Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/9b674c-3657-4c25-9953-3f7040997682/1/mlPXuhxgVLlKX9aYc5OPLAgsSQc.roa
File:                     mlPXuhxgVLlKX9aYc5OPLAgsSQc.roa (raw, json)
Hash identifier:          h8FN9mPOez/pS0QGnCj7X60nJCWxfw4d3j2+IxRxJaM=
Subject key identifier:   9A:53:D7:BA:1C:60:54:B9:4A:5F:D6:98:73:93:8F:2C:08:2C:49:07
Certificate issuer:       /CN=e6234ed3d8ca96dc518d35c1e7c92bebfcf6ce4d
Certificate serial:       018CC8010AC6074126C5F87973330B64393C
Authority key identifier: E6:23:4E:D3:D8:CA:96:DC:51:8D:35:C1:E7:C9:2B:EB:FC:F6:CE:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5iNO09jKltxRjTXB58kr6_z2zk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/9b674c-3657-4c25-9953-3f7040997682/1/mlPXuhxgVLlKX9aYc5OPLAgsSQc.roa
Signing time:             Tue 02 Jan 2024 02:29:20 +0000
ROA not before:           Tue 02 Jan 2024 02:29:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137
IP address blocks:        151.97.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/9b674c-3657-4c25-9953-3f7040997682/1/5iNO09jKltxRjTXB58kr6_z2zk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/9b674c-3657-4c25-9953-3f7040997682/1/5iNO09jKltxRjTXB58kr6_z2zk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5iNO09jKltxRjTXB58kr6_z2zk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:0a:c6:07:41:26:c5:f8:79:73:33:0b:64:39:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e6234ed3d8ca96dc518d35c1e7c92bebfcf6ce4d
        Validity
            Not Before: Jan  2 02:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9a53d7ba1c6054b94a5fd69873938f2c082c4907
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:3c:49:a7:96:b9:38:2e:83:bf:49:b7:6c:ce:
                    de:61:f8:b2:77:23:21:cc:88:b3:93:b4:d4:cd:8e:
                    d9:84:29:40:a9:3c:02:94:7d:50:d8:38:49:20:57:
                    db:e2:32:d8:1b:1c:ab:44:4b:9b:00:ff:95:ef:9b:
                    ff:d1:e9:61:a7:42:71:bf:68:e9:0f:fd:6c:b0:a3:
                    09:d4:dd:90:34:45:84:66:76:e1:f8:47:98:5b:26:
                    17:ff:29:4b:66:75:01:03:2e:69:73:49:27:ef:fc:
                    c1:63:d1:8d:7a:9e:61:a6:35:05:bd:8a:a5:a0:4c:
                    a1:ff:d1:61:94:22:f2:79:5b:2f:f6:1f:f7:70:84:
                    93:4f:c8:59:0b:18:c5:98:3c:83:a5:30:8b:3b:84:
                    cc:eb:7c:89:6a:01:7d:b5:2e:2b:f6:9e:4b:8f:a5:
                    45:d8:69:27:db:83:1a:4c:bd:de:0b:34:0c:8d:33:
                    42:4e:92:14:91:0d:dd:c5:1c:a2:dc:e7:ed:9b:22:
                    66:3e:d4:c7:6c:4e:26:9c:00:d1:27:cb:77:7c:1d:
                    68:17:f3:01:e4:f0:24:6c:5c:2b:bd:8b:7a:67:b1:
                    bb:b6:b1:46:f7:4d:03:ee:16:8f:65:33:e8:d9:fb:
                    df:30:95:92:54:27:e7:16:fb:4f:a7:3b:f2:7c:e3:
                    d5:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:53:D7:BA:1C:60:54:B9:4A:5F:D6:98:73:93:8F:2C:08:2C:49:07
            X509v3 Authority Key Identifier:
                keyid:E6:23:4E:D3:D8:CA:96:DC:51:8D:35:C1:E7:C9:2B:EB:FC:F6:CE:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5iNO09jKltxRjTXB58kr6_z2zk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/9b674c-3657-4c25-9953-3f7040997682/1/mlPXuhxgVLlKX9aYc5OPLAgsSQc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/9b674c-3657-4c25-9953-3f7040997682/1/5iNO09jKltxRjTXB58kr6_z2zk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.97.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         9a:99:b8:65:6e:a6:bb:80:c0:81:47:89:0d:7d:a3:06:fa:94:
         a6:aa:57:f5:82:10:5c:91:9b:7e:59:6d:eb:18:5c:c4:f5:0f:
         ec:30:91:4c:1d:70:95:48:bb:b6:e5:c4:7c:f4:72:03:58:e6:
         fb:cd:62:62:8d:9d:d5:34:ca:3f:c4:97:71:4a:dd:3c:a0:69:
         f4:42:39:41:c8:a2:e7:0b:ad:7f:92:d5:78:dc:e5:59:25:2d:
         4f:b2:81:38:8f:49:8d:3a:02:44:68:42:05:58:d1:e7:0d:fb:
         3b:72:32:10:1f:ba:3c:2f:a9:2c:2b:92:29:d4:d1:cc:a3:ce:
         2a:6e:5b:61:b3:91:17:66:11:71:5e:c9:2f:38:30:49:67:6f:
         86:a2:4b:a1:d7:b1:b3:d7:c5:da:9a:87:d7:59:51:a1:6c:d6:
         ae:0a:1f:a2:6e:ec:55:81:ed:41:bc:ef:1f:10:94:0d:69:3e:
         28:81:fe:a3:be:06:c6:93:b5:44:82:8f:6d:e2:8e:80:31:ec:
         bb:3b:c8:7c:c4:3a:99:2f:06:3f:01:56:34:72:1d:1b:40:f7:
         70:ee:d2:ea:54:8e:5d:bc:20:24:16:0d:ad:19:1f:8c:17:df:
         3c:e4:4e:d9:d2:05:a6:9b:de:00:e8:43:79:38:57:61:eb:e2:
         63:b1:ef:6b
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzIAQrGB0Emxfh5czMLZDk8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2MjM0ZWQzZDhjYTk2ZGM1MThkMzVjMWU3YzkyYmViZmNm
NmNlNGQwHhcNMjQwMTAyMDIyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTUzZDdiYTFjNjA1NGI5NGE1ZmQ2OTg3MzkzOGYyYzA4MmM0OTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjTxJp5a5OC6Dv0m3bM7eYfiydyMh
zIizk7TUzY7ZhClAqTwClH1Q2DhJIFfb4jLYGxyrREubAP+V75v/0elhp0Jxv2jp
D/1ssKMJ1N2QNEWEZnbh+EeYWyYX/ylLZnUBAy5pc0kn7/zBY9GNep5hpjUFvYql
oEyh/9FhlCLyeVsv9h/3cISTT8hZCxjFmDyDpTCLO4TM63yJagF9tS4r9p5Lj6VF
2Gkn24MaTL3eCzQMjTNCTpIUkQ3dxRyi3OftmyJmPtTHbE4mnADRJ8t3fB1oF/MB
5PAkbFwrvYt6Z7G7trFG900D7haPZTPo2fvfMJWSVCfnFvtPpzvyfOPVkQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFJpT17ocYFS5Sl/WmHOTjywILEkHMB8GA1UdIwQY
MBaAFOYjTtPYypbcUY01wefJK+v89s5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWlOTzA5aktsdHhSalRYQjU4a3I2X3oyemswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC85YjY3NGMtMzY1Ny00YzI1LTk5NTMt
M2Y3MDQwOTk3NjgyLzEvbWxQWHVoeGdWTGxLWDlhWWM1T1BMQWdzU1FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC85YjY3NGMtMzY1Ny00YzI1LTk5NTMtM2Y3MDQwOTk3Njgy
LzEvNWlOTzA5aktsdHhSalRYQjU4a3I2X3oyemswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAl2EwDQYJ
KoZIhvcNAQELBQADggEBAJqZuGVupruAwIFHiQ19owb6lKaqV/WCEFyRm35ZbesY
XMT1D+wwkUwdcJVIu7blxHz0cgNY5vvNYmKNndU0yj/El3FK3TygafRCOUHIoucL
rX+S1Xjc5VklLU+ygTiPSY06AkRoQgVY0ecN+ztyMhAfujwvqSwrkinU0cyjzipu
W2GzkRdmEXFeyS84MElnb4aiS6HXsbPXxdqah9dZUaFs1q4KH6Ju7FWB7UG87x8Q
lA1pPiiB/qO+BsaTtUSCj23ijoAx7Ls7yHzEOpkvBj8BVjRyHRtA93Du0upUjl28
ICQWDa0ZH4wX3zzkTtnSBaab3gDoQ3k4V2Hr4mOx72s=
-----END CERTIFICATE-----