Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/211b2e-4e3c-4482-a279-9f0f33532ea3/1/pGMGfH6_Kj8NQCRMqsPso3lLkqg.roa
File:                     pGMGfH6_Kj8NQCRMqsPso3lLkqg.roa (raw, json)
Hash identifier:          dHGJ1L+dqos/fy94eir1P33z0cC9UwdUOYypKHhZOvo=
Subject key identifier:   A4:63:06:7C:7E:BF:2A:3F:0D:40:24:4C:AA:C3:EC:A3:79:4B:92:A8
Certificate issuer:       /CN=5e88ecf0a14ad1857359d2ce5bd042b9f96c7cdd
Certificate serial:       018CC56EE2C09A405EAF6467A27049D16A20
Authority key identifier: 5E:88:EC:F0:A1:4A:D1:85:73:59:D2:CE:5B:D0:42:B9:F9:6C:7C:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xojs8KFK0YVzWdLOW9BCuflsfN0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/211b2e-4e3c-4482-a279-9f0f33532ea3/1/pGMGfH6_Kj8NQCRMqsPso3lLkqg.roa
Signing time:             Mon 01 Jan 2024 14:30:27 +0000
ROA not before:           Mon 01 Jan 2024 14:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7155
IP address blocks:        194.213.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/211b2e-4e3c-4482-a279-9f0f33532ea3/1/Xojs8KFK0YVzWdLOW9BCuflsfN0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/211b2e-4e3c-4482-a279-9f0f33532ea3/1/Xojs8KFK0YVzWdLOW9BCuflsfN0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xojs8KFK0YVzWdLOW9BCuflsfN0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:e2:c0:9a:40:5e:af:64:67:a2:70:49:d1:6a:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e88ecf0a14ad1857359d2ce5bd042b9f96c7cdd
        Validity
            Not Before: Jan  1 14:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a463067c7ebf2a3f0d40244caac3eca3794b92a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:13:25:74:d0:6f:4f:a7:08:18:05:69:da:b3:
                    28:b3:1e:f7:6f:4c:e8:1e:70:0c:f8:f9:33:04:16:
                    69:d2:79:76:36:f8:61:ec:44:44:39:f0:0c:37:7c:
                    ef:66:5a:bb:cd:1d:4b:f2:ff:c0:f7:14:86:79:5a:
                    b3:80:6f:7d:0b:5c:f8:de:dc:18:a7:99:b8:28:ed:
                    0f:da:2b:43:5e:7b:4c:78:fa:24:70:49:06:b8:6b:
                    eb:a6:be:ae:fe:d9:a2:c5:fe:cb:3b:ca:b1:7b:76:
                    9b:47:9e:c3:dc:bc:56:3e:1d:67:6e:2f:f6:dd:a3:
                    75:52:c4:ab:ed:77:cf:55:16:03:60:60:f4:70:ff:
                    f9:9f:87:94:ee:f8:00:6c:9b:c7:2d:93:8c:58:a9:
                    54:74:f8:68:6b:05:2b:fc:a6:88:97:f8:1f:59:c7:
                    ed:30:15:68:1b:dd:57:72:fb:6a:77:14:5b:f1:20:
                    3f:c9:47:a0:61:17:14:58:50:d2:43:80:3b:e0:72:
                    b0:b1:e0:5a:26:34:60:e7:01:a5:32:d6:8d:54:72:
                    b6:6c:ff:7a:ec:d5:8a:af:1b:6e:59:62:5a:1c:26:
                    73:66:af:6c:d7:ed:66:c7:df:f0:b5:ac:6a:b8:93:
                    3e:1c:30:1b:d7:54:cc:6b:03:35:06:a2:8b:56:f0:
                    a9:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:63:06:7C:7E:BF:2A:3F:0D:40:24:4C:AA:C3:EC:A3:79:4B:92:A8
            X509v3 Authority Key Identifier:
                keyid:5E:88:EC:F0:A1:4A:D1:85:73:59:D2:CE:5B:D0:42:B9:F9:6C:7C:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xojs8KFK0YVzWdLOW9BCuflsfN0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/211b2e-4e3c-4482-a279-9f0f33532ea3/1/pGMGfH6_Kj8NQCRMqsPso3lLkqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/211b2e-4e3c-4482-a279-9f0f33532ea3/1/Xojs8KFK0YVzWdLOW9BCuflsfN0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.213.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:00:1a:be:06:29:9d:06:3d:c2:6d:eb:b5:58:3d:b9:c6:03:
         2c:ae:d8:81:f0:21:ca:8d:96:86:58:ee:4c:3a:07:a1:03:e1:
         39:ed:1f:8e:24:30:ca:59:00:9a:c5:32:c8:e4:43:a9:d9:34:
         42:63:11:e3:07:d1:ed:39:fa:c1:99:88:21:84:23:42:ab:16:
         ef:88:6b:65:f5:f3:68:62:c0:c0:40:33:b6:5c:a0:0d:3b:21:
         dc:1b:42:14:2d:30:f6:84:69:a4:10:a2:dd:ad:b6:7d:d8:8d:
         90:4e:dc:ff:86:54:7d:d0:b8:1a:28:cf:83:b6:c5:6f:cc:e0:
         3f:2a:8d:3a:32:a4:74:4f:4a:19:48:41:f8:0f:70:a5:42:a1:
         24:39:9a:5c:3b:14:3d:7f:6a:32:1f:b6:5b:bd:33:c0:6c:6e:
         92:93:76:dc:bc:30:c1:5a:25:69:45:61:29:37:bf:60:f7:65:
         5d:31:10:a4:27:a8:24:43:51:6f:c0:50:ae:a7:d4:37:c6:72:
         e0:d4:97:73:15:ea:b9:f4:8d:3c:4b:4e:aa:39:4b:1c:db:3c:
         20:17:62:f5:72:fb:3a:d1:e6:85:82:1e:ca:4f:40:df:5a:e8:
         a9:f0:dc:3d:cc:e7:f7:69:07:f1:68:b8:07:bc:a4:be:56:de:
         cc:f7:98:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbuLAmkBer2RnonBJ0WogMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlODhlY2YwYTE0YWQxODU3MzU5ZDJjZTViZDA0MmI5Zjk2
YzdjZGQwHhcNMjQwMTAxMTQzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDYzMDY3YzdlYmYyYTNmMGQ0MDI0NGNhYWMzZWNhMzc5NGI5MmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvxMldNBvT6cIGAVp2rMosx73b0zo
HnAM+PkzBBZp0nl2Nvhh7EREOfAMN3zvZlq7zR1L8v/A9xSGeVqzgG99C1z43twY
p5m4KO0P2itDXntMePokcEkGuGvrpr6u/tmixf7LO8qxe3abR57D3LxWPh1nbi/2
3aN1UsSr7XfPVRYDYGD0cP/5n4eU7vgAbJvHLZOMWKlUdPhoawUr/KaIl/gfWcft
MBVoG91XcvtqdxRb8SA/yUegYRcUWFDSQ4A74HKwseBaJjRg5wGlMtaNVHK2bP96
7NWKrxtuWWJaHCZzZq9s1+1mx9/wtaxquJM+HDAb11TMawM1BqKLVvCpwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKRjBnx+vyo/DUAkTKrD7KN5S5KoMB8GA1UdIwQY
MBaAFF6I7PChStGFc1nSzlvQQrn5bHzdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWG9qczhLRkswWVZ6V2RMT1c5QkN1ZmxzZk4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8yMTFiMmUtNGUzYy00NDgyLWEyNzkt
OWYwZjMzNTMyZWEzLzEvcEdNR2ZINl9LajhOUUNSTXFzUHNvM2xMa3FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8yMTFiMmUtNGUzYy00NDgyLWEyNzktOWYwZjMzNTMyZWEz
LzEvWG9qczhLRkswWVZ6V2RMT1c5QkN1ZmxzZk4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwtUOMA0G
CSqGSIb3DQEBCwUAA4IBAQByABq+BimdBj3Cbeu1WD25xgMsrtiB8CHKjZaGWO5M
OgehA+E57R+OJDDKWQCaxTLI5EOp2TRCYxHjB9HtOfrBmYghhCNCqxbviGtl9fNo
YsDAQDO2XKANOyHcG0IULTD2hGmkEKLdrbZ92I2QTtz/hlR90LgaKM+DtsVvzOA/
Ko06MqR0T0oZSEH4D3ClQqEkOZpcOxQ9f2oyH7ZbvTPAbG6Sk3bcvDDBWiVpRWEp
N79g92VdMRCkJ6gkQ1FvwFCup9Q3xnLg1JdzFeq59I08S06qOUsc2zwgF2L1cvs6
0eaFgh7KT0DfWuip8Nw9zOf3aQfxaLgHvKS+Vt7M95hc
-----END CERTIFICATE-----