Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/4ef496-45e5-4397-a914-5989a4902d1a/1/anOx8gOxkX97E7if8zldw04xoOQ.roa
File:                     anOx8gOxkX97E7if8zldw04xoOQ.roa (raw, json)
Hash identifier:          NIQlZ4dQRg5h0sK00fB32JPSfJHzZNuNDDzTcMhOjF8=
Subject key identifier:   6A:73:B1:F2:03:B1:91:7F:7B:13:B8:9F:F3:39:5D:C3:4E:31:A0:E4
Certificate issuer:       /CN=14fc1211ee3af657fc94f92fa0309de6c6c9406e
Certificate serial:       018CC5014A990106AF02390E3C534B999C5F
Authority key identifier: 14:FC:12:11:EE:3A:F6:57:FC:94:F9:2F:A0:30:9D:E6:C6:C9:40:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FPwSEe469lf8lPkvoDCd5sbJQG4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/4ef496-45e5-4397-a914-5989a4902d1a/1/anOx8gOxkX97E7if8zldw04xoOQ.roa
Signing time:             Mon 01 Jan 2024 12:30:45 +0000
ROA not before:           Mon 01 Jan 2024 12:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50783
IP address blocks:        193.3.49.0/24 maxlen: 24
                          91.214.20.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/4ef496-45e5-4397-a914-5989a4902d1a/1/FPwSEe469lf8lPkvoDCd5sbJQG4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/4ef496-45e5-4397-a914-5989a4902d1a/1/FPwSEe469lf8lPkvoDCd5sbJQG4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FPwSEe469lf8lPkvoDCd5sbJQG4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 21:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:4a:99:01:06:af:02:39:0e:3c:53:4b:99:9c:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=14fc1211ee3af657fc94f92fa0309de6c6c9406e
        Validity
            Not Before: Jan  1 12:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a73b1f203b1917f7b13b89ff3395dc34e31a0e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:e7:ec:35:64:62:0a:89:b4:f5:08:6b:94:94:
                    74:5e:f7:99:06:fb:38:ac:eb:05:a5:67:92:90:c5:
                    bc:33:2c:7a:2d:34:f7:13:34:1c:9e:a1:7c:10:75:
                    c6:09:39:e9:e9:55:35:16:b4:3f:2a:10:ab:4e:3e:
                    c6:bc:56:21:b7:f1:2f:de:aa:a3:68:0d:ef:25:0f:
                    03:a8:ea:b1:d9:0a:c5:d5:fe:b7:d9:7f:43:31:79:
                    04:83:0d:03:e1:11:da:8c:66:3b:49:b2:8e:d8:2b:
                    e6:39:c0:14:8c:38:cf:6e:b4:07:43:e6:f1:89:30:
                    9d:bb:51:43:84:5f:cd:40:20:c0:74:31:f5:c6:9e:
                    3a:3c:ae:2a:b7:9e:81:bf:bb:54:87:5e:45:d5:3a:
                    4d:69:30:52:b2:d8:13:e8:71:f8:95:ef:69:ad:d5:
                    24:fa:25:51:e7:4c:3d:a6:cb:10:2c:24:ca:cc:27:
                    21:e1:62:25:ab:90:c8:0d:f8:c2:d3:8c:70:2a:37:
                    8c:f4:41:26:79:59:86:99:54:46:96:da:0b:00:1a:
                    83:52:bf:11:cc:68:00:e1:71:b8:1f:ad:81:43:9f:
                    9f:f5:ae:31:ab:d9:4f:df:a3:3f:97:7a:33:fb:f7:
                    a3:ea:5b:e1:3f:fb:65:c9:0d:a0:cb:d9:78:60:28:
                    8d:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:73:B1:F2:03:B1:91:7F:7B:13:B8:9F:F3:39:5D:C3:4E:31:A0:E4
            X509v3 Authority Key Identifier:
                keyid:14:FC:12:11:EE:3A:F6:57:FC:94:F9:2F:A0:30:9D:E6:C6:C9:40:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FPwSEe469lf8lPkvoDCd5sbJQG4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/4ef496-45e5-4397-a914-5989a4902d1a/1/anOx8gOxkX97E7if8zldw04xoOQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/4ef496-45e5-4397-a914-5989a4902d1a/1/FPwSEe469lf8lPkvoDCd5sbJQG4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.214.20.0/22
                  193.3.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:6b:62:8c:03:e2:20:37:6d:c7:ce:b7:b9:d0:6e:75:19:66:
         08:f0:36:45:9d:74:dd:b8:e0:72:e8:d8:8c:b2:af:ae:00:d5:
         11:56:e3:28:87:9f:41:6b:1d:10:bb:10:88:41:77:79:bc:48:
         b5:3c:86:26:17:d4:2a:ed:e5:18:88:ef:42:ce:d7:41:bc:8a:
         b8:0a:fc:2e:8c:6b:19:3f:92:b8:1c:67:f4:87:c2:77:c6:dd:
         07:5b:91:d0:65:a8:06:af:13:57:c6:40:a2:09:7d:4f:3b:ac:
         9f:d8:69:ac:09:f5:17:0d:09:53:47:5a:e6:72:d2:72:bd:7a:
         98:65:8c:de:26:ca:22:f5:c7:c3:72:cf:86:6f:dc:49:da:7d:
         68:c2:4d:d7:91:52:ea:6a:4c:c8:e5:03:9f:8c:33:c7:53:d4:
         ca:9e:8d:90:3d:c7:df:b4:b8:69:6c:23:aa:4b:93:11:a0:9d:
         27:f0:08:8e:62:e7:17:be:ef:48:78:e6:e5:df:f8:f4:f5:31:
         75:f1:48:b2:b8:96:18:c0:9b:ce:c2:05:40:85:5e:bc:af:65:
         dd:ca:19:a6:69:09:cb:28:43:9e:2b:c9:b1:12:80:7e:93:7a:
         e0:61:83:fe:42:4e:4e:b3:75:06:c9:af:66:3f:7b:ff:81:bc:
         5e:cd:46:a4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAUqZAQavAjkOPFNLmZxfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0ZmMxMjExZWUzYWY2NTdmYzk0ZjkyZmEwMzA5ZGU2YzZj
OTQwNmUwHhcNMjQwMTAxMTIzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTczYjFmMjAzYjE5MTdmN2IxM2I4OWZmMzM5NWRjMzRlMzFhMGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0OfsNWRiCom09QhrlJR0XveZBvs4
rOsFpWeSkMW8Myx6LTT3EzQcnqF8EHXGCTnp6VU1FrQ/KhCrTj7GvFYht/Ev3qqj
aA3vJQ8DqOqx2QrF1f632X9DMXkEgw0D4RHajGY7SbKO2CvmOcAUjDjPbrQHQ+bx
iTCdu1FDhF/NQCDAdDH1xp46PK4qt56Bv7tUh15F1TpNaTBSstgT6HH4le9prdUk
+iVR50w9pssQLCTKzCch4WIlq5DIDfjC04xwKjeM9EEmeVmGmVRGltoLABqDUr8R
zGgA4XG4H62BQ5+f9a4xq9lP36M/l3oz+/ej6lvhP/tlyQ2gy9l4YCiNAwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGpzsfIDsZF/exO4n/M5XcNOMaDkMB8GA1UdIwQY
MBaAFBT8EhHuOvZX/JT5L6AwnebGyUBuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlB3U0VlNDY5bGY4bFBrdm9EQ2Q1c2JKUUc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy80ZWY0OTYtNDVlNS00Mzk3LWE5MTQt
NTk4OWE0OTAyZDFhLzEvYW5PeDhnT3hrWDk3RTdpZjh6bGR3MDR4b09RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy80ZWY0OTYtNDVlNS00Mzk3LWE5MTQtNTk4OWE0OTAyZDFh
LzEvRlB3U0VlNDY5bGY4bFBrdm9EQ2Q1c2JKUUc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW9YUAwQA
wQMxMA0GCSqGSIb3DQEBCwUAA4IBAQBsa2KMA+IgN23Hzre50G51GWYI8DZFnXTd
uOBy6NiMsq+uANURVuMoh59Bax0QuxCIQXd5vEi1PIYmF9Qq7eUYiO9CztdBvIq4
CvwujGsZP5K4HGf0h8J3xt0HW5HQZagGrxNXxkCiCX1PO6yf2GmsCfUXDQlTR1rm
ctJyvXqYZYzeJsoi9cfDcs+Gb9xJ2n1owk3XkVLqakzI5QOfjDPHU9TKno2QPcff
tLhpbCOqS5MRoJ0n8AiOYucXvu9IeObl3/j09TF18UiyuJYYwJvOwgVAhV68r2Xd
yhmmaQnLKEOeK8mxEoB+k3rgYYP+Qk5Os3UGya9mP3v/gbxezUak
-----END CERTIFICATE-----