Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/1a2fa2-eeb3-4312-9130-53cc5daf52cf/1/yDxd-SDhJjlxhstCw42qOPfbkXs.roa
File:                     yDxd-SDhJjlxhstCw42qOPfbkXs.roa (raw, json)
Hash identifier:          Iq1nPW7Ivh7QuD2n03LJmvziIig10lHHCxoxjFuxLgs=
Subject key identifier:   C8:3C:5D:F9:20:E1:26:39:71:86:CB:42:C3:8D:AA:38:F7:DB:91:7B
Certificate issuer:       /CN=969948d0fe4d7f99d54ba8bffcd99a1a608ae0d3
Certificate serial:       018CC94E16EE2C6AFE521852C96FE1A0C422
Authority key identifier: 96:99:48:D0:FE:4D:7F:99:D5:4B:A8:BF:FC:D9:9A:1A:60:8A:E0:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lplI0P5Nf5nVS6i__NmaGmCK4NM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/1a2fa2-eeb3-4312-9130-53cc5daf52cf/1/yDxd-SDhJjlxhstCw42qOPfbkXs.roa
Signing time:             Tue 02 Jan 2024 08:33:07 +0000
ROA not before:           Tue 02 Jan 2024 08:33:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203761
IP address blocks:        134.97.128.0/17 maxlen: 17

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/1a2fa2-eeb3-4312-9130-53cc5daf52cf/1/lplI0P5Nf5nVS6i__NmaGmCK4NM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/1a2fa2-eeb3-4312-9130-53cc5daf52cf/1/lplI0P5Nf5nVS6i__NmaGmCK4NM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lplI0P5Nf5nVS6i__NmaGmCK4NM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 30 Jun 2024 02:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:16:ee:2c:6a:fe:52:18:52:c9:6f:e1:a0:c4:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=969948d0fe4d7f99d54ba8bffcd99a1a608ae0d3
        Validity
            Not Before: Jan  2 08:33:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c83c5df920e126397186cb42c38daa38f7db917b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:a9:08:04:eb:af:d4:f3:5d:71:83:b5:8d:d4:
                    eb:5c:17:ad:16:06:76:ae:fe:de:50:93:01:0e:04:
                    6b:c7:06:88:8f:3a:e3:3e:99:b2:bd:84:5e:b5:4e:
                    4b:d7:ed:bb:5c:f8:d4:68:52:41:db:ca:65:58:02:
                    cb:e7:b7:5e:0c:3b:a6:98:eb:45:1f:b7:f7:01:78:
                    f9:04:8f:07:48:28:7b:78:5b:4d:c8:73:ed:56:2d:
                    08:a7:48:69:0f:93:5f:e1:a1:2d:6f:18:87:2a:ad:
                    87:31:83:e5:10:42:ee:9b:2b:41:a6:ed:2d:3a:dc:
                    98:0d:b6:d8:6c:4e:4e:8e:ef:38:67:35:ff:ad:69:
                    cf:de:ee:ee:2e:64:32:0b:d5:b9:05:0d:66:c4:7c:
                    ba:50:e7:a0:2c:b6:6b:38:9a:be:a0:33:3d:42:d6:
                    e9:68:92:3b:a7:a4:3c:d3:94:9e:40:1d:0d:51:71:
                    42:03:e4:cd:69:f9:45:09:42:a6:1f:d0:8c:1d:d9:
                    0a:67:95:e0:15:3e:c3:ae:4a:31:f8:23:84:63:23:
                    42:70:a0:3b:6c:d8:40:97:37:63:3f:11:51:9c:35:
                    a0:cb:2d:ce:f8:19:b3:c0:d7:61:cd:2e:22:2c:2b:
                    6a:da:a7:bf:cc:fb:22:cd:51:56:3d:e0:b9:ba:33:
                    9a:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:3C:5D:F9:20:E1:26:39:71:86:CB:42:C3:8D:AA:38:F7:DB:91:7B
            X509v3 Authority Key Identifier:
                keyid:96:99:48:D0:FE:4D:7F:99:D5:4B:A8:BF:FC:D9:9A:1A:60:8A:E0:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lplI0P5Nf5nVS6i__NmaGmCK4NM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/1a2fa2-eeb3-4312-9130-53cc5daf52cf/1/yDxd-SDhJjlxhstCw42qOPfbkXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/1a2fa2-eeb3-4312-9130-53cc5daf52cf/1/lplI0P5Nf5nVS6i__NmaGmCK4NM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.97.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         49:76:08:72:2f:59:c2:82:a6:b9:6b:4c:b3:4b:a2:db:12:6e:
         10:22:78:0b:83:10:a8:b1:56:e0:c0:a4:7b:56:07:ea:dc:1f:
         e0:3d:55:c3:98:31:56:d3:8e:89:64:f9:7d:2c:d3:1c:47:ba:
         38:a1:f9:87:bc:d6:be:a5:41:16:a5:cc:b3:da:36:35:c2:1d:
         2b:e9:32:e9:3a:28:1e:0c:fd:d8:c6:25:b7:d7:35:56:2b:11:
         0a:09:a7:0e:13:15:27:5c:ae:6f:81:e3:98:84:33:83:fb:de:
         28:47:31:20:a7:08:26:d0:94:66:31:94:b7:3b:4e:32:cb:2b:
         9d:78:e8:be:ad:00:f4:40:fb:c6:63:ae:dc:a0:58:9a:e3:d7:
         89:e8:14:2d:34:ea:2c:66:fa:be:33:34:c6:10:60:69:49:5c:
         6a:e6:32:ce:a9:f6:4a:c8:13:a2:c5:48:5b:54:58:5f:ae:4a:
         65:01:36:3d:c1:e5:92:0d:5f:25:7c:8c:a1:ca:aa:23:f3:1e:
         5b:51:4e:69:db:7c:de:42:a4:1d:69:f3:28:fc:48:6a:b4:ad:
         b6:4a:d4:75:8d:71:5d:de:66:6b:6e:86:f2:f4:7e:3d:cd:6d:
         d6:9a:fb:90:4c:69:55:3d:9e:b7:e7:20:be:3e:04:e4:74:90:
         1d:65:97:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJThbuLGr+UhhSyW/hoMQiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2OTk0OGQwZmU0ZDdmOTlkNTRiYThiZmZjZDk5YTFhNjA4
YWUwZDMwHhcNMjQwMTAyMDgzMzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODNjNWRmOTIwZTEyNjM5NzE4NmNiNDJjMzhkYWEzOGY3ZGI5MTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmakIBOuv1PNdcYO1jdTrXBetFgZ2
rv7eUJMBDgRrxwaIjzrjPpmyvYRetU5L1+27XPjUaFJB28plWALL57deDDummOtF
H7f3AXj5BI8HSCh7eFtNyHPtVi0Ip0hpD5Nf4aEtbxiHKq2HMYPlEELumytBpu0t
OtyYDbbYbE5Oju84ZzX/rWnP3u7uLmQyC9W5BQ1mxHy6UOegLLZrOJq+oDM9Qtbp
aJI7p6Q805SeQB0NUXFCA+TNaflFCUKmH9CMHdkKZ5XgFT7Drkox+COEYyNCcKA7
bNhAlzdjPxFRnDWgyy3O+BmzwNdhzS4iLCtq2qe/zPsizVFWPeC5ujOaEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMg8Xfkg4SY5cYbLQsONqjj325F7MB8GA1UdIwQY
MBaAFJaZSND+TX+Z1Uuov/zZmhpgiuDTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHBsSTBQNU5mNW5WUzZpX19ObWFHbUNLNE5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8xYTJmYTItZWViMy00MzEyLTkxMzAt
NTNjYzVkYWY1MmNmLzEveUR4ZC1TRGhKamx4aHN0Q3c0MnFPUGZia1hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8xYTJmYTItZWViMy00MzEyLTkxMzAtNTNjYzVkYWY1MmNm
LzEvbHBsSTBQNU5mNW5WUzZpX19ObWFHbUNLNE5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHhmGAMA0G
CSqGSIb3DQEBCwUAA4IBAQBJdghyL1nCgqa5a0yzS6LbEm4QIngLgxCosVbgwKR7
Vgfq3B/gPVXDmDFW046JZPl9LNMcR7o4ofmHvNa+pUEWpcyz2jY1wh0r6TLpOige
DP3YxiW31zVWKxEKCacOExUnXK5vgeOYhDOD+94oRzEgpwgm0JRmMZS3O04yyyud
eOi+rQD0QPvGY67coFia49eJ6BQtNOosZvq+MzTGEGBpSVxq5jLOqfZKyBOixUhb
VFhfrkplATY9weWSDV8lfIyhyqoj8x5bUU5p23zeQqQdafMo/EhqtK22StR1jXFd
3mZrboby9H49zW3WmvuQTGlVPZ635yC+PgTkdJAdZZc0
-----END CERTIFICATE-----