Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/j5Z0DgMrisdF1J7_CfAb2dVNw1w.roa
File:                     j5Z0DgMrisdF1J7_CfAb2dVNw1w.roa (raw, json)
Hash identifier:          92xiyLKyZYL58Kd2ue9ZuxY7WIJpGW0rYnESyDEAxCI=
Subject key identifier:   8F:96:74:0E:03:2B:8A:C7:45:D4:9E:FF:09:F0:1B:D9:D5:4D:C3:5C
Certificate issuer:       /CN=2dc81d24c45ddaa345f9064de29fbca7b129a52c
Certificate serial:       01929BAB7317970A3184B6E074204C6B6B05
Authority key identifier: 2D:C8:1D:24:C4:5D:DA:A3:45:F9:06:4D:E2:9F:BC:A7:B1:29:A5:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/j5Z0DgMrisdF1J7_CfAb2dVNw1w.roa
Signing time:             Thu 17 Oct 2024 18:09:17 +0000
ROA not before:           Thu 17 Oct 2024 18:09:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        185.14.236.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:9b:ab:73:17:97:0a:31:84:b6:e0:74:20:4c:6b:6b:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2dc81d24c45ddaa345f9064de29fbca7b129a52c
        Validity
            Not Before: Oct 17 18:09:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f96740e032b8ac745d49eff09f01bd9d54dc35c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:3b:36:15:a1:31:1f:5e:a3:c5:b7:9a:41:d4:
                    54:93:1a:09:a9:de:31:f0:f1:f8:d6:9a:4a:e0:a4:
                    9a:e0:75:83:df:8c:2c:22:0d:91:19:c7:e7:c6:40:
                    82:19:d2:69:38:16:f2:1a:1f:df:3d:1a:17:a3:92:
                    86:82:a0:40:e9:e6:88:7f:05:4b:ed:3b:30:e1:4a:
                    6c:31:5c:29:6c:03:b3:1f:79:12:5e:6b:74:5b:38:
                    44:df:52:64:38:2c:58:c6:41:ac:f6:a2:0c:d7:c1:
                    48:b1:a6:9e:ce:fd:75:f3:45:1a:2f:34:52:4c:5f:
                    e0:82:0c:1f:2c:84:27:61:ac:96:31:83:eb:bb:2b:
                    80:2f:5c:12:fc:8b:ca:4e:c7:40:62:98:ee:4d:04:
                    20:e7:f0:0c:dc:10:4f:7a:1a:2e:ad:a8:de:41:0b:
                    14:9a:32:54:50:7c:de:ac:75:eb:fb:2a:a2:da:b4:
                    d3:16:5b:9b:43:3f:2b:d4:44:4a:e9:63:43:4c:b5:
                    a4:16:c5:d1:3a:b7:34:22:78:fb:a6:3c:7d:53:d7:
                    2f:10:3a:ee:be:91:00:50:3e:24:66:be:5f:7e:17:
                    89:61:0c:b2:40:15:d4:45:e8:8f:be:07:67:d3:f8:
                    1e:ea:1e:02:d4:70:60:af:84:3f:18:f5:c8:7a:98:
                    5b:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:96:74:0E:03:2B:8A:C7:45:D4:9E:FF:09:F0:1B:D9:D5:4D:C3:5C
            X509v3 Authority Key Identifier:
                keyid:2D:C8:1D:24:C4:5D:DA:A3:45:F9:06:4D:E2:9F:BC:A7:B1:29:A5:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/j5Z0DgMrisdF1J7_CfAb2dVNw1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:90:15:9c:4c:d1:1d:6a:b8:b2:7b:06:fd:17:77:45:4c:13:
         30:a2:6e:d9:02:1d:41:cd:7e:93:d7:26:aa:f8:40:9d:6c:09:
         3b:36:64:9a:a8:05:d6:42:87:37:e7:b6:50:fc:ff:0f:7c:9c:
         9d:36:f4:4f:c8:b3:08:f4:8e:b5:d7:4e:3d:8b:38:17:80:40:
         d6:dd:c8:3b:35:29:b9:97:23:f3:b7:09:d7:09:09:67:83:1e:
         d3:97:f6:33:4e:db:7e:df:49:96:be:6f:f4:53:7f:c8:47:51:
         24:ab:71:a9:27:bd:7b:56:de:f9:49:29:d5:79:3d:25:69:ef:
         24:1d:00:b4:65:95:98:13:29:4d:25:39:00:e9:d7:b4:94:dc:
         66:9b:5d:36:4e:8c:69:e5:e2:c4:25:d8:e7:8c:b6:7c:6b:d3:
         11:23:d9:df:a5:df:28:68:1a:2e:a1:c2:65:5b:6e:f5:32:49:
         80:16:5b:a9:ff:c5:26:77:a0:30:96:22:08:7b:4d:eb:00:39:
         13:88:10:8b:31:dc:88:9b:5f:33:ee:b6:7c:af:a0:b8:77:1e:
         fd:86:7a:84:47:de:2b:c9:6e:9f:4f:98:41:e3:fd:f7:ca:26:
         e1:dc:da:b7:01:07:c8:0a:f7:54:72:7e:da:8b:b6:e7:34:77:
         df:e9:78:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKbq3MXlwoxhLbgdCBMa2sFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkYzgxZDI0YzQ1ZGRhYTM0NWY5MDY0ZGUyOWZiY2E3YjEy
OWE1MmMwHhcNMjQxMDE3MTgwOTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Zjk2NzQwZTAzMmI4YWM3NDVkNDllZmYwOWYwMWJkOWQ1NGRjMzVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3zs2FaExH16jxbeaQdRUkxoJqd4x
8PH41ppK4KSa4HWD34wsIg2RGcfnxkCCGdJpOBbyGh/fPRoXo5KGgqBA6eaIfwVL
7Tsw4UpsMVwpbAOzH3kSXmt0WzhE31JkOCxYxkGs9qIM18FIsaaezv1180UaLzRS
TF/gggwfLIQnYayWMYPruyuAL1wS/IvKTsdAYpjuTQQg5/AM3BBPehourajeQQsU
mjJUUHzerHXr+yqi2rTTFlubQz8r1ERK6WNDTLWkFsXROrc0Inj7pjx9U9cvEDru
vpEAUD4kZr5ffheJYQyyQBXUReiPvgdn0/ge6h4C1HBgr4Q/GPXIephbGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI+WdA4DK4rHRdSe/wnwG9nVTcNcMB8GA1UdIwQY
MBaAFC3IHSTEXdqjRfkGTeKfvKexKaUsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGNnZEpNUmQycU5GLVFaTjRwLThwN0VwcFN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9iZjNkYjUtYTMzZi00MzExLWFjZDkt
MmZjYzBiNzQ5YjMyLzEvajVaMERnTXJpc2RGMUo3X0NmQWIyZFZOdzF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9iZjNkYjUtYTMzZi00MzExLWFjZDktMmZjYzBiNzQ5YjMy
LzEvTGNnZEpNUmQycU5GLVFaTjRwLThwN0VwcFN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQ7sMA0G
CSqGSIb3DQEBCwUAA4IBAQATkBWcTNEdariyewb9F3dFTBMwom7ZAh1BzX6T1yaq
+ECdbAk7NmSaqAXWQoc357ZQ/P8PfJydNvRPyLMI9I611049izgXgEDW3cg7NSm5
lyPztwnXCQlngx7Tl/YzTtt+30mWvm/0U3/IR1Ekq3GpJ717Vt75SSnVeT0lae8k
HQC0ZZWYEylNJTkA6de0lNxmm102Toxp5eLEJdjnjLZ8a9MRI9nfpd8oaBouocJl
W271MkmAFlup/8Umd6AwliIIe03rADkTiBCLMdyIm18z7rZ8r6C4dx79hnqER94r
yW6fT5hB4/33yibh3Nq3AQfICvdUcn7ai7bnNHff6Xja
-----END CERTIFICATE-----