Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/h03McZIHS9eXxv6jr5_dfWnm6Wk.roa
File:                     h03McZIHS9eXxv6jr5_dfWnm6Wk.roa (raw, json)
Hash identifier:          fXACTkYcU6Gb8+p12aUetrt8NMcGG03qLUmdiRm/mZU=
Subject key identifier:   87:4D:CC:71:92:07:4B:D7:97:C6:FE:A3:AF:9F:DD:7D:69:E6:E9:69
Certificate issuer:       /CN=ce704858b643266f7c7107721c98f2ba93dd5265
Certificate serial:       018CC6B7D09BE4A9BDF072C578CFCFDF1BC3
Authority key identifier: CE:70:48:58:B6:43:26:6F:7C:71:07:72:1C:98:F2:BA:93:DD:52:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/znBIWLZDJm98cQdyHJjyupPdUmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/h03McZIHS9eXxv6jr5_dfWnm6Wk.roa
Signing time:             Mon 01 Jan 2024 20:29:44 +0000
ROA not before:           Mon 01 Jan 2024 20:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207502
IP address blocks:        185.200.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/znBIWLZDJm98cQdyHJjyupPdUmU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/znBIWLZDJm98cQdyHJjyupPdUmU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/znBIWLZDJm98cQdyHJjyupPdUmU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:d0:9b:e4:a9:bd:f0:72:c5:78:cf:cf:df:1b:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce704858b643266f7c7107721c98f2ba93dd5265
        Validity
            Not Before: Jan  1 20:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=874dcc7192074bd797c6fea3af9fdd7d69e6e969
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:e9:68:22:e0:5d:69:b5:e9:15:bc:05:75:bf:
                    91:0f:c3:c4:0a:50:ea:7f:7d:d9:a5:e7:54:b6:7b:
                    52:f3:63:9f:5a:fe:2a:f5:8d:64:6e:90:34:90:33:
                    4e:3b:61:a3:38:64:f3:c7:4c:ca:d7:33:22:ac:6e:
                    9b:80:19:8e:5a:2a:e6:a1:bd:6b:c7:8b:31:d0:0e:
                    4a:3e:53:cb:39:79:e7:b2:a8:d1:0c:11:08:f5:7d:
                    a5:76:6d:3b:f0:83:ba:7b:c9:20:a5:c8:cb:61:0c:
                    d3:85:67:e9:30:3a:14:e1:71:4a:72:1e:46:7d:87:
                    e0:e3:80:d2:5e:b4:dc:29:8a:bb:3b:1d:87:23:ee:
                    58:e6:fe:89:a6:de:6e:e6:26:4f:0e:b5:12:85:9e:
                    46:6f:45:50:49:67:ab:e6:a5:b5:4e:05:bd:e9:90:
                    6e:e4:ba:69:0e:29:6e:5a:c8:88:dd:f7:c3:83:28:
                    e3:8c:21:f3:ec:23:71:69:20:40:9f:35:35:e8:c3:
                    60:c3:c4:13:2b:eb:68:59:e4:27:fd:e2:62:14:f8:
                    3c:3f:14:53:1a:e1:ec:99:e8:7a:be:ba:ec:c5:a5:
                    e0:ff:3c:ff:ae:fb:7f:ba:89:c3:cb:b7:bf:f2:d0:
                    d6:39:3c:a0:0b:bf:1e:ea:21:f4:5e:43:85:22:6b:
                    ab:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:4D:CC:71:92:07:4B:D7:97:C6:FE:A3:AF:9F:DD:7D:69:E6:E9:69
            X509v3 Authority Key Identifier:
                keyid:CE:70:48:58:B6:43:26:6F:7C:71:07:72:1C:98:F2:BA:93:DD:52:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/znBIWLZDJm98cQdyHJjyupPdUmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/h03McZIHS9eXxv6jr5_dfWnm6Wk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/znBIWLZDJm98cQdyHJjyupPdUmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.200.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:02:f3:d2:26:32:7a:4e:dd:89:c2:38:0d:b4:ca:53:e1:22:
         73:3f:e1:c4:7e:eb:a6:06:c8:4c:78:5d:89:b1:7b:b9:38:3d:
         af:c7:a1:4f:56:a2:d3:94:30:d2:79:e2:fb:51:a3:d5:0f:5a:
         cf:cf:93:80:3a:05:c1:05:80:61:ec:32:f3:1a:67:17:6a:fa:
         9a:29:1f:b3:3c:76:b5:ce:c0:87:5e:09:83:51:23:6d:88:e4:
         79:ac:14:9a:2b:e0:00:ff:3b:bd:26:91:ac:c3:a0:68:ff:04:
         9f:f4:43:2e:aa:ce:03:0e:3c:45:b6:1c:96:29:ad:5b:fb:63:
         b4:62:c7:02:0e:e6:6e:58:ff:d5:89:1e:67:c3:93:33:18:64:
         74:7f:81:3c:4f:9e:da:3a:73:2c:20:2e:31:8a:c1:99:e0:32:
         ee:4a:c9:b6:d5:46:27:34:25:4b:4e:1b:0b:67:12:58:5f:a3:
         9f:19:19:49:83:44:4c:87:ca:89:73:0e:87:77:38:2a:51:ae:
         69:6b:77:e5:12:b9:f6:ce:9d:62:a5:e6:e0:6b:2c:16:53:55:
         ff:72:d0:93:c5:94:a3:72:96:db:b4:db:ad:e1:3c:c9:fb:f2:
         9c:47:82:5b:32:64:8d:0a:d6:9c:cc:09:85:52:53:68:33:f5:
         25:cc:01:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt9Cb5Km98HLFeM/P3xvDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlNzA0ODU4YjY0MzI2NmY3YzcxMDc3MjFjOThmMmJhOTNk
ZDUyNjUwHhcNMjQwMTAxMjAyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzRkY2M3MTkyMDc0YmQ3OTdjNmZlYTNhZjlmZGQ3ZDY5ZTZlOTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi+loIuBdabXpFbwFdb+RD8PEClDq
f33ZpedUtntS82OfWv4q9Y1kbpA0kDNOO2GjOGTzx0zK1zMirG6bgBmOWirmob1r
x4sx0A5KPlPLOXnnsqjRDBEI9X2ldm078IO6e8kgpcjLYQzThWfpMDoU4XFKch5G
fYfg44DSXrTcKYq7Ox2HI+5Y5v6Jpt5u5iZPDrUShZ5Gb0VQSWer5qW1TgW96ZBu
5LppDiluWsiI3ffDgyjjjCHz7CNxaSBAnzU16MNgw8QTK+toWeQn/eJiFPg8PxRT
GuHsmeh6vrrsxaXg/zz/rvt/uonDy7e/8tDWOTygC78e6iH0XkOFImuroQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIdNzHGSB0vXl8b+o6+f3X1p5ulpMB8GA1UdIwQY
MBaAFM5wSFi2QyZvfHEHchyY8rqT3VJlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvem5CSVdMWkRKbTk4Y1FkeUhKanl1cFBkVW1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC8wMjdhYWUtNDkyMi00MmE5LWE0Yzkt
MzhmODBkNjk2MWVjLzEvaDAzTWNaSUhTOWVYeHY2anI1X2RmV25tNldrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC8wMjdhYWUtNDkyMi00MmE5LWE0YzktMzhmODBkNjk2MWVj
LzEvem5CSVdMWkRKbTk4Y1FkeUhKanl1cFBkVW1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucgOMA0G
CSqGSIb3DQEBCwUAA4IBAQAUAvPSJjJ6Tt2JwjgNtMpT4SJzP+HEfuumBshMeF2J
sXu5OD2vx6FPVqLTlDDSeeL7UaPVD1rPz5OAOgXBBYBh7DLzGmcXavqaKR+zPHa1
zsCHXgmDUSNtiOR5rBSaK+AA/zu9JpGsw6Bo/wSf9EMuqs4DDjxFthyWKa1b+2O0
YscCDuZuWP/ViR5nw5MzGGR0f4E8T57aOnMsIC4xisGZ4DLuSsm21UYnNCVLThsL
ZxJYX6OfGRlJg0RMh8qJcw6HdzgqUa5pa3flErn2zp1ipebgaywWU1X/ctCTxZSj
cpbbtNut4TzJ+/KcR4JbMmSNCtaczAmFUlNoM/UlzAHw
-----END CERTIFICATE-----