Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/b9cf3b-9572-4992-b247-01208d86ddcc/1/V-MtEFAl-wCRS2pESKzV6P6YTGg.roa
File:                     V-MtEFAl-wCRS2pESKzV6P6YTGg.roa (raw, json)
Hash identifier:          eJVKgFjZ3+wJXzgqDKuQr6XkPa6E31J6OO87/ztXlAY=
Subject key identifier:   57:E3:2D:10:50:25:FB:00:91:4B:6A:44:48:AC:D5:E8:FE:98:4C:68
Certificate issuer:       /CN=982a541d5ac8ff7bb0408c7434ac1012eff73cb5
Certificate serial:       019427B604F407CBB60566482E748CF24205
Authority key identifier: 98:2A:54:1D:5A:C8:FF:7B:B0:40:8C:74:34:AC:10:12:EF:F7:3C:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCpUHVrI_3uwQIx0NKwQEu_3PLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/b9cf3b-9572-4992-b247-01208d86ddcc/1/V-MtEFAl-wCRS2pESKzV6P6YTGg.roa
Signing time:             Thu 02 Jan 2025 15:50:27 +0000
ROA not before:           Thu 02 Jan 2025 15:50:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        134.28.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/b9cf3b-9572-4992-b247-01208d86ddcc/1/mCpUHVrI_3uwQIx0NKwQEu_3PLU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/b9cf3b-9572-4992-b247-01208d86ddcc/1/mCpUHVrI_3uwQIx0NKwQEu_3PLU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCpUHVrI_3uwQIx0NKwQEu_3PLU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:04:f4:07:cb:b6:05:66:48:2e:74:8c:f2:42:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982a541d5ac8ff7bb0408c7434ac1012eff73cb5
        Validity
            Not Before: Jan  2 15:50:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=57e32d105025fb00914b6a4448acd5e8fe984c68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:b8:e2:d3:9b:25:4c:4a:da:70:b0:ff:5e:12:
                    84:03:58:37:d9:a0:30:01:13:ff:9c:4f:a0:85:62:
                    32:a6:5f:7d:6e:dc:c8:6c:c9:e7:3c:38:3c:b4:15:
                    95:6c:e5:aa:49:25:fa:86:ed:c3:da:15:c5:53:39:
                    63:80:1d:73:00:e3:60:a7:ad:32:26:7c:77:d5:43:
                    3e:be:95:e5:e7:21:6c:c2:08:cf:d8:c1:3e:ea:d8:
                    74:17:12:04:70:00:3a:5f:aa:6d:1d:98:2d:35:19:
                    7e:47:20:de:c5:35:aa:e5:bf:bd:24:67:3e:a9:b6:
                    8e:2c:ab:c6:e5:b6:9a:65:f7:8b:bf:e2:e7:8e:40:
                    89:0d:b5:5d:ea:59:61:7d:ab:d7:38:0a:3c:42:3e:
                    d3:86:bf:08:f5:8d:29:05:7b:6e:b8:55:3d:c3:91:
                    f4:53:24:8b:44:c3:5b:a9:45:6a:2b:ea:fe:e8:0d:
                    c0:50:88:91:ca:45:be:af:c3:ff:65:a3:03:6a:dd:
                    20:27:24:96:ec:d3:59:92:8b:d6:13:01:fa:29:da:
                    bc:1d:b7:87:fc:23:4d:27:f8:31:61:1e:f5:75:db:
                    80:20:3b:7f:32:68:36:8f:c7:71:73:5b:23:a4:24:
                    2e:9b:71:9a:6d:4e:21:77:d1:c8:37:d9:ed:bf:03:
                    17:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:E3:2D:10:50:25:FB:00:91:4B:6A:44:48:AC:D5:E8:FE:98:4C:68
            X509v3 Authority Key Identifier:
                keyid:98:2A:54:1D:5A:C8:FF:7B:B0:40:8C:74:34:AC:10:12:EF:F7:3C:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCpUHVrI_3uwQIx0NKwQEu_3PLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/b9cf3b-9572-4992-b247-01208d86ddcc/1/V-MtEFAl-wCRS2pESKzV6P6YTGg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/b9cf3b-9572-4992-b247-01208d86ddcc/1/mCpUHVrI_3uwQIx0NKwQEu_3PLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.28.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         18:f6:a3:2f:95:b1:91:01:4a:87:0c:fb:41:74:c3:36:97:1a:
         a8:63:bf:9b:fc:1d:bf:8d:b6:61:35:40:be:10:40:f0:9c:54:
         9e:91:45:3d:cb:8b:6d:7e:f1:2d:11:f7:d0:84:4a:45:65:18:
         07:4f:28:18:0a:97:4b:38:a0:af:8f:12:3c:2e:41:ae:29:3e:
         9e:31:68:9f:2d:9b:10:1d:1c:ae:8b:ac:56:6e:2b:d6:c9:ab:
         96:ac:4d:77:28:47:94:a3:b7:5b:92:31:b5:c4:1e:72:e0:23:
         5c:8c:7f:d0:b1:bf:54:2e:b0:aa:22:13:c1:c4:2f:09:44:3e:
         ae:07:7b:64:37:69:ee:08:71:9f:95:e3:a9:f6:9c:ad:10:c5:
         8d:1c:d6:af:51:c2:bf:d2:14:e5:7c:a1:0e:c0:b5:44:e7:0e:
         d0:00:4a:e4:14:5b:41:37:90:f1:34:ec:0b:f9:4e:e7:a9:1f:
         70:84:81:97:c6:a9:de:7b:de:4d:61:49:68:cb:2d:d6:a0:61:
         3c:37:c2:b4:6b:63:81:0b:15:a7:a0:cb:c9:80:ae:a8:16:92:
         45:da:d9:37:95:49:02:4f:0d:27:da:82:e8:1d:94:3b:46:6e:
         5f:42:77:b4:6c:ae:0b:72:b1:4d:06:59:a9:9b:5d:9e:0b:63:
         1e:1a:31:c3
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQntgT0B8u2BWZILnSM8kIFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmE1NDFkNWFjOGZmN2JiMDQwOGM3NDM0YWMxMDEyZWZm
NzNjYjUwHhcNMjUwMTAyMTU1MDI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2UzMmQxMDUwMjVmYjAwOTE0YjZhNDQ0OGFjZDVlOGZlOTg0YzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLji05slTEracLD/XhKEA1g32aAw
ARP/nE+ghWIypl99btzIbMnnPDg8tBWVbOWqSSX6hu3D2hXFUzljgB1zAONgp60y
Jnx31UM+vpXl5yFswgjP2ME+6th0FxIEcAA6X6ptHZgtNRl+RyDexTWq5b+9JGc+
qbaOLKvG5baaZfeLv+LnjkCJDbVd6llhfavXOAo8Qj7Thr8I9Y0pBXtuuFU9w5H0
UySLRMNbqUVqK+r+6A3AUIiRykW+r8P/ZaMDat0gJySW7NNZkovWEwH6Kdq8HbeH
/CNNJ/gxYR71dduAIDt/Mmg2j8dxc1sjpCQum3GabU4hd9HIN9ntvwMXzwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFFfjLRBQJfsAkUtqREis1ej+mExoMB8GA1UdIwQY
MBaAFJgqVB1ayP97sECMdDSsEBLv9zy1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUNwVUhWcklfM3V3UUl4ME5Ld1FFdV8zUExVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9iOWNmM2ItOTU3Mi00OTkyLWIyNDct
MDEyMDhkODZkZGNjLzEvVi1NdEVGQWwtd0NSUzJwRVNLelY2UDZZVEdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9iOWNmM2ItOTU3Mi00OTkyLWIyNDctMDEyMDhkODZkZGNj
LzEvbUNwVUhWcklfM3V3UUl4ME5Ld1FFdV8zUExVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAhhwwDQYJ
KoZIhvcNAQELBQADggEBABj2oy+VsZEBSocM+0F0wzaXGqhjv5v8Hb+NtmE1QL4Q
QPCcVJ6RRT3Li21+8S0R99CESkVlGAdPKBgKl0s4oK+PEjwuQa4pPp4xaJ8tmxAd
HK6LrFZuK9bJq5asTXcoR5Sjt1uSMbXEHnLgI1yMf9Cxv1QusKoiE8HELwlEPq4H
e2Q3ae4IcZ+V46n2nK0QxY0c1q9Rwr/SFOV8oQ7AtUTnDtAASuQUW0E3kPE07Av5
TuepH3CEgZfGqd573k1hSWjLLdagYTw3wrRrY4ELFaegy8mArqgWkkXa2TeVSQJP
DSfagugdlDtGbl9Cd7RsrgtysU0GWambXZ4LYx4aMcM=
-----END CERTIFICATE-----