Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/c79635-bec4-4fb5-892c-fa26ec39faba/1/lMiFDiie4vtc8_h6_vGtEZk3CcU.roa
File:                     lMiFDiie4vtc8_h6_vGtEZk3CcU.roa (raw, json)
Hash identifier:          zyoFfl6g03fIoJCvk7+pBO4BGI4Snm6MXfFQab0j4FU=
Subject key identifier:   94:C8:85:0E:28:9E:E2:FB:5C:F3:F8:7A:FE:F1:AD:11:99:37:09:C5
Certificate issuer:       /CN=413ffa106ae3fee6be87bac06a87ba57ed1c1140
Certificate serial:       018CC5DCDB29B2827442F576F46EA5A0B18A
Authority key identifier: 41:3F:FA:10:6A:E3:FE:E6:BE:87:BA:C0:6A:87:BA:57:ED:1C:11:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QT_6EGrj_ua-h7rAaoe6V-0cEUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/c79635-bec4-4fb5-892c-fa26ec39faba/1/lMiFDiie4vtc8_h6_vGtEZk3CcU.roa
Signing time:             Mon 01 Jan 2024 16:30:34 +0000
ROA not before:           Mon 01 Jan 2024 16:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60621
IP address blocks:        185.14.197.0/24 maxlen: 24
                          185.14.196.0/24 maxlen: 24
                          185.14.196.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/c79635-bec4-4fb5-892c-fa26ec39faba/1/QT_6EGrj_ua-h7rAaoe6V-0cEUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/c79635-bec4-4fb5-892c-fa26ec39faba/1/QT_6EGrj_ua-h7rAaoe6V-0cEUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QT_6EGrj_ua-h7rAaoe6V-0cEUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:db:29:b2:82:74:42:f5:76:f4:6e:a5:a0:b1:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=413ffa106ae3fee6be87bac06a87ba57ed1c1140
        Validity
            Not Before: Jan  1 16:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=94c8850e289ee2fb5cf3f87afef1ad11993709c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:6f:88:11:bf:85:57:fb:91:80:b1:4c:95:8b:
                    76:75:eb:7d:cc:07:1e:00:5d:db:86:42:55:2d:c1:
                    15:a4:ee:65:60:8f:c2:6b:43:34:b2:00:ef:52:cd:
                    e5:fb:7c:bc:fd:f2:f1:95:83:f7:0a:5c:2e:c6:a1:
                    cc:32:eb:18:b0:64:28:48:26:99:03:97:d5:1a:13:
                    44:ac:36:8d:f7:f9:74:8b:0f:1e:b4:df:bb:ec:7b:
                    ae:0b:ce:73:6e:a4:4b:23:0e:54:7b:32:fd:16:e6:
                    ae:95:fa:d7:85:b2:e6:a3:c7:14:3d:b1:96:41:d7:
                    bb:1f:0a:48:fa:55:82:c3:b2:7c:a2:1f:02:da:70:
                    62:17:99:c8:03:10:f8:4e:12:7c:74:4e:65:23:0e:
                    0e:54:39:48:7e:65:1b:ce:dd:87:91:4c:cd:3c:67:
                    3a:44:4c:87:8b:54:70:b2:47:9d:2c:85:ff:ff:cc:
                    3e:77:e5:06:5c:5b:4f:be:5e:ed:3d:fd:10:ef:f5:
                    30:65:f1:f2:99:5b:b9:36:b6:29:df:95:a7:63:4e:
                    7a:4a:0f:65:81:36:1a:5b:3f:83:23:75:e8:b0:63:
                    61:cb:14:0a:d2:ee:be:84:62:82:ea:8e:b1:05:de:
                    9e:71:96:95:22:ba:db:e9:2d:13:71:57:9c:1f:c9:
                    d7:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:C8:85:0E:28:9E:E2:FB:5C:F3:F8:7A:FE:F1:AD:11:99:37:09:C5
            X509v3 Authority Key Identifier:
                keyid:41:3F:FA:10:6A:E3:FE:E6:BE:87:BA:C0:6A:87:BA:57:ED:1C:11:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QT_6EGrj_ua-h7rAaoe6V-0cEUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/c79635-bec4-4fb5-892c-fa26ec39faba/1/lMiFDiie4vtc8_h6_vGtEZk3CcU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/c79635-bec4-4fb5-892c-fa26ec39faba/1/QT_6EGrj_ua-h7rAaoe6V-0cEUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3a:b9:cd:3c:d9:81:6d:47:76:4d:eb:33:00:85:4b:d2:59:fd:
         1d:79:2d:d5:76:01:71:06:05:8f:0d:46:d4:b7:c6:5c:05:58:
         f0:2e:05:ef:2d:4a:0c:02:15:78:30:84:a1:8d:39:44:e7:24:
         2a:66:be:15:c2:d2:d4:75:ae:07:00:cc:db:20:01:a2:59:c2:
         33:99:a9:c2:83:fd:22:6a:21:bc:bc:07:a8:18:b5:dd:90:d2:
         4f:df:7f:53:48:8e:3f:af:3c:1b:29:1e:90:7a:a9:06:07:69:
         ce:c7:da:af:57:01:b6:46:e6:42:e1:51:cd:cf:94:68:bb:8a:
         67:2d:eb:1f:c5:25:8a:45:9a:cd:a4:23:42:33:e3:e0:77:6a:
         3d:2c:72:0f:24:eb:19:a5:8e:e2:70:50:ea:4d:bb:bc:0e:e6:
         83:59:68:07:1d:95:5c:c2:e1:87:91:2c:43:91:bb:e5:51:aa:
         4e:a2:8a:ab:1b:0c:40:30:78:54:f7:58:57:a4:9a:8d:92:34:
         42:8e:b9:1a:49:b6:4d:b9:62:b0:e2:02:f3:6f:72:57:5b:9e:
         75:52:b9:75:c3:0e:72:60:99:28:b5:d8:21:71:f6:fe:f9:d6:
         25:ef:d3:2d:5f:df:d1:34:25:cf:9c:b2:07:88:a9:26:39:ce:
         86:2b:50:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3NspsoJ0QvV29G6loLGKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxM2ZmYTEwNmFlM2ZlZTZiZTg3YmFjMDZhODdiYTU3ZWQx
YzExNDAwHhcNMjQwMTAxMTYzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGM4ODUwZTI4OWVlMmZiNWNmM2Y4N2FmZWYxYWQxMTk5MzcwOWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2+IEb+FV/uRgLFMlYt2det9zAce
AF3bhkJVLcEVpO5lYI/Ca0M0sgDvUs3l+3y8/fLxlYP3ClwuxqHMMusYsGQoSCaZ
A5fVGhNErDaN9/l0iw8etN+77HuuC85zbqRLIw5UezL9FuaulfrXhbLmo8cUPbGW
Qde7HwpI+lWCw7J8oh8C2nBiF5nIAxD4ThJ8dE5lIw4OVDlIfmUbzt2HkUzNPGc6
REyHi1RwskedLIX//8w+d+UGXFtPvl7tPf0Q7/UwZfHymVu5NrYp35WnY056Sg9l
gTYaWz+DI3XosGNhyxQK0u6+hGKC6o6xBd6ecZaVIrrb6S0TcVecH8nX4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJTIhQ4onuL7XPP4ev7xrRGZNwnFMB8GA1UdIwQY
MBaAFEE/+hBq4/7mvoe6wGqHulftHBFAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVRfNkVHcmpfdWEtaDdyQWFvZTZWLTBjRVVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9jNzk2MzUtYmVjNC00ZmI1LTg5MmMt
ZmEyNmVjMzlmYWJhLzEvbE1pRkRpaWU0dnRjOF9oNl92R3RFWmszQ2NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9jNzk2MzUtYmVjNC00ZmI1LTg5MmMtZmEyNmVjMzlmYWJh
LzEvUVRfNkVHcmpfdWEtaDdyQWFvZTZWLTBjRVVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQ7EMA0G
CSqGSIb3DQEBCwUAA4IBAQA6uc082YFtR3ZN6zMAhUvSWf0deS3VdgFxBgWPDUbU
t8ZcBVjwLgXvLUoMAhV4MIShjTlE5yQqZr4VwtLUda4HAMzbIAGiWcIzmanCg/0i
aiG8vAeoGLXdkNJP339TSI4/rzwbKR6QeqkGB2nOx9qvVwG2RuZC4VHNz5Rou4pn
LesfxSWKRZrNpCNCM+Pgd2o9LHIPJOsZpY7icFDqTbu8DuaDWWgHHZVcwuGHkSxD
kbvlUapOooqrGwxAMHhU91hXpJqNkjRCjrkaSbZNuWKw4gLzb3JXW551Url1ww5y
YJkotdghcfb++dYl79MtX9/RNCXPnLIHiKkmOc6GK1D0
-----END CERTIFICATE-----