Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/9732bb-f590-4194-85be-d069f17602b6/1/omgE0982MeyxbKfgihXWQnVXnOs.roa
File:                     omgE0982MeyxbKfgihXWQnVXnOs.roa (raw, json)
Hash identifier:          97lj3DHS6XOadlSBFf1Eb6XPf6yplT8G4GpHVDysZFI=
Subject key identifier:   A2:68:04:D3:DF:36:31:EC:B1:6C:A7:E0:8A:15:D6:42:75:57:9C:EB
Certificate issuer:       /CN=e099ee07822ef2ace9c356f7b42caeaff25c9692
Certificate serial:       0191BC9144A738527082AA6BB68AB061CA34
Authority key identifier: E0:99:EE:07:82:2E:F2:AC:E9:C3:56:F7:B4:2C:AE:AF:F2:5C:96:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4JnuB4Iu8qzpw1b3tCyur_JclpI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/9732bb-f590-4194-85be-d069f17602b6/1/omgE0982MeyxbKfgihXWQnVXnOs.roa
Signing time:             Wed 04 Sep 2024 10:25:22 +0000
ROA not before:           Wed 04 Sep 2024 10:25:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199681
IP address blocks:        2a14:6980:30::/44 maxlen: 44
                          2a14:6980:30::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/9732bb-f590-4194-85be-d069f17602b6/1/4JnuB4Iu8qzpw1b3tCyur_JclpI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/9732bb-f590-4194-85be-d069f17602b6/1/4JnuB4Iu8qzpw1b3tCyur_JclpI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4JnuB4Iu8qzpw1b3tCyur_JclpI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:bc:91:44:a7:38:52:70:82:aa:6b:b6:8a:b0:61:ca:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e099ee07822ef2ace9c356f7b42caeaff25c9692
        Validity
            Not Before: Sep  4 10:25:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a26804d3df3631ecb16ca7e08a15d64275579ceb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:92:cb:33:b9:ed:ed:80:91:66:aa:ee:b6:fa:
                    0d:c9:58:18:78:ec:df:fc:5f:cc:eb:44:93:81:ba:
                    84:c5:c6:e2:19:ee:3f:c8:13:32:44:ed:0f:46:79:
                    dd:47:74:b9:46:78:3b:04:21:77:07:14:32:d7:16:
                    89:f8:cd:f2:64:08:7d:b7:32:fe:1f:62:cd:58:cf:
                    3b:7d:fc:b3:c1:21:4e:3c:17:4e:a5:97:2b:9e:29:
                    ca:e6:2c:75:9d:b8:10:e2:e3:a6:f8:72:f3:1f:6f:
                    7f:da:fe:44:8a:a3:c4:66:f2:a8:59:39:99:15:5c:
                    26:5c:83:15:09:da:81:31:6c:68:1e:20:de:cb:c0:
                    d9:61:e1:45:3a:ce:3e:76:9f:97:6e:87:69:94:a0:
                    07:c1:4e:91:c3:48:9f:55:af:64:3d:77:c6:73:d6:
                    0e:17:87:37:fe:f2:11:b0:09:48:70:70:b7:58:ab:
                    28:c4:4f:8b:59:62:5b:c6:85:27:0d:bf:bd:64:a1:
                    9d:84:32:bf:08:b9:c2:ff:fc:f0:85:cf:0b:ed:71:
                    69:21:c6:5b:28:e9:aa:ab:8b:30:f1:61:36:64:a3:
                    f8:9e:09:c9:87:d5:ad:41:fd:75:82:fd:54:93:7e:
                    06:e4:a8:5b:38:4e:dd:78:45:77:cd:55:b3:2f:5b:
                    62:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:68:04:D3:DF:36:31:EC:B1:6C:A7:E0:8A:15:D6:42:75:57:9C:EB
            X509v3 Authority Key Identifier:
                keyid:E0:99:EE:07:82:2E:F2:AC:E9:C3:56:F7:B4:2C:AE:AF:F2:5C:96:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4JnuB4Iu8qzpw1b3tCyur_JclpI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/9732bb-f590-4194-85be-d069f17602b6/1/omgE0982MeyxbKfgihXWQnVXnOs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/9732bb-f590-4194-85be-d069f17602b6/1/4JnuB4Iu8qzpw1b3tCyur_JclpI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:6980:30::/44

    Signature Algorithm: sha256WithRSAEncryption
         8a:57:53:67:2e:4d:c6:6a:3b:47:62:93:8e:a9:98:59:e6:73:
         35:34:0e:df:ef:67:2e:7e:25:f7:ab:1e:cd:9c:44:3b:2a:2d:
         f9:27:5d:58:e2:f2:88:20:93:51:bc:3e:09:24:67:97:dd:36:
         c2:e2:c3:20:7b:6e:5a:4b:a4:1b:9d:76:df:29:a8:d3:6a:21:
         8b:d2:7e:6b:a2:df:c4:56:00:77:3c:31:fb:ae:9d:8e:6d:1a:
         2d:44:03:62:d8:23:99:a2:87:95:75:51:03:e5:86:da:ac:e1:
         90:fb:ae:7c:6f:0b:8d:cf:48:58:07:83:7a:bb:cd:6b:7c:2f:
         28:1c:1d:51:1a:c0:ac:e9:f7:c8:00:15:93:a9:98:0c:88:76:
         fe:dd:19:2e:5f:59:65:b4:7f:73:3c:d5:c2:f5:83:f0:c5:0c:
         fc:e0:f2:d4:ca:94:11:a7:7b:54:35:b8:30:cc:82:a8:cd:42:
         c1:75:4f:e1:5a:3f:24:18:9a:19:e4:bf:ee:9b:57:35:f3:cd:
         a4:00:87:39:9a:e9:77:ba:1e:8c:68:dd:66:61:ad:29:67:b7:
         f1:56:3b:c6:b1:f4:d7:20:1b:87:73:b5:66:80:cd:20:e4:90:
         32:30:60:89:2b:d9:83:c9:a4:a3:42:e7:93:79:23:02:6a:e0:
         22:11:1e:95
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZG8kUSnOFJwgqprtoqwYco0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwOTllZTA3ODIyZWYyYWNlOWMzNTZmN2I0MmNhZWFmZjI1
Yzk2OTIwHhcNMjQwOTA0MTAyNTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjY4MDRkM2RmMzYzMWVjYjE2Y2E3ZTA4YTE1ZDY0Mjc1NTc5Y2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2pLLM7nt7YCRZqrutvoNyVgYeOzf
/F/M60STgbqExcbiGe4/yBMyRO0PRnndR3S5Rng7BCF3BxQy1xaJ+M3yZAh9tzL+
H2LNWM87ffyzwSFOPBdOpZcrninK5ix1nbgQ4uOm+HLzH29/2v5EiqPEZvKoWTmZ
FVwmXIMVCdqBMWxoHiDey8DZYeFFOs4+dp+XbodplKAHwU6Rw0ifVa9kPXfGc9YO
F4c3/vIRsAlIcHC3WKsoxE+LWWJbxoUnDb+9ZKGdhDK/CLnC//zwhc8L7XFpIcZb
KOmqq4sw8WE2ZKP4ngnJh9WtQf11gv1Uk34G5KhbOE7deEV3zVWzL1tiwwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKJoBNPfNjHssWyn4IoV1kJ1V5zrMB8GA1UdIwQY
MBaAFOCZ7geCLvKs6cNW97Qsrq/yXJaSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEpudUI0SXU4cXpwdzFiM3RDeXVyX0pjbHBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC85NzMyYmItZjU5MC00MTk0LTg1YmUt
ZDA2OWYxNzYwMmI2LzEvb21nRTA5ODJNZXl4YktmZ2loWFdRblZYbk9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC85NzMyYmItZjU5MC00MTk0LTg1YmUtZDA2OWYxNzYwMmI2
LzEvNEpudUI0SXU4cXpwdzFiM3RDeXVyX0pjbHBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhRpgAAw
MA0GCSqGSIb3DQEBCwUAA4IBAQCKV1NnLk3GajtHYpOOqZhZ5nM1NA7f72cufiX3
qx7NnEQ7Ki35J11Y4vKIIJNRvD4JJGeX3TbC4sMge25aS6QbnXbfKajTaiGL0n5r
ot/EVgB3PDH7rp2ObRotRANi2COZooeVdVED5YbarOGQ+658bwuNz0hYB4N6u81r
fC8oHB1RGsCs6ffIABWTqZgMiHb+3RkuX1lltH9zPNXC9YPwxQz84PLUypQRp3tU
NbgwzIKozULBdU/hWj8kGJoZ5L/um1c1882kAIc5mul3uh6MaN1mYa0pZ7fxVjvG
sfTXIBuHc7VmgM0g5JAyMGCJK9mDyaSjQueTeSMCauAiER6V
-----END CERTIFICATE-----