Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/64df8e-4b04-4223-8467-9939df1d0d09/1/h5XKQLnbD49GrZGLOxUirZThWJk.roa
File:                     h5XKQLnbD49GrZGLOxUirZThWJk.roa (raw, json)
Hash identifier:          +AkTBraCqiwhU6H47xBqoY41heU8XvkRXiQt8YdxNP4=
Subject key identifier:   87:95:CA:40:B9:DB:0F:8F:46:AD:91:8B:3B:15:22:AD:94:E1:58:99
Certificate issuer:       /CN=14fb7c3336acd4189d3fac639a280d9b0020f298
Certificate serial:       018CC94E6BCA970AF58DFF0D33C5692A6C5A
Authority key identifier: 14:FB:7C:33:36:AC:D4:18:9D:3F:AC:63:9A:28:0D:9B:00:20:F2:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FPt8Mzas1BidP6xjmigNmwAg8pg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/64df8e-4b04-4223-8467-9939df1d0d09/1/h5XKQLnbD49GrZGLOxUirZThWJk.roa
Signing time:             Tue 02 Jan 2024 08:33:28 +0000
ROA not before:           Tue 02 Jan 2024 08:33:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        185.90.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/64df8e-4b04-4223-8467-9939df1d0d09/1/FPt8Mzas1BidP6xjmigNmwAg8pg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/64df8e-4b04-4223-8467-9939df1d0d09/1/FPt8Mzas1BidP6xjmigNmwAg8pg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FPt8Mzas1BidP6xjmigNmwAg8pg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:6b:ca:97:0a:f5:8d:ff:0d:33:c5:69:2a:6c:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=14fb7c3336acd4189d3fac639a280d9b0020f298
        Validity
            Not Before: Jan  2 08:33:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8795ca40b9db0f8f46ad918b3b1522ad94e15899
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ed:48:83:45:fc:da:4e:96:bf:b3:4b:25:dc:
                    da:a2:36:70:d9:76:96:f2:ca:03:58:87:6c:4c:cf:
                    d3:ce:dd:5c:a7:7f:50:e4:cc:b1:7b:de:03:88:3e:
                    0e:92:7b:5c:4a:e3:f9:a8:3b:19:5b:88:f0:4c:05:
                    11:3a:7a:bf:88:88:26:1a:29:2c:75:13:cd:3f:2d:
                    d4:56:df:1d:b4:f1:6b:a2:25:5e:d9:e1:35:79:44:
                    58:7f:ae:14:91:68:65:4c:80:f7:1a:11:08:55:9b:
                    6f:80:91:f7:a0:84:18:f7:f2:b2:6c:d8:3e:a6:f7:
                    b2:ac:a2:8f:df:23:66:1c:2e:f4:b2:a5:d3:9e:50:
                    5e:b0:fe:74:d2:4d:e2:78:35:f5:0a:0c:cd:f7:f2:
                    63:17:70:60:c8:4a:26:3c:fe:11:0d:f2:b3:a5:96:
                    f0:12:83:37:ff:1f:4d:e8:d0:88:ec:1c:ed:4d:fa:
                    13:e8:cc:bf:30:b2:f7:56:9f:66:e3:ad:b1:c2:99:
                    5d:ea:9e:19:27:62:98:93:70:06:85:05:37:ad:12:
                    2c:9b:a5:d7:32:7a:02:30:e8:65:26:ae:34:78:f8:
                    e5:17:a0:a2:59:c3:7d:26:b4:06:64:5c:63:55:01:
                    09:89:ba:1e:79:63:d9:62:7a:ef:eb:e4:37:95:7c:
                    aa:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:95:CA:40:B9:DB:0F:8F:46:AD:91:8B:3B:15:22:AD:94:E1:58:99
            X509v3 Authority Key Identifier:
                keyid:14:FB:7C:33:36:AC:D4:18:9D:3F:AC:63:9A:28:0D:9B:00:20:F2:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FPt8Mzas1BidP6xjmigNmwAg8pg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/64df8e-4b04-4223-8467-9939df1d0d09/1/h5XKQLnbD49GrZGLOxUirZThWJk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/64df8e-4b04-4223-8467-9939df1d0d09/1/FPt8Mzas1BidP6xjmigNmwAg8pg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.90.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:fa:6e:70:e4:0e:28:ec:2f:ff:ed:d5:ff:04:d6:8d:a2:9f:
         6e:01:73:5a:a7:88:2f:06:01:52:67:28:a5:a2:01:80:c8:ed:
         ad:05:9b:e5:b7:84:4f:f7:6a:23:04:9a:56:d3:e4:a9:d4:c0:
         b1:ae:e2:02:54:7c:5f:f8:7b:b8:72:85:53:ca:8c:12:0f:9b:
         cc:88:46:37:de:af:72:b3:ba:64:ad:ee:86:51:da:0b:97:b7:
         39:f1:8d:32:10:cd:84:a5:b6:fd:4c:ff:05:0f:d4:6e:bb:35:
         0c:67:41:a9:ec:d4:de:4e:7d:11:b8:be:a6:e0:91:52:48:25:
         10:4b:c3:57:f9:89:b2:bc:bf:19:d3:a3:c4:23:c7:e2:5d:ef:
         30:8f:b9:e1:48:7a:d9:97:eb:91:15:cb:13:db:af:54:1d:8e:
         8f:51:59:9b:14:58:20:c1:3e:11:2b:0e:95:d2:f5:75:fe:95:
         4e:fb:ab:d8:57:64:a7:b9:f7:40:34:db:f1:62:e0:83:c4:84:
         f3:b3:1e:b2:3f:24:95:07:01:21:e6:4d:76:24:2b:77:6a:29:
         ec:04:ad:34:3b:b6:4c:8c:75:3c:82:6c:e4:3c:36:e7:02:8f:
         b4:a9:50:5e:5a:34:50:25:5f:80:94:68:57:af:1b:92:b5:20:
         75:32:ff:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTmvKlwr1jf8NM8VpKmxaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0ZmI3YzMzMzZhY2Q0MTg5ZDNmYWM2MzlhMjgwZDliMDAy
MGYyOTgwHhcNMjQwMTAyMDgzMzI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Nzk1Y2E0MGI5ZGIwZjhmNDZhZDkxOGIzYjE1MjJhZDk0ZTE1ODk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAme1Ig0X82k6Wv7NLJdzaojZw2XaW
8soDWIdsTM/Tzt1cp39Q5Myxe94DiD4OkntcSuP5qDsZW4jwTAUROnq/iIgmGiks
dRPNPy3UVt8dtPFroiVe2eE1eURYf64UkWhlTID3GhEIVZtvgJH3oIQY9/KybNg+
pveyrKKP3yNmHC70sqXTnlBesP500k3ieDX1CgzN9/JjF3BgyEomPP4RDfKzpZbw
EoM3/x9N6NCI7BztTfoT6My/MLL3Vp9m462xwpld6p4ZJ2KYk3AGhQU3rRIsm6XX
MnoCMOhlJq40ePjlF6CiWcN9JrQGZFxjVQEJiboeeWPZYnrv6+Q3lXyqHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIeVykC52w+PRq2RizsVIq2U4ViZMB8GA1UdIwQY
MBaAFBT7fDM2rNQYnT+sY5ooDZsAIPKYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlB0OE16YXMxQmlkUDZ4am1pZ05td0FnOHBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi82NGRmOGUtNGIwNC00MjIzLTg0Njct
OTkzOWRmMWQwZDA5LzEvaDVYS1FMbmJENDlHclpHTE94VWlyWlRoV0prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi82NGRmOGUtNGIwNC00MjIzLTg0NjctOTkzOWRmMWQwZDA5
LzEvRlB0OE16YXMxQmlkUDZ4am1pZ05td0FnOHBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVp3MA0G
CSqGSIb3DQEBCwUAA4IBAQBK+m5w5A4o7C//7dX/BNaNop9uAXNap4gvBgFSZyil
ogGAyO2tBZvlt4RP92ojBJpW0+Sp1MCxruICVHxf+Hu4coVTyowSD5vMiEY33q9y
s7pkre6GUdoLl7c58Y0yEM2Epbb9TP8FD9RuuzUMZ0Gp7NTeTn0RuL6m4JFSSCUQ
S8NX+YmyvL8Z06PEI8fiXe8wj7nhSHrZl+uRFcsT269UHY6PUVmbFFggwT4RKw6V
0vV1/pVO+6vYV2SnufdANNvxYuCDxITzsx6yPySVBwEh5k12JCt3ainsBK00O7ZM
jHU8gmzkPDbnAo+0qVBeWjRQJV+AlGhXrxuStSB1Mv/r
-----END CERTIFICATE-----