Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/214VxYTbfp3MHQVucyl-m3kMEFU.roa
File:                     214VxYTbfp3MHQVucyl-m3kMEFU.roa (raw, json)
Hash identifier:          lERZ5DbkD7j/i+Kb4NXfkDC4TW/wTsvavspjIybb26A=
Subject key identifier:   DB:5E:15:C5:84:DB:7E:9D:CC:1D:05:6E:73:29:7E:9B:79:0C:10:55
Certificate issuer:       /CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
Certificate serial:       01906DC35E5D201CF013B3BD8F57EC24346F
Authority key identifier: 2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/214VxYTbfp3MHQVucyl-m3kMEFU.roa
Signing time:             Mon 01 Jul 2024 10:07:18 +0000
ROA not before:           Mon 01 Jul 2024 10:07:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212163
IP address blocks:        92.55.198.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:6d:c3:5e:5d:20:1c:f0:13:b3:bd:8f:57:ec:24:34:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
        Validity
            Not Before: Jul  1 10:07:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db5e15c584db7e9dcc1d056e73297e9b790c1055
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:67:ba:a1:8a:a1:ef:c6:71:dd:c6:ea:d8:35:
                    f4:16:80:43:00:7b:d8:bc:21:da:72:92:e9:73:42:
                    74:ee:2e:e3:98:46:80:23:3c:79:0e:26:3d:68:7e:
                    3d:4a:a5:26:5a:4c:49:cd:03:4f:87:e7:36:b8:62:
                    47:70:0a:fe:dc:3f:37:03:11:42:56:89:5c:4a:0b:
                    75:8a:13:49:82:c6:a9:c7:a7:42:b0:5b:fd:55:74:
                    79:d8:bb:b3:6a:fa:c5:20:c0:97:a6:ce:dd:7b:f2:
                    56:4e:3e:99:f3:e0:a1:9f:3f:f4:d5:87:a8:6c:37:
                    c6:54:94:48:56:dd:cc:44:f6:47:21:cd:e9:5e:23:
                    96:20:a5:85:d1:91:8b:62:13:f9:db:92:00:54:65:
                    f6:de:b7:69:64:d2:10:91:ae:7a:e1:9f:33:8f:d9:
                    9c:2c:39:6b:59:bf:dd:c4:c0:44:a7:ea:4c:36:08:
                    60:fc:7e:02:0c:ab:7e:47:8d:86:5b:cd:db:cc:85:
                    9d:39:59:20:f4:0b:ff:c6:06:04:df:d4:30:c7:47:
                    71:ee:2b:62:c5:f8:4a:f2:9c:65:a4:51:cc:59:03:
                    90:6b:6b:32:5c:b1:9e:a1:74:57:fa:44:0f:ee:09:
                    d4:4a:c6:aa:1c:00:72:df:a2:3b:7b:e0:8b:39:fb:
                    d1:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:5E:15:C5:84:DB:7E:9D:CC:1D:05:6E:73:29:7E:9B:79:0C:10:55
            X509v3 Authority Key Identifier:
                keyid:2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/214VxYTbfp3MHQVucyl-m3kMEFU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.55.198.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b3:02:9c:2b:3d:be:c9:b2:e0:a9:13:79:86:09:b1:9e:fb:54:
         1a:a4:cb:e6:7a:86:e8:e3:e8:dd:d6:cf:27:de:d2:44:0e:2b:
         55:4a:51:68:96:43:d5:2e:be:32:4a:c0:80:25:50:77:f3:90:
         04:dd:ae:a0:03:40:0f:fb:58:1e:0d:19:b3:f4:25:ae:8c:9a:
         5c:d6:d2:f1:ec:1d:a7:eb:81:03:ea:2a:46:ab:f9:86:e3:b0:
         69:c2:2c:5b:95:c7:b6:10:30:9d:4e:00:e9:cc:9a:5a:ad:77:
         ce:5f:66:7f:fb:02:8b:81:ef:93:48:c1:b1:7b:09:bc:28:7e:
         27:c8:fd:43:5f:3e:0f:b0:63:97:aa:0a:b0:83:09:f3:6e:48:
         79:1d:82:ed:a3:7e:49:2d:3c:30:8c:b9:53:5b:c7:b4:59:d0:
         6a:ca:73:f1:e5:c6:ff:14:1a:51:03:7f:3c:52:ea:dc:62:bf:
         91:ce:27:3e:67:05:81:28:f9:7a:d2:8f:a0:b9:89:25:d5:9f:
         66:12:6e:9b:fc:91:b4:d8:65:89:82:a8:74:d5:29:9d:11:ee:
         3c:0d:ad:1a:c5:0b:ba:16:6a:77:34:8b:f2:c1:3a:42:c8:68:
         22:a4:82:5a:58:83:1a:ca:c8:1d:ec:93:df:07:74:ef:6e:fb:
         45:ae:23:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBtw15dIBzwE7O9j1fsJDRvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjMzk2M2JhMmFhZTVhYmQzOGE2ZWVkMDlkYTk4NTYxMWYx
YjUwMjEwHhcNMjQwNzAxMTAwNzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjVlMTVjNTg0ZGI3ZTlkY2MxZDA1NmU3MzI5N2U5Yjc5MGMxMDU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwWe6oYqh78Zx3cbq2DX0FoBDAHvY
vCHacpLpc0J07i7jmEaAIzx5DiY9aH49SqUmWkxJzQNPh+c2uGJHcAr+3D83AxFC
VolcSgt1ihNJgsapx6dCsFv9VXR52LuzavrFIMCXps7de/JWTj6Z8+Chnz/01Yeo
bDfGVJRIVt3MRPZHIc3pXiOWIKWF0ZGLYhP525IAVGX23rdpZNIQka564Z8zj9mc
LDlrWb/dxMBEp+pMNghg/H4CDKt+R42GW83bzIWdOVkg9Av/xgYE39Qwx0dx7iti
xfhK8pxlpFHMWQOQa2syXLGeoXRX+kQP7gnUSsaqHABy36I7e+CLOfvR5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNteFcWE236dzB0FbnMpfpt5DBBVMB8GA1UdIwQY
MBaAFCw5Y7oqrlq9OKbu0J2phWEfG1AhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYt
MTc2OTNlN2VhNjdhLzEvMjE0VnhZVGJmcDNNSFFWdWN5bC1tM2tNRUZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYtMTc2OTNlN2VhNjdh
LzEvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXDfGMA0G
CSqGSIb3DQEBCwUAA4IBAQCzApwrPb7JsuCpE3mGCbGe+1QapMvmeobo4+jd1s8n
3tJEDitVSlFolkPVLr4ySsCAJVB385AE3a6gA0AP+1geDRmz9CWujJpc1tLx7B2n
64ED6ipGq/mG47Bpwixblce2EDCdTgDpzJparXfOX2Z/+wKLge+TSMGxewm8KH4n
yP1DXz4PsGOXqgqwgwnzbkh5HYLto35JLTwwjLlTW8e0WdBqynPx5cb/FBpRA388
UurcYr+Rzic+ZwWBKPl60o+guYkl1Z9mEm6b/JG02GWJgqh01SmdEe48Da0axQu6
Fmp3NIvywTpCyGgipIJaWIMaysgd7JPfB3TvbvtFriPE
-----END CERTIFICATE-----