Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/i0M8lV0sYaJmp1jHHR-1Xn1moPE.roa
File:                     i0M8lV0sYaJmp1jHHR-1Xn1moPE.roa (raw, json)
Hash identifier:          0zO4uj47DBTy5QvgiRuLRk7mtsYIWsia7xLfEYWPTqo=
Subject key identifier:   8B:43:3C:95:5D:2C:61:A2:66:A7:58:C7:1D:1F:B5:5E:7D:66:A0:F1
Certificate issuer:       /CN=ce704858b643266f7c7107721c98f2ba93dd5265
Certificate serial:       0192C9C02A9588ADA539AFBE80C6DCF476AC
Authority key identifier: CE:70:48:58:B6:43:26:6F:7C:71:07:72:1C:98:F2:BA:93:DD:52:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/znBIWLZDJm98cQdyHJjyupPdUmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/i0M8lV0sYaJmp1jHHR-1Xn1moPE.roa
Signing time:             Sat 26 Oct 2024 16:54:27 +0000
ROA not before:           Sat 26 Oct 2024 16:54:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        185.200.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/znBIWLZDJm98cQdyHJjyupPdUmU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/znBIWLZDJm98cQdyHJjyupPdUmU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/znBIWLZDJm98cQdyHJjyupPdUmU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:c9:c0:2a:95:88:ad:a5:39:af:be:80:c6:dc:f4:76:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce704858b643266f7c7107721c98f2ba93dd5265
        Validity
            Not Before: Oct 26 16:54:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b433c955d2c61a266a758c71d1fb55e7d66a0f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ab:11:5d:11:6f:a7:9e:63:a2:b0:b1:fd:9d:
                    02:4f:a9:1a:48:21:5a:52:90:0d:cb:29:90:06:e4:
                    c9:d3:8e:9a:36:fc:82:b0:71:3b:40:5c:2c:5b:ca:
                    1a:da:e6:4f:3f:8b:a9:04:b8:da:21:b4:96:92:5e:
                    84:45:c5:f2:60:9b:6c:42:1b:2d:07:38:3e:1d:a5:
                    16:e5:74:05:7b:ca:b4:4c:d0:b1:61:e0:19:c1:69:
                    40:ff:8c:ec:f8:48:e4:95:d8:7a:c2:21:bb:ad:08:
                    a2:b9:a2:7d:1e:3f:ae:0f:29:b6:5e:43:7c:71:a0:
                    57:b9:88:c1:94:3e:8d:4f:a9:58:b0:30:f9:4c:70:
                    50:7d:f8:08:37:0d:86:03:73:9d:b6:a9:70:aa:73:
                    11:90:51:bf:78:18:67:01:aa:5f:aa:6a:5f:fa:16:
                    2b:60:e2:e2:1e:35:42:3a:5d:ce:86:8e:9e:22:b7:
                    0d:db:de:4e:ab:c0:c2:7f:ca:3d:8e:a2:2d:13:36:
                    6b:e6:b7:8c:5f:c6:4e:f1:b9:82:04:70:0e:30:3c:
                    39:a0:34:3f:29:5f:b9:d7:92:6b:3b:d3:aa:c3:16:
                    33:98:61:4d:6f:12:93:db:2e:82:eb:09:a0:9b:a8:
                    bc:fe:c9:e5:e6:3d:3a:de:b2:97:bb:46:14:54:d5:
                    2b:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:43:3C:95:5D:2C:61:A2:66:A7:58:C7:1D:1F:B5:5E:7D:66:A0:F1
            X509v3 Authority Key Identifier:
                keyid:CE:70:48:58:B6:43:26:6F:7C:71:07:72:1C:98:F2:BA:93:DD:52:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/znBIWLZDJm98cQdyHJjyupPdUmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/i0M8lV0sYaJmp1jHHR-1Xn1moPE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/027aae-4922-42a9-a4c9-38f80d6961ec/1/znBIWLZDJm98cQdyHJjyupPdUmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.200.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:a2:b1:27:79:68:f0:4d:0b:a6:5a:28:88:49:16:da:d6:6e:
         d0:19:f8:d5:39:b1:44:6a:2f:e4:e9:0d:5b:14:8b:ee:a8:dc:
         f7:39:b2:21:79:3d:23:ed:f3:a5:1e:19:6e:40:7a:45:4a:15:
         63:b0:b3:d8:ce:a9:71:09:74:70:aa:75:39:f8:fa:b4:8a:0b:
         01:30:9c:51:d6:98:21:ff:e4:35:f4:c2:60:4c:ea:3c:90:8e:
         a0:e4:f1:c9:70:74:47:a6:06:61:58:ea:b1:b0:9a:f6:fc:d1:
         df:fd:7b:b9:76:6d:62:4e:4d:36:9f:e6:e2:4d:fd:a9:b4:a7:
         32:0b:eb:43:b7:e5:17:a2:64:23:3f:44:a7:d4:62:a0:fb:a2:
         d1:83:88:8e:6c:e2:ae:03:aa:21:f5:99:9d:a4:ac:4a:39:1c:
         0a:35:ce:ed:7d:f7:0d:12:16:88:e5:28:7c:7a:fb:82:4c:fb:
         1a:6f:44:b3:d7:2a:d1:71:58:37:28:36:5c:1f:99:e1:7f:00:
         5f:2c:15:ff:18:41:49:86:47:5c:f2:ee:fd:a9:20:71:fd:a6:
         90:a6:08:a8:be:3e:18:1e:bb:e8:96:be:3e:37:14:3b:94:63:
         6e:8c:80:31:f0:66:e8:d6:18:65:47:de:b5:68:61:03:6f:08:
         82:c3:5c:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLJwCqViK2lOa++gMbc9HasMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlNzA0ODU4YjY0MzI2NmY3YzcxMDc3MjFjOThmMmJhOTNk
ZDUyNjUwHhcNMjQxMDI2MTY1NDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjQzM2M5NTVkMmM2MWEyNjZhNzU4YzcxZDFmYjU1ZTdkNjZhMGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnasRXRFvp55jorCx/Z0CT6kaSCFa
UpANyymQBuTJ046aNvyCsHE7QFwsW8oa2uZPP4upBLjaIbSWkl6ERcXyYJtsQhst
Bzg+HaUW5XQFe8q0TNCxYeAZwWlA/4zs+Ejkldh6wiG7rQiiuaJ9Hj+uDym2XkN8
caBXuYjBlD6NT6lYsDD5THBQffgINw2GA3OdtqlwqnMRkFG/eBhnAapfqmpf+hYr
YOLiHjVCOl3Oho6eIrcN295Oq8DCf8o9jqItEzZr5reMX8ZO8bmCBHAOMDw5oDQ/
KV+515JrO9OqwxYzmGFNbxKT2y6C6wmgm6i8/snl5j063rKXu0YUVNUrgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFItDPJVdLGGiZqdYxx0ftV59ZqDxMB8GA1UdIwQY
MBaAFM5wSFi2QyZvfHEHchyY8rqT3VJlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvem5CSVdMWkRKbTk4Y1FkeUhKanl1cFBkVW1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC8wMjdhYWUtNDkyMi00MmE5LWE0Yzkt
MzhmODBkNjk2MWVjLzEvaTBNOGxWMHNZYUptcDFqSEhSLTFYbjFtb1BFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC8wMjdhYWUtNDkyMi00MmE5LWE0YzktMzhmODBkNjk2MWVj
LzEvem5CSVdMWkRKbTk4Y1FkeUhKanl1cFBkVW1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucgOMA0G
CSqGSIb3DQEBCwUAA4IBAQAforEneWjwTQumWiiISRba1m7QGfjVObFEai/k6Q1b
FIvuqNz3ObIheT0j7fOlHhluQHpFShVjsLPYzqlxCXRwqnU5+Pq0igsBMJxR1pgh
/+Q19MJgTOo8kI6g5PHJcHRHpgZhWOqxsJr2/NHf/Xu5dm1iTk02n+biTf2ptKcy
C+tDt+UXomQjP0Sn1GKg+6LRg4iObOKuA6oh9ZmdpKxKORwKNc7tffcNEhaI5Sh8
evuCTPsab0Sz1yrRcVg3KDZcH5nhfwBfLBX/GEFJhkdc8u79qSBx/aaQpgiovj4Y
Hrvolr4+NxQ7lGNujIAx8Gbo1hhlR961aGEDbwiCw1x4
-----END CERTIFICATE-----