Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/54e912-b503-454c-a433-4def57365169/1/BkC382kbRID_J9MdHf3y_ZWlEf8.roa
File:                     BkC382kbRID_J9MdHf3y_ZWlEf8.roa (raw, json)
Hash identifier:          ts/8AAif8Jl4mhcHO6WxEGvpSqp2TwktqqlEa+sbGTU=
Subject key identifier:   06:40:B7:F3:69:1B:44:80:FF:27:D3:1D:1D:FD:F2:FD:95:A5:11:FF
Certificate issuer:       /CN=7a0bcdee8ce839c4d20413c862423cca04fdc60a
Certificate serial:       0194221FAD258B619A57EEE139E967F4D3C9
Authority key identifier: 7A:0B:CD:EE:8C:E8:39:C4:D2:04:13:C8:62:42:3C:CA:04:FD:C6:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/egvN7ozoOcTSBBPIYkI8ygT9xgo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/54e912-b503-454c-a433-4def57365169/1/BkC382kbRID_J9MdHf3y_ZWlEf8.roa
Signing time:             Wed 01 Jan 2025 13:48:08 +0000
ROA not before:           Wed 01 Jan 2025 13:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42482
IP address blocks:        185.14.4.0/22 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/54e912-b503-454c-a433-4def57365169/1/egvN7ozoOcTSBBPIYkI8ygT9xgo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/54e912-b503-454c-a433-4def57365169/1/egvN7ozoOcTSBBPIYkI8ygT9xgo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/egvN7ozoOcTSBBPIYkI8ygT9xgo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 14:13:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:ad:25:8b:61:9a:57:ee:e1:39:e9:67:f4:d3:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a0bcdee8ce839c4d20413c862423cca04fdc60a
        Validity
            Not Before: Jan  1 13:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0640b7f3691b4480ff27d31d1dfdf2fd95a511ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:40:94:73:de:1d:68:0f:17:48:9d:0d:01:f7:
                    89:24:59:d7:42:b8:58:39:e1:45:35:9c:cd:6d:5c:
                    d8:37:e5:0c:58:cc:8c:5d:a5:7d:27:3d:2a:73:69:
                    9b:28:f4:0c:ce:78:7e:69:d2:3e:e4:29:43:54:60:
                    86:66:bd:2d:3e:52:73:5d:28:39:ae:47:ba:62:09:
                    bb:8b:10:a9:ce:be:06:23:d5:20:82:e8:c6:f4:0b:
                    7b:c8:6e:46:b4:53:7a:75:f1:1d:6e:fb:fd:38:92:
                    0d:cf:10:13:05:8e:30:2e:e8:54:42:1a:18:92:7b:
                    e3:f6:74:fe:74:df:75:64:b8:58:8d:a4:79:47:b5:
                    7d:12:13:35:ef:51:87:51:9e:c2:0d:a2:92:a3:3a:
                    15:aa:08:63:37:13:22:6b:aa:78:90:40:d2:aa:4b:
                    0d:b8:ae:c5:9f:43:4e:73:58:50:37:15:73:51:62:
                    a1:be:78:5e:0c:df:92:62:fe:83:8b:e1:ff:c7:7c:
                    26:f4:0c:f3:2e:20:20:d1:bc:d8:9b:bd:3f:77:88:
                    d4:a6:cc:2d:15:3a:28:95:c4:0a:fc:55:0a:ad:30:
                    d2:84:ae:92:cc:52:3f:53:60:fd:a8:c1:b8:dc:20:
                    3e:4e:ec:5d:d2:3e:92:cc:f4:54:a8:68:14:7e:ae:
                    34:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:40:B7:F3:69:1B:44:80:FF:27:D3:1D:1D:FD:F2:FD:95:A5:11:FF
            X509v3 Authority Key Identifier:
                keyid:7A:0B:CD:EE:8C:E8:39:C4:D2:04:13:C8:62:42:3C:CA:04:FD:C6:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/egvN7ozoOcTSBBPIYkI8ygT9xgo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/54e912-b503-454c-a433-4def57365169/1/BkC382kbRID_J9MdHf3y_ZWlEf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/54e912-b503-454c-a433-4def57365169/1/egvN7ozoOcTSBBPIYkI8ygT9xgo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         54:b0:54:67:65:52:de:4c:a2:16:96:96:22:84:a8:18:05:82:
         c7:59:63:30:2f:6d:dd:dd:63:0f:1b:26:65:68:71:bc:1f:41:
         0d:2c:5d:81:bd:e2:3f:bb:e8:e7:23:f8:3a:fb:00:be:53:4f:
         9d:de:ca:a5:d4:fa:f7:ca:cc:4d:62:28:48:60:be:ef:52:26:
         f5:d6:71:7a:27:80:ed:bb:8e:16:3f:a3:46:e0:c6:ae:cb:a8:
         94:f4:a4:fe:df:af:ee:24:8a:4d:3c:f3:23:e2:51:5d:8b:55:
         de:9e:54:56:9f:24:0c:74:10:7c:07:62:5b:2a:ea:94:8d:09:
         94:12:38:6f:cf:15:4c:78:c1:96:88:1c:71:9d:fb:d0:5d:f3:
         8a:63:70:36:a2:55:a6:79:cc:99:b1:23:ec:ec:f0:db:4c:e7:
         aa:8f:2b:a1:59:d4:98:b9:6d:cf:10:bc:9b:26:6b:e6:f0:d8:
         d8:d0:73:ad:2c:de:1c:cf:52:d3:e5:e5:01:9e:6a:fa:f4:2f:
         ed:03:c3:0c:9a:07:9b:9a:1d:42:8e:c2:12:94:7f:20:4e:64:
         de:c4:f5:5c:e4:32:5d:18:12:1b:28:2f:27:57:15:be:6e:d6:
         16:af:49:86:b4:3c:d3:68:d0:59:e1:aa:b1:24:83:e0:f3:3b:
         ae:ab:62:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH60li2GaV+7hOeln9NPJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhMGJjZGVlOGNlODM5YzRkMjA0MTNjODYyNDIzY2NhMDRm
ZGM2MGEwHhcNMjUwMTAxMTM0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjQwYjdmMzY5MWI0NDgwZmYyN2QzMWQxZGZkZjJmZDk1YTUxMWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqECUc94daA8XSJ0NAfeJJFnXQrhY
OeFFNZzNbVzYN+UMWMyMXaV9Jz0qc2mbKPQMznh+adI+5ClDVGCGZr0tPlJzXSg5
rke6Ygm7ixCpzr4GI9UggujG9At7yG5GtFN6dfEdbvv9OJINzxATBY4wLuhUQhoY
knvj9nT+dN91ZLhYjaR5R7V9EhM171GHUZ7CDaKSozoVqghjNxMia6p4kEDSqksN
uK7Fn0NOc1hQNxVzUWKhvnheDN+SYv6Di+H/x3wm9AzzLiAg0bzYm70/d4jUpswt
FToolcQK/FUKrTDShK6SzFI/U2D9qMG43CA+Tuxd0j6SzPRUqGgUfq40TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAZAt/NpG0SA/yfTHR398v2VpRH/MB8GA1UdIwQY
MBaAFHoLze6M6DnE0gQTyGJCPMoE/cYKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWd2Tjdvem9PY1RTQkJQSVlrSTh5Z1Q5eGdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC81NGU5MTItYjUwMy00NTRjLWE0MzMt
NGRlZjU3MzY1MTY5LzEvQmtDMzgya2JSSURfSjlNZEhmM3lfWldsRWY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC81NGU5MTItYjUwMy00NTRjLWE0MzMtNGRlZjU3MzY1MTY5
LzEvZWd2Tjdvem9PY1RTQkJQSVlrSTh5Z1Q5eGdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQ4EMA0G
CSqGSIb3DQEBCwUAA4IBAQBUsFRnZVLeTKIWlpYihKgYBYLHWWMwL23d3WMPGyZl
aHG8H0ENLF2BveI/u+jnI/g6+wC+U0+d3sql1Pr3ysxNYihIYL7vUib11nF6J4Dt
u44WP6NG4Mauy6iU9KT+36/uJIpNPPMj4lFdi1XenlRWnyQMdBB8B2JbKuqUjQmU
EjhvzxVMeMGWiBxxnfvQXfOKY3A2olWmecyZsSPs7PDbTOeqjyuhWdSYuW3PELyb
Jmvm8NjY0HOtLN4cz1LT5eUBnmr69C/tA8MMmgebmh1CjsISlH8gTmTexPVc5DJd
GBIbKC8nVxW+btYWr0mGtDzTaNBZ4aqxJIPg8zuuq2JA
-----END CERTIFICATE-----