Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/JlrRrhy5i0y0C4YLN9asYntIdNw.roa
File:                     JlrRrhy5i0y0C4YLN9asYntIdNw.roa (raw, json)
Hash identifier:          WwIUsjrqtXmbFpF4GI8MU9JnE4Smd0htBF4ppivEWA8=
Subject key identifier:   26:5A:D1:AE:1C:B9:8B:4C:B4:0B:86:0B:37:D6:AC:62:7B:48:74:DC
Certificate issuer:       /CN=49c403d43b5f38fca2119cd1409a92763edefe71
Certificate serial:       019043AF1FEC38ED0738CAD93C5461A13AF5
Authority key identifier: 49:C4:03:D4:3B:5F:38:FC:A2:11:9C:D1:40:9A:92:76:3E:DE:FE:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ScQD1DtfOPyiEZzRQJqSdj7e_nE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/JlrRrhy5i0y0C4YLN9asYntIdNw.roa
Signing time:             Sun 23 Jun 2024 06:01:08 +0000
ROA not before:           Sun 23 Jun 2024 06:01:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     272381
IP address blocks:        185.75.14.0/24 maxlen: 24
                          185.75.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/ScQD1DtfOPyiEZzRQJqSdj7e_nE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/ScQD1DtfOPyiEZzRQJqSdj7e_nE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ScQD1DtfOPyiEZzRQJqSdj7e_nE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 14:20:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:43:af:1f:ec:38:ed:07:38:ca:d9:3c:54:61:a1:3a:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49c403d43b5f38fca2119cd1409a92763edefe71
        Validity
            Not Before: Jun 23 06:01:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=265ad1ae1cb98b4cb40b860b37d6ac627b4874dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:cd:4e:ad:57:89:cf:a5:28:e2:28:06:a0:a9:
                    67:bc:80:83:33:96:ab:83:04:b9:92:f2:67:6b:50:
                    7a:b2:43:e2:2c:25:84:52:77:95:a1:19:48:73:98:
                    95:ab:83:fb:23:c1:77:5d:1b:65:1c:b5:2c:69:c5:
                    e5:0b:5a:fd:23:44:aa:95:9a:31:32:98:c7:f8:b8:
                    23:03:49:f1:6d:74:ff:37:81:d5:a1:2a:79:25:45:
                    e7:ef:77:3c:fb:dd:9c:35:8f:43:4c:9c:97:58:7f:
                    ac:ce:a2:47:d8:8c:d5:ad:f9:f9:4a:c8:58:fe:e0:
                    b5:ec:03:93:c5:5e:4f:3a:52:b7:bd:21:c3:6f:da:
                    b9:18:1a:87:47:83:e2:dc:83:65:2a:77:09:be:c8:
                    25:92:8b:eb:fb:e8:02:5d:a8:6f:fd:35:0b:b2:33:
                    77:bd:24:20:fa:fb:5b:fb:b9:47:80:af:25:fd:4d:
                    2a:80:5d:f4:27:1a:26:65:ac:ee:d6:59:0f:c3:6f:
                    ca:3b:ba:d2:9c:e9:d5:75:38:bd:ec:f1:20:6b:d6:
                    d4:51:c7:47:16:ce:c3:73:bd:4f:23:3d:63:fa:e3:
                    5a:3e:47:64:da:de:9f:f9:f6:fd:02:93:67:5b:d2:
                    b3:85:d7:7e:95:f3:c6:5c:7e:ad:b6:94:19:e8:3e:
                    ec:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:5A:D1:AE:1C:B9:8B:4C:B4:0B:86:0B:37:D6:AC:62:7B:48:74:DC
            X509v3 Authority Key Identifier:
                keyid:49:C4:03:D4:3B:5F:38:FC:A2:11:9C:D1:40:9A:92:76:3E:DE:FE:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ScQD1DtfOPyiEZzRQJqSdj7e_nE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/JlrRrhy5i0y0C4YLN9asYntIdNw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/ScQD1DtfOPyiEZzRQJqSdj7e_nE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9a:77:79:c2:b2:d2:f9:4d:f6:5b:89:d8:d4:3d:6d:06:fa:63:
         71:13:fe:e9:44:83:13:91:a2:70:95:5b:49:bf:17:c7:18:fb:
         31:81:9f:78:3b:38:26:12:07:12:54:92:a5:25:4c:81:8e:fe:
         43:4c:10:0b:e6:c6:2d:0e:79:59:67:09:1e:d7:b4:3f:95:7c:
         7d:41:d6:19:25:d4:65:18:5e:b2:30:c1:ab:e6:89:86:08:47:
         44:11:6b:95:59:95:e7:15:ca:32:91:7e:8e:8a:85:47:1e:88:
         86:11:1b:24:a3:e9:96:05:26:d2:48:ab:ba:c9:61:42:13:99:
         2d:87:a4:63:e9:2d:66:45:ad:9e:8a:41:13:fc:3a:01:b5:56:
         2d:32:f2:b4:5a:27:c4:d1:c3:31:cb:25:fb:76:3a:58:66:9c:
         92:43:16:e7:78:72:67:d7:38:6c:a4:6c:ee:18:bd:b0:78:e0:
         a4:e7:f4:8b:66:c9:ed:7c:7d:c8:43:de:03:d9:e9:46:01:17:
         a5:47:c7:26:ad:30:59:c1:ee:78:60:2b:6c:38:05:e6:d3:04:
         6c:ad:01:81:f9:18:f5:b3:87:fd:d4:bc:88:90:ab:55:9d:f1:
         d7:65:cb:ab:80:21:25:22:6d:5d:04:8c:a4:a0:f4:2d:1b:fb:
         58:f7:0c:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBDrx/sOO0HOMrZPFRhoTr1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5YzQwM2Q0M2I1ZjM4ZmNhMjExOWNkMTQwOWE5Mjc2M2Vk
ZWZlNzEwHhcNMjQwNjIzMDYwMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjVhZDFhZTFjYjk4YjRjYjQwYjg2MGIzN2Q2YWM2MjdiNDg3NGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzM1OrVeJz6Uo4igGoKlnvICDM5ar
gwS5kvJna1B6skPiLCWEUneVoRlIc5iVq4P7I8F3XRtlHLUsacXlC1r9I0SqlZox
MpjH+LgjA0nxbXT/N4HVoSp5JUXn73c8+92cNY9DTJyXWH+szqJH2IzVrfn5SshY
/uC17AOTxV5POlK3vSHDb9q5GBqHR4Pi3INlKncJvsglkovr++gCXahv/TULsjN3
vSQg+vtb+7lHgK8l/U0qgF30JxomZazu1lkPw2/KO7rSnOnVdTi97PEga9bUUcdH
Fs7Dc71PIz1j+uNaPkdk2t6f+fb9ApNnW9Kzhdd+lfPGXH6ttpQZ6D7sBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCZa0a4cuYtMtAuGCzfWrGJ7SHTcMB8GA1UdIwQY
MBaAFEnEA9Q7Xzj8ohGc0UCaknY+3v5xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2NRRDFEdGZPUHlpRVp6UlFKcVNkajdlX25FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9hMmY4N2ItNDgxMS00ZmUxLWIxNWQt
Zjg4OWNhMTYxYzAxLzEvSmxyUnJoeTVpMHkwQzRZTE45YXNZbnRJZE53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9hMmY4N2ItNDgxMS00ZmUxLWIxNWQtZjg4OWNhMTYxYzAx
LzEvU2NRRDFEdGZPUHlpRVp6UlFKcVNkajdlX25FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuUsOMA0G
CSqGSIb3DQEBCwUAA4IBAQCad3nCstL5TfZbidjUPW0G+mNxE/7pRIMTkaJwlVtJ
vxfHGPsxgZ94OzgmEgcSVJKlJUyBjv5DTBAL5sYtDnlZZwke17Q/lXx9QdYZJdRl
GF6yMMGr5omGCEdEEWuVWZXnFcoykX6OioVHHoiGERsko+mWBSbSSKu6yWFCE5kt
h6Rj6S1mRa2eikET/DoBtVYtMvK0WifE0cMxyyX7djpYZpySQxbneHJn1zhspGzu
GL2weOCk5/SLZsntfH3IQ94D2elGARelR8cmrTBZwe54YCtsOAXm0wRsrQGB+Rj1
s4f91LyIkKtVnfHXZcurgCElIm1dBIykoPQtG/tY9wz7
-----END CERTIFICATE-----