Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/r6sYDk21lKaf89Gf72fjSMqcya4.roa
File:                     r6sYDk21lKaf89Gf72fjSMqcya4.roa (raw, json)
Hash identifier:          Iqm3JRU6264pdYTo3Eq0Ot+DAxe5dYQkDFK47h6cBww=
Subject key identifier:   AF:AB:18:0E:4D:B5:94:A6:9F:F3:D1:9F:EF:67:E3:48:CA:9C:C9:AE
Certificate issuer:       /CN=352f8919e6bc1ef5663489018fc875be34c0f24c
Certificate serial:       018FDAE84B392E7CBAF0451335CBFA73047D
Authority key identifier: 35:2F:89:19:E6:BC:1E:F5:66:34:89:01:8F:C8:75:BE:34:C0:F2:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NS-JGea8HvVmNIkBj8h1vjTA8kw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/r6sYDk21lKaf89Gf72fjSMqcya4.roa
Signing time:             Sun 02 Jun 2024 21:43:27 +0000
ROA not before:           Sun 02 Jun 2024 21:43:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.74.54.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/NS-JGea8HvVmNIkBj8h1vjTA8kw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/NS-JGea8HvVmNIkBj8h1vjTA8kw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NS-JGea8HvVmNIkBj8h1vjTA8kw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:da:e8:4b:39:2e:7c:ba:f0:45:13:35:cb:fa:73:04:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=352f8919e6bc1ef5663489018fc875be34c0f24c
        Validity
            Not Before: Jun  2 21:43:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=afab180e4db594a69ff3d19fef67e348ca9cc9ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:48:0d:6e:27:f6:5e:55:db:b3:29:c6:95:96:
                    a2:22:83:22:92:79:fe:fb:20:1a:80:e1:b2:67:ab:
                    a5:fe:76:de:d9:c8:b4:7b:0a:85:65:01:d1:5f:3c:
                    d8:cd:97:d1:d3:11:47:eb:f4:d9:58:88:f0:5f:e6:
                    51:c8:3b:fa:e9:f4:95:56:19:a7:f8:ce:bb:19:b2:
                    0b:2d:60:01:ad:c9:b0:2c:36:ba:f3:94:36:19:f8:
                    56:6b:26:9a:b2:fb:da:bb:50:df:e5:1e:96:67:fa:
                    db:28:f8:0e:ba:e3:2b:0b:71:16:97:79:9a:c1:69:
                    70:af:a7:3c:57:a7:33:6c:68:df:70:9e:f5:f3:58:
                    61:83:01:54:2a:59:d0:a7:ec:f1:3d:8b:84:12:e0:
                    a7:af:84:82:cb:bd:5b:6b:73:dc:37:6a:e6:de:4c:
                    41:b8:bd:fd:21:fa:01:69:31:7f:bb:1c:a3:89:ab:
                    d0:3f:bd:ab:da:30:c3:7c:72:7c:b7:de:b8:8d:9c:
                    4d:ee:57:70:39:9a:1b:6d:6e:b6:7f:a8:e8:d7:4a:
                    d9:07:7a:7e:bb:e9:f0:0f:59:79:a4:57:d0:e1:2d:
                    85:72:4b:56:02:1d:84:ba:8a:77:c0:61:80:cb:2f:
                    fd:9d:17:36:f5:34:1a:ba:2f:7c:7c:60:12:3a:b9:
                    28:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:AB:18:0E:4D:B5:94:A6:9F:F3:D1:9F:EF:67:E3:48:CA:9C:C9:AE
            X509v3 Authority Key Identifier:
                keyid:35:2F:89:19:E6:BC:1E:F5:66:34:89:01:8F:C8:75:BE:34:C0:F2:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NS-JGea8HvVmNIkBj8h1vjTA8kw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/r6sYDk21lKaf89Gf72fjSMqcya4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/NS-JGea8HvVmNIkBj8h1vjTA8kw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.74.54.0/23

    Signature Algorithm: sha256WithRSAEncryption
         01:a7:9b:b9:84:6d:9b:fe:6b:d8:3d:a7:ee:ab:65:98:40:38:
         1d:d0:7d:8a:85:bf:cf:4a:f6:43:30:9f:28:5c:f9:11:14:79:
         c2:e5:66:ed:3b:75:93:cf:1e:7e:c4:8e:9a:c0:36:88:ef:b2:
         2b:80:08:16:e1:33:33:ac:6c:ed:48:f9:12:00:ca:a7:ec:e8:
         7b:f7:24:ed:de:0a:d9:bb:53:c1:1e:b3:b2:71:1a:0b:86:c9:
         9c:aa:18:d1:9e:0e:ce:19:1d:f1:b6:cd:a5:99:13:54:48:10:
         40:84:54:ec:a7:41:f9:15:6a:3b:4a:e7:3f:c6:28:81:04:3e:
         f8:58:82:b3:08:d8:39:95:c6:e0:d1:16:4b:5f:68:04:74:80:
         84:d2:ed:cb:db:23:61:91:d0:86:89:3e:b8:e7:58:fb:20:50:
         41:c2:57:d5:dc:47:09:cd:22:dd:36:80:9d:8b:df:47:f7:fa:
         bb:9d:9a:b3:84:59:5b:9a:2f:c2:11:52:2e:02:4a:2d:01:b2:
         8c:b3:4a:81:18:fb:03:95:82:02:df:1b:43:16:6f:5b:7a:f2:
         d7:ed:46:e3:47:60:6c:ae:21:4f:74:ae:a4:42:a1:3b:d5:fa:
         e8:d8:77:9b:f5:f0:80:59:d7:69:eb:0a:e2:0e:ba:16:48:c8:
         38:d8:b1:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/a6Es5Lny68EUTNcv6cwR9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MmY4OTE5ZTZiYzFlZjU2NjM0ODkwMThmYzg3NWJlMzRj
MGYyNGMwHhcNMjQwNjAyMjE0MzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmFiMTgwZTRkYjU5NGE2OWZmM2QxOWZlZjY3ZTM0OGNhOWNjOWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkgNbif2XlXbsynGlZaiIoMiknn+
+yAagOGyZ6ul/nbe2ci0ewqFZQHRXzzYzZfR0xFH6/TZWIjwX+ZRyDv66fSVVhmn
+M67GbILLWABrcmwLDa685Q2GfhWayaasvvau1Df5R6WZ/rbKPgOuuMrC3EWl3ma
wWlwr6c8V6czbGjfcJ7181hhgwFUKlnQp+zxPYuEEuCnr4SCy71ba3PcN2rm3kxB
uL39IfoBaTF/uxyjiavQP72r2jDDfHJ8t964jZxN7ldwOZobbW62f6jo10rZB3p+
u+nwD1l5pFfQ4S2FcktWAh2Euop3wGGAyy/9nRc29TQaui98fGASOrkoNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK+rGA5NtZSmn/PRn+9n40jKnMmuMB8GA1UdIwQY
MBaAFDUviRnmvB71ZjSJAY/Idb40wPJMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlMtSkdlYThIdlZtTklrQmo4aDF2alRBOGt3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9jZjk0M2QtYzkyMS00ZWY3LTlhYTAt
ZTNmY2IyM2UzNDM4LzEvcjZzWURrMjFsS2FmODlHZjcyZmpTTXFjeWE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9jZjk0M2QtYzkyMS00ZWY3LTlhYTAtZTNmY2IyM2UzNDM4
LzEvTlMtSkdlYThIdlZtTklrQmo4aDF2alRBOGt3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuUo2MA0G
CSqGSIb3DQEBCwUAA4IBAQABp5u5hG2b/mvYPafuq2WYQDgd0H2Khb/PSvZDMJ8o
XPkRFHnC5WbtO3WTzx5+xI6awDaI77IrgAgW4TMzrGztSPkSAMqn7Oh79yTt3grZ
u1PBHrOycRoLhsmcqhjRng7OGR3xts2lmRNUSBBAhFTsp0H5FWo7Suc/xiiBBD74
WIKzCNg5lcbg0RZLX2gEdICE0u3L2yNhkdCGiT6451j7IFBBwlfV3EcJzSLdNoCd
i99H9/q7nZqzhFlbmi/CEVIuAkotAbKMs0qBGPsDlYIC3xtDFm9bevLX7UbjR2Bs
riFPdK6kQqE71fro2Heb9fCAWddp6wriDroWSMg42LHa
-----END CERTIFICATE-----