Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/ecd1bb-fbda-4dd9-9ef9-3ac7d9623291/1/IcYn1k5DtBwlh7Er1ZFeXL3BZp8.roa
File:                     IcYn1k5DtBwlh7Er1ZFeXL3BZp8.roa (raw, json)
Hash identifier:          bMjc/PTS5rF5gNQCh2v7D43VEBGYESvSyB5YuDrD1bw=
Subject key identifier:   21:C6:27:D6:4E:43:B4:1C:25:87:B1:2B:D5:91:5E:5C:BD:C1:66:9F
Certificate issuer:       /CN=ee4c3fc0122d831fbea8abb20a4e9b65c54039b2
Certificate serial:       018D9CD31485C34D420A06CEFC5491D51743
Authority key identifier: EE:4C:3F:C0:12:2D:83:1F:BE:A8:AB:B2:0A:4E:9B:65:C5:40:39:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7kw_wBItgx--qKuyCk6bZcVAObI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/ecd1bb-fbda-4dd9-9ef9-3ac7d9623291/1/IcYn1k5DtBwlh7Er1ZFeXL3BZp8.roa
Signing time:             Mon 12 Feb 2024 10:18:15 +0000
ROA not before:           Mon 12 Feb 2024 10:18:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8434
IP address blocks:        138.14.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/ecd1bb-fbda-4dd9-9ef9-3ac7d9623291/1/7kw_wBItgx--qKuyCk6bZcVAObI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/ecd1bb-fbda-4dd9-9ef9-3ac7d9623291/1/7kw_wBItgx--qKuyCk6bZcVAObI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7kw_wBItgx--qKuyCk6bZcVAObI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 07:02:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:9c:d3:14:85:c3:4d:42:0a:06:ce:fc:54:91:d5:17:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee4c3fc0122d831fbea8abb20a4e9b65c54039b2
        Validity
            Not Before: Feb 12 10:18:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=21c627d64e43b41c2587b12bd5915e5cbdc1669f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:c4:80:87:6d:a3:3c:a8:04:df:3a:a3:ff:21:
                    9a:67:8e:d1:99:8d:c5:a6:ab:6c:1a:c6:25:fe:50:
                    c7:ac:96:ac:7d:02:74:f5:c7:70:07:e8:7a:03:2a:
                    39:a7:53:5f:04:bc:63:90:1e:61:fc:26:ac:ca:35:
                    76:7f:d5:70:af:36:eb:cb:26:d8:d1:a9:a9:b3:7a:
                    a1:c4:47:9f:2d:d6:d7:43:e0:57:09:8a:64:ae:15:
                    d0:3f:42:49:c0:c2:af:d9:e8:63:82:43:f4:de:2b:
                    1f:49:85:5a:65:bb:91:30:e4:14:5a:11:33:f0:40:
                    7d:11:46:d7:6e:24:24:a7:05:24:a3:66:15:1e:db:
                    90:97:79:bc:07:37:1e:91:83:9a:c0:b1:70:2f:0c:
                    2f:a9:77:5d:78:f4:70:55:cc:61:a9:25:61:68:6c:
                    b8:7d:81:42:e1:67:3b:f2:1f:cd:94:be:36:5c:d9:
                    eb:0c:f6:aa:e3:9a:f9:36:b0:57:24:a9:42:bc:e7:
                    71:f5:bd:db:44:2b:97:40:7e:83:fc:d8:5d:3e:04:
                    1b:1d:75:83:93:93:d8:92:bc:37:7e:af:ad:e7:1e:
                    59:93:79:f8:b3:12:b8:f5:a5:13:b6:16:49:2a:bc:
                    6a:c0:7d:7e:3b:c4:ca:9b:da:84:ae:aa:f1:2a:77:
                    46:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:C6:27:D6:4E:43:B4:1C:25:87:B1:2B:D5:91:5E:5C:BD:C1:66:9F
            X509v3 Authority Key Identifier:
                keyid:EE:4C:3F:C0:12:2D:83:1F:BE:A8:AB:B2:0A:4E:9B:65:C5:40:39:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7kw_wBItgx--qKuyCk6bZcVAObI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/ecd1bb-fbda-4dd9-9ef9-3ac7d9623291/1/IcYn1k5DtBwlh7Er1ZFeXL3BZp8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/ecd1bb-fbda-4dd9-9ef9-3ac7d9623291/1/7kw_wBItgx--qKuyCk6bZcVAObI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.14.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2b:30:3d:3b:32:6e:77:e4:c7:0d:3d:46:6c:9c:3e:53:c1:4e:
         9b:b9:40:7e:10:06:3b:14:51:77:35:ad:cb:e7:ea:c9:29:cf:
         c7:86:4b:1c:c2:db:39:55:47:d5:09:42:23:b3:b0:76:03:e0:
         5d:6a:d3:21:12:85:03:30:eb:ed:5c:64:32:36:93:90:3d:51:
         ee:0a:89:e0:d1:62:f7:f0:62:aa:28:18:58:15:60:e5:ca:9d:
         40:a1:2f:ce:a1:63:19:bf:e0:a6:a5:95:1f:38:ac:bb:2b:57:
         fd:85:e5:d7:ca:4c:fa:25:b5:0e:19:ae:79:37:e2:e1:44:64:
         54:99:a9:90:49:02:7c:c3:1d:5e:19:90:6b:4d:1d:36:0f:9b:
         f7:3f:8d:7d:c0:11:5c:23:d7:3e:33:08:d7:57:b6:b3:1f:f9:
         61:85:b2:1d:12:a7:1b:fd:b7:07:4c:4b:8f:4d:fb:7c:9c:3b:
         40:63:61:c3:1a:51:73:d6:f6:d3:71:40:f0:83:1c:73:ba:99:
         75:99:cc:cb:5a:61:a0:34:ae:08:07:39:e0:9c:cd:af:97:df:
         4d:86:fe:b6:ff:7e:2a:c2:80:2c:c4:af:35:a6:6c:96:ed:28:
         60:d3:11:a8:b8:be:9b:68:79:78:46:f1:92:c9:0e:26:41:73:
         81:b9:7a:71
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAY2c0xSFw01CCgbO/FSR1RdDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlNGMzZmMwMTIyZDgzMWZiZWE4YWJiMjBhNGU5YjY1YzU0
MDM5YjIwHhcNMjQwMjEyMTAxODE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWM2MjdkNjRlNDNiNDFjMjU4N2IxMmJkNTkxNWU1Y2JkYzE2NjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjsSAh22jPKgE3zqj/yGaZ47RmY3F
pqtsGsYl/lDHrJasfQJ09cdwB+h6Ayo5p1NfBLxjkB5h/CasyjV2f9VwrzbryybY
0amps3qhxEefLdbXQ+BXCYpkrhXQP0JJwMKv2ehjgkP03isfSYVaZbuRMOQUWhEz
8EB9EUbXbiQkpwUko2YVHtuQl3m8BzcekYOawLFwLwwvqXddePRwVcxhqSVhaGy4
fYFC4Wc78h/NlL42XNnrDPaq45r5NrBXJKlCvOdx9b3bRCuXQH6D/NhdPgQbHXWD
k5PYkrw3fq+t5x5Zk3n4sxK49aUTthZJKrxqwH1+O8TKm9qErqrxKndGEQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFCHGJ9ZOQ7QcJYexK9WRXly9wWafMB8GA1UdIwQY
MBaAFO5MP8ASLYMfvqirsgpOm2XFQDmyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2t3X3dCSXRneC0tcUt1eUNrNmJaY1ZBT2JJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC9lY2QxYmItZmJkYS00ZGQ5LTllZjkt
M2FjN2Q5NjIzMjkxLzEvSWNZbjFrNUR0QndsaDdFcjFaRmVYTDNCWnA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC9lY2QxYmItZmJkYS00ZGQ5LTllZjktM2FjN2Q5NjIzMjkx
LzEvN2t3X3dCSXRneC0tcUt1eUNrNmJaY1ZBT2JJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAig4wDQYJ
KoZIhvcNAQELBQADggEBACswPTsybnfkxw09RmycPlPBTpu5QH4QBjsUUXc1rcvn
6skpz8eGSxzC2zlVR9UJQiOzsHYD4F1q0yEShQMw6+1cZDI2k5A9Ue4KieDRYvfw
YqooGFgVYOXKnUChL86hYxm/4KallR84rLsrV/2F5dfKTPoltQ4Zrnk34uFEZFSZ
qZBJAnzDHV4ZkGtNHTYPm/c/jX3AEVwj1z4zCNdXtrMf+WGFsh0Spxv9twdMS49N
+3ycO0BjYcMaUXPW9tNxQPCDHHO6mXWZzMtaYaA0rggHOeCcza+X302G/rb/firC
gCzErzWmbJbtKGDTEai4vptoeXhG8ZLJDiZBc4G5enE=
-----END CERTIFICATE-----