Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/filbehdp2Oa0WojP6TJJ-xz-_RE.roa
File:                     filbehdp2Oa0WojP6TJJ-xz-_RE.roa (raw, json)
Hash identifier:          ovip2RkOUIOQOGVSv3J/VdlMDloKX/66i6BjzQEC+OE=
Subject key identifier:   7E:29:5B:7A:17:69:D8:E6:B4:5A:88:CF:E9:32:49:FB:1C:FE:FD:11
Certificate issuer:       /CN=1214a7e2a8c7012325ae973ed1a2bba05b2bb9c1
Certificate serial:       0191762021A2BDE4D8EA42BFF36D867172A5
Authority key identifier: 12:14:A7:E2:A8:C7:01:23:25:AE:97:3E:D1:A2:BB:A0:5B:2B:B9:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/filbehdp2Oa0WojP6TJJ-xz-_RE.roa
Signing time:             Wed 21 Aug 2024 18:08:22 +0000
ROA not before:           Wed 21 Aug 2024 18:08:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        185.114.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:76:20:21:a2:bd:e4:d8:ea:42:bf:f3:6d:86:71:72:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1214a7e2a8c7012325ae973ed1a2bba05b2bb9c1
        Validity
            Not Before: Aug 21 18:08:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e295b7a1769d8e6b45a88cfe93249fb1cfefd11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:85:bc:5a:55:de:f0:e1:0a:a7:81:cd:2e:a4:
                    27:cc:5d:af:2c:48:9a:70:42:bb:c9:1c:4c:e8:fd:
                    aa:56:be:75:e9:62:2a:2b:84:ff:5b:1d:22:1e:d8:
                    f6:15:9e:6d:f9:0f:d1:e7:df:61:3e:10:10:cb:a8:
                    db:e9:4e:01:27:5f:ee:aa:49:d0:fd:0b:13:db:d2:
                    ba:68:41:4a:ca:1e:db:e9:d1:b6:e3:3e:f2:ee:ef:
                    ed:3d:82:cd:8d:85:48:44:51:46:1e:82:43:e7:93:
                    b8:7c:07:2d:9d:a8:ae:5b:d9:c8:61:b4:b9:8f:88:
                    c1:07:24:b8:fb:63:60:06:1b:c9:62:91:c8:94:16:
                    be:ce:88:42:32:25:4a:d4:4f:bc:5c:78:99:3e:48:
                    20:6e:7a:47:9f:32:a5:33:06:f3:3a:9b:20:6a:e3:
                    62:20:0e:01:6a:c8:67:9a:74:3c:37:98:31:14:15:
                    c2:13:5b:88:5c:e0:94:97:71:d8:7a:3f:19:4e:16:
                    63:d2:5c:58:13:db:ab:6d:0d:77:d7:34:e3:c1:e3:
                    b3:68:b8:38:4c:0e:ca:c9:4d:0a:77:75:ef:a6:24:
                    47:16:1b:37:6f:8f:fd:30:f5:91:c5:85:86:80:77:
                    4d:55:29:bb:8c:06:5b:60:b4:7e:53:76:d5:e6:9f:
                    28:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:29:5B:7A:17:69:D8:E6:B4:5A:88:CF:E9:32:49:FB:1C:FE:FD:11
            X509v3 Authority Key Identifier:
                keyid:12:14:A7:E2:A8:C7:01:23:25:AE:97:3E:D1:A2:BB:A0:5B:2B:B9:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EhSn4qjHASMlrpc-0aK7oFsrucE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/filbehdp2Oa0WojP6TJJ-xz-_RE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/a68dbc-3f94-4fed-8d9d-e9c3649c1218/1/EhSn4qjHASMlrpc-0aK7oFsrucE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.114.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:09:d3:16:ea:30:c1:2d:ed:c3:f3:1a:82:6d:f4:09:82:67:
         33:58:c2:66:0d:36:d6:11:02:df:e6:3c:08:51:51:fa:c6:a7:
         89:44:d2:bd:a2:7d:e7:13:e5:c9:93:9e:91:c3:6b:f9:cb:66:
         e4:1d:ff:4c:ff:1e:37:22:50:ca:41:e0:d6:c6:51:dc:1f:6d:
         f7:43:87:be:50:11:06:9d:e9:55:98:6d:d7:86:bf:b4:bd:f4:
         fc:4c:43:ae:0f:2c:45:4c:6d:86:51:f3:1c:88:de:b8:33:ad:
         4e:f7:55:89:eb:b7:70:cf:08:f9:df:cb:38:56:15:f7:a0:95:
         3c:f8:bc:99:c1:5b:3d:a5:11:54:22:9a:03:a9:4b:52:61:e5:
         a2:58:b7:d4:90:ce:36:7d:45:e4:0e:02:c2:97:7f:25:72:ca:
         53:9b:60:17:d4:bf:1c:76:da:7c:a9:f1:88:af:47:e7:22:2c:
         fb:0a:ee:97:9f:56:1b:13:35:35:48:88:21:97:2d:89:94:00:
         9c:a1:bc:d7:61:d7:5c:55:f2:6d:a4:27:bd:de:c6:c6:87:50:
         eb:97:e2:55:b3:27:ba:a4:01:37:72:8a:62:3e:ab:2f:42:14:
         82:68:6e:ca:9d:ef:a5:f6:3d:22:e4:40:9d:1b:42:a1:fd:c9:
         40:e2:05:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZF2ICGiveTY6kK/822GcXKlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMTRhN2UyYThjNzAxMjMyNWFlOTczZWQxYTJiYmEwNWIy
YmI5YzEwHhcNMjQwODIxMTgwODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTI5NWI3YTE3NjlkOGU2YjQ1YTg4Y2ZlOTMyNDlmYjFjZmVmZDExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoW8WlXe8OEKp4HNLqQnzF2vLEia
cEK7yRxM6P2qVr516WIqK4T/Wx0iHtj2FZ5t+Q/R599hPhAQy6jb6U4BJ1/uqknQ
/QsT29K6aEFKyh7b6dG24z7y7u/tPYLNjYVIRFFGHoJD55O4fActnaiuW9nIYbS5
j4jBByS4+2NgBhvJYpHIlBa+zohCMiVK1E+8XHiZPkggbnpHnzKlMwbzOpsgauNi
IA4BashnmnQ8N5gxFBXCE1uIXOCUl3HYej8ZThZj0lxYE9urbQ131zTjweOzaLg4
TA7KyU0Kd3XvpiRHFhs3b4/9MPWRxYWGgHdNVSm7jAZbYLR+U3bV5p8oawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH4pW3oXadjmtFqIz+kySfsc/v0RMB8GA1UdIwQY
MBaAFBIUp+KoxwEjJa6XPtGiu6BbK7nBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWhTbjRxakhBU01scnBjLTBhSzdvRnNydWNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9hNjhkYmMtM2Y5NC00ZmVkLThkOWQt
ZTljMzY0OWMxMjE4LzEvZmlsYmVoZHAyT2EwV29qUDZUSkoteHotX1JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9hNjhkYmMtM2Y5NC00ZmVkLThkOWQtZTljMzY0OWMxMjE4
LzEvRWhTbjRxakhBU01scnBjLTBhSzdvRnNydWNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXIiMA0G
CSqGSIb3DQEBCwUAA4IBAQCLCdMW6jDBLe3D8xqCbfQJgmczWMJmDTbWEQLf5jwI
UVH6xqeJRNK9on3nE+XJk56Rw2v5y2bkHf9M/x43IlDKQeDWxlHcH233Q4e+UBEG
nelVmG3Xhr+0vfT8TEOuDyxFTG2GUfMciN64M61O91WJ67dwzwj538s4VhX3oJU8
+LyZwVs9pRFUIpoDqUtSYeWiWLfUkM42fUXkDgLCl38lcspTm2AX1L8cdtp8qfGI
r0fnIiz7Cu6Xn1YbEzU1SIghly2JlACcobzXYddcVfJtpCe93sbGh1Drl+JVsye6
pAE3copiPqsvQhSCaG7Kne+l9j0i5ECdG0Kh/clA4gVf
-----END CERTIFICATE-----