Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/fz7D6L1KIne6RiLsUvdutCtJPZM.roa
File:                     fz7D6L1KIne6RiLsUvdutCtJPZM.roa (raw, json)
Hash identifier:          Uni4t0ZcTUNEmxY+4Nutg4tQabyhAKiEC3kVmeAUc5k=
Subject key identifier:   7F:3E:C3:E8:BD:4A:22:77:BA:46:22:EC:52:F7:6E:B4:2B:49:3D:93
Certificate issuer:       /CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Certificate serial:       018E1CA2E4E93A57F24C06BF144428A9B28B
Authority key identifier: 29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/fz7D6L1KIne6RiLsUvdutCtJPZM.roa
Signing time:             Fri 08 Mar 2024 05:57:01 +0000
ROA not before:           Fri 08 Mar 2024 05:57:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215389
IP address blocks:        185.14.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:1c:a2:e4:e9:3a:57:f2:4c:06:bf:14:44:28:a9:b2:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
        Validity
            Not Before: Mar  8 05:57:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f3ec3e8bd4a2277ba4622ec52f76eb42b493d93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:5a:f2:68:17:3d:92:a1:7f:57:69:65:5c:a3:
                    9a:ea:70:9f:0c:be:af:46:2c:75:c0:f1:3c:40:98:
                    7a:09:95:62:de:ae:d8:19:ac:ec:8d:29:b1:45:4f:
                    ce:72:4a:ef:ea:fa:98:6b:a8:99:34:2b:ff:95:b2:
                    dd:26:98:6d:cd:d8:2c:be:fb:45:da:74:54:8f:1a:
                    44:1b:d1:99:84:69:c4:91:27:9e:f4:09:c9:48:1d:
                    4c:ba:91:fb:6a:8f:e7:2f:6a:e7:f9:69:f2:1a:f0:
                    b0:98:4d:84:48:72:61:4e:e6:b2:e0:b7:9b:4e:d5:
                    d9:52:01:1a:b0:f6:5f:6e:ae:36:e7:3c:e6:8d:6a:
                    5d:fc:a5:f6:9b:e8:a4:a8:dd:52:f5:16:a2:a0:79:
                    76:77:b5:e6:32:54:aa:4c:7c:6c:41:4d:09:90:c8:
                    6c:0f:6b:a2:a3:b6:f0:51:16:a1:e9:3b:d4:ce:51:
                    ce:02:2b:82:ad:1a:d9:a2:d1:59:d6:f9:06:a0:13:
                    bd:91:9e:85:1f:dd:81:79:4d:df:f4:b5:26:a7:dc:
                    43:27:50:fc:34:15:04:90:8a:7c:1a:09:55:6a:97:
                    fd:5a:cc:60:a7:f6:60:7d:fd:e5:06:a7:a9:18:88:
                    32:40:b8:75:31:82:ab:dc:57:77:25:9d:29:19:bb:
                    5f:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:3E:C3:E8:BD:4A:22:77:BA:46:22:EC:52:F7:6E:B4:2B:49:3D:93
            X509v3 Authority Key Identifier:
                keyid:29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/fz7D6L1KIne6RiLsUvdutCtJPZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:ec:17:48:be:ab:45:74:be:3f:68:75:6b:e6:77:7e:fe:28:
         65:f7:27:af:13:5e:c3:79:ff:6f:9f:ab:8a:f0:78:dd:71:52:
         08:e6:34:87:72:ac:c1:c4:e5:2f:cd:a4:0d:ed:66:9a:7b:07:
         29:ff:8e:3d:1f:0e:ca:26:d3:1b:3c:54:03:5b:bd:b1:0f:ae:
         58:a3:b4:f8:bc:5f:0a:95:61:45:e5:17:02:95:f7:7f:18:4c:
         51:d5:75:a7:0c:78:2b:31:65:ed:66:63:c8:0f:f5:68:2a:a3:
         2d:97:87:1a:b7:64:81:48:2d:c2:3b:ea:da:01:38:41:3d:33:
         f0:f4:5e:2c:a2:2d:a1:38:7f:a0:56:f1:26:88:43:42:a2:c0:
         d8:30:57:a8:d4:0e:38:ec:51:4f:24:80:e5:e0:2c:43:7e:3c:
         18:c3:29:3a:80:7b:0b:48:ac:63:54:00:b3:a7:2a:21:84:2d:
         df:9b:f9:84:6c:9a:97:66:a4:2a:a4:85:56:ba:ef:9f:01:3d:
         98:2b:9d:b7:40:f9:da:cc:90:e7:d6:84:57:00:be:09:6d:bf:
         34:8e:ee:d2:f4:c6:35:ae:37:78:c5:e9:73:fd:d0:0a:c5:22:
         c2:b1:69:cf:52:60:d5:0c:b0:2e:c1:d0:b7:9a:e2:85:f5:66:
         a0:05:24:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4couTpOlfyTAa/FEQoqbKLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjU5M2I3NDdlNzZhNTY0OTI1MTFiYjM2MTJlNGQ1ZTRj
YmU3ZWMwHhcNMjQwMzA4MDU1NzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjNlYzNlOGJkNGEyMjc3YmE0NjIyZWM1MmY3NmViNDJiNDkzZDkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjFryaBc9kqF/V2llXKOa6nCfDL6v
Rix1wPE8QJh6CZVi3q7YGazsjSmxRU/Ockrv6vqYa6iZNCv/lbLdJphtzdgsvvtF
2nRUjxpEG9GZhGnEkSee9AnJSB1MupH7ao/nL2rn+WnyGvCwmE2ESHJhTuay4Leb
TtXZUgEasPZfbq425zzmjWpd/KX2m+ikqN1S9RaioHl2d7XmMlSqTHxsQU0JkMhs
D2uio7bwURah6TvUzlHOAiuCrRrZotFZ1vkGoBO9kZ6FH92BeU3f9LUmp9xDJ1D8
NBUEkIp8GglVapf9Wsxgp/Zgff3lBqepGIgyQLh1MYKr3Fd3JZ0pGbtfMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH8+w+i9SiJ3ukYi7FL3brQrST2TMB8GA1UdIwQY
MBaAFCllk7dH52pWSSURuzYS5NXky+fsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMt
MWI3Y2JiMDhkNzNmLzEvZno3RDZMMUtJbmU2UmlMc1V2ZHV0Q3RKUFpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMtMWI3Y2JiMDhkNzNm
LzEvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQ5eMA0G
CSqGSIb3DQEBCwUAA4IBAQC67BdIvqtFdL4/aHVr5nd+/ihl9yevE17Def9vn6uK
8HjdcVII5jSHcqzBxOUvzaQN7Waaewcp/449Hw7KJtMbPFQDW72xD65Yo7T4vF8K
lWFF5RcClfd/GExR1XWnDHgrMWXtZmPID/VoKqMtl4cat2SBSC3CO+raAThBPTPw
9F4soi2hOH+gVvEmiENCosDYMFeo1A447FFPJIDl4CxDfjwYwyk6gHsLSKxjVACz
pyohhC3fm/mEbJqXZqQqpIVWuu+fAT2YK523QPnazJDn1oRXAL4Jbb80ju7S9MY1
rjd4xelz/dAKxSLCsWnPUmDVDLAuwdC3muKF9WagBSRq
-----END CERTIFICATE-----