Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/42c1bf-89ff-482f-9f14-498dd1d307d0/1/14OK4UeufHfGH_U9cQmnR0_GwQo.roa
File:                     14OK4UeufHfGH_U9cQmnR0_GwQo.roa (raw, json)
Hash identifier:          C9Cx3u7T3aVXh9+2IqiM9WdSC+ubVQnOu+LspVsAYSw=
Subject key identifier:   D7:83:8A:E1:47:AE:7C:77:C6:1F:F5:3D:71:09:A7:47:4F:C6:C1:0A
Certificate issuer:       /CN=61ea673be28b493dba441870fb50e59a0d1c17c5
Certificate serial:       018CC56EDD16B93A1503EF364DB6CC21A05D
Authority key identifier: 61:EA:67:3B:E2:8B:49:3D:BA:44:18:70:FB:50:E5:9A:0D:1C:17:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YepnO-KLST26RBhw-1Dlmg0cF8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/42c1bf-89ff-482f-9f14-498dd1d307d0/1/14OK4UeufHfGH_U9cQmnR0_GwQo.roa
Signing time:             Mon 01 Jan 2024 14:30:26 +0000
ROA not before:           Mon 01 Jan 2024 14:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39702
IP address blocks:        185.214.232.0/22 maxlen: 22
                          2a0e:a2c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/42c1bf-89ff-482f-9f14-498dd1d307d0/1/YepnO-KLST26RBhw-1Dlmg0cF8U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/42c1bf-89ff-482f-9f14-498dd1d307d0/1/YepnO-KLST26RBhw-1Dlmg0cF8U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YepnO-KLST26RBhw-1Dlmg0cF8U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 05:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:dd:16:b9:3a:15:03:ef:36:4d:b6:cc:21:a0:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61ea673be28b493dba441870fb50e59a0d1c17c5
        Validity
            Not Before: Jan  1 14:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7838ae147ae7c77c61ff53d7109a7474fc6c10a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:33:53:a1:7d:49:f8:01:2a:18:8e:a9:c3:9e:
                    37:a5:f7:d3:d1:b4:29:dc:9b:74:4f:c5:5d:1e:45:
                    9f:9a:05:a7:90:17:54:f8:90:ba:ff:fa:f9:50:a5:
                    91:97:3e:78:06:e6:b9:5c:02:54:87:50:bd:d3:cc:
                    b1:95:0a:55:02:ce:26:1a:0a:fe:55:16:43:d4:9d:
                    38:d8:e7:6a:01:b5:8e:8b:35:01:ce:ad:51:39:c6:
                    da:96:8b:a5:e4:a6:71:ce:b5:9d:c7:be:a2:b9:c2:
                    3e:77:9f:66:e7:26:c8:8a:53:74:3b:b8:62:4c:c1:
                    56:43:fa:e6:6c:3d:1a:9f:e1:5a:b8:60:c0:58:37:
                    1d:26:58:4f:e5:69:2a:2d:55:ad:68:ef:bd:cc:ac:
                    a4:01:27:11:bb:5d:f6:6a:e9:d5:18:5a:44:00:4f:
                    c4:52:7c:16:ec:78:6d:18:76:f5:46:b5:56:65:a8:
                    a7:6d:2a:bb:71:99:00:db:c6:7b:7e:31:cd:dc:35:
                    62:3b:c5:65:16:96:ca:a1:ee:db:e4:ee:14:b3:33:
                    e7:7d:a0:02:0a:e9:b0:8a:cb:50:b4:db:76:84:e0:
                    39:13:6d:b1:6a:24:11:a2:2e:af:76:43:8e:f5:37:
                    e8:d6:75:e5:6e:16:0e:fb:2f:ce:53:d2:29:1a:fc:
                    97:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:83:8A:E1:47:AE:7C:77:C6:1F:F5:3D:71:09:A7:47:4F:C6:C1:0A
            X509v3 Authority Key Identifier:
                keyid:61:EA:67:3B:E2:8B:49:3D:BA:44:18:70:FB:50:E5:9A:0D:1C:17:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YepnO-KLST26RBhw-1Dlmg0cF8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/42c1bf-89ff-482f-9f14-498dd1d307d0/1/14OK4UeufHfGH_U9cQmnR0_GwQo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/42c1bf-89ff-482f-9f14-498dd1d307d0/1/YepnO-KLST26RBhw-1Dlmg0cF8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.214.232.0/22
                IPv6:
                  2a0e:a2c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         46:65:5b:4e:cd:e3:67:f6:8c:f2:93:17:99:e4:db:74:8f:ba:
         62:e4:fe:10:79:b0:3a:f6:48:78:99:2c:21:99:8a:dd:4e:e2:
         7a:1e:32:85:ad:b1:60:2e:a7:bb:88:b8:17:85:6d:39:79:0d:
         99:9f:bd:6b:e5:23:89:07:5f:21:23:4c:dc:6d:2d:f0:0f:6f:
         ac:25:05:7c:4d:31:c2:5a:a4:3d:ab:c7:00:3b:49:be:bb:c9:
         94:25:30:64:20:dd:d2:bf:27:e7:a2:9d:4b:7f:17:ef:cb:22:
         18:cb:ec:de:d1:77:cd:7d:c0:2b:99:d9:3e:bb:f9:e2:5b:d9:
         df:e2:6a:33:94:ad:35:a7:d3:e4:49:84:26:3f:91:43:c0:ad:
         f0:0a:d4:45:d0:0f:71:b4:d0:36:39:9e:60:a8:61:3c:5c:58:
         03:e7:92:6e:47:da:38:c1:d0:02:58:47:67:e6:87:94:0c:79:
         9f:4f:7a:ae:62:38:12:29:c2:03:14:55:ae:51:e9:10:60:ac:
         18:65:f9:69:f0:c3:c8:ba:4d:80:13:b7:04:8a:3f:e0:2f:e0:
         dc:7d:f5:3b:da:2f:d9:05:b0:fa:09:21:02:bb:b0:9d:34:e2:
         48:9b:12:94:e6:df:e2:fe:d7:51:4b:b4:0a:41:74:a4:34:83:
         26:42:84:f8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbt0WuToVA+82TbbMIaBdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxZWE2NzNiZTI4YjQ5M2RiYTQ0MTg3MGZiNTBlNTlhMGQx
YzE3YzUwHhcNMjQwMTAxMTQzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzgzOGFlMTQ3YWU3Yzc3YzYxZmY1M2Q3MTA5YTc0NzRmYzZjMTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDNToX1J+AEqGI6pw543pffT0bQp
3Jt0T8VdHkWfmgWnkBdU+JC6//r5UKWRlz54Bua5XAJUh1C908yxlQpVAs4mGgr+
VRZD1J042OdqAbWOizUBzq1ROcbaloul5KZxzrWdx76iucI+d59m5ybIilN0O7hi
TMFWQ/rmbD0an+FauGDAWDcdJlhP5WkqLVWtaO+9zKykAScRu132aunVGFpEAE/E
UnwW7HhtGHb1RrVWZainbSq7cZkA28Z7fjHN3DViO8VlFpbKoe7b5O4UszPnfaAC
CumwistQtNt2hOA5E22xaiQRoi6vdkOO9Tfo1nXlbhYO+y/OU9IpGvyXnwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNeDiuFHrnx3xh/1PXEJp0dPxsEKMB8GA1UdIwQY
MBaAFGHqZzvii0k9ukQYcPtQ5ZoNHBfFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWVwbk8tS0xTVDI2UkJody0xRGxtZzBjRjhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80MmMxYmYtODlmZi00ODJmLTlmMTQt
NDk4ZGQxZDMwN2QwLzEvMTRPSzRVZXVmSGZHSF9VOWNRbW5SMF9Hd1FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80MmMxYmYtODlmZi00ODJmLTlmMTQtNDk4ZGQxZDMwN2Qw
LzEvWWVwbk8tS0xTVDI2UkJody0xRGxtZzBjRjhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudboMA0E
AgACMAcDBQAqDqLAMA0GCSqGSIb3DQEBCwUAA4IBAQBGZVtOzeNn9ozykxeZ5Nt0
j7pi5P4QebA69kh4mSwhmYrdTuJ6HjKFrbFgLqe7iLgXhW05eQ2Zn71r5SOJB18h
I0zcbS3wD2+sJQV8TTHCWqQ9q8cAO0m+u8mUJTBkIN3Svyfnop1LfxfvyyIYy+ze
0XfNfcArmdk+u/niW9nf4mozlK01p9PkSYQmP5FDwK3wCtRF0A9xtNA2OZ5gqGE8
XFgD55JuR9o4wdACWEdn5oeUDHmfT3quYjgSKcIDFFWuUekQYKwYZflp8MPIuk2A
E7cEij/gL+DcffU72i/ZBbD6CSECu7CdNOJImxKU5t/i/tdRS7QKQXSkNIMmQoT4
-----END CERTIFICATE-----