Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/8075a0-0c5e-4c78-bdb1-d16898016cfe/1/yiTZNpl9pxXaw98tk2zFFR9owyM.roa
File:                     yiTZNpl9pxXaw98tk2zFFR9owyM.roa (raw, json)
Hash identifier:          xgCH194MyGZhrMtmGLMR+rD37f4CoWckUuZSIXVCdVE=
Subject key identifier:   CA:24:D9:36:99:7D:A7:15:DA:C3:DF:2D:93:6C:C5:15:1F:68:C3:23
Certificate issuer:       /CN=f1d2ba8a2a96a07b5b64caf873290e2078d964a6
Certificate serial:       018DAD4B60646EF2EED4101C8A0446B2C8B6
Authority key identifier: F1:D2:BA:8A:2A:96:A0:7B:5B:64:CA:F8:73:29:0E:20:78:D9:64:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dK6iiqWoHtbZMr4cykOIHjZZKY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/8075a0-0c5e-4c78-bdb1-d16898016cfe/1/yiTZNpl9pxXaw98tk2zFFR9owyM.roa
Signing time:             Thu 15 Feb 2024 15:03:34 +0000
ROA not before:           Thu 15 Feb 2024 15:03:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50629
IP address blocks:        193.105.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/8075a0-0c5e-4c78-bdb1-d16898016cfe/1/8dK6iiqWoHtbZMr4cykOIHjZZKY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/8075a0-0c5e-4c78-bdb1-d16898016cfe/1/8dK6iiqWoHtbZMr4cykOIHjZZKY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dK6iiqWoHtbZMr4cykOIHjZZKY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ad:4b:60:64:6e:f2:ee:d4:10:1c:8a:04:46:b2:c8:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d2ba8a2a96a07b5b64caf873290e2078d964a6
        Validity
            Not Before: Feb 15 15:03:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca24d936997da715dac3df2d936cc5151f68c323
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c7:b8:27:8d:19:5d:ff:85:5b:81:5a:74:de:
                    18:79:b8:ba:b5:05:8b:9a:89:52:3a:7b:aa:87:bc:
                    7e:d7:8c:56:be:e1:84:b3:ac:5b:ee:26:36:b0:bb:
                    1d:40:9e:15:0f:85:78:3d:3b:d9:fa:6b:53:7c:9e:
                    48:50:99:df:14:18:4a:e5:a7:09:3f:be:82:51:f0:
                    83:20:51:22:c6:6d:2e:03:d3:a9:33:c4:fe:b3:c0:
                    bf:2a:fd:e8:a5:13:2e:f4:d0:12:87:d5:2b:92:91:
                    62:b1:97:73:65:31:a2:eb:e6:c9:ca:5c:60:a5:7c:
                    f4:df:60:67:8d:11:41:6c:4d:1d:f0:31:6e:ca:51:
                    67:96:74:f4:42:b6:40:91:d3:ed:aa:9e:b6:ef:f0:
                    df:15:16:25:b7:aa:73:58:74:35:5a:82:d8:f3:cc:
                    79:7b:b3:04:33:ef:8b:cb:e7:da:d5:dc:8d:05:e8:
                    c1:7c:a9:e5:0d:6c:c0:18:f6:c4:bf:05:ec:db:c1:
                    1a:06:f8:0c:7b:84:45:35:b2:3d:e2:89:6d:4a:d2:
                    f4:76:0e:01:f5:56:b4:d9:74:1e:89:ba:4b:50:14:
                    3c:0f:f6:ab:5f:c2:b4:9a:e9:be:cb:f9:de:e9:eb:
                    df:88:32:69:60:3b:4e:16:f7:89:2a:ea:97:46:02:
                    81:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:24:D9:36:99:7D:A7:15:DA:C3:DF:2D:93:6C:C5:15:1F:68:C3:23
            X509v3 Authority Key Identifier:
                keyid:F1:D2:BA:8A:2A:96:A0:7B:5B:64:CA:F8:73:29:0E:20:78:D9:64:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dK6iiqWoHtbZMr4cykOIHjZZKY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/8075a0-0c5e-4c78-bdb1-d16898016cfe/1/yiTZNpl9pxXaw98tk2zFFR9owyM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/8075a0-0c5e-4c78-bdb1-d16898016cfe/1/8dK6iiqWoHtbZMr4cykOIHjZZKY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:8b:2d:19:96:be:69:0b:ca:2f:d6:bc:b5:94:c3:4e:d2:57:
         c8:2e:7a:13:a3:17:98:d4:d8:18:73:6f:72:1e:17:87:85:94:
         95:01:b7:8c:41:22:68:41:ef:9d:11:e5:60:aa:c1:bc:54:5b:
         c9:8a:74:6f:df:31:06:60:9c:86:29:be:1c:7c:af:06:55:0b:
         d8:06:ca:8f:8c:1f:ed:ac:c2:14:a9:fa:08:9a:38:72:69:a1:
         0e:86:6d:7b:2b:b1:5e:8a:56:0e:62:c2:9a:21:52:7f:b7:48:
         c8:a3:d0:7d:7b:3d:95:97:98:4c:fe:54:a2:85:2c:65:0a:5c:
         f0:01:f4:52:a9:76:5e:16:fe:df:b7:2a:04:c2:34:6e:1b:4f:
         bb:7c:8e:e1:77:f2:c0:56:d9:ad:52:f2:8f:12:be:05:cf:64:
         a5:f2:17:a7:37:15:5a:7e:a6:97:be:e6:90:f3:bd:15:bb:05:
         fb:ab:e2:b4:17:7d:95:55:1c:c8:42:32:74:56:69:e9:5d:05:
         44:65:7c:23:d2:31:02:e8:f1:b0:43:d1:77:1e:48:d3:83:e6:
         fe:48:e3:2e:f8:2f:00:b6:49:59:c2:94:c6:77:d2:83:0b:84:
         09:3b:d4:65:04:9b:61:f0:da:30:01:c0:99:7d:00:a5:ea:9b:
         0a:54:d0:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2tS2BkbvLu1BAcigRGssi2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDJiYThhMmE5NmEwN2I1YjY0Y2FmODczMjkwZTIwNzhk
OTY0YTYwHhcNMjQwMjE1MTUwMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTI0ZDkzNjk5N2RhNzE1ZGFjM2RmMmQ5MzZjYzUxNTFmNjhjMzIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuse4J40ZXf+FW4FadN4Yebi6tQWL
molSOnuqh7x+14xWvuGEs6xb7iY2sLsdQJ4VD4V4PTvZ+mtTfJ5IUJnfFBhK5acJ
P76CUfCDIFEixm0uA9OpM8T+s8C/Kv3opRMu9NASh9UrkpFisZdzZTGi6+bJylxg
pXz032BnjRFBbE0d8DFuylFnlnT0QrZAkdPtqp627/DfFRYlt6pzWHQ1WoLY88x5
e7MEM++Ly+fa1dyNBejBfKnlDWzAGPbEvwXs28EaBvgMe4RFNbI94oltStL0dg4B
9Va02XQeibpLUBQ8D/arX8K0mum+y/ne6evfiDJpYDtOFveJKuqXRgKBEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMok2TaZfacV2sPfLZNsxRUfaMMjMB8GA1UdIwQY
MBaAFPHSuooqlqB7W2TK+HMpDiB42WSmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRLNmlpcVdvSHRiWk1yNGN5a09JSGpaWktZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS84MDc1YTAtMGM1ZS00Yzc4LWJkYjEt
ZDE2ODk4MDE2Y2ZlLzEveWlUWk5wbDlweFhhdzk4dGsyekZGUjlvd3lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS84MDc1YTAtMGM1ZS00Yzc4LWJkYjEtZDE2ODk4MDE2Y2Zl
LzEvOGRLNmlpcVdvSHRiWk1yNGN5a09JSGpaWktZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWkOMA0G
CSqGSIb3DQEBCwUAA4IBAQCGiy0Zlr5pC8ov1ry1lMNO0lfILnoToxeY1NgYc29y
HheHhZSVAbeMQSJoQe+dEeVgqsG8VFvJinRv3zEGYJyGKb4cfK8GVQvYBsqPjB/t
rMIUqfoImjhyaaEOhm17K7FeilYOYsKaIVJ/t0jIo9B9ez2Vl5hM/lSihSxlClzw
AfRSqXZeFv7ftyoEwjRuG0+7fI7hd/LAVtmtUvKPEr4Fz2Sl8henNxVafqaXvuaQ
870VuwX7q+K0F32VVRzIQjJ0VmnpXQVEZXwj0jEC6PGwQ9F3HkjTg+b+SOMu+C8A
tklZwpTGd9KDC4QJO9RlBJth8NowAcCZfQCl6psKVNC9
-----END CERTIFICATE-----