Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/20913b-e506-4760-88b6-6d98324b9916/1/iKlysmEIJ2fktjbhak-DPepi4Qc.roa
File:                     iKlysmEIJ2fktjbhak-DPepi4Qc.roa (raw, json)
Hash identifier:          LaGcwnQLViuo1/kZr1Adyvf0tudI00haucSEjgtEaUA=
Subject key identifier:   88:A9:72:B2:61:08:27:67:E4:B6:36:E1:6A:4F:83:3D:EA:62:E1:07
Certificate issuer:       /CN=06e2d27d30ecff42771c4ab977a82aea58a76b4e
Certificate serial:       0190EE9E855ABF27C7BF4B552C08D0D631AF
Authority key identifier: 06:E2:D2:7D:30:EC:FF:42:77:1C:4A:B9:77:A8:2A:EA:58:A7:6B:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BuLSfTDs_0J3HEq5d6gq6lina04.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/20913b-e506-4760-88b6-6d98324b9916/1/iKlysmEIJ2fktjbhak-DPepi4Qc.roa
Signing time:             Fri 26 Jul 2024 10:38:04 +0000
ROA not before:           Fri 26 Jul 2024 10:38:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64424
IP address blocks:        2001:67c:774::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/20913b-e506-4760-88b6-6d98324b9916/1/BuLSfTDs_0J3HEq5d6gq6lina04.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/20913b-e506-4760-88b6-6d98324b9916/1/BuLSfTDs_0J3HEq5d6gq6lina04.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BuLSfTDs_0J3HEq5d6gq6lina04.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 19:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ee:9e:85:5a:bf:27:c7:bf:4b:55:2c:08:d0:d6:31:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06e2d27d30ecff42771c4ab977a82aea58a76b4e
        Validity
            Not Before: Jul 26 10:38:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88a972b261082767e4b636e16a4f833dea62e107
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:90:90:b5:65:bd:d9:cb:d5:bd:04:e2:d5:88:
                    38:63:6b:c1:90:67:13:10:8e:f8:79:e6:fb:39:f0:
                    d6:81:ff:89:58:30:14:d2:bd:9f:79:1d:47:83:fb:
                    15:1e:da:0c:ca:13:72:06:41:f3:b3:e0:f5:9a:ea:
                    4f:50:0f:2b:92:71:b7:8d:b4:45:06:3d:23:29:89:
                    1b:8c:6b:fe:18:39:ac:09:75:75:23:39:25:98:8c:
                    e9:f1:63:64:4a:1d:13:65:04:45:28:11:a1:b4:7b:
                    40:c3:05:7b:2e:62:91:0e:7c:d6:ac:85:a6:61:0e:
                    16:f1:62:fb:3d:49:66:d3:3b:61:3c:c3:9c:ec:b9:
                    fd:3a:76:74:ac:90:1f:d2:64:30:cc:b3:b4:5a:1d:
                    17:df:20:e2:64:3d:a7:06:51:30:24:46:da:ee:78:
                    d8:c4:4e:14:03:08:c4:c0:5d:e0:2a:e9:ec:f3:a2:
                    24:5b:c2:fa:27:6a:1a:83:8c:80:b7:31:9b:77:32:
                    ff:1e:bc:72:9a:3c:92:35:ac:60:96:15:c3:96:8a:
                    09:83:0b:c8:9b:a1:29:1a:eb:92:97:98:09:26:71:
                    b1:73:f5:e0:c1:b2:90:f9:d7:64:ba:c3:6f:96:c0:
                    da:fa:c8:6e:5f:40:07:fb:51:88:5e:ee:91:6f:3c:
                    cf:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:A9:72:B2:61:08:27:67:E4:B6:36:E1:6A:4F:83:3D:EA:62:E1:07
            X509v3 Authority Key Identifier:
                keyid:06:E2:D2:7D:30:EC:FF:42:77:1C:4A:B9:77:A8:2A:EA:58:A7:6B:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BuLSfTDs_0J3HEq5d6gq6lina04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/20913b-e506-4760-88b6-6d98324b9916/1/iKlysmEIJ2fktjbhak-DPepi4Qc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/20913b-e506-4760-88b6-6d98324b9916/1/BuLSfTDs_0J3HEq5d6gq6lina04.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:774::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:df:85:93:22:37:c1:f6:70:07:45:67:6f:dd:22:8d:14:75:
         1d:c9:f5:bf:c3:83:a0:16:82:a7:ac:00:07:d9:68:89:d8:9b:
         59:d8:13:89:5d:28:7c:6c:6e:d7:89:bf:68:4b:e0:e5:fe:bc:
         f6:ea:cc:ac:8e:9d:c3:fc:aa:68:a8:45:a8:b2:5c:4c:dc:fa:
         d2:61:e8:8e:ba:eb:3b:4b:e9:9d:ad:02:cd:09:16:57:42:40:
         03:0d:8a:49:df:e8:d5:aa:ee:75:a5:5c:3f:ab:f7:b4:19:ab:
         88:d9:3a:39:c3:8c:58:a9:c9:c7:9f:41:d9:e2:75:b0:a4:cd:
         44:d1:74:c6:72:66:51:f7:73:c3:b3:68:02:dc:bd:c0:f6:af:
         c0:82:77:b6:f3:a6:cb:83:26:61:17:94:7f:07:cd:ce:b0:94:
         19:1d:6a:bf:d2:da:65:62:33:9f:c5:81:f8:40:fb:b7:b3:70:
         d6:1a:10:0a:18:66:b2:19:47:35:58:14:7f:40:63:8a:ac:23:
         7f:98:f1:75:ed:6d:a8:85:3f:be:10:14:07:73:f4:c6:49:4c:
         0a:54:38:e1:93:6e:06:b9:ab:44:28:a2:8f:6a:45:8f:6d:5b:
         84:02:0e:4d:d0:18:86:07:fb:40:51:5b:dc:c5:71:a2:15:64:
         bd:27:0a:03
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZDunoVavyfHv0tVLAjQ1jGvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2ZTJkMjdkMzBlY2ZmNDI3NzFjNGFiOTc3YTgyYWVhNThh
NzZiNGUwHhcNMjQwNzI2MTAzODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGE5NzJiMjYxMDgyNzY3ZTRiNjM2ZTE2YTRmODMzZGVhNjJlMTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx5CQtWW92cvVvQTi1Yg4Y2vBkGcT
EI74eeb7OfDWgf+JWDAU0r2feR1Hg/sVHtoMyhNyBkHzs+D1mupPUA8rknG3jbRF
Bj0jKYkbjGv+GDmsCXV1IzklmIzp8WNkSh0TZQRFKBGhtHtAwwV7LmKRDnzWrIWm
YQ4W8WL7PUlm0zthPMOc7Ln9OnZ0rJAf0mQwzLO0Wh0X3yDiZD2nBlEwJEba7njY
xE4UAwjEwF3gKuns86IkW8L6J2oag4yAtzGbdzL/HrxymjySNaxglhXDlooJgwvI
m6EpGuuSl5gJJnGxc/XgwbKQ+ddkusNvlsDa+shuX0AH+1GIXu6RbzzPGwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIipcrJhCCdn5LY24WpPgz3qYuEHMB8GA1UdIwQY
MBaAFAbi0n0w7P9CdxxKuXeoKupYp2tOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnVMU2ZURHNfMEozSEVxNWQ2Z3E2bGluYTA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8yMDkxM2ItZTUwNi00NzYwLTg4YjYt
NmQ5ODMyNGI5OTE2LzEvaUtseXNtRUlKMmZrdGpiaGFrLURQZXBpNFFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8yMDkxM2ItZTUwNi00NzYwLTg4YjYtNmQ5ODMyNGI5OTE2
LzEvQnVMU2ZURHNfMEozSEVxNWQ2Z3E2bGluYTA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAd0
MA0GCSqGSIb3DQEBCwUAA4IBAQCe34WTIjfB9nAHRWdv3SKNFHUdyfW/w4OgFoKn
rAAH2WiJ2JtZ2BOJXSh8bG7Xib9oS+Dl/rz26sysjp3D/KpoqEWoslxM3PrSYeiO
uus7S+mdrQLNCRZXQkADDYpJ3+jVqu51pVw/q/e0GauI2To5w4xYqcnHn0HZ4nWw
pM1E0XTGcmZR93PDs2gC3L3A9q/Agne286bLgyZhF5R/B83OsJQZHWq/0tplYjOf
xYH4QPu3s3DWGhAKGGayGUc1WBR/QGOKrCN/mPF17W2ohT++EBQHc/TGSUwKVDjh
k24GuatEKKKPakWPbVuEAg5N0BiGB/tAUVvcxXGiFWS9JwoD
-----END CERTIFICATE-----