Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/de1db4-ec78-4e41-9570-097c3c1c2540/1/ctGKlWd4um8lb6xQbeiIgwyF_3w.roa
File:                     ctGKlWd4um8lb6xQbeiIgwyF_3w.roa (raw, json)
Hash identifier:          MH708N9Bt1i0J07aI+TeuAiTU+V4XTI0uY0CvGGAU4M=
Subject key identifier:   72:D1:8A:95:67:78:BA:6F:25:6F:AC:50:6D:E8:88:83:0C:85:FF:7C
Certificate issuer:       /CN=2ac64dc21cb5fd4d0bcb02cc2b43fd751fd91e1e
Certificate serial:       018CC3B73F45D8588EB15627CCDC9D38CED7
Authority key identifier: 2A:C6:4D:C2:1C:B5:FD:4D:0B:CB:02:CC:2B:43:FD:75:1F:D9:1E:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsZNwhy1_U0LywLMK0P9dR_ZHh4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/de1db4-ec78-4e41-9570-097c3c1c2540/1/ctGKlWd4um8lb6xQbeiIgwyF_3w.roa
Signing time:             Mon 01 Jan 2024 06:30:15 +0000
ROA not before:           Mon 01 Jan 2024 06:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199855
IP address blocks:        212.14.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/de1db4-ec78-4e41-9570-097c3c1c2540/1/KsZNwhy1_U0LywLMK0P9dR_ZHh4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/de1db4-ec78-4e41-9570-097c3c1c2540/1/KsZNwhy1_U0LywLMK0P9dR_ZHh4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsZNwhy1_U0LywLMK0P9dR_ZHh4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:3f:45:d8:58:8e:b1:56:27:cc:dc:9d:38:ce:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac64dc21cb5fd4d0bcb02cc2b43fd751fd91e1e
        Validity
            Not Before: Jan  1 06:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72d18a956778ba6f256fac506de888830c85ff7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:f8:68:c9:2d:03:d2:72:ec:a2:d6:e4:ff:91:
                    ad:23:97:8a:81:5d:c3:c6:14:ca:74:fb:ef:f9:fc:
                    86:c5:c8:b4:0b:7b:a8:ae:5f:31:99:43:9d:10:d1:
                    39:22:f3:03:4b:36:d6:72:59:eb:5d:f8:3b:ed:8f:
                    4c:ad:5a:db:0f:e4:5a:da:f2:a1:32:2e:52:83:0e:
                    dd:a4:93:0b:a0:95:f6:99:af:66:c0:f7:47:63:3f:
                    7c:7f:cd:f6:0c:e6:39:ae:ce:ba:78:1f:8c:bd:14:
                    ea:90:aa:63:04:32:1e:2f:c6:6c:37:87:38:ec:93:
                    04:0a:90:a5:17:98:0c:15:dd:85:55:4b:9c:fe:dc:
                    14:83:3e:3a:8e:a6:17:a1:f8:ca:b3:30:e3:22:b9:
                    6f:36:e2:88:3e:61:f2:e1:8b:97:fb:ea:74:a2:04:
                    16:00:88:51:70:e6:62:ab:c3:0c:28:31:03:97:fb:
                    a9:9f:4a:07:d9:49:b8:25:9b:65:d2:6d:73:06:d0:
                    71:98:c2:75:bf:90:2d:2b:b5:76:53:24:85:19:40:
                    4b:87:e4:12:2f:4d:91:29:16:8f:64:dc:5b:92:dc:
                    fe:f1:a5:80:3b:18:90:43:c9:d4:f3:f3:97:f6:2a:
                    c2:b3:5a:89:58:fb:81:7b:25:ce:e9:ed:74:8e:bc:
                    46:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:D1:8A:95:67:78:BA:6F:25:6F:AC:50:6D:E8:88:83:0C:85:FF:7C
            X509v3 Authority Key Identifier:
                keyid:2A:C6:4D:C2:1C:B5:FD:4D:0B:CB:02:CC:2B:43:FD:75:1F:D9:1E:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsZNwhy1_U0LywLMK0P9dR_ZHh4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/de1db4-ec78-4e41-9570-097c3c1c2540/1/ctGKlWd4um8lb6xQbeiIgwyF_3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/de1db4-ec78-4e41-9570-097c3c1c2540/1/KsZNwhy1_U0LywLMK0P9dR_ZHh4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.14.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:0e:ca:82:a9:02:1b:12:67:82:1e:ca:f7:d3:ef:8b:bf:01:
         15:ab:f7:a4:96:a0:87:cc:39:33:fe:0b:9f:58:8b:41:27:7e:
         92:cd:20:26:45:7c:34:0a:4c:ff:8d:0f:a5:b8:24:f6:a6:f1:
         9a:dd:b8:c9:55:8b:ba:04:fb:a8:70:70:87:00:10:9e:4d:c5:
         b9:8d:0a:85:51:04:77:93:03:4a:7d:02:d0:c7:44:af:0e:07:
         5b:d8:da:0d:06:49:93:e0:51:81:22:5e:3a:e6:d4:25:9b:06:
         e4:1e:58:02:57:3d:fc:37:b0:e8:bc:c2:06:cd:7f:36:5c:0b:
         fc:c4:ea:df:17:af:71:3e:46:f1:ad:eb:97:fd:b3:cb:5b:aa:
         56:ab:8e:d1:1b:f4:b1:7b:6c:d7:e6:0c:7f:de:f5:17:5f:f8:
         b9:9a:24:86:f5:89:79:57:d3:b3:83:f9:2e:95:1b:38:54:e4:
         db:c3:87:58:c9:d9:f1:91:74:df:16:ed:48:05:90:50:4e:eb:
         73:e8:af:2e:fa:0f:84:4e:ab:9f:e6:16:ab:9e:09:97:0f:d8:
         88:c5:c5:56:c5:60:0d:cc:95:fd:2b:0a:fe:e4:10:dc:31:ee:
         6d:08:ed:67:d8:e7:97:fa:06:4b:84:20:65:e0:36:a0:ae:c7:
         ea:c5:cf:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtz9F2FiOsVYnzNydOM7XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzY0ZGMyMWNiNWZkNGQwYmNiMDJjYzJiNDNmZDc1MWZk
OTFlMWUwHhcNMjQwMTAxMDYzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmQxOGE5NTY3NzhiYTZmMjU2ZmFjNTA2ZGU4ODg4MzBjODVmZjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgfhoyS0D0nLsotbk/5GtI5eKgV3D
xhTKdPvv+fyGxci0C3uorl8xmUOdENE5IvMDSzbWclnrXfg77Y9MrVrbD+Ra2vKh
Mi5Sgw7dpJMLoJX2ma9mwPdHYz98f832DOY5rs66eB+MvRTqkKpjBDIeL8ZsN4c4
7JMECpClF5gMFd2FVUuc/twUgz46jqYXofjKszDjIrlvNuKIPmHy4YuX++p0ogQW
AIhRcOZiq8MMKDEDl/upn0oH2Um4JZtl0m1zBtBxmMJ1v5AtK7V2UySFGUBLh+QS
L02RKRaPZNxbktz+8aWAOxiQQ8nU8/OX9irCs1qJWPuBeyXO6e10jrxGXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHLRipVneLpvJW+sUG3oiIMMhf98MB8GA1UdIwQY
MBaAFCrGTcIctf1NC8sCzCtD/XUf2R4eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NaTndoeTFfVTBMeXdMTUswUDlkUl9aSGg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9kZTFkYjQtZWM3OC00ZTQxLTk1NzAt
MDk3YzNjMWMyNTQwLzEvY3RHS2xXZDR1bThsYjZ4UWJlaUlnd3lGXzN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9kZTFkYjQtZWM3OC00ZTQxLTk1NzAtMDk3YzNjMWMyNTQw
LzEvS3NaTndoeTFfVTBMeXdMTUswUDlkUl9aSGg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1A43MA0G
CSqGSIb3DQEBCwUAA4IBAQAJDsqCqQIbEmeCHsr30++LvwEVq/eklqCHzDkz/guf
WItBJ36SzSAmRXw0Ckz/jQ+luCT2pvGa3bjJVYu6BPuocHCHABCeTcW5jQqFUQR3
kwNKfQLQx0SvDgdb2NoNBkmT4FGBIl465tQlmwbkHlgCVz38N7DovMIGzX82XAv8
xOrfF69xPkbxreuX/bPLW6pWq47RG/Sxe2zX5gx/3vUXX/i5miSG9Yl5V9Ozg/ku
lRs4VOTbw4dYydnxkXTfFu1IBZBQTutz6K8u+g+ETquf5harngmXD9iIxcVWxWAN
zJX9Kwr+5BDcMe5tCO1n2OeX+gZLhCBl4Dagrsfqxc8I
-----END CERTIFICATE-----