Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/0dd80b-c5b4-4e6c-ba2e-b137cfb37463/1/U8pwIecwqorSeXk_mzc57g3zCb0.roa
File:                     U8pwIecwqorSeXk_mzc57g3zCb0.roa (raw, json)
Hash identifier:          rfxCPVTnIhL1ZrRMuFDH5zMC+/TouQ1Hqyesgw9ieAQ=
Subject key identifier:   53:CA:70:21:E7:30:AA:8A:D2:79:79:3F:9B:37:39:EE:0D:F3:09:BD
Certificate issuer:       /CN=d9ad0d738c7af0359a0630365416440d01985ba2
Certificate serial:       018CC6B833AD255A13E000D032A514241FD3
Authority key identifier: D9:AD:0D:73:8C:7A:F0:35:9A:06:30:36:54:16:44:0D:01:98:5B:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2a0Nc4x68DWaBjA2VBZEDQGYW6I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/0dd80b-c5b4-4e6c-ba2e-b137cfb37463/1/U8pwIecwqorSeXk_mzc57g3zCb0.roa
Signing time:             Mon 01 Jan 2024 20:30:09 +0000
ROA not before:           Mon 01 Jan 2024 20:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202877
IP address blocks:        185.251.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/0dd80b-c5b4-4e6c-ba2e-b137cfb37463/1/2a0Nc4x68DWaBjA2VBZEDQGYW6I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/0dd80b-c5b4-4e6c-ba2e-b137cfb37463/1/2a0Nc4x68DWaBjA2VBZEDQGYW6I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2a0Nc4x68DWaBjA2VBZEDQGYW6I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 14:34:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:33:ad:25:5a:13:e0:00:d0:32:a5:14:24:1f:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9ad0d738c7af0359a0630365416440d01985ba2
        Validity
            Not Before: Jan  1 20:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53ca7021e730aa8ad279793f9b3739ee0df309bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:5a:62:1b:9f:15:3b:d5:53:a5:1a:59:a1:e0:
                    1e:f6:a9:cc:c5:f9:32:bd:3b:3a:55:f0:87:8a:68:
                    4d:80:e0:f4:98:13:cb:a3:bf:b9:2f:f2:32:dd:7d:
                    5a:2e:6e:af:2b:60:0b:89:32:22:ce:ee:70:51:f0:
                    07:3f:9e:06:96:21:17:b5:62:3c:f9:02:bd:cc:59:
                    cf:eb:19:e2:65:6f:bd:2a:3c:6b:4f:8f:93:34:80:
                    71:60:ed:b7:92:b7:93:48:00:0f:94:68:72:a9:de:
                    69:ad:2b:35:8d:dc:34:2b:48:17:e4:25:06:22:95:
                    6c:51:0e:bf:e2:c3:1c:64:53:6f:38:7d:e1:1f:13:
                    35:b8:df:70:06:32:38:47:b0:be:39:d5:65:e9:08:
                    cd:ce:32:28:39:6e:90:5e:63:eb:d7:96:bc:c7:cf:
                    e5:13:1a:88:1e:0c:8c:b2:50:18:07:76:17:8d:b1:
                    36:6a:26:9e:5b:a1:35:14:33:8f:ef:82:13:15:32:
                    d5:c4:70:87:b2:cc:44:21:98:de:ab:7d:cc:11:77:
                    8d:26:6b:fe:9b:e5:b8:64:ab:fc:d3:9c:4b:d3:ad:
                    52:cd:a6:96:06:b6:00:82:cc:0e:1c:65:64:ce:ee:
                    b0:29:be:d1:2c:d4:51:90:54:7c:da:52:9e:98:63:
                    37:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:CA:70:21:E7:30:AA:8A:D2:79:79:3F:9B:37:39:EE:0D:F3:09:BD
            X509v3 Authority Key Identifier:
                keyid:D9:AD:0D:73:8C:7A:F0:35:9A:06:30:36:54:16:44:0D:01:98:5B:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a0Nc4x68DWaBjA2VBZEDQGYW6I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/0dd80b-c5b4-4e6c-ba2e-b137cfb37463/1/U8pwIecwqorSeXk_mzc57g3zCb0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/0dd80b-c5b4-4e6c-ba2e-b137cfb37463/1/2a0Nc4x68DWaBjA2VBZEDQGYW6I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.251.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:35:14:a0:87:fe:e5:7d:e0:9d:a2:96:fb:30:ee:91:b4:3d:
         3a:7e:0b:10:6d:92:fd:a8:09:68:d4:cc:a1:97:0f:d6:25:33:
         96:db:b5:bd:a8:2f:16:72:06:62:27:a0:45:4f:c1:ec:88:a2:
         6b:fd:9d:6d:a7:de:d0:03:2f:9c:3a:3c:e9:a4:48:db:9a:e0:
         df:3a:b5:87:6e:00:5c:b1:6c:b3:65:1a:88:8c:75:51:30:2a:
         c0:b5:04:a1:c9:de:a3:ea:76:55:94:01:d0:87:dd:bc:de:3f:
         5f:00:a9:39:bd:73:24:7e:ff:02:61:cd:2c:1d:df:50:5f:91:
         81:a1:a2:15:4c:43:de:dc:c0:30:be:27:e9:79:29:ac:b0:40:
         e1:d0:17:94:c8:ec:bc:cc:14:d9:00:d5:f5:18:12:cc:79:44:
         07:a7:73:0b:c0:66:bd:05:98:40:69:43:61:d9:63:0c:60:74:
         ab:ca:71:4b:4e:bb:5e:18:16:ab:c6:58:f8:f0:9a:5e:af:b8:
         f3:9e:63:2c:0f:65:5a:57:f6:ca:b1:7d:6c:c9:8f:6d:50:99:
         0d:ae:a0:d7:32:62:3a:f3:fe:b2:ac:89:f3:f7:35:bd:66:e6:
         65:fc:93:eb:ce:00:c8:57:fa:3a:8f:54:da:bd:4e:53:cc:45:
         c7:76:8d:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuDOtJVoT4ADQMqUUJB/TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5YWQwZDczOGM3YWYwMzU5YTA2MzAzNjU0MTY0NDBkMDE5
ODViYTIwHhcNMjQwMTAxMjAzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2NhNzAyMWU3MzBhYThhZDI3OTc5M2Y5YjM3MzllZTBkZjMwOWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmVpiG58VO9VTpRpZoeAe9qnMxfky
vTs6VfCHimhNgOD0mBPLo7+5L/Iy3X1aLm6vK2ALiTIizu5wUfAHP54GliEXtWI8
+QK9zFnP6xniZW+9KjxrT4+TNIBxYO23kreTSAAPlGhyqd5prSs1jdw0K0gX5CUG
IpVsUQ6/4sMcZFNvOH3hHxM1uN9wBjI4R7C+OdVl6QjNzjIoOW6QXmPr15a8x8/l
ExqIHgyMslAYB3YXjbE2aiaeW6E1FDOP74ITFTLVxHCHssxEIZjeq33MEXeNJmv+
m+W4ZKv805xL061SzaaWBrYAgswOHGVkzu6wKb7RLNRRkFR82lKemGM3DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFPKcCHnMKqK0nl5P5s3Oe4N8wm9MB8GA1UdIwQY
MBaAFNmtDXOMevA1mgYwNlQWRA0BmFuiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmEwTmM0eDY4RFdhQmpBMlZCWkVEUUdZVzZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS8wZGQ4MGItYzViNC00ZTZjLWJhMmUt
YjEzN2NmYjM3NDYzLzEvVThwd0llY3dxb3JTZVhrX216YzU3ZzN6Q2IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS8wZGQ4MGItYzViNC00ZTZjLWJhMmUtYjEzN2NmYjM3NDYz
LzEvMmEwTmM0eDY4RFdhQmpBMlZCWkVEUUdZVzZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufsOMA0G
CSqGSIb3DQEBCwUAA4IBAQBNNRSgh/7lfeCdopb7MO6RtD06fgsQbZL9qAlo1Myh
lw/WJTOW27W9qC8WcgZiJ6BFT8HsiKJr/Z1tp97QAy+cOjzppEjbmuDfOrWHbgBc
sWyzZRqIjHVRMCrAtQShyd6j6nZVlAHQh9283j9fAKk5vXMkfv8CYc0sHd9QX5GB
oaIVTEPe3MAwvifpeSmssEDh0BeUyOy8zBTZANX1GBLMeUQHp3MLwGa9BZhAaUNh
2WMMYHSrynFLTrteGBarxlj48Jper7jznmMsD2VaV/bKsX1syY9tUJkNrqDXMmI6
8/6yrInz9zW9ZuZl/JPrzgDIV/o6j1TavU5TzEXHdo2E
-----END CERTIFICATE-----