Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/J4ttYpa1W-CVQvNcwgXPI95G5BU.roa
File:                     J4ttYpa1W-CVQvNcwgXPI95G5BU.roa (raw, json)
Hash identifier:          eezErR4Zh0xpLDvnA0xeOilTJyZeRO9jQJUNii1JWXA=
Subject key identifier:   27:8B:6D:62:96:B5:5B:E0:95:42:F3:5C:C2:05:CF:23:DE:46:E4:15
Certificate issuer:       /CN=5dd6f6d299bcdec73d13f2d842fc1df4bc1ee2d3
Certificate serial:       019305C512F6642B33A199AB247599795EFA
Authority key identifier: 5D:D6:F6:D2:99:BC:DE:C7:3D:13:F2:D8:42:FC:1D:F4:BC:1E:E2:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/J4ttYpa1W-CVQvNcwgXPI95G5BU.roa
Signing time:             Thu 07 Nov 2024 08:37:01 +0000
ROA not before:           Thu 07 Nov 2024 08:37:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201949
IP address blocks:        14.102.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:05:c5:12:f6:64:2b:33:a1:99:ab:24:75:99:79:5e:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd6f6d299bcdec73d13f2d842fc1df4bc1ee2d3
        Validity
            Not Before: Nov  7 08:37:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=278b6d6296b55be09542f35cc205cf23de46e415
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:9f:d3:ad:5e:33:58:4f:90:4b:1e:63:65:46:
                    11:ad:4c:8f:d2:e4:2f:08:7a:86:af:da:74:6d:98:
                    14:6d:59:61:45:fc:ae:e2:26:cf:39:ba:3c:71:88:
                    fe:f4:a6:95:6f:31:62:65:74:45:a7:6c:ab:00:5a:
                    81:69:81:17:e4:b6:02:8a:c5:12:16:b9:52:1c:89:
                    4f:75:92:ce:af:0c:17:4b:4f:bb:53:45:34:d1:ac:
                    57:43:4c:d4:69:99:eb:04:63:90:9e:80:38:9a:e3:
                    47:1b:2a:38:23:e7:31:a6:01:3b:26:10:66:50:94:
                    15:dc:91:66:47:1c:dc:54:97:f6:8a:11:aa:c5:94:
                    01:3d:35:2e:1e:1a:fa:57:42:35:9f:bc:e7:6a:4c:
                    37:35:90:d8:94:5d:2f:97:dc:21:ba:a7:8b:4a:8e:
                    49:8a:a2:01:9e:01:07:2a:b1:3e:c6:83:b5:b6:46:
                    1c:98:3d:56:a6:4b:57:b8:62:a1:c9:75:0d:17:c9:
                    67:73:46:c0:10:fa:4c:e9:9c:f1:b5:25:f2:2b:f8:
                    4e:9f:13:4e:cb:d8:66:ad:8c:cf:e6:70:ee:c2:79:
                    f7:59:52:7c:b0:e5:ce:dd:e2:68:2d:57:f2:03:71:
                    b2:17:f0:2e:55:40:b2:9c:b0:bd:3e:00:8c:96:f9:
                    35:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:8B:6D:62:96:B5:5B:E0:95:42:F3:5C:C2:05:CF:23:DE:46:E4:15
            X509v3 Authority Key Identifier:
                keyid:5D:D6:F6:D2:99:BC:DE:C7:3D:13:F2:D8:42:FC:1D:F4:BC:1E:E2:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/J4ttYpa1W-CVQvNcwgXPI95G5BU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.102.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:1a:12:3a:f8:71:8f:2e:7d:45:59:df:60:36:e6:30:ef:e4:
         a3:59:f0:df:32:6d:20:71:7c:da:28:f1:1f:59:38:35:d6:ef:
         1f:0f:0f:1c:ae:77:80:56:52:18:e7:06:db:32:db:90:e5:b0:
         ce:e9:6f:f2:ab:79:2f:90:f0:48:7a:86:90:59:cf:13:b6:62:
         36:2d:36:18:42:72:a8:02:28:f3:1d:d1:35:7c:0c:6b:82:46:
         29:7d:19:b9:f4:99:ab:d1:19:47:e1:d4:83:0e:cb:8a:5e:3f:
         c2:f0:d0:c5:f4:cc:3c:9e:13:68:e4:34:76:54:6d:1d:fa:9d:
         3f:ed:2d:7d:9e:13:8a:96:d9:60:5a:0c:85:d4:0d:26:53:0c:
         ad:34:50:ae:3f:b7:bc:52:61:d2:77:7b:41:77:b8:30:0f:b3:
         a4:57:39:c7:c9:b5:4b:b1:d7:99:57:0a:fb:81:46:3f:71:25:
         6d:ef:eb:48:f8:e9:90:ab:42:21:ad:6e:b2:4d:ae:07:59:ca:
         c2:ef:80:fe:88:b8:ec:a5:09:b5:b7:7a:17:39:42:f5:62:f9:
         15:39:e0:e2:40:f5:7e:0f:7e:2d:ef:48:fa:9f:26:05:08:86:
         00:b3:9f:5d:a8:68:1b:f9:96:5e:0e:2a:50:cf:63:f4:75:60:
         33:33:37:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMFxRL2ZCszoZmrJHWZeV76MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDZmNmQyOTliY2RlYzczZDEzZjJkODQyZmMxZGY0YmMx
ZWUyZDMwHhcNMjQxMTA3MDgzNzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzhiNmQ2Mjk2YjU1YmUwOTU0MmYzNWNjMjA1Y2YyM2RlNDZlNDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi5/TrV4zWE+QSx5jZUYRrUyP0uQv
CHqGr9p0bZgUbVlhRfyu4ibPObo8cYj+9KaVbzFiZXRFp2yrAFqBaYEX5LYCisUS
FrlSHIlPdZLOrwwXS0+7U0U00axXQ0zUaZnrBGOQnoA4muNHGyo4I+cxpgE7JhBm
UJQV3JFmRxzcVJf2ihGqxZQBPTUuHhr6V0I1n7znakw3NZDYlF0vl9whuqeLSo5J
iqIBngEHKrE+xoO1tkYcmD1WpktXuGKhyXUNF8lnc0bAEPpM6ZzxtSXyK/hOnxNO
y9hmrYzP5nDuwnn3WVJ8sOXO3eJoLVfyA3GyF/AuVUCynLC9PgCMlvk1wQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCeLbWKWtVvglULzXMIFzyPeRuQVMB8GA1UdIwQY
MBaAFF3W9tKZvN7HPRPy2EL8HfS8HuLTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRiMjBwbTgzc2M5RV9MWVF2d2Q5THdlNHRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9hNGI0NDYtYmI3Mi00NWJlLWJjNDYt
NTFmNWZmODFjMTE3LzEvSjR0dFlwYTFXLUNWUXZOY3dnWFBJOTVHNUJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9hNGI0NDYtYmI3Mi00NWJlLWJjNDYtNTFmNWZmODFjMTE3
LzEvWGRiMjBwbTgzc2M5RV9MWVF2d2Q5THdlNHRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQADmYKMA0G
CSqGSIb3DQEBCwUAA4IBAQB6GhI6+HGPLn1FWd9gNuYw7+SjWfDfMm0gcXzaKPEf
WTg11u8fDw8crneAVlIY5wbbMtuQ5bDO6W/yq3kvkPBIeoaQWc8TtmI2LTYYQnKo
AijzHdE1fAxrgkYpfRm59Jmr0RlH4dSDDsuKXj/C8NDF9Mw8nhNo5DR2VG0d+p0/
7S19nhOKltlgWgyF1A0mUwytNFCuP7e8UmHSd3tBd7gwD7OkVznHybVLsdeZVwr7
gUY/cSVt7+tI+OmQq0IhrW6yTa4HWcrC74D+iLjspQm1t3oXOUL1YvkVOeDiQPV+
D34t70j6nyYFCIYAs59dqGgb+ZZeDipQz2P0dWAzMzf0
-----END CERTIFICATE-----