Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/DP14eQdBJZ0IZ5xEuLsmxQbl9EY.roa
File:                     DP14eQdBJZ0IZ5xEuLsmxQbl9EY.roa (raw, json)
Hash identifier:          I1RANQtOMkvey7c50zVN0sFWZ6sc3/FFShaZqQlcjW8=
Subject key identifier:   0C:FD:78:79:07:41:25:9D:08:67:9C:44:B8:BB:26:C5:06:E5:F4:46
Certificate issuer:       /CN=4c7844abef711c232c84f83c807a420af3804728
Certificate serial:       01942686DBC9C0C3597551B6320AC8F5EBB5
Authority key identifier: 4C:78:44:AB:EF:71:1C:23:2C:84:F8:3C:80:7A:42:0A:F3:80:47:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/DP14eQdBJZ0IZ5xEuLsmxQbl9EY.roa
Signing time:             Thu 02 Jan 2025 10:19:19 +0000
ROA not before:           Thu 02 Jan 2025 10:19:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203213
IP address blocks:        185.142.80.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:86:db:c9:c0:c3:59:75:51:b6:32:0a:c8:f5:eb:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c7844abef711c232c84f83c807a420af3804728
        Validity
            Not Before: Jan  2 10:19:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0cfd78790741259d08679c44b8bb26c506e5f446
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:a3:c6:aa:a8:1e:af:77:de:54:bd:cf:46:d2:
                    0e:9b:76:a5:59:eb:19:66:06:e1:5f:d1:54:46:c2:
                    4d:23:df:8d:0b:2c:b1:a3:a3:28:db:7a:b3:16:29:
                    19:c9:72:5f:02:26:6e:5e:65:53:e3:18:8c:56:5f:
                    5d:4c:6b:e3:fa:df:70:39:0a:ac:55:b9:2a:75:01:
                    cd:c5:24:f7:72:ed:e7:21:7a:4c:ed:e3:8d:0e:f0:
                    47:15:64:30:da:05:fd:2e:c5:7b:bc:d6:a3:9c:d3:
                    58:10:c7:fc:c7:88:43:2b:d1:64:1a:90:bf:37:25:
                    8f:74:ae:2e:59:90:43:55:68:92:de:f0:fd:2b:28:
                    5d:df:54:12:81:a8:36:b3:7d:9b:01:ba:4d:a6:d6:
                    1e:9a:61:bd:c8:fb:7c:5a:32:de:71:63:3d:cb:7a:
                    b8:8d:32:bf:b5:dc:fb:67:98:85:02:fe:1d:5b:d5:
                    cf:22:50:fc:c2:55:df:db:06:db:a6:e5:11:0c:d3:
                    08:35:ee:dd:49:16:60:51:be:01:91:16:f4:86:12:
                    10:7f:f8:3a:bb:dc:21:cd:42:f7:b8:ab:79:c7:e1:
                    fd:22:eb:f9:e0:53:55:20:e8:02:d3:fe:e5:96:9c:
                    e6:97:7b:49:cb:25:1f:61:01:ad:f3:65:8e:f8:d9:
                    63:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:FD:78:79:07:41:25:9D:08:67:9C:44:B8:BB:26:C5:06:E5:F4:46
            X509v3 Authority Key Identifier:
                keyid:4C:78:44:AB:EF:71:1C:23:2C:84:F8:3C:80:7A:42:0A:F3:80:47:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/THhEq-9xHCMshPg8gHpCCvOARyg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/DP14eQdBJZ0IZ5xEuLsmxQbl9EY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/8d55c0-9aa0-4be7-82a8-dab6b83cf7ec/1/THhEq-9xHCMshPg8gHpCCvOARyg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.142.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:29:22:e1:59:83:25:c2:dc:8e:db:cf:b9:45:0f:8c:eb:ec:
         79:b6:1c:10:b5:9b:01:f4:88:44:6b:93:41:d1:3e:d2:d7:2e:
         1f:b4:b2:e4:e4:7c:51:68:e3:32:b7:0f:6e:94:97:c3:6b:a2:
         ef:84:cc:8f:3f:1a:c2:ed:f6:9f:f7:00:23:fd:3b:68:e9:98:
         35:10:9d:84:af:f2:36:4b:fa:e8:3d:2e:6b:07:3d:c3:a0:b2:
         7c:6e:1c:73:d1:c9:18:d7:a4:96:36:d9:42:28:3f:27:96:66:
         88:85:cd:c3:5e:c3:b6:67:8f:cc:b8:77:99:f6:0f:51:bd:8f:
         07:02:ff:02:4c:9b:aa:c9:82:61:4c:ef:4e:bc:2f:d2:52:33:
         3f:54:ec:31:92:7f:27:a0:47:f0:60:83:cb:03:88:ef:5a:b3:
         61:88:f2:74:2a:29:db:c6:24:be:b5:1e:34:21:13:19:35:b5:
         ab:8f:b5:ba:13:57:6e:5e:5a:e2:ae:09:f0:0e:bb:67:c6:3c:
         11:89:ef:8b:e0:e8:43:b4:7e:d0:3d:0d:ae:9e:db:fa:f3:72:
         68:ad:de:ec:0e:1a:40:8a:36:58:ed:b8:b7:e0:9e:1b:df:5b:
         6e:3e:25:92:54:1d:15:04:0c:e2:a5:44:cb:57:0b:41:9c:24:
         0c:80:70:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmhtvJwMNZdVG2MgrI9eu1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjNzg0NGFiZWY3MTFjMjMyYzg0ZjgzYzgwN2E0MjBhZjM4
MDQ3MjgwHhcNMjUwMTAyMTAxOTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2ZkNzg3OTA3NDEyNTlkMDg2NzljNDRiOGJiMjZjNTA2ZTVmNDQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqKPGqqger3feVL3PRtIOm3alWesZ
ZgbhX9FURsJNI9+NCyyxo6Mo23qzFikZyXJfAiZuXmVT4xiMVl9dTGvj+t9wOQqs
VbkqdQHNxST3cu3nIXpM7eONDvBHFWQw2gX9LsV7vNajnNNYEMf8x4hDK9FkGpC/
NyWPdK4uWZBDVWiS3vD9Kyhd31QSgag2s32bAbpNptYemmG9yPt8WjLecWM9y3q4
jTK/tdz7Z5iFAv4dW9XPIlD8wlXf2wbbpuURDNMINe7dSRZgUb4BkRb0hhIQf/g6
u9whzUL3uKt5x+H9Iuv54FNVIOgC0/7llpzml3tJyyUfYQGt82WO+NljzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAz9eHkHQSWdCGecRLi7JsUG5fRGMB8GA1UdIwQY
MBaAFEx4RKvvcRwjLIT4PIB6QgrzgEcoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEhoRXEtOXhIQ01zaFBnOGdIcENDdk9BUnlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi84ZDU1YzAtOWFhMC00YmU3LTgyYTgt
ZGFiNmI4M2NmN2VjLzEvRFAxNGVRZEJKWjBJWjV4RXVMc214UWJsOUVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi84ZDU1YzAtOWFhMC00YmU3LTgyYTgtZGFiNmI4M2NmN2Vj
LzEvVEhoRXEtOXhIQ01zaFBnOGdIcENDdk9BUnlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuY5QMA0G
CSqGSIb3DQEBCwUAA4IBAQCSKSLhWYMlwtyO28+5RQ+M6+x5thwQtZsB9IhEa5NB
0T7S1y4ftLLk5HxRaOMytw9ulJfDa6LvhMyPPxrC7faf9wAj/Tto6Zg1EJ2Er/I2
S/roPS5rBz3DoLJ8bhxz0ckY16SWNtlCKD8nlmaIhc3DXsO2Z4/MuHeZ9g9RvY8H
Av8CTJuqyYJhTO9OvC/SUjM/VOwxkn8noEfwYIPLA4jvWrNhiPJ0KinbxiS+tR40
IRMZNbWrj7W6E1duXlrirgnwDrtnxjwRie+L4OhDtH7QPQ2untv683Jord7sDhpA
ijZY7bi34J4b31tuPiWSVB0VBAzipUTLVwtBnCQMgHAc
-----END CERTIFICATE-----