Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/442101-780b-47ac-857d-f9e7cb03c527/1/aNwExBnNWHYFeE4OZCiwF8QPxOE.roa
File:                     aNwExBnNWHYFeE4OZCiwF8QPxOE.roa (raw, json)
Hash identifier:          1v22ayylubohxYsgsiqEbksKmUbjClf2jROrKnjsvEs=
Subject key identifier:   68:DC:04:C4:19:CD:58:76:05:78:4E:0E:64:28:B0:17:C4:0F:C4:E1
Certificate issuer:       /CN=bc65b4ba4d7869d5cb8f9574f0f4feee70ebc6c5
Certificate serial:       018CC424E526EEEE3E6F1F98120566434572
Authority key identifier: BC:65:B4:BA:4D:78:69:D5:CB:8F:95:74:F0:F4:FE:EE:70:EB:C6:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vGW0uk14adXLj5V08PT-7nDrxsU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/442101-780b-47ac-857d-f9e7cb03c527/1/aNwExBnNWHYFeE4OZCiwF8QPxOE.roa
Signing time:             Mon 01 Jan 2024 08:30:01 +0000
ROA not before:           Mon 01 Jan 2024 08:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        193.188.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/442101-780b-47ac-857d-f9e7cb03c527/1/vGW0uk14adXLj5V08PT-7nDrxsU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/442101-780b-47ac-857d-f9e7cb03c527/1/vGW0uk14adXLj5V08PT-7nDrxsU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vGW0uk14adXLj5V08PT-7nDrxsU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:e5:26:ee:ee:3e:6f:1f:98:12:05:66:43:45:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc65b4ba4d7869d5cb8f9574f0f4feee70ebc6c5
        Validity
            Not Before: Jan  1 08:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68dc04c419cd587605784e0e6428b017c40fc4e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:0a:ce:5c:46:dd:6b:87:ce:78:0c:39:fb:c4:
                    f0:f0:f9:07:47:c7:11:64:c9:2d:fc:91:29:db:cd:
                    5d:c2:9a:c4:4b:27:91:d6:cf:d4:55:97:8d:2a:11:
                    97:5b:84:d4:5a:ff:ed:5d:e0:c3:31:66:33:a3:c6:
                    48:4a:65:26:29:bc:4a:76:64:87:4a:b9:ff:e4:04:
                    e8:f5:c0:ba:ab:10:b2:8f:43:6a:a8:f9:08:92:94:
                    26:e8:84:ff:98:1b:d8:c6:93:7a:07:d3:3f:d3:da:
                    e5:a8:ea:1b:47:22:f3:53:55:e6:e9:cf:d6:03:b7:
                    26:8c:3d:d5:6d:af:a5:49:80:07:8b:2a:b2:4b:bb:
                    e5:2f:12:22:ea:90:4e:4c:db:7c:b3:79:5a:b5:66:
                    33:c8:c5:7a:64:93:e5:ec:29:84:a9:61:9d:df:a1:
                    37:5c:a9:41:c7:14:5f:2a:36:9d:81:2b:97:a1:1e:
                    4a:8b:99:fb:98:ef:63:9f:dc:ea:5e:75:72:35:b5:
                    58:eb:99:00:b6:2c:fb:a3:5b:6b:bc:9a:ac:1f:88:
                    b2:36:00:68:c4:6d:11:32:fb:66:f0:27:20:bd:8a:
                    80:a3:3c:89:e8:05:2c:ac:0a:c6:64:4e:47:67:d2:
                    06:b4:22:d5:24:a5:a5:0e:f7:b5:c1:1b:0a:e4:13:
                    5f:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:DC:04:C4:19:CD:58:76:05:78:4E:0E:64:28:B0:17:C4:0F:C4:E1
            X509v3 Authority Key Identifier:
                keyid:BC:65:B4:BA:4D:78:69:D5:CB:8F:95:74:F0:F4:FE:EE:70:EB:C6:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vGW0uk14adXLj5V08PT-7nDrxsU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/442101-780b-47ac-857d-f9e7cb03c527/1/aNwExBnNWHYFeE4OZCiwF8QPxOE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/442101-780b-47ac-857d-f9e7cb03c527/1/vGW0uk14adXLj5V08PT-7nDrxsU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.188.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:fa:3f:6d:13:a4:b3:8f:d2:5a:6d:8d:7b:81:af:66:42:cf:
         bd:c5:7e:7e:84:cb:fe:c9:3d:92:92:cc:2d:ee:9a:1d:9e:87:
         fb:03:38:a7:09:11:32:9f:3b:13:b6:bf:49:6f:55:54:7b:68:
         ab:3f:2c:14:3c:ff:c6:66:c4:7c:9d:c0:a7:64:92:bf:a9:43:
         82:2f:c4:89:1a:70:33:5f:7b:d7:8b:a0:e3:02:b4:8a:e1:75:
         ff:a1:2c:7c:74:a2:92:e2:05:b9:e7:aa:5b:60:e3:dd:22:ea:
         ef:23:11:18:90:01:35:5a:7a:20:72:4d:ef:86:90:19:74:e8:
         27:3f:76:6a:a1:e6:98:d4:36:28:8f:10:1e:5d:eb:ee:b4:5f:
         20:4b:bb:0d:e8:c2:27:38:3a:50:be:bb:ae:47:f5:d2:b9:ee:
         3b:8b:7c:e4:56:3e:c0:fe:ab:2d:88:bb:64:b6:14:1d:90:e6:
         77:f8:12:ff:e2:bc:4e:1c:55:60:1b:d5:a5:6a:df:64:38:7a:
         d8:ff:0d:8c:1a:ed:92:f1:da:ca:9d:b0:9e:78:eb:13:05:49:
         ca:59:e4:40:e7:e2:9e:bf:e3:79:58:3b:01:5d:a4:7c:83:f9:
         31:67:a3:5b:8c:8c:dd:d4:da:ec:d6:22:98:66:73:4a:10:84:
         0e:a8:a0:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJOUm7u4+bx+YEgVmQ0VyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNjViNGJhNGQ3ODY5ZDVjYjhmOTU3NGYwZjRmZWVlNzBl
YmM2YzUwHhcNMjQwMTAxMDgzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGRjMDRjNDE5Y2Q1ODc2MDU3ODRlMGU2NDI4YjAxN2M0MGZjNGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgrOXEbda4fOeAw5+8Tw8PkHR8cR
ZMkt/JEp281dwprESyeR1s/UVZeNKhGXW4TUWv/tXeDDMWYzo8ZISmUmKbxKdmSH
Srn/5ATo9cC6qxCyj0NqqPkIkpQm6IT/mBvYxpN6B9M/09rlqOobRyLzU1Xm6c/W
A7cmjD3Vba+lSYAHiyqyS7vlLxIi6pBOTNt8s3latWYzyMV6ZJPl7CmEqWGd36E3
XKlBxxRfKjadgSuXoR5Ki5n7mO9jn9zqXnVyNbVY65kAtiz7o1trvJqsH4iyNgBo
xG0RMvtm8CcgvYqAozyJ6AUsrArGZE5HZ9IGtCLVJKWlDve1wRsK5BNfQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGjcBMQZzVh2BXhODmQosBfED8ThMB8GA1UdIwQY
MBaAFLxltLpNeGnVy4+VdPD0/u5w68bFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkdXMHVrMTRhZFhMajVWMDhQVC03bkRyeHNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80NDIxMDEtNzgwYi00N2FjLTg1N2Qt
ZjllN2NiMDNjNTI3LzEvYU53RXhCbk5XSFlGZUU0T1pDaXdGOFFQeE9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80NDIxMDEtNzgwYi00N2FjLTg1N2QtZjllN2NiMDNjNTI3
LzEvdkdXMHVrMTRhZFhMajVWMDhQVC03bkRyeHNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbwOMA0G
CSqGSIb3DQEBCwUAA4IBAQAF+j9tE6Szj9JabY17ga9mQs+9xX5+hMv+yT2Skswt
7podnof7AzinCREynzsTtr9Jb1VUe2irPywUPP/GZsR8ncCnZJK/qUOCL8SJGnAz
X3vXi6DjArSK4XX/oSx8dKKS4gW556pbYOPdIurvIxEYkAE1Wnogck3vhpAZdOgn
P3ZqoeaY1DYojxAeXevutF8gS7sN6MInODpQvruuR/XSue47i3zkVj7A/qstiLtk
thQdkOZ3+BL/4rxOHFVgG9Wlat9kOHrY/w2MGu2S8drKnbCeeOsTBUnKWeRA5+Ke
v+N5WDsBXaR8g/kxZ6NbjIzd1Nrs1iKYZnNKEIQOqKDg
-----END CERTIFICATE-----