Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/306adb-7aa7-4b82-b05a-2a6b9a0ccabd/1/73tdHyT9nfniQxf43yegCOxjXw8.roa
File:                     73tdHyT9nfniQxf43yegCOxjXw8.roa (raw, json)
Hash identifier:          ha3F1FcuD9hQXZrtex+NbL6uWx8G/5Ry2SBhRonGKaE=
Subject key identifier:   EF:7B:5D:1F:24:FD:9D:F9:E2:43:17:F8:DF:27:A0:08:EC:63:5F:0F
Certificate issuer:       /CN=8c856557c4146a8b50dc4d94424b06680cef755b
Certificate serial:       018CC26D46925D2B04DC7705FB8CBDE37AAC
Authority key identifier: 8C:85:65:57:C4:14:6A:8B:50:DC:4D:94:42:4B:06:68:0C:EF:75:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jIVlV8QUaotQ3E2UQksGaAzvdVs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/306adb-7aa7-4b82-b05a-2a6b9a0ccabd/1/73tdHyT9nfniQxf43yegCOxjXw8.roa
Signing time:             Mon 01 Jan 2024 00:29:50 +0000
ROA not before:           Mon 01 Jan 2024 00:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20679
IP address blocks:        185.75.31.0/24 maxlen: 24
                          2001:678:418::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/306adb-7aa7-4b82-b05a-2a6b9a0ccabd/1/jIVlV8QUaotQ3E2UQksGaAzvdVs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/306adb-7aa7-4b82-b05a-2a6b9a0ccabd/1/jIVlV8QUaotQ3E2UQksGaAzvdVs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jIVlV8QUaotQ3E2UQksGaAzvdVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:46:92:5d:2b:04:dc:77:05:fb:8c:bd:e3:7a:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c856557c4146a8b50dc4d94424b06680cef755b
        Validity
            Not Before: Jan  1 00:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef7b5d1f24fd9df9e24317f8df27a008ec635f0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:78:13:ae:a8:2b:c0:22:08:0a:28:ac:b9:da:
                    90:b8:cc:85:43:18:bf:59:83:92:20:ba:06:bd:89:
                    31:ad:a3:7d:75:2d:df:fb:75:cb:79:e4:72:c7:b6:
                    b1:e2:7f:ae:ae:e3:8d:38:18:df:da:4b:cf:99:2c:
                    ec:a7:a5:55:19:32:56:ad:f9:75:86:f8:17:3c:db:
                    28:65:b8:79:ef:f5:56:44:ed:3e:8d:86:6a:99:b9:
                    16:6f:ce:26:72:ff:9d:29:fa:4d:e2:2f:c3:8c:0d:
                    19:67:df:af:6e:1a:3a:c9:05:9a:8b:ba:66:9e:e8:
                    bd:46:e1:ad:dc:30:a9:f0:da:70:d8:8f:55:8f:6d:
                    4f:83:33:b7:c3:e6:7f:29:f4:8d:fa:45:36:40:26:
                    b2:6c:44:79:c6:e1:42:69:59:e8:70:1d:29:9e:ee:
                    dd:e3:a2:5b:7f:d6:38:4e:95:58:a4:b6:7b:cc:96:
                    61:a5:dc:cd:0b:12:f4:ba:7d:da:31:31:16:fc:f5:
                    42:cc:8b:19:52:13:de:a7:e7:b6:dd:61:b4:24:ed:
                    45:1c:06:7a:31:18:0f:29:78:4e:e6:a9:e6:1c:16:
                    a1:cc:39:4e:d3:c6:5d:44:ab:7a:c2:56:94:9a:e4:
                    79:a8:9c:72:d2:ca:b1:58:30:1b:e1:7f:81:37:d0:
                    ed:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:7B:5D:1F:24:FD:9D:F9:E2:43:17:F8:DF:27:A0:08:EC:63:5F:0F
            X509v3 Authority Key Identifier:
                keyid:8C:85:65:57:C4:14:6A:8B:50:DC:4D:94:42:4B:06:68:0C:EF:75:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jIVlV8QUaotQ3E2UQksGaAzvdVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/306adb-7aa7-4b82-b05a-2a6b9a0ccabd/1/73tdHyT9nfniQxf43yegCOxjXw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/306adb-7aa7-4b82-b05a-2a6b9a0ccabd/1/jIVlV8QUaotQ3E2UQksGaAzvdVs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.31.0/24
                IPv6:
                  2001:678:418::/48

    Signature Algorithm: sha256WithRSAEncryption
         33:66:f2:38:e6:a3:1f:76:a9:f9:5f:19:ba:f5:c6:2a:e6:6a:
         21:f2:21:a4:28:4d:b4:04:57:80:cf:48:75:91:61:14:5a:bb:
         ec:e2:02:e0:b2:df:9a:27:9f:2e:93:20:59:8d:77:dd:31:44:
         57:8b:48:74:a4:e9:d3:37:ba:95:36:59:5b:79:b8:ad:5c:a5:
         60:16:b5:62:f2:98:f6:30:7d:40:4c:e9:3a:10:07:63:c3:13:
         28:2b:93:18:73:64:e6:5b:e2:d2:55:bd:f7:82:cd:50:ef:b3:
         ab:83:ea:b7:89:41:9f:56:6f:5c:9a:62:ae:e2:de:a3:e1:b3:
         20:50:28:95:05:d2:25:08:41:19:fa:38:ee:e3:f1:44:ff:86:
         17:a8:1f:28:26:27:2d:58:58:22:54:63:c3:77:d8:33:3d:ad:
         b3:44:30:29:ed:7d:a1:dd:5e:c1:b9:11:ae:bd:62:c8:73:8a:
         92:08:bc:e3:b8:cb:cc:f1:6d:93:35:7d:f8:42:bc:67:08:01:
         75:e4:5e:c0:15:f9:a3:0c:da:fc:e7:5d:e9:f7:51:fe:94:50:
         cc:76:da:da:e8:ea:90:7c:89:14:44:f7:72:22:6f:2c:f9:a3:
         01:a6:b0:7e:ae:d9:9d:94:aa:f9:4e:4f:a4:3d:22:3c:e6:c2:
         e1:27:88:5a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzCbUaSXSsE3HcF+4y943qsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjODU2NTU3YzQxNDZhOGI1MGRjNGQ5NDQyNGIwNjY4MGNl
Zjc1NWIwHhcNMjQwMTAxMDAyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjdiNWQxZjI0ZmQ5ZGY5ZTI0MzE3ZjhkZjI3YTAwOGVjNjM1ZjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj3gTrqgrwCIICiisudqQuMyFQxi/
WYOSILoGvYkxraN9dS3f+3XLeeRyx7ax4n+uruONOBjf2kvPmSzsp6VVGTJWrfl1
hvgXPNsoZbh57/VWRO0+jYZqmbkWb84mcv+dKfpN4i/DjA0ZZ9+vbho6yQWai7pm
nui9RuGt3DCp8Npw2I9Vj21PgzO3w+Z/KfSN+kU2QCaybER5xuFCaVnocB0pnu7d
46Jbf9Y4TpVYpLZ7zJZhpdzNCxL0un3aMTEW/PVCzIsZUhPep+e23WG0JO1FHAZ6
MRgPKXhO5qnmHBahzDlO08ZdRKt6wlaUmuR5qJxy0sqxWDAb4X+BN9DtuQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFO97XR8k/Z354kMX+N8noAjsY18PMB8GA1UdIwQY
MBaAFIyFZVfEFGqLUNxNlEJLBmgM73VbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaklWbFY4UVVhb3RRM0UyVVFrc0dhQXp2ZFZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC8zMDZhZGItN2FhNy00YjgyLWIwNWEt
MmE2YjlhMGNjYWJkLzEvNzN0ZEh5VDluZm5pUXhmNDN5ZWdDT3hqWHc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC8zMDZhZGItN2FhNy00YjgyLWIwNWEtMmE2YjlhMGNjYWJk
LzEvaklWbFY4UVVhb3RRM0UyVVFrc0dhQXp2ZFZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuUsfMA8E
AgACMAkDBwAgAQZ4BBgwDQYJKoZIhvcNAQELBQADggEBADNm8jjmox92qflfGbr1
xirmaiHyIaQoTbQEV4DPSHWRYRRau+ziAuCy35onny6TIFmNd90xRFeLSHSk6dM3
upU2WVt5uK1cpWAWtWLymPYwfUBM6ToQB2PDEygrkxhzZOZb4tJVvfeCzVDvs6uD
6reJQZ9Wb1yaYq7i3qPhsyBQKJUF0iUIQRn6OO7j8UT/hheoHygmJy1YWCJUY8N3
2DM9rbNEMCntfaHdXsG5Ea69YshzipIIvOO4y8zxbZM1ffhCvGcIAXXkXsAV+aMM
2vznXen3Uf6UUMx22tro6pB8iRRE93Iibyz5owGmsH6u2Z2UqvlOT6Q9IjzmwuEn
iFo=
-----END CERTIFICATE-----