Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/b96259-33b8-454a-8c5f-a862b88593a0/1/FEBnWSOhkAHylQ1z4IYGiohFceQ.roa
File:                     FEBnWSOhkAHylQ1z4IYGiohFceQ.roa (raw, json)
Hash identifier:          AX/4cqmT8wivr3fDr/N+2BuO87R6xzTwDKG4aTSB8XA=
Subject key identifier:   14:40:67:59:23:A1:90:01:F2:95:0D:73:E0:86:06:8A:88:45:71:E4
Certificate issuer:       /CN=14bf39139b710c4f7237edfd88518655af39c323
Certificate serial:       018CC3B73689EA15F7849BACCE74F121CDC2
Authority key identifier: 14:BF:39:13:9B:71:0C:4F:72:37:ED:FD:88:51:86:55:AF:39:C3:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FL85E5txDE9yN-39iFGGVa85wyM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/b96259-33b8-454a-8c5f-a862b88593a0/1/FEBnWSOhkAHylQ1z4IYGiohFceQ.roa
Signing time:             Mon 01 Jan 2024 06:30:13 +0000
ROA not before:           Mon 01 Jan 2024 06:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16262
IP address blocks:        94.199.4.0/24 maxlen: 24
                          192.162.240.0/21 maxlen: 21
                          195.211.100.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/b96259-33b8-454a-8c5f-a862b88593a0/1/FL85E5txDE9yN-39iFGGVa85wyM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/b96259-33b8-454a-8c5f-a862b88593a0/1/FL85E5txDE9yN-39iFGGVa85wyM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FL85E5txDE9yN-39iFGGVa85wyM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:36:89:ea:15:f7:84:9b:ac:ce:74:f1:21:cd:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=14bf39139b710c4f7237edfd88518655af39c323
        Validity
            Not Before: Jan  1 06:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1440675923a19001f2950d73e086068a884571e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:d7:ee:a1:51:79:8d:5a:31:34:4c:39:3f:62:
                    b9:55:2e:65:1a:57:fd:d5:9a:2d:d8:a3:7a:65:cf:
                    0d:e3:38:df:76:6e:b6:e3:d7:f4:28:34:2d:7e:18:
                    13:82:12:92:09:1a:37:08:9e:2c:c0:6d:02:d3:8c:
                    b5:24:89:2e:fd:79:78:f7:a3:94:df:aa:5b:31:50:
                    59:5c:98:d9:09:ca:30:d3:89:3d:a5:24:61:b4:d2:
                    65:7f:cd:40:35:37:52:7a:ff:69:20:a5:bf:73:7e:
                    de:25:f0:3a:b5:54:a1:28:54:4d:a3:cf:40:39:28:
                    35:92:49:e0:51:66:4c:e8:b0:ed:ef:1c:af:51:bc:
                    c8:1e:6e:45:28:e7:c7:2e:e6:2c:c5:f6:58:1e:fe:
                    17:b0:ab:0d:19:8a:34:25:5e:15:c5:d2:88:8f:1b:
                    d1:22:ae:49:16:ab:34:f1:35:84:c4:5a:9d:0e:f6:
                    30:7f:57:09:43:ce:6f:56:07:42:69:94:a5:f6:26:
                    c4:73:22:10:6f:2b:b3:93:76:c1:11:dc:2e:ee:99:
                    2a:a3:f0:04:8a:be:e8:93:3c:ee:18:4f:02:f8:78:
                    17:16:01:84:f0:f6:c4:cf:f0:21:39:b3:be:32:1d:
                    d0:a5:0c:89:85:77:00:a2:c0:38:f1:1e:f4:66:30:
                    63:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:40:67:59:23:A1:90:01:F2:95:0D:73:E0:86:06:8A:88:45:71:E4
            X509v3 Authority Key Identifier:
                keyid:14:BF:39:13:9B:71:0C:4F:72:37:ED:FD:88:51:86:55:AF:39:C3:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FL85E5txDE9yN-39iFGGVa85wyM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b96259-33b8-454a-8c5f-a862b88593a0/1/FEBnWSOhkAHylQ1z4IYGiohFceQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b96259-33b8-454a-8c5f-a862b88593a0/1/FL85E5txDE9yN-39iFGGVa85wyM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.199.4.0/24
                  192.162.240.0/21
                  195.211.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b6:5c:2c:ef:8a:1a:48:22:6a:d5:bf:3c:bc:25:33:17:cf:7b:
         a2:0c:dd:ec:5c:9f:60:1d:09:b3:dc:06:ba:d6:3a:b1:3d:e3:
         63:b2:83:9c:1e:38:66:de:72:fb:cd:5d:cc:42:aa:d0:23:34:
         cf:2e:75:2e:56:ff:ff:0f:fe:67:1d:da:c6:49:76:b4:b2:b3:
         db:2c:80:d9:eb:da:86:21:47:83:e5:d7:71:18:81:3a:d5:62:
         5e:24:d6:4b:91:69:2a:08:42:17:79:57:37:16:40:29:c2:46:
         33:51:90:26:b3:b0:e6:37:40:42:e4:c4:f0:7d:6c:4f:ab:3a:
         98:18:a9:33:b4:56:04:68:9b:10:ae:19:f2:b6:f8:12:59:b3:
         ae:94:d6:e2:dc:fc:fa:86:78:ad:4c:a1:95:9d:69:02:d4:47:
         ea:9a:bb:16:74:f1:4e:99:c5:ee:11:22:c6:da:d7:31:19:76:
         da:7c:a2:5e:13:06:58:4e:5b:b0:b6:93:00:96:7c:3e:ef:3b:
         04:af:ea:1b:8d:0f:6c:06:77:6d:c8:fb:7e:e6:75:c3:bd:3d:
         f6:12:6b:a9:40:b2:35:af:dc:c9:fa:12:89:81:b3:64:d6:55:
         08:c9:91:3c:27:34:b3:f6:b7:11:23:29:86:34:e4:1d:ca:6b:
         d9:09:bf:0c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzDtzaJ6hX3hJusznTxIc3CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0YmYzOTEzOWI3MTBjNGY3MjM3ZWRmZDg4NTE4NjU1YWYz
OWMzMjMwHhcNMjQwMTAxMDYzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDQwNjc1OTIzYTE5MDAxZjI5NTBkNzNlMDg2MDY4YTg4NDU3MWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzdfuoVF5jVoxNEw5P2K5VS5lGlf9
1Zot2KN6Zc8N4zjfdm6249f0KDQtfhgTghKSCRo3CJ4swG0C04y1JIku/Xl496OU
36pbMVBZXJjZCcow04k9pSRhtNJlf81ANTdSev9pIKW/c37eJfA6tVShKFRNo89A
OSg1kkngUWZM6LDt7xyvUbzIHm5FKOfHLuYsxfZYHv4XsKsNGYo0JV4VxdKIjxvR
Iq5JFqs08TWExFqdDvYwf1cJQ85vVgdCaZSl9ibEcyIQbyuzk3bBEdwu7pkqo/AE
ir7okzzuGE8C+HgXFgGE8PbEz/AhObO+Mh3QpQyJhXcAosA48R70ZjBjwwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBRAZ1kjoZAB8pUNc+CGBoqIRXHkMB8GA1UdIwQY
MBaAFBS/ORObcQxPcjft/YhRhlWvOcMjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkw4NUU1dHhERTl5Ti0zOWlGR0dWYTg1d3lNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9iOTYyNTktMzNiOC00NTRhLThjNWYt
YTg2MmI4ODU5M2EwLzEvRkVCbldTT2hrQUh5bFExejRJWUdpb2hGY2VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9iOTYyNTktMzNiOC00NTRhLThjNWYtYTg2MmI4ODU5M2Ew
LzEvRkw4NUU1dHhERTl5Ti0zOWlGR0dWYTg1d3lNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXscEAwQD
wKLwAwQCw9NkMA0GCSqGSIb3DQEBCwUAA4IBAQC2XCzvihpIImrVvzy8JTMXz3ui
DN3sXJ9gHQmz3Aa61jqxPeNjsoOcHjhm3nL7zV3MQqrQIzTPLnUuVv//D/5nHdrG
SXa0srPbLIDZ69qGIUeD5ddxGIE61WJeJNZLkWkqCEIXeVc3FkApwkYzUZAms7Dm
N0BC5MTwfWxPqzqYGKkztFYEaJsQrhnytvgSWbOulNbi3Pz6hnitTKGVnWkC1Efq
mrsWdPFOmcXuESLG2tcxGXbafKJeEwZYTluwtpMAlnw+7zsEr+objQ9sBndtyPt+
5nXDvT32EmupQLI1r9zJ+hKJgbNk1lUIyZE8JzSz9rcRIymGNOQdymvZCb8M
-----END CERTIFICATE-----