Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b3449b-27cb-40d1-b7aa-ca78ef5826ca/1/K-BOLRLXc3oanZNjqjbC-_eHxcA.roa
File:                     K-BOLRLXc3oanZNjqjbC-_eHxcA.roa (raw, json)
Hash identifier:          lzDvAtQgJsi8f1NIK0t0NHYJNBa+Jio6zPqCt+rkgTQ=
Subject key identifier:   2B:E0:4E:2D:12:D7:73:7A:1A:9D:93:63:AA:36:C2:FB:F7:87:C5:C0
Certificate issuer:       /CN=1c242f2e945c6a72ee28f8c80e80d488433e37a3
Certificate serial:       018CC6B79E99B42FF3424026E09271DE8900
Authority key identifier: 1C:24:2F:2E:94:5C:6A:72:EE:28:F8:C8:0E:80:D4:88:43:3E:37:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HCQvLpRcanLuKPjIDoDUiEM-N6M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b3449b-27cb-40d1-b7aa-ca78ef5826ca/1/K-BOLRLXc3oanZNjqjbC-_eHxcA.roa
Signing time:             Mon 01 Jan 2024 20:29:31 +0000
ROA not before:           Mon 01 Jan 2024 20:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207024
IP address blocks:        195.14.104.0/24 maxlen: 24
                          2a12:b1c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b3449b-27cb-40d1-b7aa-ca78ef5826ca/1/HCQvLpRcanLuKPjIDoDUiEM-N6M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b3449b-27cb-40d1-b7aa-ca78ef5826ca/1/HCQvLpRcanLuKPjIDoDUiEM-N6M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HCQvLpRcanLuKPjIDoDUiEM-N6M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 16:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:9e:99:b4:2f:f3:42:40:26:e0:92:71:de:89:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c242f2e945c6a72ee28f8c80e80d488433e37a3
        Validity
            Not Before: Jan  1 20:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2be04e2d12d7737a1a9d9363aa36c2fbf787c5c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:09:1e:ba:ee:d2:38:70:a4:7b:15:af:63:f1:
                    5c:01:31:89:26:9b:c7:ec:cd:3f:ca:98:40:41:e0:
                    ab:da:d4:52:85:62:f7:ad:69:85:7c:e5:98:6c:83:
                    87:e6:1d:35:e0:b5:57:2a:0c:03:27:b5:74:ad:74:
                    12:7f:a7:08:53:7d:02:82:71:a6:65:33:54:0b:bb:
                    ca:d5:9a:eb:57:51:e2:42:39:29:93:c2:07:d3:38:
                    d1:9f:57:54:95:fd:49:a2:9e:35:8b:e1:76:6f:66:
                    a0:f3:57:19:0c:74:14:a6:95:e6:c4:6a:6d:14:b6:
                    56:51:25:a9:8c:9d:a1:ab:44:06:72:47:e1:f0:0d:
                    63:3b:c2:39:5b:17:c1:83:f1:67:3e:4c:4f:67:73:
                    e5:a6:d1:b4:e2:5b:84:bb:7a:90:34:89:ac:11:a6:
                    55:6f:22:f6:1b:68:36:d6:26:cc:c9:6f:6a:66:75:
                    fd:1d:23:12:77:83:eb:b8:96:bc:f5:f8:02:ef:cd:
                    1f:eb:d5:24:6d:ad:e9:a2:a9:dc:b7:1c:0d:54:e5:
                    b9:48:75:ce:7f:04:ab:26:28:a2:76:0e:b0:9c:59:
                    b8:97:e6:c8:30:11:4a:dc:75:67:ae:9c:78:8c:81:
                    bc:31:fc:72:fb:21:0a:00:e4:c1:e9:a6:74:e9:28:
                    2a:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:E0:4E:2D:12:D7:73:7A:1A:9D:93:63:AA:36:C2:FB:F7:87:C5:C0
            X509v3 Authority Key Identifier:
                keyid:1C:24:2F:2E:94:5C:6A:72:EE:28:F8:C8:0E:80:D4:88:43:3E:37:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HCQvLpRcanLuKPjIDoDUiEM-N6M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b3449b-27cb-40d1-b7aa-ca78ef5826ca/1/K-BOLRLXc3oanZNjqjbC-_eHxcA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b3449b-27cb-40d1-b7aa-ca78ef5826ca/1/HCQvLpRcanLuKPjIDoDUiEM-N6M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.14.104.0/24
                IPv6:
                  2a12:b1c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         08:ff:fc:19:8a:36:7d:0a:fe:08:ab:1a:1b:a2:77:b0:26:2a:
         ab:a8:bc:77:f1:3a:bb:ce:e5:73:68:3f:07:20:b1:cf:d0:88:
         f6:2b:60:b8:86:f4:45:ca:4a:fc:fe:34:db:bc:f2:38:45:e4:
         3c:aa:4a:1e:cf:a3:73:80:dd:01:82:32:78:8a:47:a1:b1:fb:
         37:01:93:76:f2:3e:dd:54:82:d1:fb:1e:03:ee:54:de:a7:c4:
         4f:9c:75:c9:d0:2c:0c:aa:e4:3f:a9:d7:08:be:21:fc:46:35:
         3e:4a:ff:64:a3:f3:24:b1:b1:54:54:46:cd:ec:d4:cf:b9:42:
         c0:67:11:d0:ac:f6:f5:a4:6c:3c:bb:ee:fe:a9:ce:e8:46:06:
         6b:50:2a:61:6b:28:8b:9f:74:81:ea:ff:b3:e1:90:d3:a4:0f:
         25:da:04:f2:41:9f:a5:09:d7:2a:8c:bd:5a:1b:62:65:45:d4:
         99:98:64:82:11:63:ac:ef:7e:f0:c2:55:d7:3b:b8:14:6a:b8:
         55:f6:8e:21:c2:96:1f:d8:51:41:08:ff:68:b1:28:87:0f:46:
         3c:3b:41:59:e9:74:5e:f0:d1:86:96:f7:a5:2d:32:fd:4b:18:
         7d:d4:d8:f8:68:fc:03:83:bf:dc:84:10:06:88:eb:c7:b3:f5:
         9d:cd:8c:87
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGt56ZtC/zQkAm4JJx3okAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMjQyZjJlOTQ1YzZhNzJlZTI4ZjhjODBlODBkNDg4NDMz
ZTM3YTMwHhcNMjQwMTAxMjAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmUwNGUyZDEyZDc3MzdhMWE5ZDkzNjNhYTM2YzJmYmY3ODdjNWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQkeuu7SOHCkexWvY/FcATGJJpvH
7M0/yphAQeCr2tRShWL3rWmFfOWYbIOH5h014LVXKgwDJ7V0rXQSf6cIU30CgnGm
ZTNUC7vK1ZrrV1HiQjkpk8IH0zjRn1dUlf1Jop41i+F2b2ag81cZDHQUppXmxGpt
FLZWUSWpjJ2hq0QGckfh8A1jO8I5WxfBg/FnPkxPZ3PlptG04luEu3qQNImsEaZV
byL2G2g21ibMyW9qZnX9HSMSd4PruJa89fgC780f69Ukba3poqnctxwNVOW5SHXO
fwSrJiiidg6wnFm4l+bIMBFK3HVnrpx4jIG8Mfxy+yEKAOTB6aZ06SgqMwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCvgTi0S13N6Gp2TY6o2wvv3h8XAMB8GA1UdIwQY
MBaAFBwkLy6UXGpy7ij4yA6A1IhDPjejMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSENRdkxwUmNhbkx1S1BqSURvRFVpRU0tTjZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMzQ0OWItMjdjYi00MGQxLWI3YWEt
Y2E3OGVmNTgyNmNhLzEvSy1CT0xSTFhjM29hblpOanFqYkMtX2VIeGNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMzQ0OWItMjdjYi00MGQxLWI3YWEtY2E3OGVmNTgyNmNh
LzEvSENRdkxwUmNhbkx1S1BqSURvRFVpRU0tTjZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAww5oMA0E
AgACMAcDBQMqErHAMA0GCSqGSIb3DQEBCwUAA4IBAQAI//wZijZ9Cv4Iqxobonew
JiqrqLx38Tq7zuVzaD8HILHP0Ij2K2C4hvRFykr8/jTbvPI4ReQ8qkoez6NzgN0B
gjJ4ikehsfs3AZN28j7dVILR+x4D7lTep8RPnHXJ0CwMquQ/qdcIviH8RjU+Sv9k
o/MksbFUVEbN7NTPuULAZxHQrPb1pGw8u+7+qc7oRgZrUCphayiLn3SB6v+z4ZDT
pA8l2gTyQZ+lCdcqjL1aG2JlRdSZmGSCEWOs737wwlXXO7gUarhV9o4hwpYf2FFB
CP9osSiHD0Y8O0FZ6XRe8NGGlvelLTL9Sxh91Nj4aPwDg7/chBAGiOvHs/WdzYyH
-----END CERTIFICATE-----