Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/aecb6b-7b39-47f9-b0cf-8ffb127b324e/1/_RCi6lDNYKolbMLAv5gKq3oPoBc.roa
File:                     _RCi6lDNYKolbMLAv5gKq3oPoBc.roa (raw, json)
Hash identifier:          B5NCfM+Q+w/dNJbSrLnOIXIo7dXobM4hgHmUwv964cQ=
Subject key identifier:   FD:10:A2:EA:50:CD:60:AA:25:6C:C2:C0:BF:98:0A:AB:7A:0F:A0:17
Certificate issuer:       /CN=7d5aa0afe8e6f0bb85e5c75f2f6c14121830ec85
Certificate serial:       018CC8DE6DBA3DBC766A5959C8961CDD31B3
Authority key identifier: 7D:5A:A0:AF:E8:E6:F0:BB:85:E5:C7:5F:2F:6C:14:12:18:30:EC:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVqgr-jm8LuF5cdfL2wUEhgw7IU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/aecb6b-7b39-47f9-b0cf-8ffb127b324e/1/_RCi6lDNYKolbMLAv5gKq3oPoBc.roa
Signing time:             Tue 02 Jan 2024 06:31:09 +0000
ROA not before:           Tue 02 Jan 2024 06:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21355
IP address blocks:        194.31.14.0/23 maxlen: 24
                          194.99.88.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/aecb6b-7b39-47f9-b0cf-8ffb127b324e/1/fVqgr-jm8LuF5cdfL2wUEhgw7IU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/aecb6b-7b39-47f9-b0cf-8ffb127b324e/1/fVqgr-jm8LuF5cdfL2wUEhgw7IU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVqgr-jm8LuF5cdfL2wUEhgw7IU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:6d:ba:3d:bc:76:6a:59:59:c8:96:1c:dd:31:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d5aa0afe8e6f0bb85e5c75f2f6c14121830ec85
        Validity
            Not Before: Jan  2 06:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd10a2ea50cd60aa256cc2c0bf980aab7a0fa017
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:e1:d4:28:6e:cb:b9:74:80:61:8a:25:42:26:
                    91:83:a0:c0:af:44:eb:89:41:c1:92:eb:9a:43:51:
                    59:0a:6d:85:ce:b1:e0:60:11:8d:71:43:29:b1:fd:
                    02:a9:42:c2:c0:f8:e8:33:90:91:de:69:18:0c:be:
                    52:c4:94:26:61:1a:15:85:eb:97:fa:7e:f2:71:54:
                    58:84:9a:65:d4:1d:88:f9:8d:6c:91:08:12:43:02:
                    7d:18:6f:12:b3:66:d2:84:8d:e8:50:10:18:43:78:
                    28:44:60:e3:3d:74:9f:03:38:7d:d2:35:f3:e8:ab:
                    bb:35:ca:f1:60:a8:9d:63:69:20:82:f9:99:e7:96:
                    f5:a4:c0:9a:56:cf:07:fb:3b:1d:bf:4d:b3:58:61:
                    ae:69:c2:d2:ec:8d:0e:53:b2:26:39:36:25:4a:36:
                    18:38:2d:36:57:88:90:1c:70:84:d4:a3:90:2b:49:
                    1d:6c:0d:ef:33:3a:26:d3:17:03:48:61:25:f7:ac:
                    b9:b7:7c:8d:43:6a:6f:0e:c5:1c:b7:53:b5:9c:f7:
                    d9:a4:e2:68:b9:72:ed:98:95:fe:fb:e6:1c:7a:b8:
                    62:ef:b1:2f:95:5d:d2:76:14:d5:60:e9:e3:87:1c:
                    7a:6a:e2:47:41:24:e3:1e:5e:b8:c7:40:0c:59:8c:
                    f5:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:10:A2:EA:50:CD:60:AA:25:6C:C2:C0:BF:98:0A:AB:7A:0F:A0:17
            X509v3 Authority Key Identifier:
                keyid:7D:5A:A0:AF:E8:E6:F0:BB:85:E5:C7:5F:2F:6C:14:12:18:30:EC:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVqgr-jm8LuF5cdfL2wUEhgw7IU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/aecb6b-7b39-47f9-b0cf-8ffb127b324e/1/_RCi6lDNYKolbMLAv5gKq3oPoBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/aecb6b-7b39-47f9-b0cf-8ffb127b324e/1/fVqgr-jm8LuF5cdfL2wUEhgw7IU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.14.0/23
                  194.99.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         62:78:db:2f:aa:3c:01:a7:1c:b9:4e:5b:a7:60:2c:a3:f8:33:
         76:62:ab:3b:1f:81:63:cc:85:a1:b3:25:4e:3e:51:62:c8:db:
         32:79:1d:30:32:af:94:8c:40:36:66:4e:62:fb:d8:fb:af:52:
         3c:42:bf:24:b9:9d:55:68:1c:ae:bd:85:e2:98:89:ec:14:e0:
         75:d9:b5:8b:e0:f2:74:d1:9e:bf:9b:22:f8:4b:5a:c0:8c:87:
         cd:3d:61:d3:01:c3:2e:5e:5c:c6:2c:03:13:0b:f4:6a:78:ea:
         68:88:0b:45:92:8b:5c:5f:50:72:ee:f5:86:4f:0d:5f:b2:6c:
         db:1b:17:8a:a0:aa:f8:56:46:4e:9f:09:29:19:e8:4e:26:2e:
         09:a6:79:9b:cc:e4:ab:a7:1d:93:6e:12:86:69:90:fb:38:e3:
         67:dd:81:c5:2e:1a:da:83:23:90:bc:81:ab:9b:0d:e9:ba:7a:
         9c:e7:8d:09:26:c9:df:f9:ba:b2:dc:35:e7:3a:a5:58:ed:ac:
         63:2c:ac:9c:1c:d5:11:1a:07:ac:e1:1b:92:8d:47:c5:14:1a:
         ce:97:06:1d:fb:64:88:b1:b4:33:01:f2:2e:72:6e:e0:5e:cb:
         b6:7f:4c:4c:14:42:76:e8:f6:79:fc:d3:4d:29:12:1a:5a:42:
         c0:fb:95:c8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3m26Pbx2allZyJYc3TGzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNWFhMGFmZThlNmYwYmI4NWU1Yzc1ZjJmNmMxNDEyMTgz
MGVjODUwHhcNMjQwMTAyMDYzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDEwYTJlYTUwY2Q2MGFhMjU2Y2MyYzBiZjk4MGFhYjdhMGZhMDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuHUKG7LuXSAYYolQiaRg6DAr0Tr
iUHBkuuaQ1FZCm2FzrHgYBGNcUMpsf0CqULCwPjoM5CR3mkYDL5SxJQmYRoVheuX
+n7ycVRYhJpl1B2I+Y1skQgSQwJ9GG8Ss2bShI3oUBAYQ3goRGDjPXSfAzh90jXz
6Ku7NcrxYKidY2kggvmZ55b1pMCaVs8H+zsdv02zWGGuacLS7I0OU7ImOTYlSjYY
OC02V4iQHHCE1KOQK0kdbA3vMzom0xcDSGEl96y5t3yNQ2pvDsUct1O1nPfZpOJo
uXLtmJX+++Ycerhi77EvlV3SdhTVYOnjhxx6auJHQSTjHl64x0AMWYz1lQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP0QoupQzWCqJWzCwL+YCqt6D6AXMB8GA1UdIwQY
MBaAFH1aoK/o5vC7heXHXy9sFBIYMOyFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZxZ3Itam04THVGNWNkZkwyd1VFaGd3N0lVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC9hZWNiNmItN2IzOS00N2Y5LWIwY2Yt
OGZmYjEyN2IzMjRlLzEvX1JDaTZsRE5ZS29sYk1MQXY1Z0txM29Qb0JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC9hZWNiNmItN2IzOS00N2Y5LWIwY2YtOGZmYjEyN2IzMjRl
LzEvZlZxZ3Itam04THVGNWNkZkwyd1VFaGd3N0lVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwh8OAwQB
wmNYMA0GCSqGSIb3DQEBCwUAA4IBAQBieNsvqjwBpxy5TlunYCyj+DN2Yqs7H4Fj
zIWhsyVOPlFiyNsyeR0wMq+UjEA2Zk5i+9j7r1I8Qr8kuZ1VaByuvYXimInsFOB1
2bWL4PJ00Z6/myL4S1rAjIfNPWHTAcMuXlzGLAMTC/RqeOpoiAtFkotcX1By7vWG
Tw1fsmzbGxeKoKr4VkZOnwkpGehOJi4JpnmbzOSrpx2TbhKGaZD7OONn3YHFLhra
gyOQvIGrmw3punqc540JJsnf+bqy3DXnOqVY7axjLKycHNURGges4RuSjUfFFBrO
lwYd+2SIsbQzAfIucm7gXsu2f0xMFEJ26PZ5/NNNKRIaWkLA+5XI
-----END CERTIFICATE-----