Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/QyKEJr3cDU4Ag6V5m-EerYZW2XE.roa
File:                     QyKEJr3cDU4Ag6V5m-EerYZW2XE.roa (raw, json)
Hash identifier:          dIbvXwCO2XjHjXdgyhTTm8YOwxr5omR0uk2EObnFWMk=
Subject key identifier:   43:22:84:26:BD:DC:0D:4E:00:83:A5:79:9B:E1:1E:AD:86:56:D9:71
Certificate issuer:       /CN=5dd6f6d299bcdec73d13f2d842fc1df4bc1ee2d3
Certificate serial:       01927A2E603DA4A24658CA2CF8A7B55B4C7F
Authority key identifier: 5D:D6:F6:D2:99:BC:DE:C7:3D:13:F2:D8:42:FC:1D:F4:BC:1E:E2:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/QyKEJr3cDU4Ag6V5m-EerYZW2XE.roa
Signing time:             Fri 11 Oct 2024 06:05:12 +0000
ROA not before:           Fri 11 Oct 2024 06:05:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     54339
IP address blocks:        14.102.8.0/24 maxlen: 24
                          91.200.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:7a:2e:60:3d:a4:a2:46:58:ca:2c:f8:a7:b5:5b:4c:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd6f6d299bcdec73d13f2d842fc1df4bc1ee2d3
        Validity
            Not Before: Oct 11 06:05:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43228426bddc0d4e0083a5799be11ead8656d971
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:0b:70:b5:8e:5c:c7:a5:fc:e2:db:d2:67:03:
                    a3:19:40:ec:91:0b:26:e9:8c:b9:d0:be:34:01:f2:
                    1b:76:08:73:c0:4a:26:da:06:6b:7d:92:eb:8c:99:
                    7c:b3:e4:6f:46:b7:85:1d:ef:32:f6:f1:ca:85:f1:
                    89:0b:5e:5c:ec:ef:ec:ed:77:1d:b5:52:38:e4:1f:
                    57:af:cd:21:d0:24:c3:88:06:92:83:f8:4f:3c:e6:
                    5e:50:da:0b:3e:76:82:0d:15:df:c2:97:a0:de:7e:
                    11:da:00:19:d1:c9:d7:8a:f5:6f:ac:40:1e:6b:47:
                    88:c0:4b:9d:ac:d2:d6:9c:10:3e:49:ec:43:f6:43:
                    d7:03:76:d7:41:f4:a7:74:64:94:a9:66:6c:86:28:
                    53:2a:7b:8c:10:c8:84:80:ab:0f:7d:15:90:c9:8c:
                    f8:5e:3c:f5:ec:3c:35:e2:39:30:b6:89:d4:61:35:
                    a7:4d:2e:6f:5d:8b:ff:b9:f2:67:bc:ff:b7:17:1b:
                    20:00:5c:7a:0a:0c:0c:24:43:96:0d:77:0c:56:b9:
                    51:e9:ee:c6:52:21:77:48:07:69:77:c2:99:f9:8b:
                    f3:6c:37:4b:fc:90:6d:e1:83:a9:31:a8:c6:2a:01:
                    63:04:0c:a5:09:d0:40:5e:42:ea:c9:bd:a3:05:59:
                    e3:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:22:84:26:BD:DC:0D:4E:00:83:A5:79:9B:E1:1E:AD:86:56:D9:71
            X509v3 Authority Key Identifier:
                keyid:5D:D6:F6:D2:99:BC:DE:C7:3D:13:F2:D8:42:FC:1D:F4:BC:1E:E2:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/QyKEJr3cDU4Ag6V5m-EerYZW2XE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.102.8.0/24
                  91.200.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:05:6a:fd:5f:13:fd:e3:11:6f:a0:e7:e5:8b:d4:4f:35:44:
         4f:43:d0:1c:e9:73:44:3c:21:81:11:5b:b5:07:74:80:67:79:
         ee:da:48:29:5a:6d:fa:70:56:00:d3:4b:6d:0e:dc:d2:4e:ee:
         76:2a:10:d7:d5:d1:5c:56:a2:c7:18:f1:66:8c:43:ee:f5:30:
         a0:bc:8a:99:06:ca:72:bb:ae:c3:bc:32:a8:2e:64:fb:a4:26:
         dd:c4:dd:d6:49:47:1c:84:be:fb:c9:2a:89:be:19:14:78:24:
         9f:03:83:71:b4:51:f7:19:db:18:c4:4f:f3:69:4f:de:b7:66:
         4b:1f:4d:94:52:af:22:bc:b9:b3:6f:33:46:b5:e2:ab:ce:88:
         e6:96:87:c1:be:0a:c5:5e:7e:5b:43:30:d2:53:5e:62:00:21:
         4f:bd:af:45:0f:dd:9a:78:a8:42:6a:b4:81:cd:4f:95:24:f2:
         6d:97:52:3f:a4:98:83:32:72:4d:de:85:06:8a:d7:f7:f0:f2:
         7a:e4:26:70:61:1e:81:d1:41:c4:f2:f7:22:e3:01:fb:7c:9e:
         03:fe:2c:ee:c9:5a:9c:9f:30:84:0b:d7:08:90:05:fc:27:0c:
         cf:a1:97:7c:b2:c0:ed:f3:a0:5f:d5:2c:bb:ef:54:7e:d4:64:
         32:a4:f1:9e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZJ6LmA9pKJGWMos+Ke1W0x/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDZmNmQyOTliY2RlYzczZDEzZjJkODQyZmMxZGY0YmMx
ZWUyZDMwHhcNMjQxMDExMDYwNTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzIyODQyNmJkZGMwZDRlMDA4M2E1Nzk5YmUxMWVhZDg2NTZkOTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzgtwtY5cx6X84tvSZwOjGUDskQsm
6Yy50L40AfIbdghzwEom2gZrfZLrjJl8s+RvRreFHe8y9vHKhfGJC15c7O/s7Xcd
tVI45B9Xr80h0CTDiAaSg/hPPOZeUNoLPnaCDRXfwpeg3n4R2gAZ0cnXivVvrEAe
a0eIwEudrNLWnBA+SexD9kPXA3bXQfSndGSUqWZshihTKnuMEMiEgKsPfRWQyYz4
Xjz17Dw14jkwtonUYTWnTS5vXYv/ufJnvP+3FxsgAFx6CgwMJEOWDXcMVrlR6e7G
UiF3SAdpd8KZ+YvzbDdL/JBt4YOpMajGKgFjBAylCdBAXkLqyb2jBVnjrwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEMihCa93A1OAIOleZvhHq2GVtlxMB8GA1UdIwQY
MBaAFF3W9tKZvN7HPRPy2EL8HfS8HuLTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRiMjBwbTgzc2M5RV9MWVF2d2Q5THdlNHRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9hNGI0NDYtYmI3Mi00NWJlLWJjNDYt
NTFmNWZmODFjMTE3LzEvUXlLRUpyM2NEVTRBZzZWNW0tRWVyWVpXMlhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9hNGI0NDYtYmI3Mi00NWJlLWJjNDYtNTFmNWZmODFjMTE3
LzEvWGRiMjBwbTgzc2M5RV9MWVF2d2Q5THdlNHRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQADmYIAwQA
W8j/MA0GCSqGSIb3DQEBCwUAA4IBAQBcBWr9XxP94xFvoOfli9RPNURPQ9Ac6XNE
PCGBEVu1B3SAZ3nu2kgpWm36cFYA00ttDtzSTu52KhDX1dFcVqLHGPFmjEPu9TCg
vIqZBspyu67DvDKoLmT7pCbdxN3WSUcchL77ySqJvhkUeCSfA4NxtFH3GdsYxE/z
aU/et2ZLH02UUq8ivLmzbzNGteKrzojmlofBvgrFXn5bQzDSU15iACFPva9FD92a
eKhCarSBzU+VJPJtl1I/pJiDMnJN3oUGitf38PJ65CZwYR6B0UHE8vci4wH7fJ4D
/izuyVqcnzCEC9cIkAX8JwzPoZd8ssDt86Bf1Sy771R+1GQypPGe
-----END CERTIFICATE-----