Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/1a2fa2-eeb3-4312-9130-53cc5daf52cf/1/1Bsj6WWv6_nZ1PC51Q2ndDKt898.roa
File:                     1Bsj6WWv6_nZ1PC51Q2ndDKt898.roa (raw, json)
Hash identifier:          hhwJnbCxDtBGF4av5KaduxzAhT55MYy1bdSPb5/i454=
Subject key identifier:   D4:1B:23:E9:65:AF:EB:F9:D9:D4:F0:B9:D5:0D:A7:74:32:AD:F3:DF
Certificate issuer:       /CN=969948d0fe4d7f99d54ba8bffcd99a1a608ae0d3
Certificate serial:       018CC94E1623A95B404C0757251D31577EEB
Authority key identifier: 96:99:48:D0:FE:4D:7F:99:D5:4B:A8:BF:FC:D9:9A:1A:60:8A:E0:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lplI0P5Nf5nVS6i__NmaGmCK4NM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/1a2fa2-eeb3-4312-9130-53cc5daf52cf/1/1Bsj6WWv6_nZ1PC51Q2ndDKt898.roa
Signing time:             Tue 02 Jan 2024 08:33:07 +0000
ROA not before:           Tue 02 Jan 2024 08:33:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61157
IP address blocks:        134.97.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/1a2fa2-eeb3-4312-9130-53cc5daf52cf/1/lplI0P5Nf5nVS6i__NmaGmCK4NM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/1a2fa2-eeb3-4312-9130-53cc5daf52cf/1/lplI0P5Nf5nVS6i__NmaGmCK4NM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lplI0P5Nf5nVS6i__NmaGmCK4NM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:16:23:a9:5b:40:4c:07:57:25:1d:31:57:7e:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=969948d0fe4d7f99d54ba8bffcd99a1a608ae0d3
        Validity
            Not Before: Jan  2 08:33:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d41b23e965afebf9d9d4f0b9d50da77432adf3df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:d2:f1:af:ff:e8:69:2e:3c:7a:b2:fc:33:88:
                    6a:61:ea:99:14:c1:16:96:29:3b:db:93:b2:60:a4:
                    29:50:7e:8a:d8:22:09:b9:96:dd:63:35:f3:9c:02:
                    a1:94:b5:8b:15:48:05:54:f9:7f:2c:e1:c9:66:a6:
                    c5:76:36:88:f6:db:d4:6a:d8:be:1d:9c:65:15:ad:
                    bc:d0:40:b0:c0:41:bc:e7:9a:61:72:fc:7b:32:de:
                    4b:25:9a:f3:5f:60:fc:a7:7d:fd:14:06:8d:22:34:
                    48:35:0e:f1:db:ac:7f:4e:88:ca:c7:e6:d0:b2:08:
                    72:e8:ba:4d:40:a1:28:cb:19:ac:97:e8:a2:1e:c8:
                    97:40:9e:03:35:f2:f5:3e:8e:d7:e7:ba:6a:ca:43:
                    7b:0e:14:59:f0:0d:f4:46:9c:84:5a:fb:49:e9:8d:
                    c5:06:1a:19:9b:89:5a:a0:e2:65:eb:a0:27:44:47:
                    1a:18:81:ec:76:16:b7:98:24:f6:28:5d:c1:f8:a3:
                    e7:ec:4d:4d:4c:c8:aa:05:6e:f7:a1:a5:0d:58:c8:
                    14:ca:9e:9a:73:26:ff:4b:c7:50:9f:5a:2b:69:76:
                    c6:81:37:aa:b7:45:fc:23:f2:74:22:b1:45:4f:fa:
                    96:46:66:5a:fe:01:69:61:20:c6:ae:2c:35:88:e5:
                    96:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:1B:23:E9:65:AF:EB:F9:D9:D4:F0:B9:D5:0D:A7:74:32:AD:F3:DF
            X509v3 Authority Key Identifier:
                keyid:96:99:48:D0:FE:4D:7F:99:D5:4B:A8:BF:FC:D9:9A:1A:60:8A:E0:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lplI0P5Nf5nVS6i__NmaGmCK4NM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/1a2fa2-eeb3-4312-9130-53cc5daf52cf/1/1Bsj6WWv6_nZ1PC51Q2ndDKt898.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/1a2fa2-eeb3-4312-9130-53cc5daf52cf/1/lplI0P5Nf5nVS6i__NmaGmCK4NM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.97.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:f9:21:1e:4e:76:c2:37:6e:b8:5f:7d:f2:77:0a:05:8d:e8:
         50:ec:68:83:db:04:6d:ae:25:d8:99:e8:2e:ee:e7:13:3a:7d:
         9a:83:01:58:7e:b4:ed:f7:33:40:a1:1a:77:ac:18:84:04:3a:
         9d:7a:9b:28:e2:c2:85:6b:ad:49:1e:dc:ce:0e:6e:53:91:c3:
         f2:3f:b9:3a:86:ec:29:cc:ae:8e:d1:1c:43:44:27:77:47:ee:
         d5:70:90:24:8a:e8:cb:96:e7:3e:e8:50:a9:b5:19:ed:22:ff:
         0a:7b:13:33:6a:90:5c:b8:b7:17:c3:ea:46:5a:b4:55:a8:c7:
         32:f2:d8:cd:94:72:23:7f:2f:24:80:93:ad:e8:03:a2:8e:d6:
         e7:fd:c0:ff:19:4e:11:e7:8f:00:ab:02:a6:86:ce:9f:0c:55:
         92:f2:d9:0c:11:0f:62:6b:1e:c7:2e:64:24:e3:0c:99:0c:51:
         59:3c:58:4c:fa:7d:48:98:dc:9a:aa:8d:dc:1e:4e:6f:08:e3:
         6c:a1:12:63:c8:b2:c2:60:3f:4d:17:dc:59:b7:91:94:13:dd:
         c7:7b:9b:3f:84:ea:f6:8d:df:cc:21:c5:22:5a:f6:6d:2f:9c:
         4a:8a:03:6b:44:ad:4b:c1:27:e5:f2:a2:80:86:eb:81:64:1d:
         67:ab:da:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJThYjqVtATAdXJR0xV37rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2OTk0OGQwZmU0ZDdmOTlkNTRiYThiZmZjZDk5YTFhNjA4
YWUwZDMwHhcNMjQwMTAyMDgzMzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDFiMjNlOTY1YWZlYmY5ZDlkNGYwYjlkNTBkYTc3NDMyYWRmM2RmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqNLxr//oaS48erL8M4hqYeqZFMEW
lik725OyYKQpUH6K2CIJuZbdYzXznAKhlLWLFUgFVPl/LOHJZqbFdjaI9tvUati+
HZxlFa280ECwwEG855phcvx7Mt5LJZrzX2D8p339FAaNIjRINQ7x26x/TojKx+bQ
sghy6LpNQKEoyxmsl+iiHsiXQJ4DNfL1Po7X57pqykN7DhRZ8A30RpyEWvtJ6Y3F
BhoZm4laoOJl66AnREcaGIHsdha3mCT2KF3B+KPn7E1NTMiqBW73oaUNWMgUyp6a
cyb/S8dQn1oraXbGgTeqt0X8I/J0IrFFT/qWRmZa/gFpYSDGriw1iOWWIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNQbI+llr+v52dTwudUNp3QyrfPfMB8GA1UdIwQY
MBaAFJaZSND+TX+Z1Uuov/zZmhpgiuDTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHBsSTBQNU5mNW5WUzZpX19ObWFHbUNLNE5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8xYTJmYTItZWViMy00MzEyLTkxMzAt
NTNjYzVkYWY1MmNmLzEvMUJzajZXV3Y2X25aMVBDNTFRMm5kREt0ODk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8xYTJmYTItZWViMy00MzEyLTkxMzAtNTNjYzVkYWY1MmNm
LzEvbHBsSTBQNU5mNW5WUzZpX19ObWFHbUNLNE5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAhmEEMA0G
CSqGSIb3DQEBCwUAA4IBAQBl+SEeTnbCN264X33ydwoFjehQ7GiD2wRtriXYmegu
7ucTOn2agwFYfrTt9zNAoRp3rBiEBDqdepso4sKFa61JHtzODm5TkcPyP7k6huwp
zK6O0RxDRCd3R+7VcJAkiujLluc+6FCptRntIv8KexMzapBcuLcXw+pGWrRVqMcy
8tjNlHIjfy8kgJOt6AOijtbn/cD/GU4R548AqwKmhs6fDFWS8tkMEQ9iax7HLmQk
4wyZDFFZPFhM+n1ImNyaqo3cHk5vCONsoRJjyLLCYD9NF9xZt5GUE93He5s/hOr2
jd/MIcUiWvZtL5xKigNrRK1LwSfl8qKAhuuBZB1nq9q2
-----END CERTIFICATE-----