Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/b97294-2802-4d05-9155-1098d6d88de8/1/iTzUuZx0HwvqfLcyDDg_Dxacs-A.roa
File:                     iTzUuZx0HwvqfLcyDDg_Dxacs-A.roa (raw, json)
Hash identifier:          puj2F1ziRtMpn4iqX04hr6TIatZ28+5TtSXY3+7QjY8=
Subject key identifier:   89:3C:D4:B9:9C:74:1F:0B:EA:7C:B7:32:0C:38:3F:0F:16:9C:B3:E0
Certificate issuer:       /CN=13ea78b28f054f72f5226ae3ec454980ed2a10c9
Certificate serial:       018CC2DAE10F73F05F4CB00087169E7530B0
Authority key identifier: 13:EA:78:B2:8F:05:4F:72:F5:22:6A:E3:EC:45:49:80:ED:2A:10:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E-p4so8FT3L1Imrj7EVJgO0qEMk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/b97294-2802-4d05-9155-1098d6d88de8/1/iTzUuZx0HwvqfLcyDDg_Dxacs-A.roa
Signing time:             Mon 01 Jan 2024 02:29:33 +0000
ROA not before:           Mon 01 Jan 2024 02:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8456
IP address blocks:        161.9.144.0/21 maxlen: 24
                          161.9.147.0/24 maxlen: 24
                          161.9.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/b97294-2802-4d05-9155-1098d6d88de8/1/E-p4so8FT3L1Imrj7EVJgO0qEMk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/b97294-2802-4d05-9155-1098d6d88de8/1/E-p4so8FT3L1Imrj7EVJgO0qEMk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E-p4so8FT3L1Imrj7EVJgO0qEMk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 12:54:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e1:0f:73:f0:5f:4c:b0:00:87:16:9e:75:30:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13ea78b28f054f72f5226ae3ec454980ed2a10c9
        Validity
            Not Before: Jan  1 02:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=893cd4b99c741f0bea7cb7320c383f0f169cb3e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:68:4d:87:44:da:26:ac:27:02:c4:82:31:93:
                    a4:2e:18:bf:bf:73:6b:fe:04:99:9c:ac:68:17:70:
                    77:fe:84:47:98:f2:1f:4f:9f:9c:9f:2b:b9:fa:9d:
                    66:96:58:fa:5d:39:f5:59:6e:6a:bc:72:c6:b4:75:
                    58:25:99:e3:f1:43:0d:c0:e1:b9:c3:75:a6:be:54:
                    97:35:bd:b9:eb:74:50:53:5e:6c:ae:e8:50:6c:77:
                    3d:9f:df:d3:bb:29:43:26:04:06:9b:1c:22:a4:b5:
                    1e:f3:1b:42:48:47:11:dc:07:00:c1:1e:d7:01:61:
                    07:ac:7f:7c:da:1e:ab:b8:5e:35:f0:f3:1e:7f:71:
                    b9:b3:f7:9e:e7:ff:99:6a:59:85:9f:88:21:50:cd:
                    4a:c9:2e:87:58:6f:05:5a:cf:dc:0d:0f:05:e1:af:
                    1b:b6:94:8e:4d:d7:74:13:6e:ea:53:46:5b:5a:2d:
                    1f:6f:af:a5:91:af:88:af:da:ef:12:2c:54:d1:c9:
                    e1:3a:c7:1b:71:74:0f:9e:9b:7c:d5:12:d8:20:44:
                    b6:ca:27:57:dc:51:e1:92:67:c6:52:57:48:21:cd:
                    73:87:1c:bf:0e:f9:b5:d3:14:95:ce:7c:41:e3:7c:
                    f1:34:fb:80:48:ff:e7:ca:e3:80:51:f8:61:6b:eb:
                    4a:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:3C:D4:B9:9C:74:1F:0B:EA:7C:B7:32:0C:38:3F:0F:16:9C:B3:E0
            X509v3 Authority Key Identifier:
                keyid:13:EA:78:B2:8F:05:4F:72:F5:22:6A:E3:EC:45:49:80:ED:2A:10:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E-p4so8FT3L1Imrj7EVJgO0qEMk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/b97294-2802-4d05-9155-1098d6d88de8/1/iTzUuZx0HwvqfLcyDDg_Dxacs-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/b97294-2802-4d05-9155-1098d6d88de8/1/E-p4so8FT3L1Imrj7EVJgO0qEMk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.9.144.0/21
                  161.9.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:b0:81:a9:40:eb:c7:fe:23:b9:f8:a3:08:3f:60:20:27:62:
         b6:20:c9:58:e2:0f:bd:26:55:19:69:de:04:00:dc:d9:97:41:
         b5:6e:ad:48:d5:9b:93:e5:0f:ef:99:38:51:a6:ac:3d:a7:55:
         70:a5:cb:6b:0c:33:ea:06:7b:74:c2:9e:84:35:59:16:88:5e:
         ef:fb:0b:fe:e6:0e:54:b0:78:15:93:33:a7:69:9e:66:a6:2a:
         3f:62:73:22:05:05:51:52:a4:97:c6:27:a0:6a:26:37:5a:58:
         f2:ab:d1:bd:a2:4b:0c:cf:b8:53:55:83:ac:5b:a9:b4:31:a0:
         e7:92:f9:fb:98:cb:52:21:ca:db:ca:89:cf:4d:5d:43:fd:4d:
         6f:e3:3c:df:b6:7b:33:95:80:86:fd:ed:cb:6c:6e:8d:79:ab:
         be:53:20:08:f7:7e:40:8e:0c:b5:17:27:cc:1b:57:4b:3b:66:
         b3:e0:02:14:ad:58:db:c7:a3:b3:7e:67:7a:51:f1:42:73:b9:
         ef:f7:9a:78:3c:63:26:e8:d8:55:d4:bc:fb:fc:33:8d:7e:4b:
         94:4e:9b:30:d2:c5:7b:24:04:eb:4c:a0:24:9e:3a:26:3e:2b:
         4d:c2:a8:1b:82:b8:4c:65:35:4c:51:1f:4f:3a:f1:71:5e:3f:
         43:6e:8f:81
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2uEPc/BfTLAAhxaedTCwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzZWE3OGIyOGYwNTRmNzJmNTIyNmFlM2VjNDU0OTgwZWQy
YTEwYzkwHhcNMjQwMTAxMDIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTNjZDRiOTljNzQxZjBiZWE3Y2I3MzIwYzM4M2YwZjE2OWNiM2UwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwWhNh0TaJqwnAsSCMZOkLhi/v3Nr
/gSZnKxoF3B3/oRHmPIfT5+cnyu5+p1mllj6XTn1WW5qvHLGtHVYJZnj8UMNwOG5
w3WmvlSXNb2563RQU15sruhQbHc9n9/TuylDJgQGmxwipLUe8xtCSEcR3AcAwR7X
AWEHrH982h6ruF418PMef3G5s/ee5/+ZalmFn4ghUM1KyS6HWG8FWs/cDQ8F4a8b
tpSOTdd0E27qU0ZbWi0fb6+lka+Ir9rvEixU0cnhOscbcXQPnpt81RLYIES2yidX
3FHhkmfGUldIIc1zhxy/Dvm10xSVznxB43zxNPuASP/nyuOAUfhha+tK4QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIk81LmcdB8L6ny3Mgw4Pw8WnLPgMB8GA1UdIwQY
MBaAFBPqeLKPBU9y9SJq4+xFSYDtKhDJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRS1wNHNvOEZUM0wxSW1yajdFVkpnTzBxRU1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9iOTcyOTQtMjgwMi00ZDA1LTkxNTUt
MTA5OGQ2ZDg4ZGU4LzEvaVR6VXVaeDBId3ZxZkxjeUREZ19EeGFjcy1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9iOTcyOTQtMjgwMi00ZDA1LTkxNTUtMTA5OGQ2ZDg4ZGU4
LzEvRS1wNHNvOEZUM0wxSW1yajdFVkpnTzBxRU1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDoQmQAwQA
oQmaMA0GCSqGSIb3DQEBCwUAA4IBAQBjsIGpQOvH/iO5+KMIP2AgJ2K2IMlY4g+9
JlUZad4EANzZl0G1bq1I1ZuT5Q/vmThRpqw9p1VwpctrDDPqBnt0wp6ENVkWiF7v
+wv+5g5UsHgVkzOnaZ5mpio/YnMiBQVRUqSXxiegaiY3Wljyq9G9oksMz7hTVYOs
W6m0MaDnkvn7mMtSIcrbyonPTV1D/U1v4zzftnszlYCG/e3LbG6Neau+UyAI935A
jgy1FyfMG1dLO2az4AIUrVjbx6Ozfmd6UfFCc7nv95p4PGMm6NhV1Lz7/DONfkuU
Tpsw0sV7JATrTKAknjomPitNwqgbgrhMZTVMUR9POvFxXj9Dbo+B
-----END CERTIFICATE-----