Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/ecd1bb-fbda-4dd9-9ef9-3ac7d9623291/1/AKJNBvg_Wp6-g3QkU1hgfnYKS_I.roa
File:                     AKJNBvg_Wp6-g3QkU1hgfnYKS_I.roa (raw, json)
Hash identifier:          8/1gxZ5RhK3Xfc9FWx/YXavES1/BKptW13V8wouvEZc=
Subject key identifier:   00:A2:4D:06:F8:3F:5A:9E:BE:83:74:24:53:58:60:7E:76:0A:4B:F2
Certificate issuer:       /CN=ee4c3fc0122d831fbea8abb20a4e9b65c54039b2
Certificate serial:       0194236A142B7168D9F41D37861760F1C502
Authority key identifier: EE:4C:3F:C0:12:2D:83:1F:BE:A8:AB:B2:0A:4E:9B:65:C5:40:39:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7kw_wBItgx--qKuyCk6bZcVAObI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/ecd1bb-fbda-4dd9-9ef9-3ac7d9623291/1/AKJNBvg_Wp6-g3QkU1hgfnYKS_I.roa
Signing time:             Wed 01 Jan 2025 19:49:02 +0000
ROA not before:           Wed 01 Jan 2025 19:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8434
IP address blocks:        138.14.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/ecd1bb-fbda-4dd9-9ef9-3ac7d9623291/1/7kw_wBItgx--qKuyCk6bZcVAObI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/ecd1bb-fbda-4dd9-9ef9-3ac7d9623291/1/7kw_wBItgx--qKuyCk6bZcVAObI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7kw_wBItgx--qKuyCk6bZcVAObI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:14:2b:71:68:d9:f4:1d:37:86:17:60:f1:c5:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee4c3fc0122d831fbea8abb20a4e9b65c54039b2
        Validity
            Not Before: Jan  1 19:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=00a24d06f83f5a9ebe8374245358607e760a4bf2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:f7:2e:9e:d6:99:72:81:8f:b6:28:bb:78:e5:
                    30:f1:ad:38:68:0d:46:40:87:ab:a2:5c:57:87:a2:
                    65:c6:70:0f:a9:30:4f:24:f8:49:6a:76:27:f3:7a:
                    bd:d0:97:9e:96:6f:2b:02:ef:a8:eb:1c:3d:bd:e5:
                    45:e6:72:e9:94:b5:a0:03:8f:65:78:47:68:6c:bb:
                    7d:73:39:74:5c:64:13:4a:6e:43:f3:7a:a1:b4:48:
                    94:f3:af:e2:a3:70:84:82:c7:3d:57:49:7b:9b:a9:
                    2a:35:8c:c7:bd:3e:26:76:58:78:98:06:b6:17:bf:
                    ce:c4:6a:5f:f7:93:49:33:32:72:a5:7e:d7:8b:75:
                    c2:55:cf:f2:ee:25:ef:2e:46:bd:c0:f9:04:82:88:
                    e8:ed:05:34:9c:ce:51:6f:0c:64:5d:e2:14:b9:19:
                    e5:ba:2b:4f:59:fc:c2:3d:1e:04:70:f8:94:f2:d6:
                    f0:db:b6:6e:47:2d:77:fa:d4:7b:d5:b9:be:72:06:
                    20:53:7c:e6:5f:35:ca:4f:0d:b9:14:7b:3d:16:f7:
                    9f:83:56:7f:aa:ac:1d:d3:55:2a:bf:98:4a:d7:45:
                    90:2e:38:6e:41:19:c4:0c:12:f3:74:8e:47:be:a5:
                    3f:41:17:18:da:13:45:98:92:33:74:be:8d:45:83:
                    eb:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:A2:4D:06:F8:3F:5A:9E:BE:83:74:24:53:58:60:7E:76:0A:4B:F2
            X509v3 Authority Key Identifier:
                keyid:EE:4C:3F:C0:12:2D:83:1F:BE:A8:AB:B2:0A:4E:9B:65:C5:40:39:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7kw_wBItgx--qKuyCk6bZcVAObI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/ecd1bb-fbda-4dd9-9ef9-3ac7d9623291/1/AKJNBvg_Wp6-g3QkU1hgfnYKS_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/ecd1bb-fbda-4dd9-9ef9-3ac7d9623291/1/7kw_wBItgx--qKuyCk6bZcVAObI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.14.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3c:9f:ee:3c:81:57:3c:a6:c7:ee:81:3f:7c:8e:9a:52:50:69:
         b7:6b:be:2f:2e:c3:ec:fa:59:3f:cf:cd:36:9f:93:76:b5:37:
         9b:24:1f:ee:79:0a:07:d1:75:13:07:e6:83:9d:10:12:42:49:
         24:01:72:1d:9b:7c:40:2b:52:6e:0d:b2:23:8b:94:d0:b6:53:
         d7:d7:ee:d6:f7:71:d4:57:e9:25:66:b6:99:8d:c3:0c:30:6a:
         3a:e9:e6:f0:15:f1:d4:60:07:41:19:b7:f4:c5:c6:7a:5f:c3:
         e1:8d:a7:98:82:f2:90:6f:65:1d:b4:15:bb:d8:8f:fc:2b:42:
         6e:2f:f3:32:3f:2b:56:96:c2:98:f0:d7:13:27:0f:19:1e:e4:
         eb:b7:33:53:34:45:e2:3b:ac:19:29:7b:b3:e2:3a:b4:32:ad:
         fb:10:09:91:18:cf:38:90:2e:9b:e6:13:e1:3b:00:3f:42:17:
         ac:bf:7d:01:18:ec:a1:85:99:a7:8b:a0:87:50:fa:21:c2:6d:
         4e:05:bc:e8:ce:f1:2a:ec:b1:e8:78:61:5f:84:16:a6:23:93:
         cf:b1:d4:ed:ad:60:7c:ca:bd:dc:e7:53:40:28:a2:84:c0:ef:
         0b:0c:e8:79:70:95:fc:96:b6:a0:1a:66:6f:0c:de:d5:65:a2:
         8e:5c:e4:6e
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQjahQrcWjZ9B03hhdg8cUCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlNGMzZmMwMTIyZDgzMWZiZWE4YWJiMjBhNGU5YjY1YzU0
MDM5YjIwHhcNMjUwMTAxMTk0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGEyNGQwNmY4M2Y1YTllYmU4Mzc0MjQ1MzU4NjA3ZTc2MGE0YmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkfcuntaZcoGPtii7eOUw8a04aA1G
QIerolxXh6JlxnAPqTBPJPhJanYn83q90Jeelm8rAu+o6xw9veVF5nLplLWgA49l
eEdobLt9czl0XGQTSm5D83qhtEiU86/io3CEgsc9V0l7m6kqNYzHvT4mdlh4mAa2
F7/OxGpf95NJMzJypX7Xi3XCVc/y7iXvLka9wPkEgojo7QU0nM5RbwxkXeIUuRnl
uitPWfzCPR4EcPiU8tbw27ZuRy13+tR71bm+cgYgU3zmXzXKTw25FHs9Fvefg1Z/
qqwd01Uqv5hK10WQLjhuQRnEDBLzdI5HvqU/QRcY2hNFmJIzdL6NRYPrZQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFACiTQb4P1qevoN0JFNYYH52CkvyMB8GA1UdIwQY
MBaAFO5MP8ASLYMfvqirsgpOm2XFQDmyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2t3X3dCSXRneC0tcUt1eUNrNmJaY1ZBT2JJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC9lY2QxYmItZmJkYS00ZGQ5LTllZjkt
M2FjN2Q5NjIzMjkxLzEvQUtKTkJ2Z19XcDYtZzNRa1UxaGdmbllLU19JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC9lY2QxYmItZmJkYS00ZGQ5LTllZjktM2FjN2Q5NjIzMjkx
LzEvN2t3X3dCSXRneC0tcUt1eUNrNmJaY1ZBT2JJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAig4wDQYJ
KoZIhvcNAQELBQADggEBADyf7jyBVzymx+6BP3yOmlJQabdrvi8uw+z6WT/PzTaf
k3a1N5skH+55CgfRdRMH5oOdEBJCSSQBch2bfEArUm4NsiOLlNC2U9fX7tb3cdRX
6SVmtpmNwwwwajrp5vAV8dRgB0EZt/TFxnpfw+GNp5iC8pBvZR20FbvYj/wrQm4v
8zI/K1aWwpjw1xMnDxke5Ou3M1M0ReI7rBkpe7PiOrQyrfsQCZEYzziQLpvmE+E7
AD9CF6y/fQEY7KGFmaeLoIdQ+iHCbU4FvOjO8Srsseh4YV+EFqYjk8+x1O2tYHzK
vdznU0AoooTA7wsM6HlwlfyWtqAaZm8M3tVloo5c5G4=
-----END CERTIFICATE-----