Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/14f684-0453-4625-966e-4771d1a4ddf0/1/FQew73I1tcPKd7CADYPf9aukLvo.roa
File:                     FQew73I1tcPKd7CADYPf9aukLvo.roa (raw, json)
Hash identifier:          g9U2vzatyyFjrlVqcqfitSqpzUK3PHVbQsUAROxeHxs=
Subject key identifier:   15:07:B0:EF:72:35:B5:C3:CA:77:B0:80:0D:83:DF:F5:AB:A4:2E:FA
Certificate issuer:       /CN=dc66d8b9d38d5bb19cfa0c4644b45293d1e8b6fa
Certificate serial:       018CC4252E9F92485F25566AAFC8E467FD0E
Authority key identifier: DC:66:D8:B9:D3:8D:5B:B1:9C:FA:0C:46:44:B4:52:93:D1:E8:B6:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3GbYudONW7Gc-gxGRLRSk9Hotvo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/14f684-0453-4625-966e-4771d1a4ddf0/1/FQew73I1tcPKd7CADYPf9aukLvo.roa
Signing time:             Mon 01 Jan 2024 08:30:20 +0000
ROA not before:           Mon 01 Jan 2024 08:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50585
IP address blocks:        194.110.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/14f684-0453-4625-966e-4771d1a4ddf0/1/3GbYudONW7Gc-gxGRLRSk9Hotvo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/14f684-0453-4625-966e-4771d1a4ddf0/1/3GbYudONW7Gc-gxGRLRSk9Hotvo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3GbYudONW7Gc-gxGRLRSk9Hotvo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 10:02:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:2e:9f:92:48:5f:25:56:6a:af:c8:e4:67:fd:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc66d8b9d38d5bb19cfa0c4644b45293d1e8b6fa
        Validity
            Not Before: Jan  1 08:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1507b0ef7235b5c3ca77b0800d83dff5aba42efa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:6c:52:cb:9a:f5:12:c2:24:dd:43:9e:6e:5e:
                    41:19:af:ac:7b:21:3a:a9:97:31:7c:b1:3a:f9:1b:
                    65:a5:c0:61:c0:c7:22:20:11:c1:57:39:51:77:00:
                    2a:3f:35:41:fa:26:2f:9b:a7:32:7b:53:fa:a5:e8:
                    c5:25:63:b7:9b:b6:44:f1:8e:fb:12:9f:f0:3b:17:
                    aa:79:2d:55:67:33:07:7f:7c:d9:56:18:de:98:5f:
                    7a:ef:43:51:d2:5a:39:25:20:f9:3f:ff:ff:a9:3b:
                    0d:c1:73:ee:42:0e:8b:6d:e4:34:06:4f:39:1a:86:
                    ad:b4:0c:4a:01:85:bb:bf:02:1c:77:b1:d2:4f:28:
                    ad:c9:bb:6a:d7:5d:d6:b5:f7:96:62:c9:7b:a2:52:
                    3a:f9:40:99:e0:38:4c:f8:eb:7f:2e:eb:c9:72:7d:
                    12:b8:3f:73:9d:34:ba:d8:f0:c6:b6:bb:ce:c9:77:
                    f4:f6:4e:37:d3:d3:93:d3:69:88:bc:96:60:2f:f1:
                    f6:ba:26:4b:64:a7:29:53:b3:d8:97:b4:f8:62:25:
                    1b:21:f2:77:60:e0:13:69:14:48:76:da:f8:79:63:
                    6d:ad:a8:06:f1:68:30:6e:54:e0:37:29:41:43:d8:
                    ca:85:d0:e3:6f:6a:ca:91:58:38:74:08:dc:2e:a8:
                    65:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:07:B0:EF:72:35:B5:C3:CA:77:B0:80:0D:83:DF:F5:AB:A4:2E:FA
            X509v3 Authority Key Identifier:
                keyid:DC:66:D8:B9:D3:8D:5B:B1:9C:FA:0C:46:44:B4:52:93:D1:E8:B6:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3GbYudONW7Gc-gxGRLRSk9Hotvo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/14f684-0453-4625-966e-4771d1a4ddf0/1/FQew73I1tcPKd7CADYPf9aukLvo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/14f684-0453-4625-966e-4771d1a4ddf0/1/3GbYudONW7Gc-gxGRLRSk9Hotvo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.110.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:de:e4:bf:95:81:f0:ec:17:67:ab:1a:31:8d:0f:66:b0:88:
         4f:8e:bf:ca:6e:4d:af:d9:35:ac:01:6c:68:ad:dd:8d:14:26:
         b0:bb:2f:52:79:54:79:71:9c:59:12:40:da:9b:76:62:34:09:
         3c:02:16:f7:88:14:ea:f3:63:aa:bd:47:f8:a4:70:3e:3a:f4:
         f5:fd:6c:6e:66:fb:b1:5a:c6:29:22:8f:25:95:29:97:23:94:
         6f:8e:79:6f:89:14:c7:9b:e4:00:5c:c8:72:09:3b:32:5e:20:
         e4:8e:8e:76:db:b9:df:61:3e:c9:cd:0b:b4:b1:5d:cc:0a:42:
         53:67:d8:bc:ab:cc:13:b2:f2:d3:56:ed:1d:9d:55:a2:70:d6:
         f1:62:8b:75:1a:ad:4c:9d:1c:32:6c:92:ab:2e:39:34:e1:ff:
         cf:44:60:80:a7:32:50:61:25:b6:37:20:a9:cf:fd:76:9b:91:
         6a:6b:0f:e8:8f:8a:87:f8:1f:eb:f1:97:a0:18:1a:22:51:f0:
         b5:b7:95:ab:7b:f6:34:52:77:88:3c:e6:e4:62:41:72:0d:06:
         92:f9:41:cb:45:0e:f2:30:f0:1e:34:d6:18:d7:0c:d9:9b:a8:
         5e:1a:8d:a8:8c:84:0a:32:6a:62:98:0e:b9:6d:b9:a7:21:61:
         c9:f7:47:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJS6fkkhfJVZqr8jkZ/0OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNjZkOGI5ZDM4ZDViYjE5Y2ZhMGM0NjQ0YjQ1MjkzZDFl
OGI2ZmEwHhcNMjQwMTAxMDgzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTA3YjBlZjcyMzViNWMzY2E3N2IwODAwZDgzZGZmNWFiYTQyZWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAimxSy5r1EsIk3UOebl5BGa+seyE6
qZcxfLE6+RtlpcBhwMciIBHBVzlRdwAqPzVB+iYvm6cye1P6pejFJWO3m7ZE8Y77
Ep/wOxeqeS1VZzMHf3zZVhjemF9670NR0lo5JSD5P///qTsNwXPuQg6LbeQ0Bk85
GoattAxKAYW7vwIcd7HSTyitybtq113WtfeWYsl7olI6+UCZ4DhM+Ot/LuvJcn0S
uD9znTS62PDGtrvOyXf09k4309OT02mIvJZgL/H2uiZLZKcpU7PYl7T4YiUbIfJ3
YOATaRRIdtr4eWNtragG8WgwblTgNylBQ9jKhdDjb2rKkVg4dAjcLqhltwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBUHsO9yNbXDynewgA2D3/WrpC76MB8GA1UdIwQY
MBaAFNxm2LnTjVuxnPoMRkS0UpPR6Lb6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0diWXVkT05XN0djLWd4R1JMUlNrOUhvdHZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC8xNGY2ODQtMDQ1My00NjI1LTk2NmUt
NDc3MWQxYTRkZGYwLzEvRlFldzczSTF0Y1BLZDdDQURZUGY5YXVrTHZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC8xNGY2ODQtMDQ1My00NjI1LTk2NmUtNDc3MWQxYTRkZGYw
LzEvM0diWXVkT05XN0djLWd4R1JMUlNrOUhvdHZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwm6OMA0G
CSqGSIb3DQEBCwUAA4IBAQAf3uS/lYHw7BdnqxoxjQ9msIhPjr/Kbk2v2TWsAWxo
rd2NFCawuy9SeVR5cZxZEkDam3ZiNAk8Ahb3iBTq82OqvUf4pHA+OvT1/WxuZvux
WsYpIo8llSmXI5RvjnlviRTHm+QAXMhyCTsyXiDkjo5227nfYT7JzQu0sV3MCkJT
Z9i8q8wTsvLTVu0dnVWicNbxYot1Gq1MnRwybJKrLjk04f/PRGCApzJQYSW2NyCp
z/12m5Fqaw/oj4qH+B/r8ZegGBoiUfC1t5Wre/Y0UneIPObkYkFyDQaS+UHLRQ7y
MPAeNNYY1wzZm6heGo2ojIQKMmpimA65bbmnIWHJ90cA
-----END CERTIFICATE-----