Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/Cvz8gHReEWuuN790Cjz0aCdsRwM.roa
File:                     Cvz8gHReEWuuN790Cjz0aCdsRwM.roa (raw, json)
Hash identifier:          rkQdQDxszu4GAjOaMEiooNtTlY/YHd4/uxJaT5JC9RM=
Subject key identifier:   0A:FC:FC:80:74:5E:11:6B:AE:37:BF:74:0A:3C:F4:68:27:6C:47:03
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       0194228DA7520E5DF40CD4FCD35BEC6F0337
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/Cvz8gHReEWuuN790Cjz0aCdsRwM.roa
Signing time:             Wed 01 Jan 2025 15:48:16 +0000
ROA not before:           Wed 01 Jan 2025 15:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197042
IP address blocks:        213.14.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 02:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:a7:52:0e:5d:f4:0c:d4:fc:d3:5b:ec:6f:03:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jan  1 15:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0afcfc80745e116bae37bf740a3cf468276c4703
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:b4:21:a5:28:8f:a8:59:3c:19:bc:43:9b:98:
                    e4:67:49:d8:f2:f9:c9:e6:4f:83:1f:39:d8:15:68:
                    65:e4:94:b9:d9:8d:21:38:83:55:17:85:05:d5:ad:
                    d2:3c:d2:62:88:44:34:ca:78:24:b1:38:1c:18:c7:
                    3b:40:36:61:ab:18:ef:ed:37:c0:68:ee:fa:71:21:
                    4c:46:1a:5e:26:46:32:a5:f6:95:03:40:44:6d:5e:
                    a5:71:b7:3a:b6:15:4d:9f:1f:01:5e:e9:13:53:f1:
                    ff:a6:10:db:15:7c:d4:13:86:98:68:f5:b0:3c:27:
                    b8:6b:b7:66:48:11:90:00:2d:49:c8:a1:21:d8:4f:
                    12:72:a2:b8:42:94:9b:d6:2e:38:72:52:00:b4:ca:
                    d4:21:2c:8f:a1:ee:31:c3:c4:98:04:ce:20:b4:47:
                    98:d5:28:8b:36:71:f7:ed:c8:39:0e:2f:06:7e:46:
                    d1:38:8f:8b:96:04:87:4c:88:9c:30:bd:bb:f3:b9:
                    52:ba:ec:8c:04:60:38:e2:71:13:72:d2:2a:7e:94:
                    5b:46:42:23:fe:f7:b6:35:b0:c3:be:9d:f4:51:62:
                    f1:0b:c3:b9:9e:57:21:f5:86:ee:0c:74:fe:15:b3:
                    81:f8:07:de:5a:e2:95:75:fa:76:10:51:4e:b4:dc:
                    dc:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:FC:FC:80:74:5E:11:6B:AE:37:BF:74:0A:3C:F4:68:27:6C:47:03
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/Cvz8gHReEWuuN790Cjz0aCdsRwM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.14.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:4d:ff:8b:5f:0a:ef:b1:41:41:59:92:fe:14:7c:ef:4d:55:
         d9:08:1f:91:3b:e9:27:35:7d:d2:d3:82:37:48:c7:3a:c8:70:
         f2:d3:cd:01:7b:cc:f0:04:37:61:64:57:ef:2e:e7:63:10:58:
         01:65:dc:1c:1b:25:c9:00:49:46:f3:71:73:e7:8c:a3:ab:ba:
         c6:48:3d:64:97:59:99:5d:4f:f0:e5:40:14:02:d9:5a:ce:26:
         c4:20:6f:9c:3e:c9:2f:cf:16:71:e3:b3:d7:80:61:65:ea:55:
         e5:84:a0:0e:ab:b0:ec:f4:b4:69:3c:41:b9:55:a5:2a:dc:c5:
         b3:92:d8:92:4f:be:a1:07:a3:9b:1a:e9:f3:32:ec:db:dd:a2:
         55:e7:33:4f:64:b0:a5:c2:4a:a4:ba:b2:05:5e:51:6e:14:26:
         49:0c:96:8e:f7:a1:13:1d:7c:d3:8e:1f:ab:05:df:ff:10:16:
         b8:c8:a6:da:fc:51:c8:76:3e:64:75:2d:fb:b1:6f:d9:e2:da:
         a4:1e:61:18:c9:98:b8:40:99:23:b9:cd:19:c4:8e:33:65:8a:
         ba:a0:e0:2d:e6:28:90:f2:70:f3:a9:91:e7:38:6f:9b:65:94:
         16:9b:4d:0b:a8:2d:ff:33:c6:f6:a7:0b:88:a3:55:91:b6:d4:
         ae:3d:eb:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijadSDl30DNT801vsbwM3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjUwMTAxMTU0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWZjZmM4MDc0NWUxMTZiYWUzN2JmNzQwYTNjZjQ2ODI3NmM0NzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7QhpSiPqFk8GbxDm5jkZ0nY8vnJ
5k+DHznYFWhl5JS52Y0hOINVF4UF1a3SPNJiiEQ0yngksTgcGMc7QDZhqxjv7TfA
aO76cSFMRhpeJkYypfaVA0BEbV6lcbc6thVNnx8BXukTU/H/phDbFXzUE4aYaPWw
PCe4a7dmSBGQAC1JyKEh2E8ScqK4QpSb1i44clIAtMrUISyPoe4xw8SYBM4gtEeY
1SiLNnH37cg5Di8GfkbROI+LlgSHTIicML2787lSuuyMBGA44nETctIqfpRbRkIj
/ve2NbDDvp30UWLxC8O5nlch9YbuDHT+FbOB+AfeWuKVdfp2EFFOtNzcdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAr8/IB0XhFrrje/dAo89GgnbEcDMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvQ3Z6OGdIUmVFV3V1Tjc5MENqejBhQ2RzUndNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Q7RMA0G
CSqGSIb3DQEBCwUAA4IBAQBHTf+LXwrvsUFBWZL+FHzvTVXZCB+RO+knNX3S04I3
SMc6yHDy080Be8zwBDdhZFfvLudjEFgBZdwcGyXJAElG83Fz54yjq7rGSD1kl1mZ
XU/w5UAUAtlazibEIG+cPskvzxZx47PXgGFl6lXlhKAOq7Ds9LRpPEG5VaUq3MWz
ktiST76hB6ObGunzMuzb3aJV5zNPZLClwkqkurIFXlFuFCZJDJaO96ETHXzTjh+r
Bd//EBa4yKba/FHIdj5kdS37sW/Z4tqkHmEYyZi4QJkjuc0ZxI4zZYq6oOAt5iiQ
8nDzqZHnOG+bZZQWm00LqC3/M8b2pwuIo1WRttSuPev4
-----END CERTIFICATE-----