Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/n1TAH7TOenxL0jFL8-2OXKDKvps.roa
File:                     n1TAH7TOenxL0jFL8-2OXKDKvps.roa (raw, json)
Hash identifier:          UTywoTq7KumlZmXjNjCS9jnBNpizUUJYSWgHlZhkIRQ=
Subject key identifier:   9F:54:C0:1F:B4:CE:7A:7C:4B:D2:31:4B:F3:ED:8E:5C:A0:CA:BE:9B
Certificate issuer:       /CN=14bee0ebd06b4b812f9e13716e25f1c3c3d14cc6
Certificate serial:       018CC5DBEC3F3B794B155C9BD604337852EE
Authority key identifier: 14:BE:E0:EB:D0:6B:4B:81:2F:9E:13:71:6E:25:F1:C3:C3:D1:4C:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FL7g69BrS4EvnhNxbiXxw8PRTMY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/n1TAH7TOenxL0jFL8-2OXKDKvps.roa
Signing time:             Mon 01 Jan 2024 16:29:33 +0000
ROA not before:           Mon 01 Jan 2024 16:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20559
IP address blocks:        213.249.72.0/24 maxlen: 24
                          2a01:448:72::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/FL7g69BrS4EvnhNxbiXxw8PRTMY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/FL7g69BrS4EvnhNxbiXxw8PRTMY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FL7g69BrS4EvnhNxbiXxw8PRTMY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:ec:3f:3b:79:4b:15:5c:9b:d6:04:33:78:52:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=14bee0ebd06b4b812f9e13716e25f1c3c3d14cc6
        Validity
            Not Before: Jan  1 16:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f54c01fb4ce7a7c4bd2314bf3ed8e5ca0cabe9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:dc:f5:d2:df:ab:31:b5:b5:ce:76:c9:54:40:
                    eb:cf:af:b9:c2:7f:52:4f:5b:e8:01:1d:6a:0c:71:
                    2f:6b:8c:ef:0d:f4:18:f0:35:11:97:c8:69:07:7c:
                    ef:fb:3a:97:1a:24:65:fb:cb:6c:20:88:6c:62:9f:
                    61:dd:b7:2e:89:3c:aa:fb:05:21:d2:42:93:79:d1:
                    2c:95:4d:71:80:0c:2e:33:ff:6e:0f:ea:28:7f:8f:
                    74:1a:31:4b:f0:a7:b6:3f:e4:f2:37:90:6f:3c:aa:
                    fe:ab:7b:f1:a9:12:74:46:ba:ba:4b:2a:cd:3a:be:
                    36:14:3c:13:09:ab:6a:02:f9:a7:4c:c3:3d:ff:46:
                    85:00:ce:47:c6:09:e2:22:45:fb:78:91:8b:4c:bf:
                    af:b9:23:ad:28:25:5e:b6:c6:60:4e:2a:cb:b2:a1:
                    23:dc:cd:12:70:07:25:ec:ae:01:c6:8a:3b:41:59:
                    e5:ef:55:eb:68:78:ca:15:db:8c:77:6b:a8:33:ec:
                    75:0f:ee:30:48:2b:57:04:59:7a:cf:6b:66:46:60:
                    99:41:7e:d2:fc:aa:83:8b:d7:b6:d0:1b:df:39:1f:
                    82:cc:e2:f2:3d:a4:e7:b3:c5:c6:c6:78:f7:5b:0e:
                    eb:da:cb:3c:fd:f7:6b:62:88:0b:5e:61:a0:8d:09:
                    62:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:54:C0:1F:B4:CE:7A:7C:4B:D2:31:4B:F3:ED:8E:5C:A0:CA:BE:9B
            X509v3 Authority Key Identifier:
                keyid:14:BE:E0:EB:D0:6B:4B:81:2F:9E:13:71:6E:25:F1:C3:C3:D1:4C:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FL7g69BrS4EvnhNxbiXxw8PRTMY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/n1TAH7TOenxL0jFL8-2OXKDKvps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/161c3f-b83d-45b1-aa8e-d1bb6b4dd701/1/FL7g69BrS4EvnhNxbiXxw8PRTMY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.249.72.0/24
                IPv6:
                  2a01:448:72::/48

    Signature Algorithm: sha256WithRSAEncryption
         99:e5:b5:75:69:ed:00:6c:89:70:26:3b:31:e8:42:71:13:f3:
         4a:38:f2:bf:f6:b3:46:5f:0c:c5:78:1e:3c:47:3f:93:33:b5:
         bf:8f:ce:a9:f0:14:0d:0b:ec:1d:f9:b7:66:b9:2c:c9:f0:db:
         1a:a8:be:d6:1a:c7:9f:50:e1:f8:69:fa:a1:50:d7:d8:78:49:
         a6:8d:39:66:bf:10:96:c0:9c:e8:8d:2d:43:08:26:2d:cb:b0:
         88:20:a0:42:44:3d:e3:56:23:ca:be:25:af:d0:c8:dc:02:41:
         22:53:78:6d:58:8d:03:7a:f2:84:27:9d:f0:3d:6e:c3:ad:17:
         28:26:0c:28:9f:f5:d2:ae:18:91:01:17:bc:0d:21:a3:38:ae:
         f5:2d:a2:fd:14:ed:2f:78:fb:28:07:be:4a:38:13:f9:53:44:
         92:d7:a0:4e:c3:e4:39:a6:97:d0:94:9f:fb:88:e8:eb:8d:ef:
         07:9d:3c:8b:2a:ce:d1:39:b7:12:3e:48:a6:0e:06:1a:34:ea:
         51:43:3c:fb:e1:14:dc:5e:07:0d:9d:e2:aa:2b:b5:ee:95:c5:
         ba:a1:e5:48:8d:f6:f0:da:bd:76:fd:a7:a1:fb:10:ee:d8:0f:
         93:79:66:e4:98:11:5e:25:14:e3:bd:61:06:f2:51:8c:e1:a4:
         91:32:27:e4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzF2+w/O3lLFVyb1gQzeFLuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0YmVlMGViZDA2YjRiODEyZjllMTM3MTZlMjVmMWMzYzNk
MTRjYzYwHhcNMjQwMTAxMTYyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjU0YzAxZmI0Y2U3YTdjNGJkMjMxNGJmM2VkOGU1Y2EwY2FiZTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdz10t+rMbW1znbJVEDrz6+5wn9S
T1voAR1qDHEva4zvDfQY8DURl8hpB3zv+zqXGiRl+8tsIIhsYp9h3bcuiTyq+wUh
0kKTedEslU1xgAwuM/9uD+oof490GjFL8Ke2P+TyN5BvPKr+q3vxqRJ0Rrq6SyrN
Or42FDwTCatqAvmnTMM9/0aFAM5HxgniIkX7eJGLTL+vuSOtKCVetsZgTirLsqEj
3M0ScAcl7K4Bxoo7QVnl71XraHjKFduMd2uoM+x1D+4wSCtXBFl6z2tmRmCZQX7S
/KqDi9e20BvfOR+CzOLyPaTns8XGxnj3Ww7r2ss8/fdrYogLXmGgjQlimQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJ9UwB+0znp8S9IxS/Ptjlygyr6bMB8GA1UdIwQY
MBaAFBS+4OvQa0uBL54TcW4l8cPD0UzGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkw3ZzY5QnJTNEV2bmhOeGJpWHh3OFBSVE1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8xNjFjM2YtYjgzZC00NWIxLWFhOGUt
ZDFiYjZiNGRkNzAxLzEvbjFUQUg3VE9lbnhMMGpGTDgtMk9YS0RLdnBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8xNjFjM2YtYjgzZC00NWIxLWFhOGUtZDFiYjZiNGRkNzAx
LzEvRkw3ZzY5QnJTNEV2bmhOeGJpWHh3OFBSVE1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQA1flIMA8E
AgACMAkDBwAqAQRIAHIwDQYJKoZIhvcNAQELBQADggEBAJnltXVp7QBsiXAmOzHo
QnET80o48r/2s0ZfDMV4HjxHP5Mztb+PzqnwFA0L7B35t2a5LMnw2xqovtYax59Q
4fhp+qFQ19h4SaaNOWa/EJbAnOiNLUMIJi3LsIggoEJEPeNWI8q+Ja/QyNwCQSJT
eG1YjQN68oQnnfA9bsOtFygmDCif9dKuGJEBF7wNIaM4rvUtov0U7S94+ygHvko4
E/lTRJLXoE7D5Dmml9CUn/uI6OuN7wedPIsqztE5txI+SKYOBho06lFDPPvhFNxe
Bw2d4qorte6Vxbqh5UiN9vDavXb9p6H7EO7YD5N5ZuSYEV4lFOO9YQbyUYzhpJEy
J+Q=
-----END CERTIFICATE-----