Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/O5ik6yXyEQdURNrL03XAll-nH5A.roa
File:                     O5ik6yXyEQdURNrL03XAll-nH5A.roa (raw, json)
Hash identifier:          Cyl7clr0FKMgp/AxEBoolgK/QK3C6Q1Vj3IUeNOc+tw=
Subject key identifier:   3B:98:A4:EB:25:F2:11:07:54:44:DA:CB:D3:75:C0:96:5F:A7:1F:90
Certificate issuer:       /CN=352f8919e6bc1ef5663489018fc875be34c0f24c
Certificate serial:       018FDAE84BBCBB1D790B66D6D23B877BE393
Authority key identifier: 35:2F:89:19:E6:BC:1E:F5:66:34:89:01:8F:C8:75:BE:34:C0:F2:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NS-JGea8HvVmNIkBj8h1vjTA8kw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/O5ik6yXyEQdURNrL03XAll-nH5A.roa
Signing time:             Sun 02 Jun 2024 21:43:27 +0000
ROA not before:           Sun 02 Jun 2024 21:43:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.74.54.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/NS-JGea8HvVmNIkBj8h1vjTA8kw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/NS-JGea8HvVmNIkBj8h1vjTA8kw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NS-JGea8HvVmNIkBj8h1vjTA8kw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:da:e8:4b:bc:bb:1d:79:0b:66:d6:d2:3b:87:7b:e3:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=352f8919e6bc1ef5663489018fc875be34c0f24c
        Validity
            Not Before: Jun  2 21:43:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b98a4eb25f211075444dacbd375c0965fa71f90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:08:d7:6d:e0:37:75:57:02:d8:eb:4c:d6:48:
                    78:cc:b1:87:4f:11:16:2b:36:86:f5:6b:58:76:e0:
                    62:82:59:9a:33:2d:e1:95:6f:9d:81:04:1a:96:08:
                    20:b0:c3:2e:af:cc:b9:10:5f:62:1a:a8:75:b8:e1:
                    10:c0:fa:21:63:23:cd:2c:07:0b:f4:59:71:1f:f2:
                    e1:cf:c9:9a:1b:c9:4a:43:54:d2:e3:10:63:02:9c:
                    ff:de:9b:bb:db:e4:85:a6:03:03:ef:24:b5:79:92:
                    7d:6b:51:d4:a0:3d:69:ae:9a:d3:50:6d:bc:71:41:
                    9a:b3:aa:36:bb:31:8d:cc:03:46:10:ed:5f:d3:39:
                    b5:5c:1d:ea:46:af:4f:c9:07:8a:32:41:67:90:d1:
                    df:4b:76:9e:0e:62:73:58:1d:58:f3:38:6d:8c:97:
                    ce:38:27:23:4f:f6:48:e6:1f:5e:fe:f7:49:52:81:
                    5c:9d:ae:2f:a0:77:50:b8:bd:68:4c:e5:01:36:1d:
                    2e:ea:b1:a3:cf:56:e9:e2:6e:2a:94:27:fe:e3:ce:
                    d6:83:72:43:ea:cb:01:e3:72:5b:c8:30:38:b1:d9:
                    d6:7a:27:f2:12:02:9c:5b:1f:0c:52:1c:dd:bf:ac:
                    ac:4f:69:67:59:2b:dc:53:15:b1:30:e8:d2:17:08:
                    b4:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:98:A4:EB:25:F2:11:07:54:44:DA:CB:D3:75:C0:96:5F:A7:1F:90
            X509v3 Authority Key Identifier:
                keyid:35:2F:89:19:E6:BC:1E:F5:66:34:89:01:8F:C8:75:BE:34:C0:F2:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NS-JGea8HvVmNIkBj8h1vjTA8kw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/O5ik6yXyEQdURNrL03XAll-nH5A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/NS-JGea8HvVmNIkBj8h1vjTA8kw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.74.54.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2d:0b:8c:1e:70:c6:d7:27:bd:81:2d:94:3b:25:41:a8:cf:45:
         6b:60:43:e0:a9:a8:cf:6f:91:0d:db:d4:42:e5:e2:df:a3:44:
         be:fb:27:1b:02:f1:88:5d:76:eb:e0:48:93:fe:f1:21:08:a9:
         e4:19:9e:33:2d:da:60:1c:1a:71:3a:ec:2a:c8:70:46:07:86:
         99:e4:6b:fa:cf:3b:dc:97:a3:ea:83:8b:9f:d5:02:71:f8:c7:
         6a:fc:c2:91:b3:24:38:1e:a6:02:ee:07:da:a2:0b:6e:eb:f7:
         dc:13:db:71:de:17:e6:50:01:64:1b:ff:a2:06:77:28:fe:6f:
         fa:7a:b9:7c:e4:45:e4:31:76:0d:89:7b:f3:2c:fc:2e:6b:ea:
         dc:56:ed:d2:90:eb:29:6b:49:8b:43:23:3e:76:85:42:33:a6:
         f0:98:ef:5d:67:c7:84:44:33:d3:b0:81:5c:82:f1:3a:52:a7:
         1e:34:4b:2e:95:a0:fc:13:cf:f7:c5:09:f6:a0:dc:6f:9e:b5:
         dd:74:b8:71:9d:36:4a:d3:9f:95:33:39:24:ab:f2:f9:0b:6a:
         19:a0:95:f1:f3:5f:8f:65:bd:d3:eb:98:cb:98:33:0d:73:59:
         8e:02:13:8f:d5:9e:50:cf:bf:95:f9:56:c4:be:5a:a1:14:2c:
         78:36:e4:91
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/a6Eu8ux15C2bW0juHe+OTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MmY4OTE5ZTZiYzFlZjU2NjM0ODkwMThmYzg3NWJlMzRj
MGYyNGMwHhcNMjQwNjAyMjE0MzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjk4YTRlYjI1ZjIxMTA3NTQ0NGRhY2JkMzc1YzA5NjVmYTcxZjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwjXbeA3dVcC2OtM1kh4zLGHTxEW
KzaG9WtYduBiglmaMy3hlW+dgQQalgggsMMur8y5EF9iGqh1uOEQwPohYyPNLAcL
9FlxH/Lhz8maG8lKQ1TS4xBjApz/3pu72+SFpgMD7yS1eZJ9a1HUoD1prprTUG28
cUGas6o2uzGNzANGEO1f0zm1XB3qRq9PyQeKMkFnkNHfS3aeDmJzWB1Y8zhtjJfO
OCcjT/ZI5h9e/vdJUoFcna4voHdQuL1oTOUBNh0u6rGjz1bp4m4qlCf+487Wg3JD
6ssB43JbyDA4sdnWeifyEgKcWx8MUhzdv6ysT2lnWSvcUxWxMOjSFwi0OwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDuYpOsl8hEHVETay9N1wJZfpx+QMB8GA1UdIwQY
MBaAFDUviRnmvB71ZjSJAY/Idb40wPJMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlMtSkdlYThIdlZtTklrQmo4aDF2alRBOGt3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9jZjk0M2QtYzkyMS00ZWY3LTlhYTAt
ZTNmY2IyM2UzNDM4LzEvTzVpazZ5WHlFUWRVUk5yTDAzWEFsbC1uSDVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9jZjk0M2QtYzkyMS00ZWY3LTlhYTAtZTNmY2IyM2UzNDM4
LzEvTlMtSkdlYThIdlZtTklrQmo4aDF2alRBOGt3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuUo2MA0G
CSqGSIb3DQEBCwUAA4IBAQAtC4wecMbXJ72BLZQ7JUGoz0VrYEPgqajPb5EN29RC
5eLfo0S++ycbAvGIXXbr4EiT/vEhCKnkGZ4zLdpgHBpxOuwqyHBGB4aZ5Gv6zzvc
l6Pqg4uf1QJx+Mdq/MKRsyQ4HqYC7gfaogtu6/fcE9tx3hfmUAFkG/+iBnco/m/6
erl85EXkMXYNiXvzLPwua+rcVu3SkOspa0mLQyM+doVCM6bwmO9dZ8eERDPTsIFc
gvE6UqceNEsulaD8E8/3xQn2oNxvnrXddLhxnTZK05+VMzkkq/L5C2oZoJXx81+P
Zb3T65jLmDMNc1mOAhOP1Z5Qz7+V+VbEvlqhFCx4NuSR
-----END CERTIFICATE-----