Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/7d64f1-3d64-42eb-a275-2179644f3788/1/kQNbmNCEYYZrGMQvqPG_OMPM5CE.roa
File:                     kQNbmNCEYYZrGMQvqPG_OMPM5CE.roa (raw, json)
Hash identifier:          GTO+ElfIjyKxLG4gbyLRWrVTJF095xTuk8Y/uNCb/JI=
Subject key identifier:   91:03:5B:98:D0:84:61:86:6B:18:C4:2F:A8:F1:BF:38:C3:CC:E4:21
Certificate issuer:       /CN=a5bec32d6c64ffb601e270cedbcd3efff5ce7a40
Certificate serial:       018CC6B7924A77F81CAE321643BCD41A527A
Authority key identifier: A5:BE:C3:2D:6C:64:FF:B6:01:E2:70:CE:DB:CD:3E:FF:F5:CE:7A:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pb7DLWxk_7YB4nDO280-__XOekA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/7d64f1-3d64-42eb-a275-2179644f3788/1/kQNbmNCEYYZrGMQvqPG_OMPM5CE.roa
Signing time:             Mon 01 Jan 2024 20:29:28 +0000
ROA not before:           Mon 01 Jan 2024 20:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137
IP address blocks:        156.14.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/7d64f1-3d64-42eb-a275-2179644f3788/1/pb7DLWxk_7YB4nDO280-__XOekA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/7d64f1-3d64-42eb-a275-2179644f3788/1/pb7DLWxk_7YB4nDO280-__XOekA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pb7DLWxk_7YB4nDO280-__XOekA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:92:4a:77:f8:1c:ae:32:16:43:bc:d4:1a:52:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5bec32d6c64ffb601e270cedbcd3efff5ce7a40
        Validity
            Not Before: Jan  1 20:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91035b98d08461866b18c42fa8f1bf38c3cce421
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:26:db:37:fe:91:58:fc:b8:18:9d:e2:6a:8a:
                    2c:93:c5:25:7d:9f:b2:de:7c:79:41:a9:e6:85:b0:
                    f8:88:e3:af:78:65:e9:d5:79:3e:b2:d9:fa:c8:f5:
                    ed:27:04:34:be:19:f5:bd:99:1a:cd:4f:b2:03:3b:
                    98:c8:5b:06:01:92:05:d5:19:17:e8:88:3d:2d:15:
                    ac:34:42:43:15:9d:0f:da:d8:6c:2a:6f:fe:20:cd:
                    7e:d0:d7:4b:05:94:5e:f6:4b:17:38:f7:a2:56:b9:
                    bb:4b:27:2d:ab:25:11:dc:c7:29:51:c1:7e:ec:c3:
                    ff:10:1c:9e:86:bf:8e:f3:15:3c:29:a4:90:ef:e0:
                    39:91:dc:5a:0f:9d:6d:73:e8:af:ee:16:4c:a3:59:
                    71:49:88:b2:db:f8:92:49:a6:19:8f:36:50:32:e8:
                    9d:f6:ff:59:a9:dd:93:10:24:5e:a6:76:53:1c:28:
                    8d:14:23:a3:a1:22:1e:f6:d5:be:7a:d4:28:ed:f8:
                    78:b1:23:57:61:a3:3e:70:f1:66:b5:3a:31:ed:83:
                    87:15:96:f2:1f:72:d2:18:19:35:41:1d:63:c2:2b:
                    8a:8a:e1:11:22:80:71:f0:bf:95:10:f6:6a:e7:41:
                    91:eb:1d:54:c6:05:46:d9:1e:49:46:86:a7:0c:c9:
                    25:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:03:5B:98:D0:84:61:86:6B:18:C4:2F:A8:F1:BF:38:C3:CC:E4:21
            X509v3 Authority Key Identifier:
                keyid:A5:BE:C3:2D:6C:64:FF:B6:01:E2:70:CE:DB:CD:3E:FF:F5:CE:7A:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pb7DLWxk_7YB4nDO280-__XOekA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/7d64f1-3d64-42eb-a275-2179644f3788/1/kQNbmNCEYYZrGMQvqPG_OMPM5CE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/7d64f1-3d64-42eb-a275-2179644f3788/1/pb7DLWxk_7YB4nDO280-__XOekA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.14.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         0d:6d:d7:eb:f8:93:b0:b8:ae:42:e0:6f:f3:f0:ee:03:a8:9f:
         2a:a8:c4:9a:0c:7b:4c:1e:17:57:10:c8:06:da:3d:16:02:d4:
         62:e7:61:c9:1c:e2:32:cd:90:a4:ca:f7:04:b1:e3:95:4d:2b:
         e9:da:31:9f:62:37:b8:95:27:3b:5e:0e:09:da:eb:c9:33:25:
         0a:d5:11:23:6a:aa:fe:69:f0:0f:68:41:3a:84:92:1f:0c:83:
         0b:0a:2e:28:27:84:5e:96:54:35:3e:14:90:1c:8d:63:67:90:
         3e:74:46:23:4b:31:f5:c5:d9:ad:dc:8d:4d:a0:ac:b9:c5:c2:
         3d:f5:f6:b9:a0:38:bf:17:24:cc:e9:d5:3b:79:07:d9:52:3f:
         45:98:ff:46:d7:e0:d0:5f:ef:87:1e:45:6f:bb:c3:47:3f:42:
         b2:ca:86:71:37:d7:2f:ef:7b:6b:74:8d:73:ca:4c:78:fb:b4:
         e3:4c:28:d9:55:79:16:2a:49:a3:7f:5b:6c:f9:f4:bb:aa:95:
         d4:16:f9:72:25:f1:d0:6d:f3:4f:f6:d8:04:5e:a0:9c:11:3d:
         4f:16:4f:4e:79:7a:22:71:e8:e2:17:0a:b8:b6:46:47:94:6d:
         ea:f8:ea:0a:c3:d9:79:3d:b7:1f:cd:02:bb:a6:54:a1:64:bf:
         9a:e1:f3:5c
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzGt5JKd/gcrjIWQ7zUGlJ6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YmVjMzJkNmM2NGZmYjYwMWUyNzBjZWRiY2QzZWZmZjVj
ZTdhNDAwHhcNMjQwMTAxMjAyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTAzNWI5OGQwODQ2MTg2NmIxOGM0MmZhOGYxYmYzOGMzY2NlNDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgSbbN/6RWPy4GJ3iaoosk8UlfZ+y
3nx5QanmhbD4iOOveGXp1Xk+stn6yPXtJwQ0vhn1vZkazU+yAzuYyFsGAZIF1RkX
6Ig9LRWsNEJDFZ0P2thsKm/+IM1+0NdLBZRe9ksXOPeiVrm7SyctqyUR3McpUcF+
7MP/EByehr+O8xU8KaSQ7+A5kdxaD51tc+iv7hZMo1lxSYiy2/iSSaYZjzZQMuid
9v9Zqd2TECRepnZTHCiNFCOjoSIe9tW+etQo7fh4sSNXYaM+cPFmtTox7YOHFZby
H3LSGBk1QR1jwiuKiuERIoBx8L+VEPZq50GR6x1UxgVG2R5JRoanDMklFQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFJEDW5jQhGGGaxjEL6jxvzjDzOQhMB8GA1UdIwQY
MBaAFKW+wy1sZP+2AeJwztvNPv/1znpAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGI3RExXeGtfN1lCNG5ETzI4MC1fX1hPZWtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi83ZDY0ZjEtM2Q2NC00MmViLWEyNzUt
MjE3OTY0NGYzNzg4LzEva1FOYm1OQ0VZWVpyR01RdnFQR19PTVBNNUNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi83ZDY0ZjEtM2Q2NC00MmViLWEyNzUtMjE3OTY0NGYzNzg4
LzEvcGI3RExXeGtfN1lCNG5ETzI4MC1fX1hPZWtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAnA4wDQYJ
KoZIhvcNAQELBQADggEBAA1t1+v4k7C4rkLgb/Pw7gOonyqoxJoMe0weF1cQyAba
PRYC1GLnYckc4jLNkKTK9wSx45VNK+naMZ9iN7iVJzteDgna68kzJQrVESNqqv5p
8A9oQTqEkh8MgwsKLignhF6WVDU+FJAcjWNnkD50RiNLMfXF2a3cjU2grLnFwj31
9rmgOL8XJMzp1Tt5B9lSP0WY/0bX4NBf74ceRW+7w0c/QrLKhnE31y/ve2t0jXPK
THj7tONMKNlVeRYqSaN/W2z59LuqldQW+XIl8dBt80/22AReoJwRPU8WT055eiJx
6OIXCri2RkeUber46grD2Xk9tx/NArumVKFkv5rh81w=
-----END CERTIFICATE-----