Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/3fe1a0-c6fd-4bc4-aae1-9ee006942b4b/1/jzCb-yC5oLln-NBurSqRNPEp3vA.roa
File:                     jzCb-yC5oLln-NBurSqRNPEp3vA.roa (raw, json)
Hash identifier:          rHOT8RTf//rfOIWu/rkXNFvqrubMdl93FU6rJ1q5X8A=
Subject key identifier:   8F:30:9B:FB:20:B9:A0:B9:67:F8:D0:6E:AD:2A:91:34:F1:29:DE:F0
Certificate issuer:       /CN=7f03a1f8c334fdbf4b78def0c592ff0490ddf4b0
Certificate serial:       018CC793FA92EE672CB854675DF8C59926CC
Authority key identifier: 7F:03:A1:F8:C3:34:FD:BF:4B:78:DE:F0:C5:92:FF:04:90:DD:F4:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fwOh-MM0_b9LeN7wxZL_BJDd9LA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/3fe1a0-c6fd-4bc4-aae1-9ee006942b4b/1/jzCb-yC5oLln-NBurSqRNPEp3vA.roa
Signing time:             Tue 02 Jan 2024 00:30:13 +0000
ROA not before:           Tue 02 Jan 2024 00:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.13.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/3fe1a0-c6fd-4bc4-aae1-9ee006942b4b/1/fwOh-MM0_b9LeN7wxZL_BJDd9LA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/3fe1a0-c6fd-4bc4-aae1-9ee006942b4b/1/fwOh-MM0_b9LeN7wxZL_BJDd9LA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fwOh-MM0_b9LeN7wxZL_BJDd9LA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:fa:92:ee:67:2c:b8:54:67:5d:f8:c5:99:26:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f03a1f8c334fdbf4b78def0c592ff0490ddf4b0
        Validity
            Not Before: Jan  2 00:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f309bfb20b9a0b967f8d06ead2a9134f129def0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:68:41:7d:69:1d:e3:f5:10:4c:45:14:74:39:
                    94:dc:21:9c:77:d1:04:ad:fc:0c:ee:03:69:bc:51:
                    8d:b6:e5:b4:e9:a9:23:3f:26:29:7b:a8:ee:c2:25:
                    ab:9f:1b:4e:de:68:ed:91:53:85:34:32:ea:7e:0a:
                    24:ce:23:57:13:94:9d:7d:e6:7d:90:6f:9a:68:7f:
                    09:91:ca:53:66:dc:bc:b7:04:5c:a8:5e:3e:dd:4d:
                    97:83:55:88:cd:fa:4a:2c:4c:f5:e3:ed:34:dd:62:
                    9d:b9:09:dc:da:71:7e:9d:9e:49:59:1c:12:8f:68:
                    d8:b5:7c:22:2f:33:a1:bf:e7:23:d7:43:74:8b:73:
                    4e:93:d7:65:03:8a:b6:6a:e2:81:7c:ce:36:a0:a5:
                    53:09:0f:3f:de:3b:75:f2:b7:4e:cd:55:a7:73:aa:
                    2f:22:d7:25:9b:35:6d:47:07:6e:6c:da:a5:31:3f:
                    a1:a8:1d:91:97:6e:7e:a0:a7:11:27:9b:9f:6b:d1:
                    45:81:2e:cb:ee:36:0a:9f:a4:fc:92:3c:b9:61:be:
                    bb:ac:9a:8e:c2:a2:db:74:6a:e2:7c:e9:be:e1:7b:
                    01:cb:f3:5a:ca:96:39:2f:57:16:2b:35:e2:6e:9c:
                    32:20:a6:f6:1c:33:e3:a1:67:20:5b:b0:32:a8:fc:
                    42:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:30:9B:FB:20:B9:A0:B9:67:F8:D0:6E:AD:2A:91:34:F1:29:DE:F0
            X509v3 Authority Key Identifier:
                keyid:7F:03:A1:F8:C3:34:FD:BF:4B:78:DE:F0:C5:92:FF:04:90:DD:F4:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fwOh-MM0_b9LeN7wxZL_BJDd9LA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/3fe1a0-c6fd-4bc4-aae1-9ee006942b4b/1/jzCb-yC5oLln-NBurSqRNPEp3vA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/3fe1a0-c6fd-4bc4-aae1-9ee006942b4b/1/fwOh-MM0_b9LeN7wxZL_BJDd9LA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.13.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:f7:c4:7d:db:56:51:48:97:3b:2a:99:42:25:f0:53:1f:97:
         18:b6:fe:a3:0a:c0:f5:e4:65:27:61:b6:fb:49:89:09:be:79:
         d7:60:ef:c1:75:1c:d9:0b:f1:d7:ca:59:7e:55:18:b6:09:42:
         a9:65:a8:ad:84:18:67:63:ea:c4:99:63:4c:5f:e8:a9:e1:84:
         ca:24:41:f3:22:a2:3e:55:b4:04:09:33:e9:7e:19:6e:08:b8:
         c7:cf:75:db:23:ef:4e:3e:b8:ac:46:4d:c4:23:f6:06:a3:7a:
         e7:fe:ca:0e:a0:e3:a2:07:73:55:64:86:a1:fc:ae:c5:55:39:
         08:65:d7:8f:ab:33:33:79:87:14:2a:0a:40:73:11:8c:2c:35:
         65:16:0b:c3:c0:99:34:04:47:dd:da:d8:7e:78:c1:b0:59:e2:
         89:74:1e:9f:f5:44:70:ad:fe:11:31:e9:88:d7:96:14:a3:8d:
         29:7e:19:77:2a:1c:bd:d2:e4:e4:11:76:ad:f4:96:16:80:48:
         45:b4:53:5e:22:5a:e3:0d:4b:5e:48:2c:47:81:3d:37:18:11:
         9d:0f:00:6c:99:d7:3f:cc:b6:1e:96:8b:1c:a9:a1:fe:d8:69:
         9a:21:b3:37:94:1a:e1:a7:6c:b9:ea:f6:89:e8:96:ed:b2:87:
         ab:7b:f5:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk/qS7mcsuFRnXfjFmSbMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmMDNhMWY4YzMzNGZkYmY0Yjc4ZGVmMGM1OTJmZjA0OTBk
ZGY0YjAwHhcNMjQwMTAyMDAzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjMwOWJmYjIwYjlhMGI5NjdmOGQwNmVhZDJhOTEzNGYxMjlkZWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmhBfWkd4/UQTEUUdDmU3CGcd9EE
rfwM7gNpvFGNtuW06akjPyYpe6juwiWrnxtO3mjtkVOFNDLqfgokziNXE5SdfeZ9
kG+aaH8JkcpTZty8twRcqF4+3U2Xg1WIzfpKLEz14+003WKduQnc2nF+nZ5JWRwS
j2jYtXwiLzOhv+cj10N0i3NOk9dlA4q2auKBfM42oKVTCQ8/3jt18rdOzVWnc6ov
ItclmzVtRwdubNqlMT+hqB2Rl25+oKcRJ5ufa9FFgS7L7jYKn6T8kjy5Yb67rJqO
wqLbdGrifOm+4XsBy/NaypY5L1cWKzXibpwyIKb2HDPjoWcgW7AyqPxCiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI8wm/sguaC5Z/jQbq0qkTTxKd7wMB8GA1UdIwQY
MBaAFH8DofjDNP2/S3je8MWS/wSQ3fSwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZndPaC1NTTBfYjlMZU43d3haTF9CSkRkOUxBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8zZmUxYTAtYzZmZC00YmM0LWFhZTEt
OWVlMDA2OTQyYjRiLzEvanpDYi15QzVvTGxuLU5CdXJTcVJOUEVwM3ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8zZmUxYTAtYzZmZC00YmM0LWFhZTEtOWVlMDA2OTQyYjRi
LzEvZndPaC1NTTBfYjlMZU43d3haTF9CSkRkOUxBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQ0OMA0G
CSqGSIb3DQEBCwUAA4IBAQAj98R921ZRSJc7KplCJfBTH5cYtv6jCsD15GUnYbb7
SYkJvnnXYO/BdRzZC/HXyll+VRi2CUKpZaithBhnY+rEmWNMX+ip4YTKJEHzIqI+
VbQECTPpfhluCLjHz3XbI+9OPrisRk3EI/YGo3rn/soOoOOiB3NVZIah/K7FVTkI
ZdePqzMzeYcUKgpAcxGMLDVlFgvDwJk0BEfd2th+eMGwWeKJdB6f9URwrf4RMemI
15YUo40pfhl3Khy90uTkEXat9JYWgEhFtFNeIlrjDUteSCxHgT03GBGdDwBsmdc/
zLYeloscqaH+2GmaIbM3lBrhp2y56vaJ6Jbtsoere/X1
-----END CERTIFICATE-----