Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/38bc90-1d53-4d47-bbdb-f4e7c9cc43ff/1/p14q6MsL70ZqEZqNV0sRYf_i8EU.roa
File:                     p14q6MsL70ZqEZqNV0sRYf_i8EU.roa (raw, json)
Hash identifier:          Exgq87Jms6FTzB0UNmzUlEoUTEjw5f+16tDeRwRk2RY=
Subject key identifier:   A7:5E:2A:E8:CB:0B:EF:46:6A:11:9A:8D:57:4B:11:61:FF:E2:F0:45
Certificate issuer:       /CN=87b1396fd11c730ef20448129b282856ac504cb7
Certificate serial:       018FF98709CD4B9056ECDE1B48BB04F2FB1D
Authority key identifier: 87:B1:39:6F:D1:1C:73:0E:F2:04:48:12:9B:28:28:56:AC:50:4C:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h7E5b9Eccw7yBEgSmygoVqxQTLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/38bc90-1d53-4d47-bbdb-f4e7c9cc43ff/1/p14q6MsL70ZqEZqNV0sRYf_i8EU.roa
Signing time:             Sat 08 Jun 2024 20:25:27 +0000
ROA not before:           Sat 08 Jun 2024 20:25:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51396
IP address blocks:        192.109.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/38bc90-1d53-4d47-bbdb-f4e7c9cc43ff/1/h7E5b9Eccw7yBEgSmygoVqxQTLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/38bc90-1d53-4d47-bbdb-f4e7c9cc43ff/1/h7E5b9Eccw7yBEgSmygoVqxQTLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h7E5b9Eccw7yBEgSmygoVqxQTLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:f9:87:09:cd:4b:90:56:ec:de:1b:48:bb:04:f2:fb:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87b1396fd11c730ef20448129b282856ac504cb7
        Validity
            Not Before: Jun  8 20:25:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a75e2ae8cb0bef466a119a8d574b1161ffe2f045
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:e6:2a:7b:c2:17:e3:ea:0a:7c:c7:db:2c:8c:
                    bb:fc:72:8e:85:64:97:b5:3d:d4:d8:27:01:d5:fe:
                    b7:c4:4b:9b:eb:4e:98:fa:83:e4:31:af:1f:5d:9d:
                    bb:b5:0b:f8:5d:23:e9:d5:a4:aa:a5:d3:8a:2e:30:
                    a5:54:24:ac:d9:3c:99:78:10:4c:00:69:b8:33:f1:
                    03:bb:d3:9a:7c:2b:04:0f:f1:27:52:96:a1:33:f3:
                    73:1c:54:61:ae:c9:a5:f9:e1:9e:fe:3d:54:26:29:
                    7a:d7:59:9c:3d:41:2a:55:a1:4e:d8:37:1c:4d:c5:
                    d8:f6:df:08:10:7e:69:54:95:2b:2d:1a:e8:43:86:
                    51:4a:a2:3a:76:e1:aa:8c:20:c3:f9:dc:9a:3a:a6:
                    d6:3e:37:69:31:88:53:f2:46:5e:28:5c:f5:31:1a:
                    91:78:2e:b8:b5:ab:71:07:c7:45:58:00:47:c9:6c:
                    c2:f0:1f:ad:8d:fb:f7:7a:22:b8:70:c0:c2:95:9f:
                    8a:a1:e3:e0:de:a5:f7:82:73:5b:9a:45:a1:17:9d:
                    e9:11:db:85:97:bd:0e:70:76:c8:c3:90:8d:3a:df:
                    4f:bf:24:ee:11:dc:63:0d:26:47:88:8d:aa:d5:61:
                    c8:93:c7:de:4f:8e:d9:fa:2d:3a:28:bd:87:e4:e9:
                    05:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:5E:2A:E8:CB:0B:EF:46:6A:11:9A:8D:57:4B:11:61:FF:E2:F0:45
            X509v3 Authority Key Identifier:
                keyid:87:B1:39:6F:D1:1C:73:0E:F2:04:48:12:9B:28:28:56:AC:50:4C:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h7E5b9Eccw7yBEgSmygoVqxQTLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/38bc90-1d53-4d47-bbdb-f4e7c9cc43ff/1/p14q6MsL70ZqEZqNV0sRYf_i8EU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/38bc90-1d53-4d47-bbdb-f4e7c9cc43ff/1/h7E5b9Eccw7yBEgSmygoVqxQTLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:02:bb:ba:ec:28:e4:1f:e7:ef:3b:6d:78:6f:5e:68:d4:97:
         b3:83:33:73:95:e7:59:ad:a7:42:48:50:64:be:0a:8a:14:23:
         cb:c3:1a:2a:f4:4c:b4:6f:ae:54:c3:c6:72:73:9a:e2:63:36:
         50:73:f8:04:6b:89:57:f9:8a:c8:a7:84:d3:7f:03:1d:7f:58:
         91:fa:24:c7:ab:46:6d:26:6b:0a:3b:fd:fb:74:cd:55:ac:11:
         63:fa:e0:69:77:8a:9f:9b:70:f3:7b:c1:98:a3:fd:2b:cf:a6:
         a8:8f:03:bb:54:c5:1f:56:e3:6a:7f:c1:8e:fc:a7:d9:a8:62:
         c2:62:8e:f7:bc:dd:8a:74:ee:91:7b:73:11:46:cb:e9:1f:29:
         d6:be:c3:3a:5b:85:d7:08:db:95:9d:a2:17:89:a2:af:98:69:
         df:63:8d:23:1d:50:ab:b8:cd:e8:37:f4:34:5a:63:48:42:da:
         7e:bb:c7:a9:7d:5d:67:a8:17:3e:46:c8:40:c5:02:b9:43:79:
         ea:5f:16:a7:5b:6b:88:3c:8c:da:33:bd:63:8a:24:b7:1c:75:
         77:b9:e5:a8:6e:6a:67:cc:ed:64:00:ce:0b:2f:d1:54:4f:a1:
         e7:ee:6f:be:a2:dc:59:37:ad:05:fc:a9:7d:a5:d0:57:55:fa:
         dc:c1:4e:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/5hwnNS5BW7N4bSLsE8vsdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3YjEzOTZmZDExYzczMGVmMjA0NDgxMjliMjgyODU2YWM1
MDRjYjcwHhcNMjQwNjA4MjAyNTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzVlMmFlOGNiMGJlZjQ2NmExMTlhOGQ1NzRiMTE2MWZmZTJmMDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9OYqe8IX4+oKfMfbLIy7/HKOhWSX
tT3U2CcB1f63xEub606Y+oPkMa8fXZ27tQv4XSPp1aSqpdOKLjClVCSs2TyZeBBM
AGm4M/EDu9OafCsED/EnUpahM/NzHFRhrsml+eGe/j1UJil611mcPUEqVaFO2Dcc
TcXY9t8IEH5pVJUrLRroQ4ZRSqI6duGqjCDD+dyaOqbWPjdpMYhT8kZeKFz1MRqR
eC64tatxB8dFWABHyWzC8B+tjfv3eiK4cMDClZ+KoePg3qX3gnNbmkWhF53pEduF
l70OcHbIw5CNOt9PvyTuEdxjDSZHiI2q1WHIk8feT47Z+i06KL2H5OkFdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKdeKujLC+9GahGajVdLEWH/4vBFMB8GA1UdIwQY
MBaAFIexOW/RHHMO8gRIEpsoKFasUEy3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDdFNWI5RWNjdzd5QkVnU215Z29WcXhRVExjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8zOGJjOTAtMWQ1My00ZDQ3LWJiZGIt
ZjRlN2M5Y2M0M2ZmLzEvcDE0cTZNc0w3MFpxRVpxTlYwc1JZZl9pOEVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8zOGJjOTAtMWQ1My00ZDQ3LWJiZGItZjRlN2M5Y2M0M2Zm
LzEvaDdFNWI5RWNjdzd5QkVnU215Z29WcXhRVExjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwG3OMA0G
CSqGSIb3DQEBCwUAA4IBAQAJAru67CjkH+fvO214b15o1JezgzNzledZradCSFBk
vgqKFCPLwxoq9Ey0b65Uw8Zyc5riYzZQc/gEa4lX+YrIp4TTfwMdf1iR+iTHq0Zt
JmsKO/37dM1VrBFj+uBpd4qfm3Dze8GYo/0rz6aojwO7VMUfVuNqf8GO/KfZqGLC
Yo73vN2KdO6Re3MRRsvpHynWvsM6W4XXCNuVnaIXiaKvmGnfY40jHVCruM3oN/Q0
WmNIQtp+u8epfV1nqBc+RshAxQK5Q3nqXxanW2uIPIzaM71jiiS3HHV3ueWobmpn
zO1kAM4LL9FUT6Hn7m++otxZN60F/Kl9pdBXVfrcwU54
-----END CERTIFICATE-----