Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/_M4XtXI7X-ChrWtHm54jTaaK4w0.roa
File:                     _M4XtXI7X-ChrWtHm54jTaaK4w0.roa (raw, json)
Hash identifier:          YHRMrL02Wge5dYrpV317O7to1ff7PZWtwwwPIr7KCSw=
Subject key identifier:   FC:CE:17:B5:72:3B:5F:E0:A1:AD:6B:47:9B:9E:23:4D:A6:8A:E3:0D
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       018CC86FEE2BF5247905290B192720FEDCD8
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/_M4XtXI7X-ChrWtHm54jTaaK4w0.roa
Signing time:             Tue 02 Jan 2024 04:30:27 +0000
ROA not before:           Tue 02 Jan 2024 04:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43331
IP address blocks:        213.14.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:ee:2b:f5:24:79:05:29:0b:19:27:20:fe:dc:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jan  2 04:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fcce17b5723b5fe0a1ad6b479b9e234da68ae30d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:89:8a:1d:5c:7a:9a:c9:0e:d9:0b:80:25:d4:
                    a6:bd:42:ff:9b:79:4f:36:42:75:f6:7b:05:1c:cf:
                    52:49:ac:16:cf:c7:cf:f7:9b:62:89:59:32:6e:6c:
                    a4:cb:fb:bb:d1:08:23:2e:9f:01:b7:aa:e5:13:5a:
                    e2:67:a8:5c:a4:31:13:66:0a:f7:20:3a:4b:94:e4:
                    37:e5:48:94:79:c2:ec:4b:6e:ea:da:f2:b1:14:7d:
                    28:30:bb:ac:45:50:a8:26:5e:58:fb:30:a9:cc:97:
                    72:9e:f0:ed:dd:25:53:31:45:fd:0b:9e:9c:d1:b7:
                    e8:a2:5b:7a:06:40:82:1a:c3:b9:3b:4e:53:7b:08:
                    57:b3:3c:eb:7e:ae:6e:aa:d2:a2:1a:2d:8e:8a:bd:
                    4a:bd:08:fb:48:b2:25:94:03:5e:14:56:74:4e:10:
                    3f:e1:bc:e9:e8:d4:2f:b2:46:8e:16:59:74:10:2e:
                    5b:9c:62:fa:0b:4d:fd:43:6d:31:c6:71:2b:ea:eb:
                    b5:a4:70:4a:48:fc:13:57:d0:8a:bc:bb:9f:15:8b:
                    4c:89:26:34:b5:8e:a9:84:09:23:9b:27:6a:11:4a:
                    33:80:b7:7b:3e:39:b1:bf:1c:a1:97:c4:4c:6a:f9:
                    ef:45:23:ef:11:ef:26:bc:1d:96:c9:af:84:96:7a:
                    38:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:CE:17:B5:72:3B:5F:E0:A1:AD:6B:47:9B:9E:23:4D:A6:8A:E3:0D
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/_M4XtXI7X-ChrWtHm54jTaaK4w0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.14.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:ba:34:8b:53:c8:ff:73:c4:8b:b4:08:eb:30:3f:52:33:d9:
         49:fe:69:ef:d3:8b:45:7f:b8:b9:00:ae:98:55:ab:9a:84:d4:
         ed:19:2f:da:5b:ca:e4:fd:bf:8b:b4:bc:e6:e1:aa:50:5a:a3:
         cf:0e:9d:0c:f8:c3:7e:65:da:73:61:3b:e3:b3:ac:67:ae:4f:
         48:5f:ae:89:16:72:0b:ef:ba:1e:75:85:b9:c3:bd:b6:21:c9:
         d7:c1:93:7a:81:3f:f5:bd:c7:49:a7:96:f7:9c:e5:44:da:45:
         7e:2f:9f:85:57:dc:0b:4b:06:98:f4:30:aa:8e:48:18:ba:5f:
         43:2e:4f:0e:ed:a2:52:30:d4:3c:24:9e:fa:89:e5:ec:5e:5a:
         3a:80:5d:6f:0d:70:a8:76:31:2e:0a:5a:a5:64:0f:56:28:df:
         0c:2b:4b:16:2b:73:d1:00:24:70:53:d1:9b:f7:ef:9e:6d:1e:
         41:a9:e1:ca:b3:aa:f2:e3:f9:be:99:4a:88:16:aa:0b:53:4b:
         1b:12:5e:a0:e8:b6:6b:56:71:aa:10:35:4f:2e:75:a3:95:34:
         1a:fb:1f:05:e5:22:4e:59:3c:2e:33:7c:f6:7c:4a:53:ab:9d:
         5e:53:27:68:55:f8:8e:43:4f:65:05:1b:f1:4f:3b:16:af:e9:
         93:8f:89:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb+4r9SR5BSkLGScg/tzYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjQwMTAyMDQzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2NlMTdiNTcyM2I1ZmUwYTFhZDZiNDc5YjllMjM0ZGE2OGFlMzBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYmKHVx6mskO2QuAJdSmvUL/m3lP
NkJ19nsFHM9SSawWz8fP95tiiVkybmyky/u70QgjLp8Bt6rlE1riZ6hcpDETZgr3
IDpLlOQ35UiUecLsS27q2vKxFH0oMLusRVCoJl5Y+zCpzJdynvDt3SVTMUX9C56c
0bfoolt6BkCCGsO5O05TewhXszzrfq5uqtKiGi2Oir1KvQj7SLIllANeFFZ0ThA/
4bzp6NQvskaOFll0EC5bnGL6C039Q20xxnEr6uu1pHBKSPwTV9CKvLufFYtMiSY0
tY6phAkjmydqEUozgLd7Pjmxvxyhl8RMavnvRSPvEe8mvB2Wya+Elno4nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPzOF7VyO1/goa1rR5ueI02miuMNMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvX000WHRYSTdYLUNocld0SG01NGpUYWFLNHcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Q7cMA0G
CSqGSIb3DQEBCwUAA4IBAQCCujSLU8j/c8SLtAjrMD9SM9lJ/mnv04tFf7i5AK6Y
VauahNTtGS/aW8rk/b+LtLzm4apQWqPPDp0M+MN+ZdpzYTvjs6xnrk9IX66JFnIL
77oedYW5w722IcnXwZN6gT/1vcdJp5b3nOVE2kV+L5+FV9wLSwaY9DCqjkgYul9D
Lk8O7aJSMNQ8JJ76ieXsXlo6gF1vDXCodjEuClqlZA9WKN8MK0sWK3PRACRwU9Gb
9++ebR5BqeHKs6ry4/m+mUqIFqoLU0sbEl6g6LZrVnGqEDVPLnWjlTQa+x8F5SJO
WTwuM3z2fEpTq51eUydoVfiOQ09lBRvxTzsWr+mTj4lk
-----END CERTIFICATE-----