Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/a65522-f7c5-487b-b7b8-2e4614141aa4/1/ZUXaWRnpfH9iI3UAzKMBPJF-z9E.roa
File:                     ZUXaWRnpfH9iI3UAzKMBPJF-z9E.roa (raw, json)
Hash identifier:          sZRzFQSDYOa9JnwDa3fgl7efOc16Hql41Z8+L3YpmQ8=
Subject key identifier:   65:45:DA:59:19:E9:7C:7F:62:23:75:00:CC:A3:01:3C:91:7E:CF:D1
Certificate issuer:       /CN=7f188adab5b552081ecac821c9b090394873b315
Certificate serial:       018CC94BE1B78624BAF8198D99CD204CF145
Authority key identifier: 7F:18:8A:DA:B5:B5:52:08:1E:CA:C8:21:C9:B0:90:39:48:73:B3:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fxiK2rW1UggeysghybCQOUhzsxU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/a65522-f7c5-487b-b7b8-2e4614141aa4/1/ZUXaWRnpfH9iI3UAzKMBPJF-z9E.roa
Signing time:             Tue 02 Jan 2024 08:30:42 +0000
ROA not before:           Tue 02 Jan 2024 08:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211354
IP address blocks:        185.194.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/a65522-f7c5-487b-b7b8-2e4614141aa4/1/fxiK2rW1UggeysghybCQOUhzsxU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/a65522-f7c5-487b-b7b8-2e4614141aa4/1/fxiK2rW1UggeysghybCQOUhzsxU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fxiK2rW1UggeysghybCQOUhzsxU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4b:e1:b7:86:24:ba:f8:19:8d:99:cd:20:4c:f1:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f188adab5b552081ecac821c9b090394873b315
        Validity
            Not Before: Jan  2 08:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6545da5919e97c7f62237500cca3013c917ecfd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d9:dc:1c:99:97:e9:e5:cb:64:8a:2b:08:8d:
                    07:49:16:52:79:dc:0f:50:c1:84:ad:af:f7:b8:2c:
                    2e:c7:81:49:3a:6f:51:21:62:72:79:4f:9a:0a:a1:
                    58:45:9e:39:3d:92:91:6d:50:38:6b:43:bd:f4:5c:
                    db:2e:ca:f4:b0:4f:c6:82:49:92:b8:97:f9:dc:f1:
                    06:32:39:83:27:db:34:06:d8:23:f0:d6:2e:4c:6d:
                    aa:be:91:11:f7:cb:09:7e:a5:e3:ca:bc:5d:ca:ec:
                    3d:1b:5c:fb:e8:21:46:0b:87:3e:3a:3f:77:99:4b:
                    ac:0f:f5:2a:4b:77:0f:3e:8a:db:78:be:6b:5e:53:
                    73:4a:bb:89:49:56:b1:f1:cf:91:95:c7:d2:6c:68:
                    c8:a3:50:c0:2b:0b:f6:a9:8f:f5:67:16:bd:17:a5:
                    5f:e3:3a:8c:35:4f:ce:de:e2:1a:64:1e:60:17:ac:
                    4f:62:68:09:ec:1a:9f:df:f7:5f:9e:ef:08:8f:00:
                    82:b9:f7:63:d3:56:16:b3:dd:84:60:29:c4:c7:71:
                    55:4d:6d:9d:55:9f:02:4e:d8:ed:cd:c8:86:68:2e:
                    e5:12:65:f9:c8:73:ac:59:69:14:5a:04:51:89:8a:
                    c9:f1:99:24:e6:b3:67:12:45:8c:4b:50:0f:bc:54:
                    9c:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:45:DA:59:19:E9:7C:7F:62:23:75:00:CC:A3:01:3C:91:7E:CF:D1
            X509v3 Authority Key Identifier:
                keyid:7F:18:8A:DA:B5:B5:52:08:1E:CA:C8:21:C9:B0:90:39:48:73:B3:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fxiK2rW1UggeysghybCQOUhzsxU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/a65522-f7c5-487b-b7b8-2e4614141aa4/1/ZUXaWRnpfH9iI3UAzKMBPJF-z9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/a65522-f7c5-487b-b7b8-2e4614141aa4/1/fxiK2rW1UggeysghybCQOUhzsxU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:01:0c:eb:a4:41:4f:6b:24:a4:ce:ec:f2:d9:34:a4:71:06:
         61:81:ae:bd:db:9a:c4:33:2c:e5:77:c4:8b:03:91:73:a5:e8:
         a0:e1:77:fa:40:5a:7c:75:14:cf:9b:04:3e:72:73:e6:e0:af:
         12:8e:7f:08:f2:86:96:46:85:e6:bc:4c:9d:2d:d7:7f:3c:27:
         2e:47:69:56:31:10:80:4c:c8:c2:07:ab:b5:29:c5:e3:ef:2b:
         7b:47:f8:fb:b5:e0:8e:e6:2a:16:d6:3c:88:29:ba:7d:30:9a:
         24:b9:47:08:38:85:13:1f:02:72:8d:ab:5b:d5:7e:ba:e5:3c:
         81:4e:a8:63:37:d4:ec:f6:83:b0:2c:99:c0:e5:d9:c6:5f:c3:
         bf:e0:c4:06:5f:7b:c5:fb:4f:5e:62:99:51:65:a7:e2:65:c1:
         f5:ee:c1:ea:2f:48:52:0f:54:a3:d9:ff:d0:25:57:43:da:bf:
         a9:de:c4:3e:58:2f:4b:18:c6:cc:f2:9c:d2:35:fa:f2:47:23:
         22:84:b2:2f:f9:e0:08:7f:0c:a7:3e:e8:e4:d3:e8:6f:9c:e2:
         7b:a4:d1:8c:99:92:9d:18:50:c7:d0:b4:85:c1:e2:50:9b:ee:
         26:ad:98:f7:ec:5f:99:eb:97:e4:cb:64:67:8b:96:79:07:90:
         c9:5b:9a:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJS+G3hiS6+BmNmc0gTPFFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmMTg4YWRhYjViNTUyMDgxZWNhYzgyMWM5YjA5MDM5NDg3
M2IzMTUwHhcNMjQwMTAyMDgzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTQ1ZGE1OTE5ZTk3YzdmNjIyMzc1MDBjY2EzMDEzYzkxN2VjZmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9ncHJmX6eXLZIorCI0HSRZSedwP
UMGEra/3uCwux4FJOm9RIWJyeU+aCqFYRZ45PZKRbVA4a0O99FzbLsr0sE/GgkmS
uJf53PEGMjmDJ9s0Btgj8NYuTG2qvpER98sJfqXjyrxdyuw9G1z76CFGC4c+Oj93
mUusD/UqS3cPPorbeL5rXlNzSruJSVax8c+RlcfSbGjIo1DAKwv2qY/1Zxa9F6Vf
4zqMNU/O3uIaZB5gF6xPYmgJ7Bqf3/dfnu8IjwCCufdj01YWs92EYCnEx3FVTW2d
VZ8CTtjtzciGaC7lEmX5yHOsWWkUWgRRiYrJ8Zkk5rNnEkWMS1APvFScgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGVF2lkZ6Xx/YiN1AMyjATyRfs/RMB8GA1UdIwQY
MBaAFH8Yitq1tVIIHsrIIcmwkDlIc7MVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnhpSzJyVzFVZ2dleXNnaHliQ1FPVWh6c3hVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9hNjU1MjItZjdjNS00ODdiLWI3Yjgt
MmU0NjE0MTQxYWE0LzEvWlVYYVdSbnBmSDlpSTNVQXpLTUJQSkYtejlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9hNjU1MjItZjdjNS00ODdiLWI3YjgtMmU0NjE0MTQxYWE0
LzEvZnhpSzJyVzFVZ2dleXNnaHliQ1FPVWh6c3hVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucIOMA0G
CSqGSIb3DQEBCwUAA4IBAQBDAQzrpEFPaySkzuzy2TSkcQZhga6925rEMyzld8SL
A5Fzpeig4Xf6QFp8dRTPmwQ+cnPm4K8Sjn8I8oaWRoXmvEydLdd/PCcuR2lWMRCA
TMjCB6u1KcXj7yt7R/j7teCO5ioW1jyIKbp9MJokuUcIOIUTHwJyjatb1X665TyB
TqhjN9Ts9oOwLJnA5dnGX8O/4MQGX3vF+09eYplRZafiZcH17sHqL0hSD1Sj2f/Q
JVdD2r+p3sQ+WC9LGMbM8pzSNfryRyMihLIv+eAIfwynPujk0+hvnOJ7pNGMmZKd
GFDH0LSFweJQm+4mrZj37F+Z65fky2Rni5Z5B5DJW5qX
-----END CERTIFICATE-----