Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/14f2c5-46fe-4670-9dd6-21c58470b8d2/1/FN-k6NhchsIO0vjLhUndV_Qf0kk.roa
File:                     FN-k6NhchsIO0vjLhUndV_Qf0kk.roa (raw, json)
Hash identifier:          6lh7Vp1wPtdxAeUEL06dAq7yjlRz6ZqyYG/oSN0hm+w=
Subject key identifier:   14:DF:A4:E8:D8:5C:86:C2:0E:D2:F8:CB:85:49:DD:57:F4:1F:D2:49
Certificate issuer:       /CN=e1e8b7cab521e88e8022a36424544185538a7b33
Certificate serial:       018F907BD08949C95A691D7A11846211B6C6
Authority key identifier: E1:E8:B7:CA:B5:21:E8:8E:80:22:A3:64:24:54:41:85:53:8A:7B:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4ei3yrUh6I6AIqNkJFRBhVOKezM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/14f2c5-46fe-4670-9dd6-21c58470b8d2/1/FN-k6NhchsIO0vjLhUndV_Qf0kk.roa
Signing time:             Sun 19 May 2024 10:53:04 +0000
ROA not before:           Sun 19 May 2024 10:53:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216054
IP address blocks:        185.154.190.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/14f2c5-46fe-4670-9dd6-21c58470b8d2/1/4ei3yrUh6I6AIqNkJFRBhVOKezM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/14f2c5-46fe-4670-9dd6-21c58470b8d2/1/4ei3yrUh6I6AIqNkJFRBhVOKezM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4ei3yrUh6I6AIqNkJFRBhVOKezM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:90:7b:d0:89:49:c9:5a:69:1d:7a:11:84:62:11:b6:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1e8b7cab521e88e8022a36424544185538a7b33
        Validity
            Not Before: May 19 10:53:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=14dfa4e8d85c86c20ed2f8cb8549dd57f41fd249
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:0e:60:e1:cf:0b:25:4c:a9:1a:e9:ab:07:7f:
                    b5:00:5d:66:6b:8d:15:37:17:00:bc:c1:89:6f:00:
                    3b:b7:49:ce:23:ce:43:ef:70:08:03:2b:8c:72:3a:
                    d4:1a:4e:2a:f5:2c:d0:e9:fd:ed:55:51:8d:05:33:
                    95:e4:ea:ed:56:ff:aa:21:61:9e:ae:79:74:6f:28:
                    56:27:86:c3:21:c8:95:aa:2c:a8:63:21:ff:70:07:
                    91:5f:e4:40:35:1e:d1:85:ba:51:2e:7c:90:0a:5c:
                    8c:64:cf:59:c5:21:eb:48:ef:00:10:f7:b7:1c:00:
                    9a:86:8d:02:67:b0:69:aa:30:9c:69:2a:90:64:52:
                    8a:82:5e:f6:31:a3:1c:e9:7e:a0:14:23:9e:30:d3:
                    b3:41:e6:e7:ec:d6:28:98:9a:af:f6:4f:01:b0:61:
                    79:d2:df:49:e0:29:a2:8d:97:4a:32:d0:d9:62:a2:
                    8e:ab:22:b3:1c:bc:ac:e4:1c:48:a1:1a:aa:90:00:
                    24:cd:f5:76:e7:ce:83:01:62:42:c3:08:92:fd:5c:
                    79:f6:44:42:b5:3b:d3:b4:a3:91:84:2b:8a:94:5e:
                    22:05:9d:0f:be:75:8d:bf:1e:17:22:42:ae:00:ad:
                    ad:61:b9:2c:c2:d3:12:83:de:30:9d:03:cd:15:38:
                    2c:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:DF:A4:E8:D8:5C:86:C2:0E:D2:F8:CB:85:49:DD:57:F4:1F:D2:49
            X509v3 Authority Key Identifier:
                keyid:E1:E8:B7:CA:B5:21:E8:8E:80:22:A3:64:24:54:41:85:53:8A:7B:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4ei3yrUh6I6AIqNkJFRBhVOKezM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/14f2c5-46fe-4670-9dd6-21c58470b8d2/1/FN-k6NhchsIO0vjLhUndV_Qf0kk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/14f2c5-46fe-4670-9dd6-21c58470b8d2/1/4ei3yrUh6I6AIqNkJFRBhVOKezM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.154.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:98:44:c3:ac:f3:3f:dd:90:70:64:a3:f9:78:30:fd:26:27:
         80:69:a8:ac:35:d5:00:05:a5:bb:41:8a:18:a6:3e:e7:6e:a3:
         e9:3d:07:87:d5:7a:c2:74:26:09:b3:00:2c:ac:6d:59:ae:d6:
         d8:a7:f8:4b:72:7e:75:40:3f:ec:1e:ec:9f:d8:c3:64:02:98:
         05:0e:30:24:ff:40:95:f6:90:84:64:ad:0e:25:24:cf:48:0d:
         06:f4:06:df:c1:85:e9:ee:eb:98:a8:2e:f5:3b:2d:16:c9:fe:
         8f:00:b0:dc:a1:f7:3c:6b:62:38:91:8c:80:58:a5:19:66:b0:
         18:60:6c:89:d8:79:27:d9:49:2c:94:7f:95:3c:50:b2:65:00:
         27:3b:c7:2e:0a:72:63:2e:16:8d:94:b4:84:52:77:01:24:75:
         63:ce:71:a1:8c:c4:81:ce:28:9f:f4:7b:8b:8f:b9:82:f1:7b:
         b0:61:b7:f8:4b:57:6b:eb:85:ef:1c:c6:69:74:d8:7f:68:ad:
         fa:d2:e3:cd:84:5d:74:c4:98:15:bd:a8:ec:61:4e:e5:21:e9:
         48:6c:d3:00:b3:55:e3:e5:4e:81:ef:79:18:44:71:e8:fe:10:
         e4:c1:cc:44:0d:7d:52:86:77:34:5b:ff:50:4a:f4:d1:d2:01:
         c4:03:10:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+Qe9CJSclaaR16EYRiEbbGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxZThiN2NhYjUyMWU4OGU4MDIyYTM2NDI0NTQ0MTg1NTM4
YTdiMzMwHhcNMjQwNTE5MTA1MzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGRmYTRlOGQ4NWM4NmMyMGVkMmY4Y2I4NTQ5ZGQ1N2Y0MWZkMjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4g5g4c8LJUypGumrB3+1AF1ma40V
NxcAvMGJbwA7t0nOI85D73AIAyuMcjrUGk4q9SzQ6f3tVVGNBTOV5OrtVv+qIWGe
rnl0byhWJ4bDIciVqiyoYyH/cAeRX+RANR7RhbpRLnyQClyMZM9ZxSHrSO8AEPe3
HACaho0CZ7BpqjCcaSqQZFKKgl72MaMc6X6gFCOeMNOzQebn7NYomJqv9k8BsGF5
0t9J4CmijZdKMtDZYqKOqyKzHLys5BxIoRqqkAAkzfV2586DAWJCwwiS/Vx59kRC
tTvTtKORhCuKlF4iBZ0PvnWNvx4XIkKuAK2tYbkswtMSg94wnQPNFTgs/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBTfpOjYXIbCDtL4y4VJ3Vf0H9JJMB8GA1UdIwQY
MBaAFOHot8q1IeiOgCKjZCRUQYVTinszMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGVpM3lyVWg2STZBSXFOa0pGUkJoVk9LZXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC8xNGYyYzUtNDZmZS00NjcwLTlkZDYt
MjFjNTg0NzBiOGQyLzEvRk4tazZOaGNoc0lPMHZqTGhVbmRWX1FmMGtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC8xNGYyYzUtNDZmZS00NjcwLTlkZDYtMjFjNTg0NzBiOGQy
LzEvNGVpM3lyVWg2STZBSXFOa0pGUkJoVk9LZXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZq+MA0G
CSqGSIb3DQEBCwUAA4IBAQBhmETDrPM/3ZBwZKP5eDD9JieAaaisNdUABaW7QYoY
pj7nbqPpPQeH1XrCdCYJswAsrG1ZrtbYp/hLcn51QD/sHuyf2MNkApgFDjAk/0CV
9pCEZK0OJSTPSA0G9AbfwYXp7uuYqC71Oy0Wyf6PALDcofc8a2I4kYyAWKUZZrAY
YGyJ2Hkn2UkslH+VPFCyZQAnO8cuCnJjLhaNlLSEUncBJHVjznGhjMSBziif9HuL
j7mC8XuwYbf4S1dr64XvHMZpdNh/aK360uPNhF10xJgVvajsYU7lIelIbNMAs1Xj
5U6B73kYRHHo/hDkwcxEDX1Shnc0W/9QSvTR0gHEAxDC
-----END CERTIFICATE-----