Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/RH7CvezPkFg2SoEaOXVQ8dWGBLs.roa
File:                     RH7CvezPkFg2SoEaOXVQ8dWGBLs.roa (raw, json)
Hash identifier:          RgRD0OJLe7LOd5VMn2Kxwbw9FBAtMQnmoqGo+zoghCY=
Subject key identifier:   44:7E:C2:BD:EC:CF:90:58:36:4A:81:1A:39:75:50:F1:D5:86:04:BB
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       018CC86FF3658B239C8408D758F37A376DB8
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/RH7CvezPkFg2SoEaOXVQ8dWGBLs.roa
Signing time:             Tue 02 Jan 2024 04:30:29 +0000
ROA not before:           Tue 02 Jan 2024 04:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197042
IP address blocks:        213.14.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:f3:65:8b:23:9c:84:08:d7:58:f3:7a:37:6d:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jan  2 04:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=447ec2bdeccf9058364a811a397550f1d58604bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:8e:1e:9d:96:3f:fe:02:d9:4e:41:88:a8:13:
                    6f:2c:0b:d6:01:6d:6f:a5:27:44:a4:30:b6:e1:03:
                    78:35:cf:11:b5:37:2e:e4:cb:28:86:e7:58:b3:3d:
                    b4:55:ef:f9:75:79:25:dc:97:95:08:dc:d7:86:83:
                    ea:4d:53:1f:cb:bb:88:66:9f:4b:ee:2d:92:b0:c8:
                    35:11:aa:a2:b4:07:4c:79:bb:66:b5:bd:ca:45:75:
                    4f:53:67:ca:1c:65:ad:d5:a5:cb:bc:18:a2:ab:d5:
                    17:6f:e0:3b:c6:4a:b3:50:1d:34:b8:d8:3c:dc:57:
                    4e:84:b0:be:a4:05:f4:c8:a7:af:69:8c:36:6a:40:
                    35:d8:9e:36:cd:cd:40:51:a7:d9:e6:ba:4e:01:ac:
                    ff:f9:e0:0b:27:2f:ed:3f:34:43:73:1b:c2:eb:ec:
                    72:6a:54:f4:06:f0:c8:71:34:f9:a8:06:c7:f6:b7:
                    3d:8b:94:c8:07:e5:6b:9c:9d:e3:c3:ae:90:97:86:
                    3c:a5:6e:05:7c:7c:78:e4:98:6b:55:82:f1:93:26:
                    76:82:70:da:97:31:ea:7f:78:71:58:3f:a5:84:7c:
                    08:87:9e:22:3c:9b:ea:92:a7:2e:9c:4f:75:11:04:
                    b4:80:6b:7f:7a:ce:c1:c5:b7:a2:d9:63:59:ae:3b:
                    7b:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:7E:C2:BD:EC:CF:90:58:36:4A:81:1A:39:75:50:F1:D5:86:04:BB
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/RH7CvezPkFg2SoEaOXVQ8dWGBLs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.14.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:42:50:d1:6d:6f:ff:2b:82:0a:2a:0b:bc:2c:f0:b0:e8:9a:
         a9:86:06:cb:ed:c4:d0:23:fd:26:6f:1d:c9:b7:a7:75:bb:e1:
         51:66:e1:e2:9a:e0:5f:66:36:ca:09:8d:6f:8b:74:16:b2:79:
         b3:09:94:f8:46:9e:a6:17:16:97:93:f5:c6:95:a5:52:f4:90:
         86:2f:0e:68:56:ed:f8:1a:e4:01:85:99:1f:e5:72:5a:57:ea:
         2c:f6:0d:9f:58:1e:e6:e1:c4:f3:a6:2b:2b:31:fe:df:aa:77:
         e3:ed:83:30:89:81:72:7c:f4:09:83:8e:b5:93:44:c5:8d:a9:
         33:5d:ca:09:77:91:eb:28:ed:69:d5:7c:98:50:d5:07:17:88:
         8e:fb:22:8b:11:ff:de:3a:0d:f0:28:b9:d7:1d:06:79:73:66:
         53:16:5d:a8:fc:91:a3:5d:ca:23:92:46:09:26:cf:11:fb:c1:
         cd:75:db:2c:ec:a2:30:5c:e8:c5:d0:c5:aa:5d:76:58:d2:df:
         c0:75:4c:2f:2a:6c:f6:c5:df:32:70:ba:ec:65:40:6b:15:2b:
         09:be:1f:a3:1c:9f:1c:cf:c3:18:1e:08:46:5c:a7:a6:9e:3e:
         35:f3:56:f2:0d:96:fb:78:6f:bd:c1:e2:cd:0d:a9:3c:9c:1b:
         a4:2e:cb:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb/NliyOchAjXWPN6N224MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjQwMTAyMDQzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDdlYzJiZGVjY2Y5MDU4MzY0YTgxMWEzOTc1NTBmMWQ1ODYwNGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx44enZY//gLZTkGIqBNvLAvWAW1v
pSdEpDC24QN4Nc8RtTcu5MsohudYsz20Ve/5dXkl3JeVCNzXhoPqTVMfy7uIZp9L
7i2SsMg1EaqitAdMebtmtb3KRXVPU2fKHGWt1aXLvBiiq9UXb+A7xkqzUB00uNg8
3FdOhLC+pAX0yKevaYw2akA12J42zc1AUafZ5rpOAaz/+eALJy/tPzRDcxvC6+xy
alT0BvDIcTT5qAbH9rc9i5TIB+VrnJ3jw66Ql4Y8pW4FfHx45JhrVYLxkyZ2gnDa
lzHqf3hxWD+lhHwIh54iPJvqkqcunE91EQS0gGt/es7Bxbei2WNZrjt7HwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFER+wr3sz5BYNkqBGjl1UPHVhgS7MB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvUkg3Q3ZlelBrRmcyU29FYU9YVlE4ZFdHQkxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Q7RMA0G
CSqGSIb3DQEBCwUAA4IBAQBnQlDRbW//K4IKKgu8LPCw6JqphgbL7cTQI/0mbx3J
t6d1u+FRZuHimuBfZjbKCY1vi3QWsnmzCZT4Rp6mFxaXk/XGlaVS9JCGLw5oVu34
GuQBhZkf5XJaV+os9g2fWB7m4cTzpisrMf7fqnfj7YMwiYFyfPQJg461k0TFjakz
XcoJd5HrKO1p1XyYUNUHF4iO+yKLEf/eOg3wKLnXHQZ5c2ZTFl2o/JGjXcojkkYJ
Js8R+8HNddss7KIwXOjF0MWqXXZY0t/AdUwvKmz2xd8ycLrsZUBrFSsJvh+jHJ8c
z8MYHghGXKemnj4181byDZb7eG+9weLNDak8nBukLsvB
-----END CERTIFICATE-----