Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/28f6ac-f805-4c91-b4ea-194887bda423/1/p09rUFvZ_HH6qe5iMJqboSH7et0.roa
File:                     p09rUFvZ_HH6qe5iMJqboSH7et0.roa (raw, json)
Hash identifier:          2Svcx+uOrWOdm8h0G14BKlDf7GUbANonZ7wD7tBJhyk=
Subject key identifier:   A7:4F:6B:50:5B:D9:FC:71:FA:A9:EE:62:30:9A:9B:A1:21:FB:7A:DD
Certificate issuer:       /CN=212eaf59a2bff3cab118711894478bb9eff93b85
Certificate serial:       018CC5DBFF7B86381AA6B7EDC0D342F75AFD
Authority key identifier: 21:2E:AF:59:A2:BF:F3:CA:B1:18:71:18:94:47:8B:B9:EF:F9:3B:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IS6vWaK_88qxGHEYlEeLue_5O4U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/28f6ac-f805-4c91-b4ea-194887bda423/1/p09rUFvZ_HH6qe5iMJqboSH7et0.roa
Signing time:             Mon 01 Jan 2024 16:29:38 +0000
ROA not before:           Mon 01 Jan 2024 16:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24958
IP address blocks:        185.10.14.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/28f6ac-f805-4c91-b4ea-194887bda423/1/IS6vWaK_88qxGHEYlEeLue_5O4U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/28f6ac-f805-4c91-b4ea-194887bda423/1/IS6vWaK_88qxGHEYlEeLue_5O4U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IS6vWaK_88qxGHEYlEeLue_5O4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 19:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:ff:7b:86:38:1a:a6:b7:ed:c0:d3:42:f7:5a:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=212eaf59a2bff3cab118711894478bb9eff93b85
        Validity
            Not Before: Jan  1 16:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a74f6b505bd9fc71faa9ee62309a9ba121fb7add
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:b5:1c:57:56:27:7f:e0:d4:82:ee:ad:bc:cc:
                    21:8c:96:86:b9:28:1e:9e:b4:9d:19:ce:b2:3a:3d:
                    4f:d0:9f:47:92:92:ea:5f:36:7b:3e:6a:4a:24:43:
                    b3:de:fc:58:80:6e:74:ca:f3:cc:3c:d4:44:e4:c6:
                    a5:83:2e:f1:02:d5:26:77:97:11:b5:94:82:f0:97:
                    48:07:89:09:1d:e8:29:55:03:c0:ea:ce:d9:b6:56:
                    60:d1:ad:43:e2:84:24:df:57:eb:a7:e7:bb:92:db:
                    3d:99:d5:79:10:51:fe:61:38:73:a0:bf:a5:fb:9e:
                    f4:f3:8a:f2:46:13:b7:96:81:45:9e:8b:19:c3:3a:
                    89:7f:55:0b:11:35:c2:1f:ed:3b:ed:6e:97:5d:87:
                    c6:a5:74:f6:63:49:f4:8d:09:14:fa:a6:41:06:02:
                    0d:15:07:72:a4:81:0b:9f:3f:b8:0d:ac:cc:77:ab:
                    d3:4d:30:69:b1:82:48:aa:33:82:21:66:86:d3:55:
                    75:c4:70:83:5a:80:79:e8:94:0c:1e:f9:37:26:e9:
                    8e:74:2b:7f:de:f1:b3:80:99:72:50:e0:e2:2c:69:
                    c1:58:00:66:f8:25:bc:e2:50:cc:e1:a3:4b:69:4f:
                    93:33:8f:03:4e:88:99:3e:dd:d7:46:fd:69:83:1f:
                    32:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:4F:6B:50:5B:D9:FC:71:FA:A9:EE:62:30:9A:9B:A1:21:FB:7A:DD
            X509v3 Authority Key Identifier:
                keyid:21:2E:AF:59:A2:BF:F3:CA:B1:18:71:18:94:47:8B:B9:EF:F9:3B:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IS6vWaK_88qxGHEYlEeLue_5O4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/28f6ac-f805-4c91-b4ea-194887bda423/1/p09rUFvZ_HH6qe5iMJqboSH7et0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/28f6ac-f805-4c91-b4ea-194887bda423/1/IS6vWaK_88qxGHEYlEeLue_5O4U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.10.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         76:48:87:79:1e:f3:8e:6e:5b:2e:a9:34:32:3b:94:9a:89:c1:
         ca:d9:d3:81:69:4c:a2:0f:66:0e:bf:5b:99:a5:a5:2e:5d:15:
         cd:d0:41:e3:54:97:ee:05:45:ee:7f:23:a7:24:c6:fc:12:34:
         9a:cf:3d:fb:73:9b:86:8d:92:0c:17:5a:bf:74:53:d5:bb:d6:
         b1:18:4e:7f:e5:c9:3d:3a:ee:f8:08:b3:f7:30:2e:48:1f:c2:
         8d:77:f1:24:9c:bf:b0:4d:54:dc:d1:ac:c2:a4:73:1c:f9:f1:
         c7:21:bf:0e:c6:e4:c8:16:b5:dc:7b:36:c1:77:8b:87:26:a3:
         d9:4c:57:c4:c3:2e:5f:c0:4c:71:1c:d2:1c:ef:2b:53:80:a0:
         e2:c7:51:f1:aa:13:46:5a:5a:20:7f:4d:dc:97:18:91:1e:85:
         bc:56:2b:30:09:8e:6c:a5:67:4f:0c:0d:c2:01:28:a8:7b:e3:
         7c:0d:7b:2d:17:be:be:fd:1a:a6:7a:91:bd:b7:f1:9b:d1:44:
         c9:bc:e7:e0:21:94:c5:57:55:17:8a:35:b9:7f:67:58:eb:ee:
         d9:f5:13:84:5b:d8:5f:57:52:8b:19:40:ae:4d:c5:e7:cc:0b:
         ee:1e:57:2a:54:c7:9d:c9:c8:48:02:a6:b5:27:e8:5f:69:89:
         6f:d6:af:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2/97hjgaprftwNNC91r9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMmVhZjU5YTJiZmYzY2FiMTE4NzExODk0NDc4YmI5ZWZm
OTNiODUwHhcNMjQwMTAxMTYyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzRmNmI1MDViZDlmYzcxZmFhOWVlNjIzMDlhOWJhMTIxZmI3YWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA07UcV1Ynf+DUgu6tvMwhjJaGuSge
nrSdGc6yOj1P0J9HkpLqXzZ7PmpKJEOz3vxYgG50yvPMPNRE5Malgy7xAtUmd5cR
tZSC8JdIB4kJHegpVQPA6s7ZtlZg0a1D4oQk31frp+e7kts9mdV5EFH+YThzoL+l
+57084ryRhO3loFFnosZwzqJf1ULETXCH+077W6XXYfGpXT2Y0n0jQkU+qZBBgIN
FQdypIELnz+4DazMd6vTTTBpsYJIqjOCIWaG01V1xHCDWoB56JQMHvk3JumOdCt/
3vGzgJlyUODiLGnBWABm+CW84lDM4aNLaU+TM48DToiZPt3XRv1pgx8yBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKdPa1Bb2fxx+qnuYjCam6Eh+3rdMB8GA1UdIwQY
MBaAFCEur1miv/PKsRhxGJRHi7nv+TuFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVM2dldhS184OHF4R0hFWWxFZUx1ZV81TzRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8yOGY2YWMtZjgwNS00YzkxLWI0ZWEt
MTk0ODg3YmRhNDIzLzEvcDA5clVGdlpfSEg2cWU1aU1KcWJvU0g3ZXQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8yOGY2YWMtZjgwNS00YzkxLWI0ZWEtMTk0ODg3YmRhNDIz
LzEvSVM2dldhS184OHF4R0hFWWxFZUx1ZV81TzRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuQoOMA0G
CSqGSIb3DQEBCwUAA4IBAQB2SId5HvOOblsuqTQyO5SaicHK2dOBaUyiD2YOv1uZ
paUuXRXN0EHjVJfuBUXufyOnJMb8EjSazz37c5uGjZIMF1q/dFPVu9axGE5/5ck9
Ou74CLP3MC5IH8KNd/EknL+wTVTc0azCpHMc+fHHIb8OxuTIFrXcezbBd4uHJqPZ
TFfEwy5fwExxHNIc7ytTgKDix1HxqhNGWlogf03clxiRHoW8ViswCY5spWdPDA3C
ASioe+N8DXstF76+/RqmepG9t/Gb0UTJvOfgIZTFV1UXijW5f2dY6+7Z9ROEW9hf
V1KLGUCuTcXnzAvuHlcqVMedychIAqa1J+hfaYlv1q+K
-----END CERTIFICATE-----