Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/2fa624-5b5d-4646-b13d-16511a6ed9c6/1/Q5Fc92MnIC2WoXqEBbzRw_jBwiY.roa
File:                     Q5Fc92MnIC2WoXqEBbzRw_jBwiY.roa (raw, json)
Hash identifier:          VeAe065nTlvDxnFK2/OsGOhzwTXtmGXvmdFghoo9Cj8=
Subject key identifier:   43:91:5C:F7:63:27:20:2D:96:A1:7A:84:05:BC:D1:C3:F8:C1:C2:26
Certificate issuer:       /CN=9ff2f682053d43c9ad1c6539caee9f4621b0da16
Certificate serial:       018CC7272C845DB9B3F9AF638DAA17B91927
Authority key identifier: 9F:F2:F6:82:05:3D:43:C9:AD:1C:65:39:CA:EE:9F:46:21:B0:DA:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n_L2ggU9Q8mtHGU5yu6fRiGw2hY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/2fa624-5b5d-4646-b13d-16511a6ed9c6/1/Q5Fc92MnIC2WoXqEBbzRw_jBwiY.roa
Signing time:             Mon 01 Jan 2024 22:31:22 +0000
ROA not before:           Mon 01 Jan 2024 22:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60522
IP address blocks:        194.76.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/2fa624-5b5d-4646-b13d-16511a6ed9c6/1/n_L2ggU9Q8mtHGU5yu6fRiGw2hY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/2fa624-5b5d-4646-b13d-16511a6ed9c6/1/n_L2ggU9Q8mtHGU5yu6fRiGw2hY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n_L2ggU9Q8mtHGU5yu6fRiGw2hY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:2c:84:5d:b9:b3:f9:af:63:8d:aa:17:b9:19:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ff2f682053d43c9ad1c6539caee9f4621b0da16
        Validity
            Not Before: Jan  1 22:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43915cf76327202d96a17a8405bcd1c3f8c1c226
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:12:6e:07:ef:6c:db:ab:32:02:ce:e8:33:81:
                    3f:02:e9:3c:eb:f8:21:d2:78:b2:25:21:c2:ee:c3:
                    2b:53:ea:5b:62:4b:ae:1f:cc:50:0a:cd:c7:ed:7d:
                    54:2a:99:32:61:8b:bb:42:16:71:22:ec:09:cc:69:
                    32:eb:9d:94:ff:91:c2:47:92:dd:44:4f:4f:68:56:
                    38:8c:38:dc:71:aa:23:73:97:58:41:45:16:38:7c:
                    46:ed:af:8f:cf:e0:b5:ed:c2:0e:06:0b:7d:7a:d6:
                    02:3d:67:11:85:78:57:3a:54:b0:f9:78:aa:89:63:
                    07:8a:5f:65:3c:dd:8e:9e:1c:a9:e2:6d:1f:0d:6f:
                    4b:7b:46:4e:79:6c:64:8b:17:de:ec:35:f2:54:4e:
                    75:62:8a:1e:d2:82:b7:f2:ff:18:5d:27:71:09:36:
                    bd:74:1f:52:80:da:85:cb:d9:32:5f:e1:c4:95:70:
                    0a:75:34:bb:50:39:4c:41:f7:aa:2e:5e:69:97:ff:
                    ba:de:39:97:90:e1:c2:86:0c:26:9a:91:68:d1:f0:
                    20:e6:54:33:13:e5:46:0f:cc:f7:08:4d:18:bc:19:
                    10:01:de:ce:ea:22:24:07:8c:89:89:94:5f:3b:52:
                    82:a3:b1:d9:d8:73:f6:f0:cb:63:bc:cc:5c:a3:7b:
                    9d:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:91:5C:F7:63:27:20:2D:96:A1:7A:84:05:BC:D1:C3:F8:C1:C2:26
            X509v3 Authority Key Identifier:
                keyid:9F:F2:F6:82:05:3D:43:C9:AD:1C:65:39:CA:EE:9F:46:21:B0:DA:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n_L2ggU9Q8mtHGU5yu6fRiGw2hY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/2fa624-5b5d-4646-b13d-16511a6ed9c6/1/Q5Fc92MnIC2WoXqEBbzRw_jBwiY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/2fa624-5b5d-4646-b13d-16511a6ed9c6/1/n_L2ggU9Q8mtHGU5yu6fRiGw2hY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:90:87:eb:5a:5c:65:05:92:c1:95:a9:9e:bb:0e:a0:26:04:
         6b:81:1a:d6:93:18:84:ae:5c:80:04:f0:27:cd:75:d3:b3:87:
         62:42:2a:82:99:31:20:b9:60:b1:fc:a4:bb:ce:ae:c0:41:ee:
         45:75:ef:3d:59:5d:3f:5b:1c:14:bf:bb:5b:ee:00:85:b8:53:
         c5:ba:b4:3f:f6:8a:79:ff:ef:4c:0e:e6:54:63:99:03:96:e4:
         77:3a:44:88:1e:c9:93:51:03:f0:95:30:4d:25:10:29:e6:24:
         62:3a:b7:d6:32:d0:a0:5d:99:50:ec:60:5a:ec:80:aa:50:40:
         7e:2c:a1:04:85:74:56:ff:c7:de:a6:f6:c0:26:9f:05:ed:35:
         e4:34:e9:f5:fc:42:8e:08:1b:af:f3:a0:3a:a0:52:ea:c6:af:
         dc:fc:e1:c1:77:31:00:69:f4:98:f7:9a:ef:41:f8:99:d0:20:
         04:38:76:6d:58:f4:d5:d1:60:0d:55:17:3d:95:d0:8f:9c:39:
         a2:c5:00:ee:0a:fa:46:66:35:1c:36:f5:c1:d5:b1:a9:88:1e:
         13:66:64:f9:60:69:51:81:80:f4:ed:53:a2:cb:80:a0:6a:00:
         ae:ab:48:1f:2c:e7:5c:ba:1d:d9:cf:2e:2b:7c:19:8a:0e:cc:
         6a:0a:9b:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJyyEXbmz+a9jjaoXuRknMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmZjJmNjgyMDUzZDQzYzlhZDFjNjUzOWNhZWU5ZjQ2MjFi
MGRhMTYwHhcNMjQwMTAxMjIzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzkxNWNmNzYzMjcyMDJkOTZhMTdhODQwNWJjZDFjM2Y4YzFjMjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgBJuB+9s26syAs7oM4E/Auk86/gh
0niyJSHC7sMrU+pbYkuuH8xQCs3H7X1UKpkyYYu7QhZxIuwJzGky652U/5HCR5Ld
RE9PaFY4jDjccaojc5dYQUUWOHxG7a+Pz+C17cIOBgt9etYCPWcRhXhXOlSw+Xiq
iWMHil9lPN2Onhyp4m0fDW9Le0ZOeWxkixfe7DXyVE51Yooe0oK38v8YXSdxCTa9
dB9SgNqFy9kyX+HElXAKdTS7UDlMQfeqLl5pl/+63jmXkOHChgwmmpFo0fAg5lQz
E+VGD8z3CE0YvBkQAd7O6iIkB4yJiZRfO1KCo7HZ2HP28MtjvMxco3udvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEORXPdjJyAtlqF6hAW80cP4wcImMB8GA1UdIwQY
MBaAFJ/y9oIFPUPJrRxlOcrun0YhsNoWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbl9MMmdnVTlROG10SEdVNXl1NmZSaUd3MmhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi8yZmE2MjQtNWI1ZC00NjQ2LWIxM2Qt
MTY1MTFhNmVkOWM2LzEvUTVGYzkyTW5JQzJXb1hxRUJielJ3X2pCd2lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi8yZmE2MjQtNWI1ZC00NjQ2LWIxM2QtMTY1MTFhNmVkOWM2
LzEvbl9MMmdnVTlROG10SEdVNXl1NmZSaUd3MmhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwkwOMA0G
CSqGSIb3DQEBCwUAA4IBAQB1kIfrWlxlBZLBlameuw6gJgRrgRrWkxiErlyABPAn
zXXTs4diQiqCmTEguWCx/KS7zq7AQe5Fde89WV0/WxwUv7tb7gCFuFPFurQ/9op5
/+9MDuZUY5kDluR3OkSIHsmTUQPwlTBNJRAp5iRiOrfWMtCgXZlQ7GBa7ICqUEB+
LKEEhXRW/8fepvbAJp8F7TXkNOn1/EKOCBuv86A6oFLqxq/c/OHBdzEAafSY95rv
QfiZ0CAEOHZtWPTV0WANVRc9ldCPnDmixQDuCvpGZjUcNvXB1bGpiB4TZmT5YGlR
gYD07VOiy4CgagCuq0gfLOdcuh3Zzy4rfBmKDsxqCptc
-----END CERTIFICATE-----