Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/9ioCatAeew2Q_a07sRT4txm7b9g.roa
File:                     9ioCatAeew2Q_a07sRT4txm7b9g.roa (raw, json)
Hash identifier:          vm1orRkmJuhvA3TdvaC/1jQ5sTT7v4R99NHLH9hS7oE=
Subject key identifier:   F6:2A:02:6A:D0:1E:7B:0D:90:FD:AD:3B:B1:14:F8:B7:19:BB:6F:D8
Certificate issuer:       /CN=4104a40821c4176cc42e255ef6c1727473c3f00a
Certificate serial:       018D69C7C6CEBF12CDC913DEAE0CF184672D
Authority key identifier: 41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/9ioCatAeew2Q_a07sRT4txm7b9g.roa
Signing time:             Fri 02 Feb 2024 12:25:16 +0000
ROA not before:           Fri 02 Feb 2024 12:25:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200450
IP address blocks:        85.14.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:69:c7:c6:ce:bf:12:cd:c9:13:de:ae:0c:f1:84:67:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4104a40821c4176cc42e255ef6c1727473c3f00a
        Validity
            Not Before: Feb  2 12:25:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f62a026ad01e7b0d90fdad3bb114f8b719bb6fd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:92:74:8b:bd:72:e7:eb:9a:9d:35:77:bf:a0:
                    28:fe:cb:7b:10:0f:12:49:74:42:ef:b2:4c:ad:b4:
                    45:9e:0f:47:29:6c:d0:10:81:8b:ba:86:1e:01:87:
                    c9:1c:d2:2a:25:4f:23:1c:8d:68:e3:2d:6c:d4:39:
                    d6:fc:b3:9f:1b:a1:98:c7:03:ef:72:d6:38:2b:42:
                    bc:52:b0:83:cf:db:69:f7:38:8f:16:c4:b8:f9:cb:
                    d4:e1:79:5b:74:7e:ba:b0:18:67:e9:11:8b:3c:f3:
                    b3:b0:88:c3:78:83:17:d3:83:ab:ba:04:c7:30:17:
                    48:ab:53:60:6f:d2:a6:70:96:42:7b:6b:b0:05:a9:
                    31:62:21:62:d6:ba:90:44:51:bf:42:d1:83:89:0b:
                    33:c9:c6:3a:de:60:d0:56:90:61:b7:4e:d0:7e:75:
                    75:55:32:9c:d8:a2:59:e2:95:16:79:f5:50:0f:e3:
                    c1:4b:ec:60:59:4e:e2:dc:8d:c1:46:c9:8e:55:98:
                    d7:09:f8:a2:d7:e4:bd:e1:47:a5:c3:8c:69:dd:1f:
                    c4:63:c7:d8:cc:16:6e:b8:ae:b4:82:03:a0:6f:ad:
                    fb:44:e5:fc:fd:43:54:b8:6d:8c:dd:e3:b7:1e:5d:
                    75:c3:db:82:a8:c3:15:de:6c:4c:3c:50:08:bb:af:
                    a0:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:2A:02:6A:D0:1E:7B:0D:90:FD:AD:3B:B1:14:F8:B7:19:BB:6F:D8
            X509v3 Authority Key Identifier:
                keyid:41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/9ioCatAeew2Q_a07sRT4txm7b9g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.14.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:9e:1e:75:02:e2:62:ad:38:af:5b:d8:cb:f0:d0:10:1a:13:
         af:b5:7e:6e:79:db:29:0f:73:a5:71:2e:de:36:4d:99:83:c4:
         6d:ac:54:9f:c8:d3:69:02:e3:8c:37:a9:2f:5c:6f:4d:d5:b0:
         2b:e3:d4:0f:59:91:b3:12:ea:c0:0f:28:5e:f4:04:ad:0b:1f:
         6e:3d:25:1b:7a:d2:b5:c5:a7:83:28:1f:de:eb:0d:2e:b1:66:
         4d:4f:f6:32:0b:22:8d:96:2f:47:be:d3:57:e8:98:43:ab:a9:
         7d:dd:22:1e:88:0c:04:4d:ad:9e:e0:c5:6d:1c:66:b4:9f:6c:
         aa:a3:02:06:13:29:f7:b3:4b:eb:e4:b8:d5:e8:b9:7f:e7:42:
         cc:6f:b7:db:77:93:c1:65:0d:9a:cf:f9:7b:64:55:e2:a4:35:
         7c:ba:de:31:40:70:ee:22:e8:5d:52:59:3a:1b:36:8d:3f:3a:
         c8:d3:57:23:eb:eb:d2:4a:f0:50:4d:52:bb:38:af:e7:4b:dc:
         c6:8c:50:21:d3:89:8b:7a:d6:90:56:21:d9:92:d6:61:43:4f:
         6d:fc:7e:a9:9a:5a:0c:79:9e:76:43:ca:b0:ca:9c:31:a1:a8:
         3a:0b:70:41:d2:9c:e8:d5:26:19:3e:82:a1:f3:53:11:f5:f8:
         1d:7f:c4:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1px8bOvxLNyRPergzxhGctMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMDRhNDA4MjFjNDE3NmNjNDJlMjU1ZWY2YzE3Mjc0NzNj
M2YwMGEwHhcNMjQwMjAyMTIyNTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjJhMDI2YWQwMWU3YjBkOTBmZGFkM2JiMTE0ZjhiNzE5YmI2ZmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZJ0i71y5+uanTV3v6Ao/st7EA8S
SXRC77JMrbRFng9HKWzQEIGLuoYeAYfJHNIqJU8jHI1o4y1s1DnW/LOfG6GYxwPv
ctY4K0K8UrCDz9tp9ziPFsS4+cvU4XlbdH66sBhn6RGLPPOzsIjDeIMX04OrugTH
MBdIq1Ngb9KmcJZCe2uwBakxYiFi1rqQRFG/QtGDiQszycY63mDQVpBht07QfnV1
VTKc2KJZ4pUWefVQD+PBS+xgWU7i3I3BRsmOVZjXCfii1+S94Uelw4xp3R/EY8fY
zBZuuK60ggOgb637ROX8/UNUuG2M3eO3Hl11w9uCqMMV3mxMPFAIu6+gIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPYqAmrQHnsNkP2tO7EU+LcZu2/YMB8GA1UdIwQY
MBaAFEEEpAghxBdsxC4lXvbBcnRzw/AKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMt
YjI3ZDZlMjc4ZTE4LzEvOWlvQ2F0QWVldzJRX2EwN3NSVDR0eG03YjlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMtYjI3ZDZlMjc4ZTE4
LzEvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVQ4HMA0G
CSqGSIb3DQEBCwUAA4IBAQB2nh51AuJirTivW9jL8NAQGhOvtX5uedspD3OlcS7e
Nk2Zg8RtrFSfyNNpAuOMN6kvXG9N1bAr49QPWZGzEurADyhe9AStCx9uPSUbetK1
xaeDKB/e6w0usWZNT/YyCyKNli9HvtNX6JhDq6l93SIeiAwETa2e4MVtHGa0n2yq
owIGEyn3s0vr5LjV6Ll/50LMb7fbd5PBZQ2az/l7ZFXipDV8ut4xQHDuIuhdUlk6
GzaNPzrI01cj6+vSSvBQTVK7OK/nS9zGjFAh04mLetaQViHZktZhQ09t/H6pmloM
eZ52Q8qwypwxoag6C3BB0pzo1SYZPoKh81MR9fgdf8Q6
-----END CERTIFICATE-----