Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/aweHtd0iUIRjAgpJ-pvj7FfaRQg.roa
File:                     aweHtd0iUIRjAgpJ-pvj7FfaRQg.roa (raw, json)
Hash identifier:          WhWRUTJX48hA1noXHpgoYMywcrmUd0GrEZKEMqqh/3w=
Subject key identifier:   6B:07:87:B5:DD:22:50:84:63:02:0A:49:FA:9B:E3:EC:57:DA:45:08
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       018CC86FF696D5859D98EBC30DB6166429BC
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/aweHtd0iUIRjAgpJ-pvj7FfaRQg.roa
Signing time:             Tue 02 Jan 2024 04:30:29 +0000
ROA not before:           Tue 02 Jan 2024 04:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203925
IP address blocks:        213.14.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 17:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:f6:96:d5:85:9d:98:eb:c3:0d:b6:16:64:29:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jan  2 04:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6b0787b5dd22508463020a49fa9be3ec57da4508
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:38:c9:7d:1b:61:1f:43:ff:c2:57:0c:99:8f:
                    a2:7a:9f:3a:71:78:f8:1e:e0:09:0b:62:11:85:59:
                    b0:3e:44:59:70:17:a6:8c:78:4d:13:22:79:c9:da:
                    e4:c2:88:d4:71:1d:6a:e6:7d:b8:5e:e9:02:2d:b1:
                    5b:de:ef:d5:c2:09:b0:30:4a:4c:21:fa:d9:f8:16:
                    c5:0d:eb:9c:f9:23:d4:92:28:51:38:83:ce:4e:42:
                    c1:8a:db:5d:4d:a9:1b:f2:30:62:4a:7f:91:22:14:
                    ad:ac:7d:e0:ec:7a:b2:49:8b:cb:c2:25:8a:14:09:
                    8e:cb:b3:b7:d1:54:86:c8:b3:09:fa:7d:c6:34:a9:
                    14:49:8b:3c:ac:85:fc:c6:83:c0:d6:24:ca:a9:2a:
                    4f:78:1a:73:51:9c:41:e1:0d:e5:a4:e1:3d:18:4c:
                    4b:fb:5f:ea:4e:0c:92:cc:02:4f:74:b6:50:e0:79:
                    a7:9b:9b:80:af:40:bd:03:28:5d:26:99:81:0e:da:
                    9e:3d:a6:18:d7:5e:19:d7:2a:37:2a:6b:63:3d:ff:
                    44:24:2c:9e:81:c0:4d:b9:90:c6:b5:41:99:20:e0:
                    ed:30:cd:e8:3d:2f:94:c7:7d:a1:7e:d6:5f:06:67:
                    83:27:7b:f7:be:3c:13:95:1c:83:17:a7:e3:13:15:
                    1d:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:07:87:B5:DD:22:50:84:63:02:0A:49:FA:9B:E3:EC:57:DA:45:08
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/aweHtd0iUIRjAgpJ-pvj7FfaRQg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.14.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:28:78:88:b9:49:66:3c:89:14:01:c8:16:96:3c:96:c1:6a:
         fc:4c:67:eb:bd:c4:15:71:12:3b:c4:0e:c1:3a:f1:c0:1d:f6:
         b8:9b:af:58:e4:1a:c6:d5:31:a5:e6:d3:11:80:a9:08:5b:19:
         5a:6e:f1:df:87:dc:52:11:14:65:6c:3e:04:6b:bc:49:9d:2e:
         3a:f5:dc:6c:9b:f2:ed:a3:ba:b7:a4:90:f0:8c:3f:1c:70:3a:
         4d:b5:1f:c2:8c:47:e0:f5:9f:69:ff:88:ca:7f:c8:5c:03:fa:
         e6:31:24:f3:55:6e:0b:cb:f9:13:0c:b6:cc:8e:42:dc:cc:b5:
         ef:45:40:b4:ed:a9:e4:68:d1:c3:59:e6:e6:63:4c:e5:3a:40:
         d4:2d:18:17:37:26:2f:d4:46:68:96:97:68:88:2b:69:44:d8:
         b4:3f:82:b4:62:4b:2f:d3:71:2b:9e:93:8b:48:02:54:d4:d0:
         92:f0:8e:73:34:f7:89:7d:b7:e2:48:55:07:ce:c4:ed:f7:8b:
         83:ce:9c:b4:d3:72:52:49:2a:37:1b:f8:e4:eb:ed:8d:32:e7:
         ae:ae:51:f7:f0:c1:95:ba:b4:a9:6b:64:a0:92:b3:d3:24:02:
         be:f4:54:c3:92:a7:51:c8:e6:9f:86:c3:07:db:1a:d0:6a:ec:
         68:9c:b5:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb/aW1YWdmOvDDbYWZCm8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjQwMTAyMDQzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjA3ODdiNWRkMjI1MDg0NjMwMjBhNDlmYTliZTNlYzU3ZGE0NTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3TjJfRthH0P/wlcMmY+iep86cXj4
HuAJC2IRhVmwPkRZcBemjHhNEyJ5ydrkwojUcR1q5n24XukCLbFb3u/VwgmwMEpM
IfrZ+BbFDeuc+SPUkihROIPOTkLBittdTakb8jBiSn+RIhStrH3g7HqySYvLwiWK
FAmOy7O30VSGyLMJ+n3GNKkUSYs8rIX8xoPA1iTKqSpPeBpzUZxB4Q3lpOE9GExL
+1/qTgySzAJPdLZQ4Hmnm5uAr0C9AyhdJpmBDtqePaYY114Z1yo3KmtjPf9EJCye
gcBNuZDGtUGZIODtMM3oPS+Ux32hftZfBmeDJ3v3vjwTlRyDF6fjExUddwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGsHh7XdIlCEYwIKSfqb4+xX2kUIMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvYXdlSHRkMGlVSVJqQWdwSi1wdmo3RmZhUlFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Q7gMA0G
CSqGSIb3DQEBCwUAA4IBAQA0KHiIuUlmPIkUAcgWljyWwWr8TGfrvcQVcRI7xA7B
OvHAHfa4m69Y5BrG1TGl5tMRgKkIWxlabvHfh9xSERRlbD4Ea7xJnS469dxsm/Lt
o7q3pJDwjD8ccDpNtR/CjEfg9Z9p/4jKf8hcA/rmMSTzVW4Ly/kTDLbMjkLczLXv
RUC07ankaNHDWebmY0zlOkDULRgXNyYv1EZolpdoiCtpRNi0P4K0Yksv03ErnpOL
SAJU1NCS8I5zNPeJfbfiSFUHzsTt94uDzpy003JSSSo3G/jk6+2NMueurlH38MGV
urSpa2SgkrPTJAK+9FTDkqdRyOafhsMH2xrQauxonLVQ
-----END CERTIFICATE-----