Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/9732bb-f590-4194-85be-d069f17602b6/1/IuZyh51pC2bbnsT3k_fIMIHSsXo.roa
File:                     IuZyh51pC2bbnsT3k_fIMIHSsXo.roa (raw, json)
Hash identifier:          EBg3OHfVmllCitnGrM2h7hOvo2VnYcOzoZu6EafzN+U=
Subject key identifier:   22:E6:72:87:9D:69:0B:66:DB:9E:C4:F7:93:F7:C8:30:81:D2:B1:7A
Certificate issuer:       /CN=e099ee07822ef2ace9c356f7b42caeaff25c9692
Certificate serial:       0191BC9403AB601526C665B009E8D79AF93A
Authority key identifier: E0:99:EE:07:82:2E:F2:AC:E9:C3:56:F7:B4:2C:AE:AF:F2:5C:96:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4JnuB4Iu8qzpw1b3tCyur_JclpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/9732bb-f590-4194-85be-d069f17602b6/1/IuZyh51pC2bbnsT3k_fIMIHSsXo.roa
Signing time:             Wed 04 Sep 2024 10:28:22 +0000
ROA not before:           Wed 04 Sep 2024 10:28:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199679
IP address blocks:        2a14:6980:20::/44 maxlen: 44
                          2a14:6980:20::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/9732bb-f590-4194-85be-d069f17602b6/1/4JnuB4Iu8qzpw1b3tCyur_JclpI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/9732bb-f590-4194-85be-d069f17602b6/1/4JnuB4Iu8qzpw1b3tCyur_JclpI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4JnuB4Iu8qzpw1b3tCyur_JclpI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:bc:94:03:ab:60:15:26:c6:65:b0:09:e8:d7:9a:f9:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e099ee07822ef2ace9c356f7b42caeaff25c9692
        Validity
            Not Before: Sep  4 10:28:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22e672879d690b66db9ec4f793f7c83081d2b17a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:73:2b:eb:ad:31:18:f5:41:08:bb:d7:7b:da:
                    6f:14:bb:c1:9c:72:49:ac:cb:58:82:fc:5c:b8:c5:
                    23:e5:bb:c6:c8:b1:9c:78:e2:d3:9c:aa:89:5d:b1:
                    a1:48:83:cc:82:90:9c:1b:b2:a5:73:ba:b5:4d:b6:
                    4a:16:fb:a8:c5:0b:05:08:9c:d1:3e:7e:ce:52:26:
                    0a:c5:65:c5:e6:f1:da:09:67:23:e6:55:1f:a0:30:
                    e9:bb:6d:00:ae:ed:6b:c2:9c:f0:0c:be:b8:8d:ed:
                    43:ae:2f:7b:4a:f2:5d:46:0a:99:84:9a:0d:74:b5:
                    65:90:fb:28:b9:00:3c:d1:c2:ca:09:bb:ba:e9:0a:
                    59:ae:da:7c:fa:00:c2:6f:b0:55:ba:2f:0c:5c:6c:
                    28:b8:15:23:14:f8:6f:3f:75:8f:46:6a:c7:4f:56:
                    a1:6a:d2:19:1a:6e:85:56:60:e9:e7:2e:41:11:88:
                    d8:05:cf:cd:f3:b8:00:12:33:2e:2f:80:e5:25:9d:
                    c0:2e:c6:d3:0a:15:11:92:8c:a9:57:b8:e3:e7:0b:
                    cc:c3:bb:5c:ce:73:28:57:a6:74:64:52:a9:4a:17:
                    bf:32:64:c3:6d:d6:96:6a:5c:f4:65:a1:fd:52:d5:
                    65:fc:69:5e:58:58:1b:95:bf:a6:18:5d:3d:9e:d1:
                    45:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:E6:72:87:9D:69:0B:66:DB:9E:C4:F7:93:F7:C8:30:81:D2:B1:7A
            X509v3 Authority Key Identifier:
                keyid:E0:99:EE:07:82:2E:F2:AC:E9:C3:56:F7:B4:2C:AE:AF:F2:5C:96:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4JnuB4Iu8qzpw1b3tCyur_JclpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/9732bb-f590-4194-85be-d069f17602b6/1/IuZyh51pC2bbnsT3k_fIMIHSsXo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/9732bb-f590-4194-85be-d069f17602b6/1/4JnuB4Iu8qzpw1b3tCyur_JclpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:6980:20::/44

    Signature Algorithm: sha256WithRSAEncryption
         68:f8:1e:b3:26:06:fe:08:ae:47:9f:7c:a4:36:10:43:3c:19:
         54:27:3e:b9:e9:27:65:48:4a:53:d5:20:83:7b:b5:eb:dc:dd:
         8c:8f:b6:cd:0d:44:5a:23:7a:18:5f:78:ff:d0:5d:28:d5:cb:
         38:6b:89:6e:89:1e:ff:3d:7c:5a:f2:01:c7:00:88:9f:31:9a:
         1a:38:35:7f:17:ec:9f:72:bb:29:22:e2:53:d2:5c:d7:60:e1:
         5c:5f:d2:01:97:76:59:8e:c9:e4:2b:13:2e:19:9b:ac:ba:8b:
         c7:72:a7:e6:53:99:c8:fe:4f:0f:28:3a:fa:56:35:45:8c:f8:
         30:4b:47:da:5b:c0:cb:54:ca:6b:82:bd:de:e6:7e:45:77:28:
         7d:19:d6:ad:83:bb:fc:1a:3a:a3:07:0d:11:9e:d7:c6:09:49:
         78:89:13:ad:ef:9d:f5:dc:d8:f4:f5:c5:59:c0:c9:df:40:5d:
         d6:25:fe:c1:3b:2b:e0:10:4f:ba:3c:17:63:7d:62:b6:6a:1b:
         61:f7:d1:74:09:e2:12:47:df:67:11:aa:ae:88:32:83:94:06:
         f6:6e:bd:f2:e2:ff:a8:18:46:e0:35:1d:8a:16:71:64:19:e5:
         a6:44:d5:b3:8c:4e:a3:c6:50:67:f9:a2:67:7c:8c:14:a5:a3:
         8a:25:3a:f0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZG8lAOrYBUmxmWwCejXmvk6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwOTllZTA3ODIyZWYyYWNlOWMzNTZmN2I0MmNhZWFmZjI1
Yzk2OTIwHhcNMjQwOTA0MTAyODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmU2NzI4NzlkNjkwYjY2ZGI5ZWM0Zjc5M2Y3YzgzMDgxZDJiMTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7XMr660xGPVBCLvXe9pvFLvBnHJJ
rMtYgvxcuMUj5bvGyLGceOLTnKqJXbGhSIPMgpCcG7Klc7q1TbZKFvuoxQsFCJzR
Pn7OUiYKxWXF5vHaCWcj5lUfoDDpu20Aru1rwpzwDL64je1Dri97SvJdRgqZhJoN
dLVlkPsouQA80cLKCbu66QpZrtp8+gDCb7BVui8MXGwouBUjFPhvP3WPRmrHT1ah
atIZGm6FVmDp5y5BEYjYBc/N87gAEjMuL4DlJZ3ALsbTChURkoypV7jj5wvMw7tc
znMoV6Z0ZFKpShe/MmTDbdaWalz0ZaH9UtVl/GleWFgblb+mGF09ntFFiwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCLmcoedaQtm257E95P3yDCB0rF6MB8GA1UdIwQY
MBaAFOCZ7geCLvKs6cNW97Qsrq/yXJaSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEpudUI0SXU4cXpwdzFiM3RDeXVyX0pjbHBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC85NzMyYmItZjU5MC00MTk0LTg1YmUt
ZDA2OWYxNzYwMmI2LzEvSXVaeWg1MXBDMmJibnNUM2tfZklNSUhTc1hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC85NzMyYmItZjU5MC00MTk0LTg1YmUtZDA2OWYxNzYwMmI2
LzEvNEpudUI0SXU4cXpwdzFiM3RDeXVyX0pjbHBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhRpgAAg
MA0GCSqGSIb3DQEBCwUAA4IBAQBo+B6zJgb+CK5Hn3ykNhBDPBlUJz656SdlSEpT
1SCDe7Xr3N2Mj7bNDURaI3oYX3j/0F0o1cs4a4luiR7/PXxa8gHHAIifMZoaODV/
F+yfcrspIuJT0lzXYOFcX9IBl3ZZjsnkKxMuGZusuovHcqfmU5nI/k8PKDr6VjVF
jPgwS0faW8DLVMprgr3e5n5Fdyh9Gdatg7v8GjqjBw0RntfGCUl4iROt75313Nj0
9cVZwMnfQF3WJf7BOyvgEE+6PBdjfWK2ahth99F0CeISR99nEaquiDKDlAb2br3y
4v+oGEbgNR2KFnFkGeWmRNWzjE6jxlBn+aJnfIwUpaOKJTrw
-----END CERTIFICATE-----