Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/gxpioYdinV9G7t-4oVkF1WYSn60.roa
File:                     gxpioYdinV9G7t-4oVkF1WYSn60.roa (raw, json)
Hash identifier:          L9cpzgST6hWBJ5FyDbR3SUQF+lRhZWrs1qfCJRcQJos=
Subject key identifier:   83:1A:62:A1:87:62:9D:5F:46:EE:DF:B8:A1:59:05:D5:66:12:9F:AD
Certificate issuer:       /CN=4104a40821c4176cc42e255ef6c1727473c3f00a
Certificate serial:       018CC56EFF59FADE37644DE77A0864E7F3D5
Authority key identifier: 41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/gxpioYdinV9G7t-4oVkF1WYSn60.roa
Signing time:             Mon 01 Jan 2024 14:30:35 +0000
ROA not before:           Mon 01 Jan 2024 14:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41017
IP address blocks:        85.14.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:ff:59:fa:de:37:64:4d:e7:7a:08:64:e7:f3:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4104a40821c4176cc42e255ef6c1727473c3f00a
        Validity
            Not Before: Jan  1 14:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=831a62a187629d5f46eedfb8a15905d566129fad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:11:1b:23:40:0a:5b:13:5f:01:77:00:f4:ed:
                    37:d5:fc:d2:ca:38:fc:6b:13:3e:ad:fb:4b:74:bb:
                    de:d4:55:6a:14:a6:ab:f1:d9:26:bc:cd:85:89:31:
                    48:27:e5:37:af:73:92:10:05:be:11:78:a7:53:76:
                    03:d3:46:7b:b6:40:5d:6d:e5:2d:4c:2f:31:b5:cc:
                    b7:69:4d:73:b2:e2:3d:14:1a:ff:6b:50:66:32:e9:
                    c6:6d:10:e3:a4:07:6d:6b:fb:47:b6:d9:09:a6:8e:
                    02:53:35:bd:15:7e:d5:e7:77:ec:5f:26:03:fb:a8:
                    fe:b8:04:85:68:26:d1:e0:c0:d4:80:05:a8:23:50:
                    9c:f0:e1:16:b5:98:55:59:99:65:52:6b:5b:1d:df:
                    81:99:e9:ef:0e:e8:98:35:b9:d4:22:0a:cd:fc:1c:
                    01:e8:9f:4a:7e:a0:ab:4b:e9:dc:7a:f8:ef:61:2e:
                    77:46:82:a5:26:28:14:4b:fd:35:d2:39:d9:fc:33:
                    cc:b9:c4:03:40:cf:85:66:cb:4b:94:67:c0:77:1b:
                    d0:89:2a:c8:00:f1:c7:51:1f:ad:6b:e0:4e:d9:bf:
                    42:94:37:34:99:48:ff:7a:45:31:27:59:66:72:c5:
                    8d:bf:f9:59:0d:ad:95:4b:15:6e:8c:64:bd:db:46:
                    67:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:1A:62:A1:87:62:9D:5F:46:EE:DF:B8:A1:59:05:D5:66:12:9F:AD
            X509v3 Authority Key Identifier:
                keyid:41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/gxpioYdinV9G7t-4oVkF1WYSn60.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.14.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:1e:6d:2c:fc:0e:9f:0e:f8:d2:e2:1f:44:37:c8:59:69:c6:
         4b:84:7e:29:a2:d9:3b:96:15:8b:35:ad:1f:53:5f:0f:41:bd:
         c7:c8:1f:de:40:fc:ca:b6:cb:d9:21:65:dd:ac:59:72:13:34:
         07:44:d7:5c:2a:d7:4b:23:b0:90:8e:07:4f:d0:24:ea:ef:da:
         ea:16:69:18:48:76:68:5b:fc:e9:17:64:42:e5:09:1d:28:2e:
         f5:e3:dc:e9:c4:58:d6:6f:a8:3a:db:bd:a7:48:c0:1b:84:11:
         09:72:82:29:0a:c6:27:c0:3c:c5:28:bc:6b:24:27:4e:52:53:
         41:bd:15:f1:56:a8:2d:b3:44:9f:a8:64:43:e7:83:f6:40:a7:
         0d:c4:4e:54:32:d9:c0:ec:ed:49:4d:95:db:ba:77:cb:4e:19:
         6a:1b:07:cf:18:17:75:7c:3a:ee:9e:56:45:ef:da:9e:cd:00:
         71:c8:8f:05:04:90:e9:76:8b:da:6a:e0:2a:e0:22:cb:57:28:
         cd:63:0a:0d:b9:d2:36:cf:ea:a5:ab:a5:2a:44:f9:9f:f0:16:
         f8:b9:31:d9:6a:dc:c9:6c:48:a3:d6:00:18:e1:81:91:d6:cd:
         ec:96:55:83:f1:fa:f6:e8:67:04:48:f5:5b:6c:af:d0:74:64:
         c6:62:48:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbv9Z+t43ZE3neghk5/PVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMDRhNDA4MjFjNDE3NmNjNDJlMjU1ZWY2YzE3Mjc0NzNj
M2YwMGEwHhcNMjQwMTAxMTQzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzFhNjJhMTg3NjI5ZDVmNDZlZWRmYjhhMTU5MDVkNTY2MTI5ZmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoxEbI0AKWxNfAXcA9O031fzSyjj8
axM+rftLdLve1FVqFKar8dkmvM2FiTFIJ+U3r3OSEAW+EXinU3YD00Z7tkBdbeUt
TC8xtcy3aU1zsuI9FBr/a1BmMunGbRDjpAdta/tHttkJpo4CUzW9FX7V53fsXyYD
+6j+uASFaCbR4MDUgAWoI1Cc8OEWtZhVWZllUmtbHd+BmenvDuiYNbnUIgrN/BwB
6J9KfqCrS+ncevjvYS53RoKlJigUS/010jnZ/DPMucQDQM+FZstLlGfAdxvQiSrI
APHHUR+ta+BO2b9ClDc0mUj/ekUxJ1lmcsWNv/lZDa2VSxVujGS920ZnHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIMaYqGHYp1fRu7fuKFZBdVmEp+tMB8GA1UdIwQY
MBaAFEEEpAghxBdsxC4lXvbBcnRzw/AKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMt
YjI3ZDZlMjc4ZTE4LzEvZ3hwaW9ZZGluVjlHN3QtNG9Wa0YxV1lTbjYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMtYjI3ZDZlMjc4ZTE4
LzEvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVQ4pMA0G
CSqGSIb3DQEBCwUAA4IBAQALHm0s/A6fDvjS4h9EN8hZacZLhH4potk7lhWLNa0f
U18PQb3HyB/eQPzKtsvZIWXdrFlyEzQHRNdcKtdLI7CQjgdP0CTq79rqFmkYSHZo
W/zpF2RC5QkdKC7149zpxFjWb6g6272nSMAbhBEJcoIpCsYnwDzFKLxrJCdOUlNB
vRXxVqgts0SfqGRD54P2QKcNxE5UMtnA7O1JTZXbunfLThlqGwfPGBd1fDrunlZF
79qezQBxyI8FBJDpdovaauAq4CLLVyjNYwoNudI2z+qlq6UqRPmf8Bb4uTHZatzJ
bEij1gAY4YGR1s3sllWD8fr26GcESPVbbK/QdGTGYkjf
-----END CERTIFICATE-----