Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/591a46-1e21-4590-874c-58c7bfcdcfdf/1/rEnYgfgJaCjn_qIROc2RziotFd8.roa
File:                     rEnYgfgJaCjn_qIROc2RziotFd8.roa (raw, json)
Hash identifier:          tyTMLNN1BSIUG9pwd6OlkaqCcb+yNG9RgWzpF+pWE60=
Subject key identifier:   AC:49:D8:81:F8:09:68:28:E7:FE:A2:11:39:CD:91:CE:2A:2D:15:DF
Certificate issuer:       /CN=14db04f9c92317ecc7a2aaff2ca4d7098d1bd26a
Certificate serial:       01942369E47A943CE75B77DD54D0D45F5EE4
Authority key identifier: 14:DB:04:F9:C9:23:17:EC:C7:A2:AA:FF:2C:A4:D7:09:8D:1B:D2:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FNsE-ckjF-zHoqr_LKTXCY0b0mo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/591a46-1e21-4590-874c-58c7bfcdcfdf/1/rEnYgfgJaCjn_qIROc2RziotFd8.roa
Signing time:             Wed 01 Jan 2025 19:48:49 +0000
ROA not before:           Wed 01 Jan 2025 19:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33915
IP address blocks:        185.72.124.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/591a46-1e21-4590-874c-58c7bfcdcfdf/1/FNsE-ckjF-zHoqr_LKTXCY0b0mo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/591a46-1e21-4590-874c-58c7bfcdcfdf/1/FNsE-ckjF-zHoqr_LKTXCY0b0mo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FNsE-ckjF-zHoqr_LKTXCY0b0mo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 13:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:e4:7a:94:3c:e7:5b:77:dd:54:d0:d4:5f:5e:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=14db04f9c92317ecc7a2aaff2ca4d7098d1bd26a
        Validity
            Not Before: Jan  1 19:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac49d881f8096828e7fea21139cd91ce2a2d15df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:68:00:a1:cb:82:1d:c2:cb:b7:ab:aa:9a:45:
                    93:3a:47:82:0d:a7:09:f6:a5:31:2e:bd:00:d7:2e:
                    1a:2a:f3:78:4f:9b:92:d1:66:0c:36:d8:b1:b7:e5:
                    1e:78:b1:85:ff:98:60:1b:8d:eb:ec:32:b2:1c:70:
                    08:70:d8:1f:ab:ed:84:f6:5a:ff:49:28:c6:75:03:
                    2f:3a:13:6c:91:c8:37:2a:8d:40:f7:a7:11:83:42:
                    91:4e:77:8f:ec:bd:b4:32:11:20:da:53:50:e7:e7:
                    17:06:3b:b6:0b:8b:fb:2a:df:a4:bd:c9:75:b1:9c:
                    73:03:aa:45:da:cc:0b:12:5b:83:75:0e:c1:44:d1:
                    8f:9e:ff:75:1f:a9:03:a5:64:dd:9a:f2:6e:3e:90:
                    f5:d1:79:1f:a9:b9:61:f8:e3:33:25:f3:8e:d3:5c:
                    64:f0:f3:36:3b:c9:d9:02:cc:da:3e:67:2b:8e:b6:
                    f8:83:a3:ec:06:03:76:c3:a1:3b:7b:56:42:6c:83:
                    dd:36:d0:82:90:01:19:98:e6:d9:7f:ce:60:6e:13:
                    31:17:17:b6:a7:82:bb:87:0e:84:e9:f9:fa:18:a2:
                    f6:dd:b5:46:c1:0c:51:68:04:e1:7d:7f:74:fa:d7:
                    12:05:84:5c:a2:61:34:d0:2c:83:32:54:9b:2d:1f:
                    6f:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:49:D8:81:F8:09:68:28:E7:FE:A2:11:39:CD:91:CE:2A:2D:15:DF
            X509v3 Authority Key Identifier:
                keyid:14:DB:04:F9:C9:23:17:EC:C7:A2:AA:FF:2C:A4:D7:09:8D:1B:D2:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FNsE-ckjF-zHoqr_LKTXCY0b0mo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/591a46-1e21-4590-874c-58c7bfcdcfdf/1/rEnYgfgJaCjn_qIROc2RziotFd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/591a46-1e21-4590-874c-58c7bfcdcfdf/1/FNsE-ckjF-zHoqr_LKTXCY0b0mo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.72.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         56:40:ba:e6:10:84:9e:ab:92:be:85:a5:fa:d6:9e:e9:f2:d6:
         cd:f6:c0:ad:51:78:cc:b0:ce:fe:3c:7b:75:1d:cc:54:93:75:
         eb:27:fc:bd:0c:05:87:d4:df:c2:5b:4c:68:a4:b0:6d:00:8a:
         32:cf:67:05:73:f5:6b:40:4d:da:bb:cf:5d:fb:8f:11:99:ff:
         61:15:d3:b0:dc:c7:44:bd:99:b1:25:3b:9e:ef:32:81:80:0c:
         f4:cf:a0:4c:4e:90:e8:48:f2:4f:c4:6a:30:80:f8:2a:86:d2:
         a2:f1:1f:25:47:08:ae:9c:51:61:3f:01:cf:48:d8:8c:8c:8a:
         86:b5:96:f0:e9:11:a6:f1:f2:ab:77:e9:6a:a6:90:fc:38:cd:
         46:20:01:b1:77:da:72:23:14:a6:1d:e8:e5:6e:0d:c9:9a:85:
         51:6a:44:8f:02:15:1e:de:a2:4f:29:fd:3b:00:ee:90:91:6c:
         ed:9e:a1:39:9a:54:fe:f8:9b:21:6b:92:52:0a:b5:25:09:ea:
         a8:de:a2:b0:5c:f0:8b:3b:ba:53:91:6d:cd:d1:12:41:a7:14:
         dc:12:ee:43:00:0c:5e:ef:4b:96:cf:70:96:d8:14:e5:e4:4a:
         28:1d:a9:02:fc:59:9a:3d:28:83:d8:dd:7c:a1:e2:7d:90:2b:
         78:a6:f2:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaeR6lDznW3fdVNDUX17kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0ZGIwNGY5YzkyMzE3ZWNjN2EyYWFmZjJjYTRkNzA5OGQx
YmQyNmEwHhcNMjUwMTAxMTk0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzQ5ZDg4MWY4MDk2ODI4ZTdmZWEyMTEzOWNkOTFjZTJhMmQxNWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2gAocuCHcLLt6uqmkWTOkeCDacJ
9qUxLr0A1y4aKvN4T5uS0WYMNtixt+UeeLGF/5hgG43r7DKyHHAIcNgfq+2E9lr/
SSjGdQMvOhNskcg3Ko1A96cRg0KRTneP7L20MhEg2lNQ5+cXBju2C4v7Kt+kvcl1
sZxzA6pF2swLEluDdQ7BRNGPnv91H6kDpWTdmvJuPpD10Xkfqblh+OMzJfOO01xk
8PM2O8nZAszaPmcrjrb4g6PsBgN2w6E7e1ZCbIPdNtCCkAEZmObZf85gbhMxFxe2
p4K7hw6E6fn6GKL23bVGwQxRaAThfX90+tcSBYRcomE00CyDMlSbLR9v+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKxJ2IH4CWgo5/6iETnNkc4qLRXfMB8GA1UdIwQY
MBaAFBTbBPnJIxfsx6Kq/yyk1wmNG9JqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRk5zRS1ja2pGLXpIb3FyX0xLVFhDWTBiMG1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy81OTFhNDYtMWUyMS00NTkwLTg3NGMt
NThjN2JmY2RjZmRmLzEvckVuWWdmZ0phQ2puX3FJUk9jMlJ6aW90RmQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy81OTFhNDYtMWUyMS00NTkwLTg3NGMtNThjN2JmY2RjZmRm
LzEvRk5zRS1ja2pGLXpIb3FyX0xLVFhDWTBiMG1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUh8MA0G
CSqGSIb3DQEBCwUAA4IBAQBWQLrmEISeq5K+haX61p7p8tbN9sCtUXjMsM7+PHt1
HcxUk3XrJ/y9DAWH1N/CW0xopLBtAIoyz2cFc/VrQE3au89d+48Rmf9hFdOw3MdE
vZmxJTue7zKBgAz0z6BMTpDoSPJPxGowgPgqhtKi8R8lRwiunFFhPwHPSNiMjIqG
tZbw6RGm8fKrd+lqppD8OM1GIAGxd9pyIxSmHejlbg3JmoVRakSPAhUe3qJPKf07
AO6QkWztnqE5mlT++Jsha5JSCrUlCeqo3qKwXPCLO7pTkW3N0RJBpxTcEu5DAAxe
70uWz3CW2BTl5EooHakC/FmaPSiD2N18oeJ9kCt4pvLs
-----END CERTIFICATE-----