Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/1-F-5SWsecFgzI5NahgeczUF5j-k.roa
File:                     1-F-5SWsecFgzI5NahgeczUF5j-k.roa (raw, json)
Hash identifier:          AjzylbQuDtMZ4CoZ2EqAKKte+m5xBNBNs+Oy65Y8EM0=
Subject key identifier:   F8:5F:B9:49:6B:1E:70:58:33:23:93:5A:86:07:9C:CD:41:79:8F:E9
Certificate issuer:       /CN=4104a40821c4176cc42e255ef6c1727473c3f00a
Certificate serial:       0194221F90BF0BE306926F278C152D33D533
Authority key identifier: 41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/1-F-5SWsecFgzI5NahgeczUF5j-k.roa
Signing time:             Wed 01 Jan 2025 13:48:01 +0000
ROA not before:           Wed 01 Jan 2025 13:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200450
IP address blocks:        85.14.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:90:bf:0b:e3:06:92:6f:27:8c:15:2d:33:d5:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4104a40821c4176cc42e255ef6c1727473c3f00a
        Validity
            Not Before: Jan  1 13:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f85fb9496b1e70583323935a86079ccd41798fe9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:27:ab:5c:49:80:57:dd:83:eb:35:e8:dc:60:
                    4e:56:af:0e:7a:a4:0c:15:f3:38:66:55:5f:35:f3:
                    2d:eb:cc:34:11:91:95:86:88:c6:51:1e:25:49:85:
                    08:a9:a3:03:0e:e3:aa:56:fd:61:f2:2e:14:ae:13:
                    97:d1:22:90:a6:eb:c2:73:0c:80:d3:e9:79:aa:fb:
                    28:3f:0e:eb:4d:e6:ad:84:7f:7b:f6:08:58:9e:83:
                    b6:9e:d7:ea:ab:d7:e5:e8:83:ad:9f:a2:8e:d7:b4:
                    10:39:b4:a9:0e:d5:a5:da:95:c9:33:dc:5f:81:5e:
                    c4:dc:aa:24:af:60:f8:66:da:0d:6b:e3:a1:ff:40:
                    ea:7c:e5:a1:e1:0b:e3:e0:de:1b:9f:7e:9d:20:85:
                    27:d0:bf:15:d5:23:62:05:05:1a:c0:e8:64:c7:17:
                    c6:94:99:44:43:0c:4e:56:b0:b0:de:3e:49:a9:08:
                    f8:c5:f1:7a:f3:89:c5:a5:42:5e:da:65:19:ec:d6:
                    6d:85:67:9e:cd:ec:ca:ec:02:89:c2:b8:be:19:7a:
                    10:68:0a:e1:66:88:84:83:e7:09:b9:96:fd:db:93:
                    bc:9e:fa:da:68:83:d2:4e:e6:b8:41:e4:1c:03:8e:
                    87:1e:32:a3:bd:cd:f3:90:d2:58:66:3d:99:a8:26:
                    40:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:5F:B9:49:6B:1E:70:58:33:23:93:5A:86:07:9C:CD:41:79:8F:E9
            X509v3 Authority Key Identifier:
                keyid:41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/1-F-5SWsecFgzI5NahgeczUF5j-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.14.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:36:97:fa:74:3f:aa:1a:04:6e:67:62:77:ba:86:c8:a0:50:
         67:2a:ea:b8:eb:7c:8e:94:ee:71:93:11:a6:a2:1a:37:5c:20:
         41:6f:34:9f:07:c3:8f:37:47:a2:06:be:52:d4:e0:be:00:c8:
         4b:5c:b9:98:bb:e0:bb:de:fa:a0:9b:fc:a4:1a:f2:89:12:f6:
         0d:15:dc:33:e2:8d:a4:6a:d1:76:1c:0d:96:10:df:dd:0a:95:
         de:46:98:d1:7f:48:04:c5:53:20:f2:e1:33:9c:d9:9a:33:b1:
         e7:a9:01:27:9e:c9:f0:91:bb:1a:a2:85:36:e4:2e:65:75:fb:
         95:9f:80:87:91:51:98:04:ec:34:b4:76:da:81:47:29:cd:f5:
         4d:83:ca:82:18:1f:ab:f9:5a:22:48:1a:eb:6e:b2:2a:36:e0:
         3c:b3:da:67:65:03:9a:fe:e7:83:58:be:8e:e1:1b:38:c0:37:
         f6:3e:93:0b:81:27:e7:f7:26:09:06:f8:14:b6:c4:01:a8:43:
         53:8e:b7:49:01:8f:9d:e2:e1:7b:e4:65:93:95:80:69:5a:3a:
         04:79:55:a6:76:b9:6e:6d:be:71:58:24:de:88:36:db:63:5e:
         19:4f:da:9b:32:65:bc:51:65:6c:32:9a:e0:8f:fd:74:5c:3a:
         64:5d:2c:e6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQiH5C/C+MGkm8njBUtM9UzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMDRhNDA4MjFjNDE3NmNjNDJlMjU1ZWY2YzE3Mjc0NzNj
M2YwMGEwHhcNMjUwMTAxMTM0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODVmYjk0OTZiMWU3MDU4MzMyMzkzNWE4NjA3OWNjZDQxNzk4ZmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSerXEmAV92D6zXo3GBOVq8OeqQM
FfM4ZlVfNfMt68w0EZGVhojGUR4lSYUIqaMDDuOqVv1h8i4UrhOX0SKQpuvCcwyA
0+l5qvsoPw7rTeathH979ghYnoO2ntfqq9fl6IOtn6KO17QQObSpDtWl2pXJM9xf
gV7E3Kokr2D4ZtoNa+Oh/0DqfOWh4Qvj4N4bn36dIIUn0L8V1SNiBQUawOhkxxfG
lJlEQwxOVrCw3j5JqQj4xfF684nFpUJe2mUZ7NZthWeezezK7AKJwri+GXoQaArh
ZoiEg+cJuZb925O8nvraaIPSTua4QeQcA46HHjKjvc3zkNJYZj2ZqCZAxwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPhfuUlrHnBYMyOTWoYHnM1BeY/pMB8GA1UdIwQY
MBaAFEEEpAghxBdsxC4lXvbBcnRzw/AKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMt
YjI3ZDZlMjc4ZTE4LzEvMS1GLTVTV3NlY0Znekk1TmFoZ2VjelVGNWotay5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvY2EvOTY5OTYyLTEyZDMtNDFiMi1hYjQzLWIyN2Q2ZTI3OGUx
OC8xL1FRU2tDQ0hFRjJ6RUxpVmU5c0Z5ZEhQRDhBby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFUOBzAN
BgkqhkiG9w0BAQsFAAOCAQEAXzaX+nQ/qhoEbmdid7qGyKBQZyrquOt8jpTucZMR
pqIaN1wgQW80nwfDjzdHoga+UtTgvgDIS1y5mLvgu976oJv8pBryiRL2DRXcM+KN
pGrRdhwNlhDf3QqV3kaY0X9IBMVTIPLhM5zZmjOx56kBJ57J8JG7GqKFNuQuZXX7
lZ+Ah5FRmATsNLR22oFHKc31TYPKghgfq/laIkga626yKjbgPLPaZ2UDmv7ng1i+
juEbOMA39j6TC4En5/cmCQb4FLbEAahDU463SQGPneLhe+Rlk5WAaVo6BHlVpna5
bm2+cVgk3og222NeGU/amzJlvFFlbDKa4I/9dFw6ZF0s5g==
-----END CERTIFICATE-----