Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/624f64-0a4a-4d25-afce-0f39c4b3431d/1/L_6YBDXl9nkxw-60R6-PEtpreP4.roa
File:                     L_6YBDXl9nkxw-60R6-PEtpreP4.roa (raw, json)
Hash identifier:          +jVobK/MzFpbPamL3+eUoG/O7EaNRX+OsV/7jDe95pk=
Subject key identifier:   2F:FE:98:04:35:E5:F6:79:31:C3:EE:B4:47:AF:8F:12:DA:6B:78:FE
Certificate issuer:       /CN=864f301e590b83eaa38fc121b6609ff6fe52b868
Certificate serial:       018CC348BFE020E5CA4B667A18AA06C70955
Authority key identifier: 86:4F:30:1E:59:0B:83:EA:A3:8F:C1:21:B6:60:9F:F6:FE:52:B8:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hk8wHlkLg-qjj8EhtmCf9v5SuGg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/624f64-0a4a-4d25-afce-0f39c4b3431d/1/L_6YBDXl9nkxw-60R6-PEtpreP4.roa
Signing time:             Mon 01 Jan 2024 04:29:34 +0000
ROA not before:           Mon 01 Jan 2024 04:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41978
IP address blocks:        194.35.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/624f64-0a4a-4d25-afce-0f39c4b3431d/1/hk8wHlkLg-qjj8EhtmCf9v5SuGg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/624f64-0a4a-4d25-afce-0f39c4b3431d/1/hk8wHlkLg-qjj8EhtmCf9v5SuGg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hk8wHlkLg-qjj8EhtmCf9v5SuGg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:bf:e0:20:e5:ca:4b:66:7a:18:aa:06:c7:09:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=864f301e590b83eaa38fc121b6609ff6fe52b868
        Validity
            Not Before: Jan  1 04:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ffe980435e5f67931c3eeb447af8f12da6b78fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:e3:cf:ae:63:f9:33:d2:18:7c:a5:6f:34:c1:
                    e8:63:b7:df:c5:06:f8:ce:00:5e:00:a8:4a:5a:dc:
                    8c:c3:f4:f0:a3:ef:bd:b8:2a:b9:cf:fd:63:d9:ed:
                    28:4e:70:0b:b7:78:ab:c4:86:c5:71:11:66:f2:c0:
                    90:e1:df:52:1e:a5:41:63:0f:a3:be:d2:86:62:35:
                    dd:fa:08:f5:c8:72:40:69:85:97:ca:09:47:d2:26:
                    90:9d:77:53:0f:09:04:65:78:a8:5b:ed:64:1e:d5:
                    e6:6a:f2:5e:1c:43:ea:bf:a3:7a:bf:14:91:3b:5b:
                    26:ec:42:73:80:4c:8d:4f:e5:06:ce:e0:49:be:e0:
                    2f:f7:6b:9b:34:7a:f3:0c:a9:ac:b2:8e:1a:1d:51:
                    28:30:f5:de:ae:b6:5c:cd:9a:43:c3:8f:5e:bb:2d:
                    80:c7:92:1c:dc:36:d5:b5:5c:1f:b9:49:ee:3c:a3:
                    05:74:a2:bd:c7:ea:b4:8f:6b:b5:af:a2:c3:9b:c1:
                    52:fd:1e:28:7a:c8:72:a8:92:c1:b9:75:dd:7a:05:
                    22:83:44:e5:70:96:2f:a7:c8:a3:6a:3a:0d:83:9c:
                    1a:7e:4a:5d:be:2c:26:eb:f4:a1:ba:6b:9c:6e:d0:
                    26:e4:bd:29:aa:8f:29:60:1e:8d:17:1e:34:38:91:
                    84:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:FE:98:04:35:E5:F6:79:31:C3:EE:B4:47:AF:8F:12:DA:6B:78:FE
            X509v3 Authority Key Identifier:
                keyid:86:4F:30:1E:59:0B:83:EA:A3:8F:C1:21:B6:60:9F:F6:FE:52:B8:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hk8wHlkLg-qjj8EhtmCf9v5SuGg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/624f64-0a4a-4d25-afce-0f39c4b3431d/1/L_6YBDXl9nkxw-60R6-PEtpreP4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/624f64-0a4a-4d25-afce-0f39c4b3431d/1/hk8wHlkLg-qjj8EhtmCf9v5SuGg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.35.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:6b:7a:1e:de:3e:2a:ff:12:bb:a3:8f:29:c4:5c:f2:e8:00:
         ab:a5:bd:41:a3:7e:d8:24:39:3f:59:bd:54:03:f5:71:dd:61:
         04:e9:89:f5:58:80:a3:b8:77:c0:e1:81:97:59:58:e3:a1:5f:
         78:34:6c:e5:79:94:ae:35:f4:a6:25:80:74:4c:79:0d:00:01:
         ad:54:5c:3a:cf:b6:2e:e3:7c:8c:30:b4:d5:22:a9:68:22:87:
         18:46:b7:ee:b0:bd:04:63:b9:5c:c7:d8:7b:05:2d:8a:e7:a5:
         78:ac:ce:25:39:1c:b5:d8:82:ae:6f:e8:c6:bf:d8:b1:89:c8:
         18:cd:bf:91:fa:38:e8:fa:43:5c:6a:69:88:d5:f7:1e:c5:50:
         32:71:d7:40:62:74:80:57:3e:25:18:6c:63:60:fb:61:4c:20:
         3f:d9:80:9e:96:de:d5:15:f4:a8:eb:d1:e1:ad:28:12:4b:64:
         df:6d:13:06:7a:f1:dd:9f:7f:4d:0b:8d:86:7e:5b:b5:2d:97:
         a1:96:18:04:03:37:ad:df:80:da:63:5c:c4:b3:bb:ed:dc:66:
         21:d9:d7:df:39:73:5e:6d:b0:dd:60:19:49:37:ce:fa:31:02:
         a9:95:ae:26:34:45:df:30:30:0e:75:cf:de:f5:75:c8:ac:12:
         1d:a8:f5:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSL/gIOXKS2Z6GKoGxwlVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2NGYzMDFlNTkwYjgzZWFhMzhmYzEyMWI2NjA5ZmY2ZmU1
MmI4NjgwHhcNMjQwMTAxMDQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmZlOTgwNDM1ZTVmNjc5MzFjM2VlYjQ0N2FmOGYxMmRhNmI3OGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ePPrmP5M9IYfKVvNMHoY7ffxQb4
zgBeAKhKWtyMw/Two++9uCq5z/1j2e0oTnALt3irxIbFcRFm8sCQ4d9SHqVBYw+j
vtKGYjXd+gj1yHJAaYWXyglH0iaQnXdTDwkEZXioW+1kHtXmavJeHEPqv6N6vxSR
O1sm7EJzgEyNT+UGzuBJvuAv92ubNHrzDKmsso4aHVEoMPXerrZczZpDw49euy2A
x5Ic3DbVtVwfuUnuPKMFdKK9x+q0j2u1r6LDm8FS/R4oeshyqJLBuXXdegUig0Tl
cJYvp8ijajoNg5wafkpdviwm6/ShumucbtAm5L0pqo8pYB6NFx40OJGEYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC/+mAQ15fZ5McPutEevjxLaa3j+MB8GA1UdIwQY
MBaAFIZPMB5ZC4Pqo4/BIbZgn/b+UrhoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGs4d0hsa0xnLXFqajhFaHRtQ2Y5djVTdUdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi82MjRmNjQtMGE0YS00ZDI1LWFmY2Ut
MGYzOWM0YjM0MzFkLzEvTF82WUJEWGw5bmt4dy02MFI2LVBFdHByZVA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi82MjRmNjQtMGE0YS00ZDI1LWFmY2UtMGYzOWM0YjM0MzFk
LzEvaGs4d0hsa0xnLXFqajhFaHRtQ2Y5djVTdUdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiNKMA0G
CSqGSIb3DQEBCwUAA4IBAQAXa3oe3j4q/xK7o48pxFzy6ACrpb1Bo37YJDk/Wb1U
A/Vx3WEE6Yn1WICjuHfA4YGXWVjjoV94NGzleZSuNfSmJYB0THkNAAGtVFw6z7Yu
43yMMLTVIqloIocYRrfusL0EY7lcx9h7BS2K56V4rM4lORy12IKub+jGv9ixicgY
zb+R+jjo+kNcammI1fcexVAycddAYnSAVz4lGGxjYPthTCA/2YCelt7VFfSo69Hh
rSgSS2TfbRMGevHdn39NC42Gflu1LZehlhgEAzet34DaY1zEs7vt3GYh2dffOXNe
bbDdYBlJN876MQKpla4mNEXfMDAOdc/e9XXIrBIdqPVw
-----END CERTIFICATE-----