Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/1a2fa2-eeb3-4312-9130-53cc5daf52cf/1/O-J5X2KFZDounu-aiV4kKR9FOdM.roa
File:                     O-J5X2KFZDounu-aiV4kKR9FOdM.roa (raw, json)
Hash identifier:          2tCKxfQFC6PvT8BUU2OqM1uVwgLwdK16Rxs/JJDPRmk=
Subject key identifier:   3B:E2:79:5F:62:85:64:3A:2E:9E:EF:9A:89:5E:24:29:1F:45:39:D3
Certificate issuer:       /CN=969948d0fe4d7f99d54ba8bffcd99a1a608ae0d3
Certificate serial:       018CC94E179954EDD70653E3748A735B54E0
Authority key identifier: 96:99:48:D0:FE:4D:7F:99:D5:4B:A8:BF:FC:D9:9A:1A:60:8A:E0:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lplI0P5Nf5nVS6i__NmaGmCK4NM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/1a2fa2-eeb3-4312-9130-53cc5daf52cf/1/O-J5X2KFZDounu-aiV4kKR9FOdM.roa
Signing time:             Tue 02 Jan 2024 08:33:07 +0000
ROA not before:           Tue 02 Jan 2024 08:33:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213087
IP address blocks:        134.97.3.0/24 maxlen: 24
                          134.97.2.0/24 maxlen: 24
                          2001:650:cc05::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/1a2fa2-eeb3-4312-9130-53cc5daf52cf/1/lplI0P5Nf5nVS6i__NmaGmCK4NM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/1a2fa2-eeb3-4312-9130-53cc5daf52cf/1/lplI0P5Nf5nVS6i__NmaGmCK4NM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lplI0P5Nf5nVS6i__NmaGmCK4NM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:17:99:54:ed:d7:06:53:e3:74:8a:73:5b:54:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=969948d0fe4d7f99d54ba8bffcd99a1a608ae0d3
        Validity
            Not Before: Jan  2 08:33:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3be2795f6285643a2e9eef9a895e24291f4539d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:e3:cc:af:38:ed:56:17:a3:2a:da:bb:3b:00:
                    e2:51:19:a2:4f:52:b2:82:cd:71:18:87:aa:58:4d:
                    15:94:e1:02:8b:62:df:30:18:fa:ec:db:87:e1:cb:
                    11:20:26:37:64:02:10:e4:dc:ed:87:80:4d:25:c9:
                    cd:bc:8a:07:ec:7f:a2:50:09:19:09:04:ce:16:23:
                    02:19:e4:c8:be:84:fb:c1:67:02:00:f3:0b:8b:7c:
                    c8:6e:86:f7:26:31:e4:d5:0b:f5:95:56:03:ae:46:
                    54:a9:c7:28:6e:1d:48:31:9d:5f:77:b7:25:05:00:
                    e7:15:86:1b:a0:2f:62:fd:cd:a8:69:6b:60:a0:60:
                    99:92:7a:0a:d9:35:8f:76:6a:83:5f:6a:09:39:05:
                    cd:0e:ca:8e:1a:a8:17:c7:64:c4:40:09:c9:c3:d4:
                    ac:59:3a:42:dc:a2:59:66:bd:fc:bf:a3:48:1e:d8:
                    64:4c:88:b4:15:02:35:8a:da:6d:d7:5b:fc:5a:34:
                    99:f5:20:ad:c4:ec:5e:96:1c:52:f5:1e:dc:ae:ab:
                    47:8e:10:24:de:b1:bb:72:2c:a4:81:f6:a8:e5:82:
                    e2:2b:31:e4:fa:a3:76:a9:16:87:06:a5:c0:30:0b:
                    25:00:72:e8:7d:39:4a:84:09:d4:50:9f:45:28:8d:
                    24:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:E2:79:5F:62:85:64:3A:2E:9E:EF:9A:89:5E:24:29:1F:45:39:D3
            X509v3 Authority Key Identifier:
                keyid:96:99:48:D0:FE:4D:7F:99:D5:4B:A8:BF:FC:D9:9A:1A:60:8A:E0:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lplI0P5Nf5nVS6i__NmaGmCK4NM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/1a2fa2-eeb3-4312-9130-53cc5daf52cf/1/O-J5X2KFZDounu-aiV4kKR9FOdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/1a2fa2-eeb3-4312-9130-53cc5daf52cf/1/lplI0P5Nf5nVS6i__NmaGmCK4NM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.97.2.0/23
                IPv6:
                  2001:650:cc05::/48

    Signature Algorithm: sha256WithRSAEncryption
         07:83:71:db:d4:5d:9a:44:b7:c4:6e:32:21:41:97:a3:67:a7:
         ce:ab:a2:ea:f2:79:3d:65:2c:af:ef:9f:32:69:65:81:09:09:
         84:cb:65:3f:35:24:36:36:ae:f7:dd:6c:28:07:e4:8a:a7:4e:
         a0:99:01:18:d9:90:ad:fe:32:d8:05:b2:f0:46:aa:35:6f:0b:
         f6:83:40:4f:74:b0:37:ee:77:83:40:87:44:b7:63:42:e3:12:
         9e:02:b4:2c:6b:dc:c4:a9:22:ef:1e:fd:70:5d:84:8a:a3:8d:
         37:42:9a:78:12:e2:fc:5a:0d:41:e5:dc:bd:7c:6c:2b:57:83:
         77:8e:38:96:f2:35:58:59:97:d8:2e:6d:54:c9:0d:69:55:eb:
         08:bb:33:17:87:d1:f8:4d:3f:f8:a3:da:58:df:1f:0b:c2:67:
         8d:81:ab:70:ff:dd:93:22:1a:44:1c:07:c9:7c:39:00:10:1d:
         4d:6e:b7:5c:19:82:2b:34:76:93:27:10:9e:49:8b:fe:67:26:
         79:b3:1b:ef:cc:56:23:37:65:5d:6f:eb:be:0c:ae:79:be:6d:
         93:62:1e:66:8d:3e:a7:de:19:24:80:76:cf:e6:81:ff:b1:79:
         81:15:11:54:5f:ed:ce:d7:d6:47:6d:11:fc:85:32:32:39:c8:
         62:9b:9c:88
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJTheZVO3XBlPjdIpzW1TgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2OTk0OGQwZmU0ZDdmOTlkNTRiYThiZmZjZDk5YTFhNjA4
YWUwZDMwHhcNMjQwMTAyMDgzMzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmUyNzk1ZjYyODU2NDNhMmU5ZWVmOWE4OTVlMjQyOTFmNDUzOWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+PMrzjtVhejKtq7OwDiURmiT1Ky
gs1xGIeqWE0VlOECi2LfMBj67NuH4csRICY3ZAIQ5Nzth4BNJcnNvIoH7H+iUAkZ
CQTOFiMCGeTIvoT7wWcCAPMLi3zIbob3JjHk1Qv1lVYDrkZUqccobh1IMZ1fd7cl
BQDnFYYboC9i/c2oaWtgoGCZknoK2TWPdmqDX2oJOQXNDsqOGqgXx2TEQAnJw9Ss
WTpC3KJZZr38v6NIHthkTIi0FQI1itpt11v8WjSZ9SCtxOxelhxS9R7crqtHjhAk
3rG7ciykgfao5YLiKzHk+qN2qRaHBqXAMAslAHLofTlKhAnUUJ9FKI0k6QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDvieV9ihWQ6Lp7vmoleJCkfRTnTMB8GA1UdIwQY
MBaAFJaZSND+TX+Z1Uuov/zZmhpgiuDTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHBsSTBQNU5mNW5WUzZpX19ObWFHbUNLNE5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8xYTJmYTItZWViMy00MzEyLTkxMzAt
NTNjYzVkYWY1MmNmLzEvTy1KNVgyS0ZaRG91bnUtYWlWNGtLUjlGT2RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8xYTJmYTItZWViMy00MzEyLTkxMzAtNTNjYzVkYWY1MmNm
LzEvbHBsSTBQNU5mNW5WUzZpX19ObWFHbUNLNE5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBhmECMA8E
AgACMAkDBwAgAQZQzAUwDQYJKoZIhvcNAQELBQADggEBAAeDcdvUXZpEt8RuMiFB
l6Nnp86rouryeT1lLK/vnzJpZYEJCYTLZT81JDY2rvfdbCgH5IqnTqCZARjZkK3+
MtgFsvBGqjVvC/aDQE90sDfud4NAh0S3Y0LjEp4CtCxr3MSpIu8e/XBdhIqjjTdC
mngS4vxaDUHl3L18bCtXg3eOOJbyNVhZl9gubVTJDWlV6wi7MxeH0fhNP/ij2ljf
HwvCZ42Bq3D/3ZMiGkQcB8l8OQAQHU1ut1wZgis0dpMnEJ5Ji/5nJnmzG+/MViM3
ZV1v674Mrnm+bZNiHmaNPqfeGSSAds/mgf+xeYEVEVRf7c7X1kdtEfyFMjI5yGKb
nIg=
-----END CERTIFICATE-----