Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/b9cf3b-9572-4992-b247-01208d86ddcc/1/lnnH4X1ZrGwPNnvTUd0ZYBX8J0w.roa
File:                     lnnH4X1ZrGwPNnvTUd0ZYBX8J0w.roa (raw, json)
Hash identifier:          VWDtmHEQQ1Hc5ciMRNbCJPVttQLT8LvyNT8hbDDW2VM=
Subject key identifier:   96:79:C7:E1:7D:59:AC:6C:0F:36:7B:D3:51:DD:19:60:15:FC:27:4C
Certificate issuer:       /CN=982a541d5ac8ff7bb0408c7434ac1012eff73cb5
Certificate serial:       018CC8DEB49EB884DC8C7912682A25E9B79F
Authority key identifier: 98:2A:54:1D:5A:C8:FF:7B:B0:40:8C:74:34:AC:10:12:EF:F7:3C:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCpUHVrI_3uwQIx0NKwQEu_3PLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/b9cf3b-9572-4992-b247-01208d86ddcc/1/lnnH4X1ZrGwPNnvTUd0ZYBX8J0w.roa
Signing time:             Tue 02 Jan 2024 06:31:27 +0000
ROA not before:           Tue 02 Jan 2024 06:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        134.28.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/b9cf3b-9572-4992-b247-01208d86ddcc/1/mCpUHVrI_3uwQIx0NKwQEu_3PLU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/b9cf3b-9572-4992-b247-01208d86ddcc/1/mCpUHVrI_3uwQIx0NKwQEu_3PLU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCpUHVrI_3uwQIx0NKwQEu_3PLU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:b4:9e:b8:84:dc:8c:79:12:68:2a:25:e9:b7:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982a541d5ac8ff7bb0408c7434ac1012eff73cb5
        Validity
            Not Before: Jan  2 06:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9679c7e17d59ac6c0f367bd351dd196015fc274c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:5e:d4:bb:1d:c5:f3:27:12:64:70:01:60:ed:
                    79:29:c5:eb:d3:d6:ad:94:61:7e:2e:e4:7c:2a:bf:
                    57:b1:f2:0b:8c:3c:e8:4e:82:25:a0:94:86:9d:c8:
                    e3:2d:c7:d2:85:d5:8b:a6:5e:99:83:b5:84:94:62:
                    e8:fc:7e:28:0c:8d:48:07:3f:e5:42:15:57:59:24:
                    56:c3:87:07:e5:f4:ca:b2:1f:31:3f:fe:71:49:09:
                    65:4a:15:66:b7:99:73:54:68:b9:3c:00:d8:35:8c:
                    00:9f:32:d5:fb:85:78:06:44:7d:5f:28:ca:f4:fe:
                    ce:62:97:cb:4d:a2:8a:35:0c:84:ba:b3:c3:4b:49:
                    51:ff:0e:24:38:7e:b6:f3:07:db:88:83:41:b8:17:
                    b3:f3:e0:fb:80:f3:69:31:e9:10:07:b2:89:32:56:
                    28:4f:36:91:66:36:04:33:74:0a:31:76:22:1e:7f:
                    48:65:2b:b9:79:e3:a0:2e:c1:b6:80:34:5c:93:46:
                    f8:b7:e7:86:c0:4c:08:ab:cb:67:94:05:37:22:fc:
                    b9:13:1f:b5:5c:17:58:e6:f4:64:84:e8:b4:d0:70:
                    4e:4d:ba:20:ad:2e:f4:3f:9e:a2:39:f2:7d:29:3d:
                    4f:b1:05:82:67:c5:ff:4c:8f:2e:cd:0d:9b:f1:4a:
                    b8:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:79:C7:E1:7D:59:AC:6C:0F:36:7B:D3:51:DD:19:60:15:FC:27:4C
            X509v3 Authority Key Identifier:
                keyid:98:2A:54:1D:5A:C8:FF:7B:B0:40:8C:74:34:AC:10:12:EF:F7:3C:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCpUHVrI_3uwQIx0NKwQEu_3PLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/b9cf3b-9572-4992-b247-01208d86ddcc/1/lnnH4X1ZrGwPNnvTUd0ZYBX8J0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/b9cf3b-9572-4992-b247-01208d86ddcc/1/mCpUHVrI_3uwQIx0NKwQEu_3PLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.28.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         24:d2:52:4a:02:7c:66:a6:22:a6:ef:22:4a:6c:f3:35:eb:ad:
         76:2b:57:01:83:ae:43:b0:8e:27:05:f0:df:c0:c0:d9:ad:86:
         53:30:28:c8:e6:df:f4:ef:0d:65:25:b9:b1:0c:23:61:45:f2:
         bc:e3:d4:b1:da:98:cd:86:f4:6e:dd:55:47:12:bb:ce:9a:e9:
         bc:fa:68:d5:e1:7a:da:02:e4:0a:5d:60:bc:07:ed:71:e1:11:
         8f:d0:64:10:95:6f:50:68:76:0f:b8:c8:b1:db:ed:11:58:ca:
         a0:fe:44:28:9b:59:b4:b6:f0:2e:fe:bd:0a:19:06:51:73:3f:
         51:40:19:45:68:aa:36:d6:a1:b1:6e:f8:69:f4:3f:55:68:a4:
         43:f4:d1:48:c7:ef:1a:b4:25:b2:b8:de:a5:b8:89:dc:4d:7a:
         5f:20:c3:ea:44:81:3d:77:2e:ca:9f:5f:f2:f4:5d:b9:e2:1c:
         09:7c:e9:90:d5:86:8a:a1:98:59:e7:69:31:e0:5b:28:6d:19:
         88:84:6c:dc:de:7b:a2:4a:5e:d7:ad:f3:02:0b:a1:bd:fa:ae:
         18:02:9b:70:9f:66:df:b3:8a:3b:dc:23:1e:b5:f2:93:12:5b:
         dc:d9:26:72:4d:d3:74:92:7b:5f:f0:51:24:2e:e6:c1:a3:e3:
         b8:20:e2:ca
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzI3rSeuITcjHkSaCol6befMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmE1NDFkNWFjOGZmN2JiMDQwOGM3NDM0YWMxMDEyZWZm
NzNjYjUwHhcNMjQwMTAyMDYzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Njc5YzdlMTdkNTlhYzZjMGYzNjdiZDM1MWRkMTk2MDE1ZmMyNzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArl7Uux3F8ycSZHABYO15KcXr09at
lGF+LuR8Kr9XsfILjDzoToIloJSGncjjLcfShdWLpl6Zg7WElGLo/H4oDI1IBz/l
QhVXWSRWw4cH5fTKsh8xP/5xSQllShVmt5lzVGi5PADYNYwAnzLV+4V4BkR9XyjK
9P7OYpfLTaKKNQyEurPDS0lR/w4kOH628wfbiINBuBez8+D7gPNpMekQB7KJMlYo
TzaRZjYEM3QKMXYiHn9IZSu5eeOgLsG2gDRck0b4t+eGwEwIq8tnlAU3Ivy5Ex+1
XBdY5vRkhOi00HBOTbogrS70P56iOfJ9KT1PsQWCZ8X/TI8uzQ2b8Uq4QwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFJZ5x+F9WaxsDzZ701HdGWAV/CdMMB8GA1UdIwQY
MBaAFJgqVB1ayP97sECMdDSsEBLv9zy1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUNwVUhWcklfM3V3UUl4ME5Ld1FFdV8zUExVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9iOWNmM2ItOTU3Mi00OTkyLWIyNDct
MDEyMDhkODZkZGNjLzEvbG5uSDRYMVpyR3dQTm52VFVkMFpZQlg4SjB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9iOWNmM2ItOTU3Mi00OTkyLWIyNDctMDEyMDhkODZkZGNj
LzEvbUNwVUhWcklfM3V3UUl4ME5Ld1FFdV8zUExVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAhhwwDQYJ
KoZIhvcNAQELBQADggEBACTSUkoCfGamIqbvIkps8zXrrXYrVwGDrkOwjicF8N/A
wNmthlMwKMjm3/TvDWUlubEMI2FF8rzj1LHamM2G9G7dVUcSu86a6bz6aNXhetoC
5ApdYLwH7XHhEY/QZBCVb1Bodg+4yLHb7RFYyqD+RCibWbS28C7+vQoZBlFzP1FA
GUVoqjbWobFu+Gn0P1VopEP00UjH7xq0JbK43qW4idxNel8gw+pEgT13LsqfX/L0
XbniHAl86ZDVhoqhmFnnaTHgWyhtGYiEbNzee6JKXtet8wILob36rhgCm3CfZt+z
ijvcIx618pMSW9zZJnJN03SSe1/wUSQu5sGj47gg4so=
-----END CERTIFICATE-----