Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/LfROe2I71eG6M7Z-gNeANYWPFpE.roa
File:                     LfROe2I71eG6M7Z-gNeANYWPFpE.roa (raw, json)
Hash identifier:          jYCJfZL3yCQ4hYWioDRR7adhtNmlY65zHqG2PPbV/Qo=
Subject key identifier:   2D:F4:4E:7B:62:3B:D5:E1:BA:33:B6:7E:80:D7:80:35:85:8F:16:91
Certificate issuer:       /CN=352f8919e6bc1ef5663489018fc875be34c0f24c
Certificate serial:       01941F8C53FFBC0C6DDC2CAF80A44110D219
Authority key identifier: 35:2F:89:19:E6:BC:1E:F5:66:34:89:01:8F:C8:75:BE:34:C0:F2:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NS-JGea8HvVmNIkBj8h1vjTA8kw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/LfROe2I71eG6M7Z-gNeANYWPFpE.roa
Signing time:             Wed 01 Jan 2025 01:47:57 +0000
ROA not before:           Wed 01 Jan 2025 01:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        185.74.54.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/NS-JGea8HvVmNIkBj8h1vjTA8kw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/NS-JGea8HvVmNIkBj8h1vjTA8kw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NS-JGea8HvVmNIkBj8h1vjTA8kw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 04:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:53:ff:bc:0c:6d:dc:2c:af:80:a4:41:10:d2:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=352f8919e6bc1ef5663489018fc875be34c0f24c
        Validity
            Not Before: Jan  1 01:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2df44e7b623bd5e1ba33b67e80d78035858f1691
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:46:f2:ad:8f:23:82:07:98:3d:55:3d:a9:3e:
                    c3:2f:81:3c:1f:b2:f4:20:95:6f:2b:ea:2c:29:c2:
                    8d:67:f5:82:36:dd:64:8f:46:3b:f2:87:a5:7d:32:
                    ca:bf:9b:c9:53:c3:21:93:39:95:0f:cf:5f:e9:ac:
                    9a:30:d8:dc:83:94:ec:e6:1f:26:1e:1d:0d:71:4b:
                    38:a2:50:87:50:01:82:3e:0c:08:9d:af:78:49:06:
                    e9:b7:4f:97:bb:55:f8:7b:10:61:50:9b:c3:8a:cc:
                    f2:fe:81:4d:5e:c8:9e:df:23:e6:42:1f:dc:71:bb:
                    13:da:b1:86:90:7e:96:ad:09:99:f4:b2:e3:77:32:
                    98:9d:43:f4:21:51:be:91:44:f0:fc:ec:5e:e7:d1:
                    36:b1:dd:ee:3a:e7:df:14:3f:b9:fd:c2:38:b5:b3:
                    b1:80:20:ea:b9:33:18:41:38:1d:90:c9:7d:f3:b5:
                    1f:86:00:da:f3:46:46:e0:35:a1:e4:03:44:0e:14:
                    05:b2:9e:86:93:a6:0d:45:a5:a6:18:1d:9b:9a:e8:
                    31:88:70:6d:1b:84:79:7e:53:4a:e6:a8:39:49:90:
                    dd:dd:f7:a8:83:34:2c:69:d7:f9:75:91:a3:99:57:
                    18:25:82:d3:41:b8:0b:cf:62:bc:2f:ea:77:70:5b:
                    dd:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:F4:4E:7B:62:3B:D5:E1:BA:33:B6:7E:80:D7:80:35:85:8F:16:91
            X509v3 Authority Key Identifier:
                keyid:35:2F:89:19:E6:BC:1E:F5:66:34:89:01:8F:C8:75:BE:34:C0:F2:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NS-JGea8HvVmNIkBj8h1vjTA8kw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/LfROe2I71eG6M7Z-gNeANYWPFpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/NS-JGea8HvVmNIkBj8h1vjTA8kw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.74.54.0/23

    Signature Algorithm: sha256WithRSAEncryption
         86:9d:78:64:23:55:42:85:7b:f9:94:88:2e:53:23:bc:9c:67:
         c3:2a:65:b3:8b:b3:eb:7c:7d:ad:e3:37:f8:00:64:bf:e8:ef:
         6d:f9:01:fe:2d:17:15:e1:1e:d7:9d:ba:98:ce:5b:21:66:5a:
         79:f2:5a:c1:c6:93:6e:dc:8a:40:58:6f:00:fd:b0:f0:61:0b:
         a0:04:f6:1d:5d:fd:4f:e4:e4:4b:77:78:2d:08:18:be:df:9b:
         b3:06:e9:78:1e:a4:65:74:8b:94:14:7a:3a:5f:c9:5e:17:11:
         cc:a4:95:8b:03:b6:43:66:83:11:87:ea:1b:ef:ad:ef:69:48:
         ac:54:f7:80:13:24:a5:5f:b9:20:81:08:1d:43:09:0f:0a:f1:
         1c:35:7d:0e:35:a6:99:47:e1:83:81:c9:ae:34:8a:8e:50:11:
         a1:c9:89:a0:7f:a7:73:bb:b0:a5:d2:c1:e5:1c:16:32:c4:91:
         9b:8a:cb:e3:f7:da:fd:ee:18:a3:60:f2:ee:91:57:34:9d:62:
         77:13:c8:26:43:c5:57:33:3f:e3:9a:f1:15:62:89:1f:fe:8e:
         d2:bd:3b:14:f4:4f:9c:a1:94:a6:25:9f:56:6e:eb:6d:02:39:
         f6:37:2c:47:ce:15:c2:2f:19:ca:38:48:aa:8c:08:06:6e:bd:
         a5:fc:c9:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjFP/vAxt3CyvgKRBENIZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MmY4OTE5ZTZiYzFlZjU2NjM0ODkwMThmYzg3NWJlMzRj
MGYyNGMwHhcNMjUwMTAxMDE0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGY0NGU3YjYyM2JkNWUxYmEzM2I2N2U4MGQ3ODAzNTg1OGYxNjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsEbyrY8jggeYPVU9qT7DL4E8H7L0
IJVvK+osKcKNZ/WCNt1kj0Y78oelfTLKv5vJU8MhkzmVD89f6ayaMNjcg5Ts5h8m
Hh0NcUs4olCHUAGCPgwIna94SQbpt0+Xu1X4exBhUJvDiszy/oFNXsie3yPmQh/c
cbsT2rGGkH6WrQmZ9LLjdzKYnUP0IVG+kUTw/Oxe59E2sd3uOuffFD+5/cI4tbOx
gCDquTMYQTgdkMl987UfhgDa80ZG4DWh5ANEDhQFsp6Gk6YNRaWmGB2bmugxiHBt
G4R5flNK5qg5SZDd3feogzQsadf5dZGjmVcYJYLTQbgLz2K8L+p3cFvdZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC30TntiO9XhujO2foDXgDWFjxaRMB8GA1UdIwQY
MBaAFDUviRnmvB71ZjSJAY/Idb40wPJMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlMtSkdlYThIdlZtTklrQmo4aDF2alRBOGt3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9jZjk0M2QtYzkyMS00ZWY3LTlhYTAt
ZTNmY2IyM2UzNDM4LzEvTGZST2UySTcxZUc2TTdaLWdOZUFOWVdQRnBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9jZjk0M2QtYzkyMS00ZWY3LTlhYTAtZTNmY2IyM2UzNDM4
LzEvTlMtSkdlYThIdlZtTklrQmo4aDF2alRBOGt3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuUo2MA0G
CSqGSIb3DQEBCwUAA4IBAQCGnXhkI1VChXv5lIguUyO8nGfDKmWzi7PrfH2t4zf4
AGS/6O9t+QH+LRcV4R7XnbqYzlshZlp58lrBxpNu3IpAWG8A/bDwYQugBPYdXf1P
5ORLd3gtCBi+35uzBul4HqRldIuUFHo6X8leFxHMpJWLA7ZDZoMRh+ob763vaUis
VPeAEySlX7kggQgdQwkPCvEcNX0ONaaZR+GDgcmuNIqOUBGhyYmgf6dzu7Cl0sHl
HBYyxJGbisvj99r97hijYPLukVc0nWJ3E8gmQ8VXMz/jmvEVYokf/o7SvTsU9E+c
oZSmJZ9WbuttAjn2NyxHzhXCLxnKOEiqjAgGbr2l/Mky
-----END CERTIFICATE-----