Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/jftlOxAHhXgqoXmX2eHUWgCmJeQ.roa
File:                     jftlOxAHhXgqoXmX2eHUWgCmJeQ.roa (raw, json)
Hash identifier:          D6eGXQUWoYacCB0EB1x63M52DENv/ReW3ly3U9/2l7E=
Subject key identifier:   8D:FB:65:3B:10:07:85:78:2A:A1:79:97:D9:E1:D4:5A:00:A6:25:E4
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       018CC7275BE93E4CB08E3BE35CF014EF696A
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/jftlOxAHhXgqoXmX2eHUWgCmJeQ.roa
Signing time:             Mon 01 Jan 2024 22:31:34 +0000
ROA not before:           Mon 01 Jan 2024 22:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212416
IP address blocks:        194.104.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:5b:e9:3e:4c:b0:8e:3b:e3:5c:f0:14:ef:69:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jan  1 22:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8dfb653b100785782aa17997d9e1d45a00a625e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:2c:f9:23:48:3b:3c:44:59:2c:fd:3c:aa:ff:
                    f8:90:4f:26:ec:6b:57:1b:b5:c0:e8:66:06:8e:26:
                    7f:d4:12:f2:77:03:df:a6:2e:0e:9f:c9:d1:e1:28:
                    d6:43:ec:38:81:1c:c5:12:70:7b:02:53:3d:4b:5b:
                    5f:a1:60:bf:41:e2:67:0a:60:cc:be:1a:2f:d1:c8:
                    4f:7a:66:bb:b1:a1:42:14:88:43:fc:a0:0f:ff:5b:
                    44:78:46:e0:24:19:8a:35:26:9f:67:f8:a0:f3:a9:
                    4c:03:89:0b:1f:4c:0c:1b:25:0c:b0:08:85:31:b6:
                    d8:bb:e1:6d:4e:85:05:ac:27:45:eb:95:1b:8c:8a:
                    97:20:9a:93:96:7f:50:fa:24:ca:bb:4f:98:7b:11:
                    d7:7d:13:d4:a0:b0:b4:51:4b:e9:11:90:2c:c8:4f:
                    d5:bb:08:20:eb:31:1c:78:f2:43:7e:75:3d:ee:f8:
                    6c:c5:b4:8a:e3:0a:84:62:09:4c:ff:8f:f7:10:06:
                    82:f3:2d:6c:f5:d8:4b:19:a8:f0:5d:12:bd:38:1a:
                    5c:64:6f:bb:36:38:ac:78:30:24:5d:26:bb:b9:0e:
                    0f:f9:b8:6f:48:f0:62:94:89:1c:d1:fb:9e:08:4b:
                    81:14:49:5a:16:d5:f5:87:b0:e0:f4:1c:93:89:f5:
                    62:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:FB:65:3B:10:07:85:78:2A:A1:79:97:D9:E1:D4:5A:00:A6:25:E4
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/jftlOxAHhXgqoXmX2eHUWgCmJeQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:17:c0:fc:ef:a9:56:2e:52:6f:be:6e:8d:2f:30:6c:69:18:
         28:9c:70:e3:23:ac:c9:64:34:81:c7:63:1a:ef:d1:e7:53:59:
         8f:7b:1a:f2:1e:1a:e9:72:1c:99:c0:7a:1e:b5:02:10:9e:91:
         33:36:c2:da:6c:4f:47:33:aa:da:e6:b1:3c:cc:30:3d:08:67:
         d6:b2:f7:fb:8c:be:86:2a:4e:3a:b5:b3:60:0a:a1:54:fe:eb:
         57:68:0b:e7:6c:f8:84:b9:de:c9:2f:dd:87:60:33:30:56:67:
         0e:65:a3:2a:7e:a6:18:1d:69:25:c7:54:d4:d0:13:02:96:21:
         a4:5a:5d:35:68:1a:3b:ae:13:0a:1a:7e:a0:05:ca:09:11:d2:
         b6:2c:38:f6:48:b0:c9:97:71:a0:11:0b:9f:d9:91:58:09:53:
         e1:06:b3:b2:fb:1e:c7:a3:c7:d8:9c:01:6b:a5:7b:22:92:bf:
         61:63:ec:01:44:b6:8a:f3:71:91:93:69:a1:29:19:c2:24:bf:
         d6:bc:5f:f4:c9:76:ac:da:a7:44:4b:91:92:07:f9:80:39:ba:
         9a:52:97:80:68:46:8d:be:0d:05:2d:5c:66:90:f5:8a:90:83:
         c8:94:d0:37:96:b5:48:72:83:84:44:75:01:94:b2:f7:14:6e:
         28:1e:58:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ1vpPkywjjvjXPAU72lqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQwMTAxMjIzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGZiNjUzYjEwMDc4NTc4MmFhMTc5OTdkOWUxZDQ1YTAwYTYyNWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6yz5I0g7PERZLP08qv/4kE8m7GtX
G7XA6GYGjiZ/1BLydwPfpi4On8nR4SjWQ+w4gRzFEnB7AlM9S1tfoWC/QeJnCmDM
vhov0chPema7saFCFIhD/KAP/1tEeEbgJBmKNSafZ/ig86lMA4kLH0wMGyUMsAiF
MbbYu+FtToUFrCdF65UbjIqXIJqTln9Q+iTKu0+YexHXfRPUoLC0UUvpEZAsyE/V
uwgg6zEcePJDfnU97vhsxbSK4wqEYglM/4/3EAaC8y1s9dhLGajwXRK9OBpcZG+7
NjiseDAkXSa7uQ4P+bhvSPBilIkc0fueCEuBFElaFtX1h7Dg9ByTifViDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI37ZTsQB4V4KqF5l9nh1FoApiXkMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvamZ0bE94QUhoWGdxb1htWDJlSFVXZ0NtSmVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmiDMA0G
CSqGSIb3DQEBCwUAA4IBAQCkF8D876lWLlJvvm6NLzBsaRgonHDjI6zJZDSBx2Ma
79HnU1mPexryHhrpchyZwHoetQIQnpEzNsLabE9HM6ra5rE8zDA9CGfWsvf7jL6G
Kk46tbNgCqFU/utXaAvnbPiEud7JL92HYDMwVmcOZaMqfqYYHWklx1TU0BMCliGk
Wl01aBo7rhMKGn6gBcoJEdK2LDj2SLDJl3GgEQuf2ZFYCVPhBrOy+x7Ho8fYnAFr
pXsikr9hY+wBRLaK83GRk2mhKRnCJL/WvF/0yXas2qdES5GSB/mAObqaUpeAaEaN
vg0FLVxmkPWKkIPIlNA3lrVIcoOERHUBlLL3FG4oHlge
-----END CERTIFICATE-----