Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/54e912-b503-454c-a433-4def57365169/1/pFpHYTJDzfp3gTgn_kI_y53S9sg.roa
File:                     pFpHYTJDzfp3gTgn_kI_y53S9sg.roa (raw, json)
Hash identifier:          EXc8I99N0J+DO/potKMlGPdBPQNPugAZrut2T1EEIwo=
Subject key identifier:   A4:5A:47:61:32:43:CD:FA:77:81:38:27:FE:42:3F:CB:9D:D2:F6:C8
Certificate issuer:       /CN=7a0bcdee8ce839c4d20413c862423cca04fdc60a
Certificate serial:       018CC8DEF42535047349EAC254BFD070743D
Authority key identifier: 7A:0B:CD:EE:8C:E8:39:C4:D2:04:13:C8:62:42:3C:CA:04:FD:C6:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/egvN7ozoOcTSBBPIYkI8ygT9xgo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/54e912-b503-454c-a433-4def57365169/1/pFpHYTJDzfp3gTgn_kI_y53S9sg.roa
Signing time:             Tue 02 Jan 2024 06:31:43 +0000
ROA not before:           Tue 02 Jan 2024 06:31:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42482
IP address blocks:        185.14.4.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/54e912-b503-454c-a433-4def57365169/1/egvN7ozoOcTSBBPIYkI8ygT9xgo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/54e912-b503-454c-a433-4def57365169/1/egvN7ozoOcTSBBPIYkI8ygT9xgo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/egvN7ozoOcTSBBPIYkI8ygT9xgo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:f4:25:35:04:73:49:ea:c2:54:bf:d0:70:74:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a0bcdee8ce839c4d20413c862423cca04fdc60a
        Validity
            Not Before: Jan  2 06:31:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a45a47613243cdfa77813827fe423fcb9dd2f6c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:c0:2b:7f:f0:b1:95:ba:52:ad:aa:ba:d9:27:
                    af:43:0d:a9:b3:f4:97:f8:cb:6a:69:02:6a:ca:bb:
                    d1:26:33:ff:f7:bf:b9:d4:12:ad:e9:1a:5a:31:a3:
                    b3:d5:cf:4c:95:ff:06:89:d0:0a:54:8d:bf:78:c1:
                    9a:a7:d5:d8:ea:f2:e3:61:da:83:de:e8:03:d2:81:
                    b3:54:f1:2d:2b:98:5f:d4:41:4b:af:34:a2:9b:6d:
                    ba:16:dd:76:e5:14:75:45:5b:b5:8e:78:a6:d8:24:
                    cf:22:de:34:52:73:da:bc:f5:16:cf:d7:91:71:c7:
                    5d:b6:83:fc:94:41:7c:7f:ca:c3:03:94:7f:08:fc:
                    6c:82:ec:0d:4c:17:d4:0a:c6:f8:d2:18:f5:8f:d9:
                    3b:be:62:61:94:01:70:44:23:77:28:13:f4:61:91:
                    56:a7:5c:a0:f1:84:47:48:88:c1:ca:c4:bb:ba:be:
                    85:49:56:95:6e:80:22:ca:e8:a8:26:e4:99:3a:22:
                    59:f6:9c:3f:a8:30:7e:56:3a:4a:7a:42:d2:4d:c7:
                    a9:c3:82:a0:c3:5a:11:5b:77:17:41:f6:5d:5b:84:
                    df:28:1d:00:56:5c:a3:16:2a:8a:cf:c8:6a:4f:a2:
                    b4:3a:f8:d4:d2:fd:f5:43:ce:83:f0:59:94:da:7b:
                    cc:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:5A:47:61:32:43:CD:FA:77:81:38:27:FE:42:3F:CB:9D:D2:F6:C8
            X509v3 Authority Key Identifier:
                keyid:7A:0B:CD:EE:8C:E8:39:C4:D2:04:13:C8:62:42:3C:CA:04:FD:C6:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/egvN7ozoOcTSBBPIYkI8ygT9xgo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/54e912-b503-454c-a433-4def57365169/1/pFpHYTJDzfp3gTgn_kI_y53S9sg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/54e912-b503-454c-a433-4def57365169/1/egvN7ozoOcTSBBPIYkI8ygT9xgo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         20:35:11:1d:1c:c3:13:93:ab:1e:ef:85:cb:e8:25:fc:3c:a5:
         9f:7f:d1:f3:9f:eb:df:ad:0a:c3:74:f0:73:7c:70:71:b3:59:
         58:ce:6d:aa:50:42:e6:54:e3:b0:c0:bc:bf:d8:f3:5a:67:72:
         e3:5c:9e:1d:ad:67:13:f9:59:39:e2:ac:d8:73:90:84:1c:27:
         7d:4f:ba:d0:cb:95:74:76:af:c9:ca:70:3e:9c:c2:59:45:26:
         41:5a:a2:72:bb:e6:8d:ca:38:8d:62:cb:0e:85:6a:55:4a:17:
         58:ef:c3:5e:1e:91:28:0a:5f:5d:63:a8:29:1a:ae:40:8f:e0:
         a1:c0:59:ec:48:8e:78:16:cf:e6:4c:68:18:9a:41:c8:48:8f:
         15:82:91:4c:35:a1:68:c4:c0:12:51:c6:03:cc:17:02:51:5e:
         d3:69:d5:61:13:89:f1:c8:bb:ca:c3:0b:b5:85:87:8b:92:ca:
         3e:85:61:3c:59:1d:bf:dd:d3:77:d5:26:2e:56:03:c7:10:4b:
         67:74:f3:77:68:52:33:40:06:25:af:65:a8:13:a0:38:f3:6e:
         e9:f1:5d:a9:d9:3b:f0:5d:9b:cd:3c:91:f3:cd:66:a5:76:16:
         28:15:37:a6:59:79:53:9f:76:f6:e6:d2:f2:73:7b:1f:20:56:
         a1:49:7d:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3vQlNQRzSerCVL/QcHQ9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhMGJjZGVlOGNlODM5YzRkMjA0MTNjODYyNDIzY2NhMDRm
ZGM2MGEwHhcNMjQwMTAyMDYzMTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDVhNDc2MTMyNDNjZGZhNzc4MTM4MjdmZTQyM2ZjYjlkZDJmNmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhMArf/CxlbpSraq62SevQw2ps/SX
+MtqaQJqyrvRJjP/97+51BKt6RpaMaOz1c9Mlf8GidAKVI2/eMGap9XY6vLjYdqD
3ugD0oGzVPEtK5hf1EFLrzSim226Ft125RR1RVu1jnim2CTPIt40UnPavPUWz9eR
ccddtoP8lEF8f8rDA5R/CPxsguwNTBfUCsb40hj1j9k7vmJhlAFwRCN3KBP0YZFW
p1yg8YRHSIjBysS7ur6FSVaVboAiyuioJuSZOiJZ9pw/qDB+VjpKekLSTcepw4Kg
w1oRW3cXQfZdW4TfKB0AVlyjFiqKz8hqT6K0OvjU0v31Q86D8FmU2nvMcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKRaR2EyQ836d4E4J/5CP8ud0vbIMB8GA1UdIwQY
MBaAFHoLze6M6DnE0gQTyGJCPMoE/cYKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWd2Tjdvem9PY1RTQkJQSVlrSTh5Z1Q5eGdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC81NGU5MTItYjUwMy00NTRjLWE0MzMt
NGRlZjU3MzY1MTY5LzEvcEZwSFlUSkR6ZnAzZ1Rnbl9rSV95NTNTOXNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC81NGU5MTItYjUwMy00NTRjLWE0MzMtNGRlZjU3MzY1MTY5
LzEvZWd2Tjdvem9PY1RTQkJQSVlrSTh5Z1Q5eGdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQ4EMA0G
CSqGSIb3DQEBCwUAA4IBAQAgNREdHMMTk6se74XL6CX8PKWff9Hzn+vfrQrDdPBz
fHBxs1lYzm2qUELmVOOwwLy/2PNaZ3LjXJ4drWcT+Vk54qzYc5CEHCd9T7rQy5V0
dq/JynA+nMJZRSZBWqJyu+aNyjiNYssOhWpVShdY78NeHpEoCl9dY6gpGq5Aj+Ch
wFnsSI54Fs/mTGgYmkHISI8VgpFMNaFoxMASUcYDzBcCUV7TadVhE4nxyLvKwwu1
hYeLkso+hWE8WR2/3dN31SYuVgPHEEtndPN3aFIzQAYlr2WoE6A4827p8V2p2Tvw
XZvNPJHzzWaldhYoFTemWXlTn3b25tLyc3sfIFahSX3Z
-----END CERTIFICATE-----