Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/a322ba-c964-465b-8989-b32d974c210e/1/cLN64B17xEwOONz97nPOdAPgcmw.roa
File:                     cLN64B17xEwOONz97nPOdAPgcmw.roa (raw, json)
Hash identifier:          8k1WlEzrMEXKfUTS4dasNlbSuvl+9ksmw9qUMcYHqtc=
Subject key identifier:   70:B3:7A:E0:1D:7B:C4:4C:0E:38:DC:FD:EE:73:CE:74:03:E0:72:6C
Certificate issuer:       /CN=67ea698abcdee10dca9d6703a56e87a6b359bfcc
Certificate serial:       0193441644369795002484EDCCE60AC2A829
Authority key identifier: 67:EA:69:8A:BC:DE:E1:0D:CA:9D:67:03:A5:6E:87:A6:B3:59:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z-ppirze4Q3KnWcDpW6HprNZv8w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/a322ba-c964-465b-8989-b32d974c210e/1/cLN64B17xEwOONz97nPOdAPgcmw.roa
Signing time:             Tue 19 Nov 2024 11:02:10 +0000
ROA not before:           Tue 19 Nov 2024 11:02:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205999
IP address blocks:        45.14.0.0/22 maxlen: 22
                          45.14.0.0/23 maxlen: 23
                          45.14.0.0/24 maxlen: 24
                          45.14.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/a322ba-c964-465b-8989-b32d974c210e/1/Z-ppirze4Q3KnWcDpW6HprNZv8w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/a322ba-c964-465b-8989-b32d974c210e/1/Z-ppirze4Q3KnWcDpW6HprNZv8w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z-ppirze4Q3KnWcDpW6HprNZv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 20:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:44:16:44:36:97:95:00:24:84:ed:cc:e6:0a:c2:a8:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67ea698abcdee10dca9d6703a56e87a6b359bfcc
        Validity
            Not Before: Nov 19 11:02:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70b37ae01d7bc44c0e38dcfdee73ce7403e0726c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:8d:7c:ed:07:71:26:7d:45:85:0c:02:f4:41:
                    cc:25:5d:b3:0b:e9:dc:a1:78:0f:4b:06:9c:9f:6b:
                    0f:cc:9e:19:4e:33:3f:4b:f8:fa:f3:61:17:a7:4b:
                    f4:f6:98:f5:b4:78:3e:3b:da:59:84:a9:1f:01:ef:
                    18:a4:35:7a:26:36:c3:88:a0:d9:70:2f:fe:14:4a:
                    c0:bf:8a:d8:49:4c:37:bb:40:cc:68:9e:3e:df:80:
                    ed:b2:51:95:5e:ba:dc:b1:0c:d2:10:93:87:7b:12:
                    c3:23:30:3a:15:84:fc:2a:e5:d5:a1:43:f1:52:44:
                    c4:38:e9:e7:ff:75:b3:9b:71:48:0c:3c:c5:4a:c3:
                    07:d9:69:89:95:b0:6c:d4:b0:be:e3:9e:5a:a1:63:
                    8c:7c:91:a6:dd:45:7c:07:e0:a8:90:f0:bc:10:1c:
                    ea:af:9a:2a:ae:fc:fa:f1:42:9f:92:17:6e:31:fc:
                    98:db:50:41:2c:29:c9:65:59:70:e0:dc:e2:12:0b:
                    53:72:87:dc:4d:4e:cd:41:4c:a6:09:ea:03:ed:71:
                    0c:a4:9d:21:ad:65:d5:88:b6:ed:11:2f:d3:a1:ae:
                    5d:fb:ca:b6:f2:8d:b7:4e:28:e1:29:c0:9b:40:3a:
                    fc:d7:eb:6b:c7:d4:7a:d8:2f:a7:56:fb:88:27:55:
                    df:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:B3:7A:E0:1D:7B:C4:4C:0E:38:DC:FD:EE:73:CE:74:03:E0:72:6C
            X509v3 Authority Key Identifier:
                keyid:67:EA:69:8A:BC:DE:E1:0D:CA:9D:67:03:A5:6E:87:A6:B3:59:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z-ppirze4Q3KnWcDpW6HprNZv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/a322ba-c964-465b-8989-b32d974c210e/1/cLN64B17xEwOONz97nPOdAPgcmw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/a322ba-c964-465b-8989-b32d974c210e/1/Z-ppirze4Q3KnWcDpW6HprNZv8w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:20:55:32:93:47:dc:c3:a9:db:57:66:7e:02:84:df:d3:97:
         c8:ca:f6:53:6f:1a:28:14:20:e5:9b:3e:a5:91:0a:0c:dd:76:
         dc:6c:14:25:67:61:fb:57:cc:18:66:3c:1e:91:e1:5c:06:8f:
         02:a6:30:5e:dc:b5:cf:cd:b1:a4:65:25:96:46:1d:ec:ee:66:
         13:ba:63:09:f8:88:63:f4:0f:d2:a6:e1:f3:7a:69:97:61:34:
         ea:ac:2a:c4:c3:c8:f6:0b:6c:b9:9e:1f:6f:1c:3b:6c:ec:76:
         6e:e7:25:5b:23:56:4e:17:b5:e6:16:3d:a4:7f:34:ae:bf:ab:
         04:55:4c:70:33:58:e8:8b:0d:98:0d:d8:a0:2e:90:b0:77:5b:
         0a:e0:6a:da:bb:82:39:7c:62:16:36:a9:6b:8d:a6:8c:a6:3a:
         fa:50:76:e8:53:97:4c:2d:2a:f3:50:72:0a:41:4a:02:e1:72:
         6d:be:06:ac:da:d1:db:b7:7e:37:6a:73:bd:8a:58:21:b4:d3:
         c2:a9:46:26:66:59:f2:6a:d9:fc:c8:b1:4e:57:df:77:59:c0:
         75:ca:10:98:fd:58:36:64:23:f3:42:70:93:e9:bd:11:b5:8b:
         42:0d:98:e1:7d:f8:53:bf:1e:90:e0:03:f5:f1:f8:9b:e8:7f:
         7c:ba:12:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNEFkQ2l5UAJITtzOYKwqgpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZWE2OThhYmNkZWUxMGRjYTlkNjcwM2E1NmU4N2E2YjM1
OWJmY2MwHhcNMjQxMTE5MTEwMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGIzN2FlMDFkN2JjNDRjMGUzOGRjZmRlZTczY2U3NDAzZTA3MjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjY187QdxJn1FhQwC9EHMJV2zC+nc
oXgPSwacn2sPzJ4ZTjM/S/j682EXp0v09pj1tHg+O9pZhKkfAe8YpDV6JjbDiKDZ
cC/+FErAv4rYSUw3u0DMaJ4+34DtslGVXrrcsQzSEJOHexLDIzA6FYT8KuXVoUPx
UkTEOOnn/3Wzm3FIDDzFSsMH2WmJlbBs1LC+455aoWOMfJGm3UV8B+CokPC8EBzq
r5oqrvz68UKfkhduMfyY21BBLCnJZVlw4NziEgtTcofcTU7NQUymCeoD7XEMpJ0h
rWXViLbtES/Toa5d+8q28o23TijhKcCbQDr81+trx9R62C+nVvuIJ1XfPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHCzeuAde8RMDjjc/e5zznQD4HJsMB8GA1UdIwQY
MBaAFGfqaYq83uENyp1nA6Vuh6azWb/MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWi1wcGlyemU0UTNLbldjRHBXNkhwck5adjh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9hMzIyYmEtYzk2NC00NjViLTg5ODkt
YjMyZDk3NGMyMTBlLzEvY0xONjRCMTd4RXdPT056OTduUE9kQVBnY213LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9hMzIyYmEtYzk2NC00NjViLTg5ODktYjMyZDk3NGMyMTBl
LzEvWi1wcGlyemU0UTNLbldjRHBXNkhwck5adjh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQ4AMA0G
CSqGSIb3DQEBCwUAA4IBAQBnIFUyk0fcw6nbV2Z+AoTf05fIyvZTbxooFCDlmz6l
kQoM3XbcbBQlZ2H7V8wYZjwekeFcBo8CpjBe3LXPzbGkZSWWRh3s7mYTumMJ+Ihj
9A/SpuHzemmXYTTqrCrEw8j2C2y5nh9vHDts7HZu5yVbI1ZOF7XmFj2kfzSuv6sE
VUxwM1joiw2YDdigLpCwd1sK4Grau4I5fGIWNqlrjaaMpjr6UHboU5dMLSrzUHIK
QUoC4XJtvgas2tHbt343anO9ilghtNPCqUYmZlnyatn8yLFOV993WcB1yhCY/Vg2
ZCPzQnCT6b0RtYtCDZjhffhTvx6Q4AP18fib6H98uhI4
-----END CERTIFICATE-----