Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/9be0a7-41b3-48a5-8a38-84cbc85a2343/1/Eyn-eJyC5gKOyPAKbnh2r9F73JY.roa
File:                     Eyn-eJyC5gKOyPAKbnh2r9F73JY.roa (raw, json)
Hash identifier:          +9aJxVdeUCliblEYOL1HaqXO4Z9tD0wmRem5AmqwRrA=
Subject key identifier:   13:29:FE:78:9C:82:E6:02:8E:C8:F0:0A:6E:78:76:AF:D1:7B:DC:96
Certificate issuer:       /CN=74e8159a16d72b3d6cdfbaa096d69139fde9d290
Certificate serial:       018EA139D2E3F2617BE23019404BD5619CE2
Authority key identifier: 74:E8:15:9A:16:D7:2B:3D:6C:DF:BA:A0:96:D6:91:39:FD:E9:D2:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dOgVmhbXKz1s37qgltaROf3p0pA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/9be0a7-41b3-48a5-8a38-84cbc85a2343/1/Eyn-eJyC5gKOyPAKbnh2r9F73JY.roa
Signing time:             Tue 02 Apr 2024 23:51:45 +0000
ROA not before:           Tue 02 Apr 2024 23:51:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        2a14:5200::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/9be0a7-41b3-48a5-8a38-84cbc85a2343/1/dOgVmhbXKz1s37qgltaROf3p0pA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/9be0a7-41b3-48a5-8a38-84cbc85a2343/1/dOgVmhbXKz1s37qgltaROf3p0pA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dOgVmhbXKz1s37qgltaROf3p0pA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a1:39:d2:e3:f2:61:7b:e2:30:19:40:4b:d5:61:9c:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74e8159a16d72b3d6cdfbaa096d69139fde9d290
        Validity
            Not Before: Apr  2 23:51:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1329fe789c82e6028ec8f00a6e7876afd17bdc96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:db:d8:0d:34:c4:4e:d3:46:b6:14:d8:0e:20:
                    55:df:8e:e3:fa:84:e6:85:9c:9b:55:95:f1:f5:3f:
                    3c:53:4a:8b:10:23:6c:1c:7f:57:16:09:70:9b:99:
                    04:7d:c3:e7:87:02:31:0b:31:98:3b:7f:21:59:cf:
                    4a:f5:24:d4:c8:72:7d:e5:99:68:be:35:9c:5a:10:
                    96:f9:83:37:d1:45:7b:4f:5a:13:f2:d4:97:5d:de:
                    8b:8c:29:a5:b3:79:5b:b1:62:4c:91:d1:3d:0b:a1:
                    68:3f:8c:dc:1c:68:f1:fd:4d:e2:ba:96:54:a1:00:
                    b6:a4:bf:8e:38:24:8c:53:94:ed:ab:aa:af:33:15:
                    0f:0f:37:98:2b:c7:d8:d0:89:a1:43:ea:46:52:10:
                    ed:7b:4d:4d:72:bb:6f:c7:31:34:bf:22:19:53:80:
                    e8:c7:37:ef:c5:c7:0f:7b:a6:4a:fb:03:75:23:64:
                    2d:11:2e:81:be:86:3c:8f:05:06:d7:df:a4:16:69:
                    f5:c1:ad:58:fc:2e:75:e0:03:f3:36:f9:cb:98:7f:
                    f9:83:77:00:96:81:7c:36:c8:97:d8:d2:f3:e7:1e:
                    a6:50:17:a9:db:76:cf:d0:b8:78:fc:f7:32:ee:e0:
                    05:4b:18:3c:c8:8d:2d:73:d1:42:d0:89:a7:91:86:
                    b9:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:29:FE:78:9C:82:E6:02:8E:C8:F0:0A:6E:78:76:AF:D1:7B:DC:96
            X509v3 Authority Key Identifier:
                keyid:74:E8:15:9A:16:D7:2B:3D:6C:DF:BA:A0:96:D6:91:39:FD:E9:D2:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dOgVmhbXKz1s37qgltaROf3p0pA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/9be0a7-41b3-48a5-8a38-84cbc85a2343/1/Eyn-eJyC5gKOyPAKbnh2r9F73JY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/9be0a7-41b3-48a5-8a38-84cbc85a2343/1/dOgVmhbXKz1s37qgltaROf3p0pA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:5200::/29

    Signature Algorithm: sha256WithRSAEncryption
         71:57:07:8e:03:11:01:e9:31:de:47:92:93:9b:ef:25:bc:a5:
         6c:af:e2:6a:67:4b:78:ef:52:32:1b:d4:dd:1f:ff:f9:67:32:
         52:5b:8a:7a:c5:04:17:02:1e:ce:64:c9:e0:ca:46:6f:0b:56:
         c4:10:13:f7:15:71:03:c5:f5:74:f3:ae:75:1d:1e:61:40:8f:
         67:c9:47:25:17:64:8e:56:09:0e:4e:81:1d:2c:db:af:54:37:
         6d:48:e6:e7:16:ce:a6:d4:e5:9e:6c:37:43:55:cc:8b:a0:7a:
         76:da:48:2d:59:37:87:4e:f5:b6:59:df:b7:51:3d:2d:ca:bc:
         45:fc:53:ea:0c:0f:b3:cf:41:5e:e5:6b:37:1f:56:c0:b5:f4:
         28:c8:54:aa:de:96:c5:3a:d3:b6:62:0a:e3:70:89:18:28:26:
         bb:d0:fe:16:34:a6:89:64:34:cd:4a:1c:45:bc:6f:28:d7:d9:
         36:93:22:ad:94:2c:41:c6:c5:16:5a:d8:aa:17:22:26:06:65:
         fb:c2:42:9e:dd:04:d8:bf:9f:02:1d:8a:9e:04:ec:80:97:0f:
         26:e2:18:25:88:12:4d:55:1b:15:c5:51:f1:ca:33:83:70:57:
         fa:cb:59:3d:e8:b5:0f:e1:08:7b:14:a0:76:d4:c6:fa:71:5e:
         af:95:cb:49
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY6hOdLj8mF74jAZQEvVYZziMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0ZTgxNTlhMTZkNzJiM2Q2Y2RmYmFhMDk2ZDY5MTM5ZmRl
OWQyOTAwHhcNMjQwNDAyMjM1MTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzI5ZmU3ODljODJlNjAyOGVjOGYwMGE2ZTc4NzZhZmQxN2JkYzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9vYDTTETtNGthTYDiBV347j+oTm
hZybVZXx9T88U0qLECNsHH9XFglwm5kEfcPnhwIxCzGYO38hWc9K9STUyHJ95Zlo
vjWcWhCW+YM30UV7T1oT8tSXXd6LjCmls3lbsWJMkdE9C6FoP4zcHGjx/U3iupZU
oQC2pL+OOCSMU5Ttq6qvMxUPDzeYK8fY0ImhQ+pGUhDte01NcrtvxzE0vyIZU4Do
xzfvxccPe6ZK+wN1I2QtES6BvoY8jwUG19+kFmn1wa1Y/C514APzNvnLmH/5g3cA
loF8NsiX2NLz5x6mUBep23bP0Lh4/Pcy7uAFSxg8yI0tc9FC0ImnkYa5/QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBMp/nicguYCjsjwCm54dq/Re9yWMB8GA1UdIwQY
MBaAFHToFZoW1ys9bN+6oJbWkTn96dKQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZE9nVm1oYlhLejFzMzdxZ2x0YVJPZjNwMHBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS85YmUwYTctNDFiMy00OGE1LThhMzgt
ODRjYmM4NWEyMzQzLzEvRXluLWVKeUM1Z0tPeVBBS2JuaDJyOUY3M0pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS85YmUwYTctNDFiMy00OGE1LThhMzgtODRjYmM4NWEyMzQz
LzEvZE9nVm1oYlhLejFzMzdxZ2x0YVJPZjNwMHBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhRSADAN
BgkqhkiG9w0BAQsFAAOCAQEAcVcHjgMRAekx3keSk5vvJbylbK/iamdLeO9SMhvU
3R//+WcyUluKesUEFwIezmTJ4MpGbwtWxBAT9xVxA8X1dPOudR0eYUCPZ8lHJRdk
jlYJDk6BHSzbr1Q3bUjm5xbOptTlnmw3Q1XMi6B6dtpILVk3h071tlnft1E9Lcq8
RfxT6gwPs89BXuVrNx9WwLX0KMhUqt6WxTrTtmIK43CJGCgmu9D+FjSmiWQ0zUoc
RbxvKNfZNpMirZQsQcbFFlrYqhciJgZl+8JCnt0E2L+fAh2KngTsgJcPJuIYJYgS
TVUbFcVR8cozg3BX+stZPei1D+EIexSgdtTG+nFer5XLSQ==
-----END CERTIFICATE-----