Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/9ae221-c101-497f-91fe-508099c133bb/1/EpNjqZ-6RxN5Nju_to1-pnLxKj4.roa
File:                     EpNjqZ-6RxN5Nju_to1-pnLxKj4.roa (raw, json)
Hash identifier:          SWsJXy3j/S+zIT56myYNH3cCOogi0mKiXYKvTvCuBQs=
Subject key identifier:   12:93:63:A9:9F:BA:47:13:79:36:3B:BF:B6:8D:7E:A6:72:F1:2A:3E
Certificate issuer:       /CN=877aad307ad330ebb8cf44ec21389a170436fd53
Certificate serial:       018CC56EF8D816064932FAE9BAC6315CA92D
Authority key identifier: 87:7A:AD:30:7A:D3:30:EB:B8:CF:44:EC:21:38:9A:17:04:36:FD:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h3qtMHrTMOu4z0TsITiaFwQ2_VM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/9ae221-c101-497f-91fe-508099c133bb/1/EpNjqZ-6RxN5Nju_to1-pnLxKj4.roa
Signing time:             Mon 01 Jan 2024 14:30:33 +0000
ROA not before:           Mon 01 Jan 2024 14:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199272
IP address blocks:        185.14.25.0/24 maxlen: 24
                          185.14.27.0/24 maxlen: 24
                          185.14.26.0/24 maxlen: 24
                          185.14.24.0/22 maxlen: 22
                          185.14.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/9ae221-c101-497f-91fe-508099c133bb/1/h3qtMHrTMOu4z0TsITiaFwQ2_VM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/9ae221-c101-497f-91fe-508099c133bb/1/h3qtMHrTMOu4z0TsITiaFwQ2_VM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h3qtMHrTMOu4z0TsITiaFwQ2_VM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:f8:d8:16:06:49:32:fa:e9:ba:c6:31:5c:a9:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=877aad307ad330ebb8cf44ec21389a170436fd53
        Validity
            Not Before: Jan  1 14:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=129363a99fba471379363bbfb68d7ea672f12a3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:2a:07:ab:45:66:8e:1c:0e:65:14:81:2a:d7:
                    99:2b:9d:d0:84:c8:3d:42:15:91:02:94:82:6b:0a:
                    17:df:5d:e5:82:91:4c:eb:56:d2:15:43:0b:3d:81:
                    15:c0:ac:d3:43:e7:16:43:14:05:97:07:ed:ed:1e:
                    84:00:8f:9b:6c:7f:89:91:df:f3:49:e6:06:0d:8b:
                    64:95:4c:47:e9:71:ef:80:00:88:95:cb:a8:b0:1c:
                    9b:4e:9f:a6:a6:9c:e0:28:b9:34:53:f8:fa:b7:17:
                    93:f7:b6:07:d2:6e:4c:e5:27:eb:6b:f0:cf:72:84:
                    52:ce:bf:97:66:3d:c7:20:b4:dc:6d:c4:16:09:5d:
                    7c:2d:4e:d6:da:48:be:2f:25:bd:36:27:90:48:67:
                    3e:52:69:49:d6:8d:f6:3a:86:59:5f:9a:f8:c5:d4:
                    06:32:f9:4f:ef:7e:58:a6:79:91:cf:e9:97:42:4c:
                    01:0b:80:f6:c6:55:b2:e4:10:52:f6:3e:81:f6:37:
                    42:e1:eb:b6:fa:b6:b9:3d:e5:ec:cf:12:e8:d1:88:
                    5c:bd:a8:d0:81:0a:96:b9:a2:63:3d:5f:95:62:e3:
                    88:1f:86:b9:b7:42:45:0d:2d:63:b3:8b:2b:fb:a1:
                    e4:0a:4f:f9:af:55:64:71:3e:10:e0:d2:13:ce:fc:
                    ed:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:93:63:A9:9F:BA:47:13:79:36:3B:BF:B6:8D:7E:A6:72:F1:2A:3E
            X509v3 Authority Key Identifier:
                keyid:87:7A:AD:30:7A:D3:30:EB:B8:CF:44:EC:21:38:9A:17:04:36:FD:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h3qtMHrTMOu4z0TsITiaFwQ2_VM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/9ae221-c101-497f-91fe-508099c133bb/1/EpNjqZ-6RxN5Nju_to1-pnLxKj4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/9ae221-c101-497f-91fe-508099c133bb/1/h3qtMHrTMOu4z0TsITiaFwQ2_VM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         10:93:30:ba:a9:5b:4a:ea:83:90:25:10:a4:7f:4d:50:79:7a:
         61:57:2d:ca:65:66:74:6a:8f:e3:20:c2:fe:c4:5b:0b:0c:02:
         eb:99:c6:bb:51:ae:56:69:75:e3:8f:b2:6e:7d:b4:82:b1:eb:
         11:ca:6b:96:13:7e:50:93:c3:0e:7c:2a:6d:8b:bc:9b:26:c0:
         b8:0b:ab:74:a0:c1:d5:27:05:43:95:7b:a2:05:b8:51:81:8a:
         bc:de:12:2f:72:bb:47:b1:a8:20:d8:fc:4b:a7:f7:43:87:24:
         cc:8a:24:2a:e1:04:55:9d:7f:08:b1:80:45:c6:43:05:c9:fd:
         37:ed:d0:7f:20:5c:19:20:52:88:dc:24:e5:47:bd:48:20:39:
         75:0f:24:e8:75:6a:d6:7e:9b:f3:00:99:16:04:25:82:23:23:
         6b:db:f3:30:11:e5:d3:73:ab:6e:c1:4c:39:45:94:f1:bc:da:
         6f:bd:15:9d:01:9e:c2:b6:0c:75:de:9a:70:aa:1f:1c:12:32:
         33:28:08:56:68:cd:43:a9:6f:56:bb:73:68:d3:2f:b6:81:05:
         c6:50:39:fd:a6:2d:a4:48:cf:2e:4c:01:ea:62:56:d4:47:3f:
         d5:d9:82:91:3f:cd:01:b2:fa:ec:6d:19:31:69:17:c0:ac:d1:
         26:87:b7:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbvjYFgZJMvrpusYxXKktMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3N2FhZDMwN2FkMzMwZWJiOGNmNDRlYzIxMzg5YTE3MDQz
NmZkNTMwHhcNMjQwMTAxMTQzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjkzNjNhOTlmYmE0NzEzNzkzNjNiYmZiNjhkN2VhNjcyZjEyYTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjCoHq0VmjhwOZRSBKteZK53QhMg9
QhWRApSCawoX313lgpFM61bSFUMLPYEVwKzTQ+cWQxQFlwft7R6EAI+bbH+Jkd/z
SeYGDYtklUxH6XHvgACIlcuosBybTp+mppzgKLk0U/j6txeT97YH0m5M5Sfra/DP
coRSzr+XZj3HILTcbcQWCV18LU7W2ki+LyW9NieQSGc+UmlJ1o32OoZZX5r4xdQG
MvlP735YpnmRz+mXQkwBC4D2xlWy5BBS9j6B9jdC4eu2+ra5PeXszxLo0YhcvajQ
gQqWuaJjPV+VYuOIH4a5t0JFDS1js4sr+6HkCk/5r1VkcT4Q4NITzvztAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBKTY6mfukcTeTY7v7aNfqZy8So+MB8GA1UdIwQY
MBaAFId6rTB60zDruM9E7CE4mhcENv1TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDNxdE1IclRNT3U0ejBUc0lUaWFGd1EyX1ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS85YWUyMjEtYzEwMS00OTdmLTkxZmUt
NTA4MDk5YzEzM2JiLzEvRXBOanFaLTZSeE41Tmp1X3RvMS1wbkx4S2o0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS85YWUyMjEtYzEwMS00OTdmLTkxZmUtNTA4MDk5YzEzM2Ji
LzEvaDNxdE1IclRNT3U0ejBUc0lUaWFGd1EyX1ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQ4YMA0G
CSqGSIb3DQEBCwUAA4IBAQAQkzC6qVtK6oOQJRCkf01QeXphVy3KZWZ0ao/jIML+
xFsLDALrmca7Ua5WaXXjj7JufbSCsesRymuWE35Qk8MOfCpti7ybJsC4C6t0oMHV
JwVDlXuiBbhRgYq83hIvcrtHsagg2PxLp/dDhyTMiiQq4QRVnX8IsYBFxkMFyf03
7dB/IFwZIFKI3CTlR71IIDl1DyTodWrWfpvzAJkWBCWCIyNr2/MwEeXTc6tuwUw5
RZTxvNpvvRWdAZ7Ctgx13ppwqh8cEjIzKAhWaM1DqW9Wu3No0y+2gQXGUDn9pi2k
SM8uTAHqYlbURz/V2YKRP80BsvrsbRkxaRfArNEmh7eI
-----END CERTIFICATE-----