Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/D14UKbYxMlKLSeiG19bLbsuTDuQ.roa
File:                     D14UKbYxMlKLSeiG19bLbsuTDuQ.roa (raw, json)
Hash identifier:          8Unu67ok6hBha346E5AKKh0uTWMmAFUuJqZ+3dmAjgU=
Subject key identifier:   0F:5E:14:29:B6:31:32:52:8B:49:E8:86:D7:D6:CB:6E:CB:93:0E:E4
Certificate issuer:       /CN=352ae33b11b36a319ba81347d852480d8e74c87d
Certificate serial:       018CCA99A08B49ECD573D43F97B9671ECD40
Authority key identifier: 35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/D14UKbYxMlKLSeiG19bLbsuTDuQ.roa
Signing time:             Tue 02 Jan 2024 14:35:14 +0000
ROA not before:           Tue 02 Jan 2024 14:35:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206487
IP address blocks:        188.86.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:a0:8b:49:ec:d5:73:d4:3f:97:b9:67:1e:cd:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=352ae33b11b36a319ba81347d852480d8e74c87d
        Validity
            Not Before: Jan  2 14:35:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f5e1429b63132528b49e886d7d6cb6ecb930ee4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:70:31:c3:74:dc:b6:5d:06:0a:cd:bb:52:a4:
                    35:ba:04:9e:44:98:50:42:28:05:2c:be:34:74:64:
                    af:a9:2a:72:1d:69:a4:fb:7a:60:d8:ab:28:0d:21:
                    6f:44:d5:6f:7a:74:fa:cc:54:d6:34:ba:51:cf:c1:
                    76:37:28:9d:27:5d:36:9c:62:2c:3a:66:21:e1:4b:
                    46:b7:93:c2:87:32:c2:0c:71:7c:10:11:a5:90:78:
                    6e:6e:08:05:68:e5:ef:38:ed:a7:fa:16:80:3e:4c:
                    b6:01:2f:a2:45:0f:db:0f:51:98:7c:a0:22:38:81:
                    b7:a5:1d:61:2e:95:76:67:f9:f1:a3:b1:f8:f7:b0:
                    00:b9:ed:7d:5a:64:3b:84:e9:fc:83:a8:7c:96:8f:
                    7c:ad:35:d9:a4:de:f4:0c:14:dc:2c:d5:12:62:24:
                    a1:5b:f2:be:e9:c9:ee:66:9f:99:38:c9:f6:20:dd:
                    ab:c8:62:f0:75:6b:40:94:fa:b1:b8:25:46:ae:3d:
                    d1:c1:a1:28:af:ef:5f:a6:c0:fc:24:b7:d7:c3:ff:
                    b4:f2:9d:fd:60:f1:82:f1:8d:38:da:97:72:05:ad:
                    1e:2e:97:9d:79:b5:47:80:13:58:3b:29:c0:da:8d:
                    91:3c:fa:47:14:71:3e:59:ab:00:f3:d9:21:c2:ab:
                    dc:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:5E:14:29:B6:31:32:52:8B:49:E8:86:D7:D6:CB:6E:CB:93:0E:E4
            X509v3 Authority Key Identifier:
                keyid:35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/D14UKbYxMlKLSeiG19bLbsuTDuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.86.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:05:19:e6:89:f0:e3:cf:de:5f:9d:e0:8d:c0:7a:e9:44:4a:
         60:8d:45:4b:f0:f3:12:b8:16:ad:47:6c:6d:78:f0:c2:22:45:
         cd:88:21:15:51:5b:a9:8f:0e:74:e0:15:f3:a5:98:10:75:aa:
         9d:b5:de:76:70:ba:a5:fa:9c:a5:6c:18:86:06:94:b1:96:13:
         e1:92:eb:d6:1a:d4:fe:1d:bc:07:93:89:4f:80:1a:86:1a:2b:
         d2:b2:8f:55:03:78:fc:cb:cf:ef:50:76:f6:de:21:21:a7:9d:
         fd:54:b9:b3:26:20:c6:47:61:4f:fe:c8:24:8a:86:51:cc:9c:
         61:f8:e4:c7:aa:c3:c8:d2:97:59:40:29:e4:19:89:01:7f:eb:
         cb:d0:b7:41:53:08:b2:ca:92:d6:19:d3:fa:d7:76:33:d2:13:
         2e:de:b9:18:b0:7a:f5:f3:e2:11:42:a8:35:b5:32:f9:b5:35:
         d1:31:7c:5a:ab:ee:d3:f4:ad:0c:7a:cd:b1:99:51:22:ad:92:
         9f:0c:df:a7:1b:a4:fa:bc:df:4d:d9:f9:9d:53:46:da:ec:3e:
         cb:6a:1f:e9:49:b6:15:82:95:d8:6a:52:82:5b:99:19:9a:e4:
         6a:25:24:07:49:23:f2:dd:5f:7b:9c:c0:79:f6:52:09:e7:40:
         dd:1b:2f:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmaCLSezVc9Q/l7lnHs1AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MmFlMzNiMTFiMzZhMzE5YmE4MTM0N2Q4NTI0ODBkOGU3
NGM4N2QwHhcNMjQwMTAyMTQzNTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjVlMTQyOWI2MzEzMjUyOGI0OWU4ODZkN2Q2Y2I2ZWNiOTMwZWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3Axw3Tctl0GCs27UqQ1ugSeRJhQ
QigFLL40dGSvqSpyHWmk+3pg2KsoDSFvRNVvenT6zFTWNLpRz8F2NyidJ102nGIs
OmYh4UtGt5PChzLCDHF8EBGlkHhubggFaOXvOO2n+haAPky2AS+iRQ/bD1GYfKAi
OIG3pR1hLpV2Z/nxo7H497AAue19WmQ7hOn8g6h8lo98rTXZpN70DBTcLNUSYiSh
W/K+6cnuZp+ZOMn2IN2ryGLwdWtAlPqxuCVGrj3RwaEor+9fpsD8JLfXw/+08p39
YPGC8Y042pdyBa0eLpedebVHgBNYOynA2o2RPPpHFHE+WasA89khwqvccwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA9eFCm2MTJSi0nohtfWy27Lkw7kMB8GA1UdIwQY
MBaAFDUq4zsRs2oxm6gTR9hSSA2OdMh9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMt
MjUwNTBjNTkzYWExLzEvRDE0VUtiWXhNbEtMU2VpRzE5Ykxic3VURHVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMtMjUwNTBjNTkzYWEx
LzEvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvFZ0MA0G
CSqGSIb3DQEBCwUAA4IBAQBRBRnmifDjz95fneCNwHrpREpgjUVL8PMSuBatR2xt
ePDCIkXNiCEVUVupjw504BXzpZgQdaqdtd52cLql+pylbBiGBpSxlhPhkuvWGtT+
HbwHk4lPgBqGGivSso9VA3j8y8/vUHb23iEhp539VLmzJiDGR2FP/sgkioZRzJxh
+OTHqsPI0pdZQCnkGYkBf+vL0LdBUwiyypLWGdP613Yz0hMu3rkYsHr18+IRQqg1
tTL5tTXRMXxaq+7T9K0Mes2xmVEirZKfDN+nG6T6vN9N2fmdU0ba7D7Lah/pSbYV
gpXYalKCW5kZmuRqJSQHSSPy3V97nMB59lIJ50DdGy+F
-----END CERTIFICATE-----