Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/9db87f-a31a-4b4d-8624-280f5a4b5e03/1/cRUdYR3fsRjadNws_lMl5mkQjpQ.roa
File:                     cRUdYR3fsRjadNws_lMl5mkQjpQ.roa (raw, json)
Hash identifier:          cEXJYiHzaxHdwHsV9GRwNekIcQAW38OnLQobuh+ane0=
Subject key identifier:   71:15:1D:61:1D:DF:B1:18:DA:74:DC:2C:FE:53:25:E6:69:10:8E:94
Certificate issuer:       /CN=6cbc8402f092343b9c03d386069728f8983e6008
Certificate serial:       018CC2DB50756EE69BFDE2493ACBC6D8622F
Authority key identifier: 6C:BC:84:02:F0:92:34:3B:9C:03:D3:86:06:97:28:F8:98:3E:60:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bLyEAvCSNDucA9OGBpco-Jg-YAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/9db87f-a31a-4b4d-8624-280f5a4b5e03/1/cRUdYR3fsRjadNws_lMl5mkQjpQ.roa
Signing time:             Mon 01 Jan 2024 02:30:01 +0000
ROA not before:           Mon 01 Jan 2024 02:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        176.116.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/9db87f-a31a-4b4d-8624-280f5a4b5e03/1/bLyEAvCSNDucA9OGBpco-Jg-YAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/9db87f-a31a-4b4d-8624-280f5a4b5e03/1/bLyEAvCSNDucA9OGBpco-Jg-YAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bLyEAvCSNDucA9OGBpco-Jg-YAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:50:75:6e:e6:9b:fd:e2:49:3a:cb:c6:d8:62:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cbc8402f092343b9c03d386069728f8983e6008
        Validity
            Not Before: Jan  1 02:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71151d611ddfb118da74dc2cfe5325e669108e94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:fe:9c:b8:b2:15:fc:03:55:e9:12:bd:20:37:
                    f7:66:b0:d5:67:f1:c1:1c:38:b4:35:9c:4d:7a:28:
                    54:22:65:1f:0a:18:a0:84:ec:eb:63:d9:79:22:78:
                    af:2d:d3:df:6c:1c:a3:c6:b4:6d:c7:a7:04:5d:ff:
                    10:79:52:29:3f:f4:fc:dd:56:67:55:6c:e0:be:2d:
                    46:a5:02:57:6e:94:e8:9c:23:00:02:e7:2f:9d:9b:
                    df:66:dd:54:af:d5:e1:68:1e:7a:e6:d5:91:4a:4d:
                    75:0e:68:a2:ef:87:62:b8:fb:73:df:9b:1b:db:4e:
                    89:41:70:1a:c2:8c:96:6c:12:6e:6e:e7:b4:7f:36:
                    e3:f4:22:9e:46:22:53:87:fd:c6:99:52:de:30:b5:
                    b2:c5:1f:7a:da:23:d9:1b:d1:a4:42:69:5a:e1:d9:
                    cd:06:a5:9a:d4:dd:d8:fe:db:1a:a5:91:6f:10:a2:
                    47:5b:cd:6c:78:8e:11:c9:09:eb:0c:33:61:92:b3:
                    08:30:b9:97:55:63:82:49:c4:6e:0d:84:15:c3:35:
                    92:ac:6d:b6:d5:c9:26:bc:17:6a:39:f7:14:80:04:
                    be:15:61:bf:f3:55:1f:9a:ad:05:80:be:89:da:22:
                    ae:03:3e:42:73:43:5b:95:48:c1:0f:7f:ee:76:25:
                    e9:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:15:1D:61:1D:DF:B1:18:DA:74:DC:2C:FE:53:25:E6:69:10:8E:94
            X509v3 Authority Key Identifier:
                keyid:6C:BC:84:02:F0:92:34:3B:9C:03:D3:86:06:97:28:F8:98:3E:60:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bLyEAvCSNDucA9OGBpco-Jg-YAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/9db87f-a31a-4b4d-8624-280f5a4b5e03/1/cRUdYR3fsRjadNws_lMl5mkQjpQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/9db87f-a31a-4b4d-8624-280f5a4b5e03/1/bLyEAvCSNDucA9OGBpco-Jg-YAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.116.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:29:10:ba:57:7a:fa:5c:ac:f3:a4:87:d0:d8:70:be:9a:d7:
         e7:08:58:a2:71:b2:0c:7f:c9:78:ae:1d:b9:96:7f:d9:2e:d5:
         4c:ac:44:52:41:6a:d1:f3:50:d4:ff:b1:fd:ec:66:bb:72:1c:
         a2:2b:f1:73:49:f9:e9:e4:88:5f:e1:eb:02:f9:d6:5e:a9:a0:
         45:e4:11:ee:11:7e:4e:77:6c:44:25:1c:23:eb:ce:5e:05:91:
         3b:26:35:4d:1d:87:13:ca:24:98:8b:35:a2:89:a1:10:00:84:
         38:17:b2:0b:62:52:65:47:ed:17:58:3d:cc:72:48:c2:01:d2:
         52:17:49:2f:97:11:e3:3e:de:81:64:62:66:dc:08:38:b6:da:
         39:6e:16:45:05:24:61:19:68:74:e0:26:7d:74:95:d9:77:ea:
         d7:50:2b:a3:26:4d:a5:fe:eb:74:52:e5:30:e1:1f:ee:26:a3:
         e7:e4:cc:5e:c8:40:c1:ef:32:91:1b:ff:08:de:e7:b4:3c:47:
         08:c9:21:55:29:86:4f:37:5e:e7:ff:e0:a7:02:7b:a1:15:c5:
         cb:4d:20:c1:2d:8d:9e:32:5e:a1:93:52:a7:af:79:13:ab:19:
         0d:0c:ff:b9:5f:3e:2e:db:7a:bb:12:35:c2:f4:ce:9e:20:0c:
         5d:3c:bc:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC21B1buab/eJJOsvG2GIvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjYmM4NDAyZjA5MjM0M2I5YzAzZDM4NjA2OTcyOGY4OTgz
ZTYwMDgwHhcNMjQwMTAxMDIzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTE1MWQ2MTFkZGZiMTE4ZGE3NGRjMmNmZTUzMjVlNjY5MTA4ZTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmf6cuLIV/ANV6RK9IDf3ZrDVZ/HB
HDi0NZxNeihUImUfChighOzrY9l5InivLdPfbByjxrRtx6cEXf8QeVIpP/T83VZn
VWzgvi1GpQJXbpTonCMAAucvnZvfZt1Ur9XhaB565tWRSk11Dmii74diuPtz35sb
206JQXAawoyWbBJubue0fzbj9CKeRiJTh/3GmVLeMLWyxR962iPZG9GkQmla4dnN
BqWa1N3Y/tsapZFvEKJHW81seI4RyQnrDDNhkrMIMLmXVWOCScRuDYQVwzWSrG22
1ckmvBdqOfcUgAS+FWG/81Ufmq0FgL6J2iKuAz5Cc0NblUjBD3/udiXpPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHEVHWEd37EY2nTcLP5TJeZpEI6UMB8GA1UdIwQY
MBaAFGy8hALwkjQ7nAPThgaXKPiYPmAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkx5RUF2Q1NORHVjQTlPR0JwY28tSmctWUFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC85ZGI4N2YtYTMxYS00YjRkLTg2MjQt
MjgwZjVhNGI1ZTAzLzEvY1JVZFlSM2ZzUmphZE53c19sTWw1bWtRanBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC85ZGI4N2YtYTMxYS00YjRkLTg2MjQtMjgwZjVhNGI1ZTAz
LzEvYkx5RUF2Q1NORHVjQTlPR0JwY28tSmctWUFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHQOMA0G
CSqGSIb3DQEBCwUAA4IBAQB1KRC6V3r6XKzzpIfQ2HC+mtfnCFiicbIMf8l4rh25
ln/ZLtVMrERSQWrR81DU/7H97Ga7chyiK/FzSfnp5Ihf4esC+dZeqaBF5BHuEX5O
d2xEJRwj685eBZE7JjVNHYcTyiSYizWiiaEQAIQ4F7ILYlJlR+0XWD3MckjCAdJS
F0kvlxHjPt6BZGJm3Ag4tto5bhZFBSRhGWh04CZ9dJXZd+rXUCujJk2l/ut0UuUw
4R/uJqPn5MxeyEDB7zKRG/8I3ue0PEcIySFVKYZPN17n/+CnAnuhFcXLTSDBLY2e
Ml6hk1Knr3kTqxkNDP+5Xz4u23q7EjXC9M6eIAxdPLwR
-----END CERTIFICATE-----