Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/mkexmrcpP9Bn98t7JCUYJGJwOYI.roa
File:                     mkexmrcpP9Bn98t7JCUYJGJwOYI.roa (raw, json)
Hash identifier:          hW3i6FA8RFxyHl371joABk2n97802VOwTWDIvnTxGas=
Subject key identifier:   9A:47:B1:9A:B7:29:3F:D0:67:F7:CB:7B:24:25:18:24:62:70:39:82
Certificate issuer:       /CN=844969780141824cd0acbfa5a784611eeb0a7ddb
Certificate serial:       0190C6433F9F069F641FA9463CAD5E9EAE72
Authority key identifier: 84:49:69:78:01:41:82:4C:D0:AC:BF:A5:A7:84:61:1E:EB:0A:7D:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hElpeAFBgkzQrL-lp4RhHusKfds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/mkexmrcpP9Bn98t7JCUYJGJwOYI.roa
Signing time:             Thu 18 Jul 2024 14:33:34 +0000
ROA not before:           Thu 18 Jul 2024 14:33:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216192
IP address blocks:        194.177.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/hElpeAFBgkzQrL-lp4RhHusKfds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/hElpeAFBgkzQrL-lp4RhHusKfds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hElpeAFBgkzQrL-lp4RhHusKfds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:c6:43:3f:9f:06:9f:64:1f:a9:46:3c:ad:5e:9e:ae:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=844969780141824cd0acbfa5a784611eeb0a7ddb
        Validity
            Not Before: Jul 18 14:33:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9a47b19ab7293fd067f7cb7b2425182462703982
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:d9:26:06:13:57:85:3c:7b:42:10:6c:2c:ef:
                    6a:34:26:6c:01:54:6b:00:de:52:a3:1d:35:29:5e:
                    6a:3f:8d:52:26:eb:9b:ba:f1:fc:93:01:0c:90:5e:
                    3c:44:f7:ed:98:05:9b:12:60:e1:69:2a:12:ae:84:
                    67:48:2d:5b:c8:3b:17:13:b6:1c:82:48:a4:76:35:
                    d3:6c:e4:87:8e:66:06:31:b7:94:1d:75:e2:97:d3:
                    2e:7d:38:91:9b:f7:40:d1:4e:fe:f7:50:20:36:74:
                    a5:37:7c:9a:5e:39:d5:00:1a:14:e6:6d:c8:e3:ab:
                    f3:36:62:6a:49:dd:96:3a:82:02:87:06:68:52:b6:
                    09:2d:a2:77:96:a7:c7:65:7a:2b:ff:75:71:9c:77:
                    39:dc:30:56:93:a2:2d:8c:e9:37:af:22:e0:7d:1a:
                    72:23:7a:86:dd:d2:9f:67:52:d2:37:3c:ad:3b:f4:
                    18:a1:7b:d8:b2:0a:51:4c:50:4b:ca:8c:f6:97:97:
                    ac:1a:b1:39:ce:ba:9f:8e:42:1f:b7:e8:58:37:86:
                    99:bd:a1:07:c6:5e:45:c5:6c:06:97:c7:5c:a9:7d:
                    bf:66:15:c3:18:5c:e3:0e:90:96:83:47:b0:e8:69:
                    5d:bd:85:89:da:ff:bf:15:05:04:25:1f:d9:d2:3d:
                    2f:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:47:B1:9A:B7:29:3F:D0:67:F7:CB:7B:24:25:18:24:62:70:39:82
            X509v3 Authority Key Identifier:
                keyid:84:49:69:78:01:41:82:4C:D0:AC:BF:A5:A7:84:61:1E:EB:0A:7D:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hElpeAFBgkzQrL-lp4RhHusKfds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/mkexmrcpP9Bn98t7JCUYJGJwOYI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/e62f95-abbd-430d-8160-04ac17881aa9/1/hElpeAFBgkzQrL-lp4RhHusKfds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.177.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:c2:05:b3:c9:92:13:e1:8f:33:ab:ec:87:bd:4a:c9:90:5f:
         93:89:7f:ef:23:02:80:00:3e:04:ad:9e:eb:d7:07:9f:5b:93:
         61:af:d1:0b:de:63:6d:0c:62:2a:61:0f:4c:bc:48:08:88:d9:
         89:e2:68:05:a0:ee:13:a7:ab:07:b5:73:fb:31:d4:dd:ea:0b:
         96:c9:24:1e:7b:17:dc:b6:a0:fc:78:96:16:c1:8a:c7:8c:08:
         56:88:2b:2b:38:ee:b6:12:4f:a7:4b:9f:58:2a:4e:d5:99:31:
         de:b0:be:91:eb:15:a6:26:a5:3d:f2:1b:32:58:53:ad:9b:ca:
         6e:6a:6d:7d:61:1f:7f:8f:5f:4a:04:c8:af:5c:64:8c:34:15:
         68:7d:6c:c7:0a:f2:4b:91:c9:87:89:f6:07:04:65:4f:ad:fe:
         08:3c:6a:51:1e:6c:4c:45:6f:0a:19:7f:18:4d:54:76:a1:04:
         ef:b3:1a:1b:44:35:57:f1:6c:0f:5f:6f:1b:16:0f:66:8b:b5:
         e1:1f:63:5c:9c:62:7c:28:78:1d:98:f4:ce:b3:3f:bc:a1:ca:
         ed:1f:9d:6f:d1:5f:14:0e:b6:fa:ae:9e:11:e9:79:a7:42:a0:
         72:b0:1d:d0:4c:7d:f5:84:b7:4b:68:55:82:94:ea:c6:17:d8:
         34:ee:bc:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDGQz+fBp9kH6lGPK1enq5yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NDk2OTc4MDE0MTgyNGNkMGFjYmZhNWE3ODQ2MTFlZWIw
YTdkZGIwHhcNMjQwNzE4MTQzMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTQ3YjE5YWI3MjkzZmQwNjdmN2NiN2IyNDI1MTgyNDYyNzAzOTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtkmBhNXhTx7QhBsLO9qNCZsAVRr
AN5Sox01KV5qP41SJuubuvH8kwEMkF48RPftmAWbEmDhaSoSroRnSC1byDsXE7Yc
gkikdjXTbOSHjmYGMbeUHXXil9MufTiRm/dA0U7+91AgNnSlN3yaXjnVABoU5m3I
46vzNmJqSd2WOoIChwZoUrYJLaJ3lqfHZXor/3VxnHc53DBWk6ItjOk3ryLgfRpy
I3qG3dKfZ1LSNzytO/QYoXvYsgpRTFBLyoz2l5esGrE5zrqfjkIft+hYN4aZvaEH
xl5FxWwGl8dcqX2/ZhXDGFzjDpCWg0ew6GldvYWJ2v+/FQUEJR/Z0j0vkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJpHsZq3KT/QZ/fLeyQlGCRicDmCMB8GA1UdIwQY
MBaAFIRJaXgBQYJM0Ky/paeEYR7rCn3bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEVscGVBRkJna3pRckwtbHA0UmhIdXNLZmRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9lNjJmOTUtYWJiZC00MzBkLTgxNjAt
MDRhYzE3ODgxYWE5LzEvbWtleG1yY3BQOUJuOTh0N0pDVVlKR0p3T1lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9lNjJmOTUtYWJiZC00MzBkLTgxNjAtMDRhYzE3ODgxYWE5
LzEvaEVscGVBRkJna3pRckwtbHA0UmhIdXNLZmRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwrEOMA0G
CSqGSIb3DQEBCwUAA4IBAQB5wgWzyZIT4Y8zq+yHvUrJkF+TiX/vIwKAAD4ErZ7r
1wefW5Nhr9EL3mNtDGIqYQ9MvEgIiNmJ4mgFoO4Tp6sHtXP7MdTd6guWySQeexfc
tqD8eJYWwYrHjAhWiCsrOO62Ek+nS59YKk7VmTHesL6R6xWmJqU98hsyWFOtm8pu
am19YR9/j19KBMivXGSMNBVofWzHCvJLkcmHifYHBGVPrf4IPGpRHmxMRW8KGX8Y
TVR2oQTvsxobRDVX8WwPX28bFg9mi7XhH2NcnGJ8KHgdmPTOsz+8ocrtH51v0V8U
Drb6rp4R6XmnQqBysB3QTH31hLdLaFWClOrGF9g07rwC
-----END CERTIFICATE-----