Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/uWccS943-NPeBV4pk-C9zstqwA8.roa
File:                     uWccS943-NPeBV4pk-C9zstqwA8.roa (raw, json)
Hash identifier:          490wH2czNsjIO+r82D6BUKq4nX5xx/FCB3oUPV7/DME=
Subject key identifier:   B9:67:1C:4B:DE:37:F8:D3:DE:05:5E:29:93:E0:BD:CE:CB:6A:C0:0F
Certificate issuer:       /CN=2dc81d24c45ddaa345f9064de29fbca7b129a52c
Certificate serial:       0194E571FD56BE4FBEE1BBB5C74613F966CF
Authority key identifier: 2D:C8:1D:24:C4:5D:DA:A3:45:F9:06:4D:E2:9F:BC:A7:B1:29:A5:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/uWccS943-NPeBV4pk-C9zstqwA8.roa
Signing time:             Sat 08 Feb 2025 12:04:00 +0000
ROA not before:           Sat 08 Feb 2025 12:04:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        185.14.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:e5:71:fd:56:be:4f:be:e1:bb:b5:c7:46:13:f9:66:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2dc81d24c45ddaa345f9064de29fbca7b129a52c
        Validity
            Not Before: Feb  8 12:04:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b9671c4bde37f8d3de055e2993e0bdcecb6ac00f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:99:0c:cb:ec:6f:b4:68:03:99:4a:2f:de:53:
                    90:ed:d3:8c:56:2d:d8:d8:3c:63:ed:e6:34:38:af:
                    95:2e:33:3e:f1:ce:22:45:31:b0:5d:a5:65:2d:1e:
                    c3:a0:24:c4:2c:77:b0:28:3f:1b:c9:c9:c1:18:d2:
                    df:cb:a1:8b:1f:3f:a0:b0:87:fa:e8:b1:d2:55:c8:
                    08:0c:2f:58:1b:c2:6c:6e:c8:6d:08:0b:13:f9:4c:
                    06:e5:36:66:54:4e:33:91:cc:0d:7a:fe:aa:9f:11:
                    12:6e:9c:2f:e8:4e:ff:8f:4a:fe:c9:5e:08:9b:c9:
                    f7:be:e2:7d:83:11:7d:4e:8d:be:0a:03:b7:b7:da:
                    3a:60:c1:01:d3:46:e8:a1:91:64:67:ff:45:9c:15:
                    2e:85:e4:42:d2:24:10:b0:b1:f9:32:56:9d:ef:44:
                    cb:68:41:f7:1a:66:9f:bd:c4:e9:a2:4f:76:8d:3a:
                    db:0c:34:25:3d:af:56:88:e3:76:2a:fa:78:7a:45:
                    01:c3:e1:b5:6e:1c:51:0b:f5:41:ce:ec:91:3e:27:
                    dc:5b:7c:f1:58:a6:60:5b:60:a1:31:7c:47:a2:7a:
                    b0:92:5e:82:79:9d:ae:cd:86:ea:e2:7c:c7:c7:70:
                    c4:48:02:7c:83:1f:ca:12:c7:bf:65:1b:e6:11:40:
                    a4:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:67:1C:4B:DE:37:F8:D3:DE:05:5E:29:93:E0:BD:CE:CB:6A:C0:0F
            X509v3 Authority Key Identifier:
                keyid:2D:C8:1D:24:C4:5D:DA:A3:45:F9:06:4D:E2:9F:BC:A7:B1:29:A5:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/uWccS943-NPeBV4pk-C9zstqwA8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:35:78:a2:ea:be:7b:86:68:0d:e4:f2:44:eb:25:6a:4c:8d:
         6c:23:97:4c:28:23:0c:84:5d:3c:b1:e0:0a:f1:9f:0a:e0:5d:
         a3:c6:12:12:99:ce:e5:92:15:7d:53:52:33:2b:66:2c:7f:f4:
         7c:87:01:6f:9b:c0:a3:4b:52:47:55:41:86:1a:93:ea:12:8c:
         ad:11:93:7d:8a:bb:ae:7b:5a:00:af:c6:8b:6c:90:2b:e1:31:
         d5:7f:56:c4:2c:d5:8d:ab:ef:e2:0e:d2:50:f1:00:73:d7:91:
         2c:53:cf:a7:ff:92:3f:79:26:40:42:3d:ed:11:9b:83:1d:7b:
         9a:5d:c1:15:a5:39:bf:8c:06:03:ac:18:df:b5:11:9b:f5:db:
         a2:15:c5:6f:4c:5a:34:67:c1:f0:7a:52:46:96:9b:a2:ef:b6:
         b4:24:2a:cd:ff:dd:02:d4:b0:9e:c0:96:98:c8:01:c2:b5:c9:
         a2:de:7f:b1:43:43:0b:bb:e6:b6:8d:ec:fe:04:86:bb:23:eb:
         0a:da:8a:99:f3:0f:39:04:be:89:ed:c9:c9:3a:cd:bd:f9:d7:
         ee:a2:9f:77:20:dd:14:cf:7f:eb:26:8f:ed:8d:62:68:26:f8:
         c1:f9:9b:f9:e1:6d:0e:7f:d3:56:a6:24:6c:2a:aa:6b:01:25:
         0f:d3:a6:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTlcf1Wvk++4bu1x0YT+WbPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkYzgxZDI0YzQ1ZGRhYTM0NWY5MDY0ZGUyOWZiY2E3YjEy
OWE1MmMwHhcNMjUwMjA4MTIwNDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTY3MWM0YmRlMzdmOGQzZGUwNTVlMjk5M2UwYmRjZWNiNmFjMDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopkMy+xvtGgDmUov3lOQ7dOMVi3Y
2Dxj7eY0OK+VLjM+8c4iRTGwXaVlLR7DoCTELHewKD8bycnBGNLfy6GLHz+gsIf6
6LHSVcgIDC9YG8JsbshtCAsT+UwG5TZmVE4zkcwNev6qnxESbpwv6E7/j0r+yV4I
m8n3vuJ9gxF9To2+CgO3t9o6YMEB00booZFkZ/9FnBUuheRC0iQQsLH5Mlad70TL
aEH3GmafvcTpok92jTrbDDQlPa9WiON2Kvp4ekUBw+G1bhxRC/VBzuyRPifcW3zx
WKZgW2ChMXxHonqwkl6CeZ2uzYbq4nzHx3DESAJ8gx/KEse/ZRvmEUCksQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLlnHEveN/jT3gVeKZPgvc7LasAPMB8GA1UdIwQY
MBaAFC3IHSTEXdqjRfkGTeKfvKexKaUsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGNnZEpNUmQycU5GLVFaTjRwLThwN0VwcFN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9iZjNkYjUtYTMzZi00MzExLWFjZDkt
MmZjYzBiNzQ5YjMyLzEvdVdjY1M5NDMtTlBlQlY0cGstQzl6c3Rxd0E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9iZjNkYjUtYTMzZi00MzExLWFjZDktMmZjYzBiNzQ5YjMy
LzEvTGNnZEpNUmQycU5GLVFaTjRwLThwN0VwcFN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQ7sMA0G
CSqGSIb3DQEBCwUAA4IBAQB2NXii6r57hmgN5PJE6yVqTI1sI5dMKCMMhF08seAK
8Z8K4F2jxhISmc7lkhV9U1IzK2Ysf/R8hwFvm8CjS1JHVUGGGpPqEoytEZN9iruu
e1oAr8aLbJAr4THVf1bELNWNq+/iDtJQ8QBz15EsU8+n/5I/eSZAQj3tEZuDHXua
XcEVpTm/jAYDrBjftRGb9duiFcVvTFo0Z8HwelJGlpui77a0JCrN/90C1LCewJaY
yAHCtcmi3n+xQ0MLu+a2jez+BIa7I+sK2oqZ8w85BL6J7cnJOs29+dfuop93IN0U
z3/rJo/tjWJoJvjB+Zv54W0Of9NWpiRsKqprASUP06Zm
-----END CERTIFICATE-----