:3C:2C:49:05:10:43:EB:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/53e8jj7CUM6F-5CRPCxJBRBD68U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/319c7b-28c6-49a3-ac1b-fae0e5d2eebf/1/fDhOPpSfrcPSNnAqSm_kw-Oipz8.roa
Signing time:             Tue 02 Jan 2024 02:29:51 +0000
ROA not before:           Tue 02 Jan 2024 02:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43576
IP address blocks:        185.239.184.0/24 maxlen: 24
                          2a0c:6580::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/319c7b-28c6-49a3-ac1b-fae0e5d2eebf/1/53e8jj7CUM6F-5CRPCxJBRBD68U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/319c7b-28c6-49a3-ac1b-fae0e5d2eebf/1/53e8jj7CUM6F-5CRPCxJBRBD68U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/53e8jj7CUM6F-5CRPCxJBRBD68U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 07:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:82:22:b2:b2:b6:b7:ab:02:6f:9d:5c:5d:52:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e777bc8e3ec250ce85fb90913c2c49051043ebc5
        Validity
            Not Before: Jan  2 02:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c384e3e949fadc3d236702a4a6fe4c3e3a2a73f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b0:cb:98:e4:88:bc:9d:02:b3:67:eb:ac:f6:
                    e4:7a:2b:11:2e:44:73:e5:e3:18:a0:0b:2d:3b:74:
                    4f:44:9a:39:5b:2c:58:52:3f:65:42:7b:83:24:06:
                    26:5d:dd:19:3e:cd:f0:29:9f:12:23:aa:15:0f:30:
                    86:90:df:0c:62:d4:82:66:55:1b:e3:78:5e:24:0a:
                    3e:a1:a7:18:37:fc:db:04:f0:d8:cb:d7:26:cc:8b:
                    72:f5:bd:ec:8c:63:a7:7d:37:48:4b:7f:92:89:76:
                    ab:ae:7c:ee:34:e9:58:41:6d:1d:93:87:07:c2:27:
                    aa:e6:80:5d:67:b5:ff:ac:f7:6a:ca:dd:25:c0:d3:
                    05:21:cd:61:21:62:16:8a:9c:2a:e4:ff:5e:14:f7:
                    da:fd:85:aa:fd:32:db:4f:1a:46:c6:02:98:c5:d1:
                    72:cd:1f:f0:b5:2f:9a:ce:b2:92:e7:a3:8e:92:6d:
                    62:29:16:6b:4e:e4:a1:4c:e5:0d:d8:31:df:e2:71:
                    a7:36:28:b4:a2:95:1c:b0:f3:47:f3:73:5f:02:69:
                    e7:09:82:dc:dc:fe:b0:c6:27:10:ee:d4:8c:df:6b:
                    9a:bd:df:43:c3:2a:72:a7:f4:f9:e5:8b:94:65:39:
                    a6:75:c8:2f:24:38:cf:64:88:c8:78:ca:bc:ea:bf:
                    56:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:38:4E:3E:94:9F:AD:C3:D2:36:70:2A:4A:6F:E4:C3:E3:A2:A7:3F
            X509v3 Authority Key Identifier:
                keyid:E7:77:BC:8E:3E:C2:50:CE:85:FB:90:91:3C:2C:49:05:10:43:EB:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/53e8jj7CUM6F-5CRPCxJBRBD68U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/319c7b-28c6-49a3-ac1b-fae0e5d2eebf/1/fDhOPpSfrcPSNnAqSm_kw-Oipz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/319c7b-28c6-49a3-ac1b-fae0e5d2eebf/1/53e8jj7CUM6F-5CRPCxJBRBD68U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.184.0/24
                IPv6:
                  2a0c:6580::/48

    Signature Algorithm: sha256WithRSAEncryption
         2a:18:8b:0b:6a:4c:db:92:3d:a1:ea:6d:23:93:0f:9a:8f:02:
         ca:30:c7:a7:4a:d3:bf:98:59:1d:e1:ab:9c:b2:d2:e5:41:b8:
         23:33:ec:5f:3b:f3:77:06:e3:b6:99:5b:cf:48:4b:0d:e0:73:
         79:6c:62:96:11:e7:a1:fa:1e:ad:90:3e:96:bf:a0:fa:0f:b2:
         b2:95:49:12:9e:8d:9a:a3:c5:06:a1:10:bd:92:8c:2f:6c:1e:
         99:cb:84:58:7d:f0:50:89:4e:41:6b:af:80:61:9e:64:b6:e4:
         1f:7c:99:bd:80:f1:84:68:82:e9:ea:b1:25:81:ff:00:97:4e:
         ed:80:2e:e6:c9:65:47:63:35:5b:e1:ab:12:9f:f2:71:96:a0:
         62:43:39:f8:80:7e:38:3f:f5:7e:95:69:8d:8f:b5:a8:84:b4:
         20:ad:9e:e9:a5:63:b9:08:66:07:4c:d8:e9:18:66:b4:dc:b8:
         5f:52:0f:ea:2f:10:e4:1b:ca:14:96:37:40:64:07:21:f5:15:
         7b:7f:e6:2c:a1:70:57:ba:bb:1b:97:b0:51:02:34:9c:10:f1:
         3c:2a:c4:3d:82:bb:8a:f0:b6:c6:25:a7:e3:62:76:7c:d9:ce:
         0d:a3:9a:c3:84:e5:2a:9d:1d:1e:99:e3:87:ee:1f:62:f0:60:
         61:9b:33:53
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIAYIisrK2t6sCb51cXVJaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NzdiYzhlM2VjMjUwY2U4NWZiOTA5MTNjMmM0OTA1MTA0
M2ViYzUwHhcNMjQwMTAyMDIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzM4NGUzZTk0OWZhZGMzZDIzNjcwMmE0YTZmZTRjM2UzYTJhNzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbDLmOSIvJ0Cs2frrPbkeisRLkRz
5eMYoAstO3RPRJo5WyxYUj9lQnuDJAYmXd0ZPs3wKZ8SI6oVDzCGkN8MYtSCZlUb
43heJAo+oacYN/zbBPDYy9cmzIty9b3sjGOnfTdIS3+SiXarrnzuNOlYQW0dk4cH
wieq5oBdZ7X/rPdqyt0lwNMFIc1hIWIWipwq5P9eFPfa/YWq/TLbTxpGxgKYxdFy
zR/wtS+azrKS56OOkm1iKRZrTuShTOUN2DHf4nGnNii0opUcsPNH83NfAmnnCYLc
3P6wxicQ7tSM32uavd9Dwypyp/T55YuUZTmmdcgvJDjPZIjIeMq86r9WfQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHw4Tj6Un63D0jZwKkpv5MPjoqc/MB8GA1UdIwQY
MBaAFOd3vI4+wlDOhfuQkTwsSQUQQ+vFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTNlOGpqN0NVTTZGLTVDUlBDeEpCUkJENjhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8zMTljN2ItMjhjNi00OWEzLWFjMWIt
ZmFlMGU1ZDJlZWJmLzEvZkRoT1BwU2ZyY1BTTm5BcVNtX2t3LU9pcHo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8zMTljN2ItMjhjNi00OWEzLWFjMWItZmFlMGU1ZDJlZWJm
LzEvNTNlOGpqN0NVTTZGLTVDUlBDeEpCUkJENjhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAue+4MA8E
AgACMAkDBwAqDGWAAAAwDQYJKoZIhvcNAQELBQADggEBACoYiwtqTNuSPaHqbSOT
D5qPAsowx6dK07+YWR3hq5yy0uVBuCMz7F8783cG47aZW89ISw3gc3lsYpYR56H6
Hq2QPpa/oPoPsrKVSRKejZqjxQahEL2SjC9sHpnLhFh98FCJTkFrr4BhnmS25B98
mb2A8YRogunqsSWB/wCXTu2ALubJZUdjNVvhqxKf8nGWoGJDOfiAfjg/9X6VaY2P
taiEtCCtnumlY7kIZgdM2OkYZrTcuF9SD+ovEOQbyhSWN0BkByH1FXt/5iyhcFe6
uxuXsFECNJwQ8TwqxD2Cu4rwtsYlp+NidnzZzg2jmsOE5SqdHR6Z44fuH2LwYGGb
M1M=
-----END CERTIFICATE-----