Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/5b60e5-8237-4628-946b-2229cd83f3e5/1/3WSq-qXX4WsrEuHLwoObKXxrwi4.roa
File:                     3WSq-qXX4WsrEuHLwoObKXxrwi4.roa (raw, json)
Hash identifier:          L9ClOA47RwypZyDeWlYaiN8xD3q1q/ehcncEm8tEibs=
Subject key identifier:   DD:64:AA:FA:A5:D7:E1:6B:2B:12:E1:CB:C2:83:9B:29:7C:6B:C2:2E
Certificate issuer:       /CN=fd9f7dc5095abdb445d189857d3101a8aee29dfa
Certificate serial:       018CCA9995FC9D24BE9EAC6D35163A5505D8
Authority key identifier: FD:9F:7D:C5:09:5A:BD:B4:45:D1:89:85:7D:31:01:A8:AE:E2:9D:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_Z99xQlavbRF0YmFfTEBqK7info.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/5b60e5-8237-4628-946b-2229cd83f3e5/1/3WSq-qXX4WsrEuHLwoObKXxrwi4.roa
Signing time:             Tue 02 Jan 2024 14:35:12 +0000
ROA not before:           Tue 02 Jan 2024 14:35:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2117
IP address blocks:        134.171.64.0/20 maxlen: 20
                          134.171.0.0/18 maxlen: 18

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/5b60e5-8237-4628-946b-2229cd83f3e5/1/_Z99xQlavbRF0YmFfTEBqK7info.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/5b60e5-8237-4628-946b-2229cd83f3e5/1/_Z99xQlavbRF0YmFfTEBqK7info.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_Z99xQlavbRF0YmFfTEBqK7info.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:95:fc:9d:24:be:9e:ac:6d:35:16:3a:55:05:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd9f7dc5095abdb445d189857d3101a8aee29dfa
        Validity
            Not Before: Jan  2 14:35:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd64aafaa5d7e16b2b12e1cbc2839b297c6bc22e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:ef:01:2a:de:1c:bf:3f:87:f3:de:1f:9a:6a:
                    48:d1:5c:e5:f3:62:ca:18:7e:4a:ec:80:32:37:5c:
                    aa:c1:97:12:ff:ea:0f:25:fc:a6:06:51:ab:87:e9:
                    8b:d6:a5:6e:b4:f9:cf:34:64:fa:d7:a4:61:3d:fe:
                    f4:c9:61:c1:e6:95:a1:25:d9:5f:b5:ba:66:c4:1b:
                    f9:9b:aa:be:6d:3d:b2:60:a9:be:57:64:b3:e3:76:
                    77:7b:04:60:3f:5a:65:a5:13:c3:3a:a7:ff:b7:a7:
                    ec:32:75:6c:a3:65:d4:b2:4d:e7:eb:6f:26:27:ae:
                    1f:ad:f2:2e:70:04:5d:90:ee:c8:bb:c5:9c:3b:f0:
                    f6:03:7a:ce:77:5f:7e:74:62:4d:6b:c1:b9:ba:16:
                    36:9d:6d:3b:7c:8c:f3:f9:ea:aa:33:4f:7f:3f:97:
                    1b:85:51:1e:bd:5d:3a:8f:86:ba:55:4e:fc:a3:d1:
                    95:2e:ce:ce:3f:8f:07:e2:0d:30:5f:e1:50:27:21:
                    60:23:46:6d:7c:8d:6e:7f:60:37:9f:b1:3c:82:c0:
                    c3:c1:b4:37:88:74:5c:5e:93:19:00:6c:c6:09:98:
                    c3:1c:05:6b:30:03:54:0b:b1:79:ee:82:c7:ce:22:
                    e3:94:3b:6b:96:87:b0:88:c2:a3:79:06:61:cc:a5:
                    7d:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:64:AA:FA:A5:D7:E1:6B:2B:12:E1:CB:C2:83:9B:29:7C:6B:C2:2E
            X509v3 Authority Key Identifier:
                keyid:FD:9F:7D:C5:09:5A:BD:B4:45:D1:89:85:7D:31:01:A8:AE:E2:9D:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_Z99xQlavbRF0YmFfTEBqK7info.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/5b60e5-8237-4628-946b-2229cd83f3e5/1/3WSq-qXX4WsrEuHLwoObKXxrwi4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/5b60e5-8237-4628-946b-2229cd83f3e5/1/_Z99xQlavbRF0YmFfTEBqK7info.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.171.0.0-134.171.79.255

    Signature Algorithm: sha256WithRSAEncryption
         18:bf:2c:75:71:b1:9c:48:5f:43:fc:6b:04:e8:65:f6:46:82:
         ae:57:e6:44:bb:20:08:f7:75:12:e8:de:9e:12:d9:b5:fc:f7:
         aa:57:34:2a:33:8b:6f:ce:08:5c:29:6a:2b:4f:ce:e4:32:eb:
         85:3a:25:0a:6a:ff:26:30:54:12:ac:7a:bd:6b:7d:78:2f:0b:
         c5:0b:1b:0c:62:25:fd:b2:1b:c9:e9:c9:c4:2a:a9:51:63:2c:
         26:bc:cb:26:8a:d1:07:86:62:72:fb:64:ea:7b:43:ef:57:bb:
         fd:b1:d0:b8:6d:7b:0b:50:82:5f:da:34:a9:84:5e:23:8a:bb:
         08:19:09:63:b3:93:08:51:73:70:90:88:a8:85:93:b3:ee:c6:
         c1:5e:3c:1a:15:36:29:45:5a:c7:38:88:32:92:61:de:8e:8d:
         1d:10:e5:8c:2c:82:57:ad:87:74:df:59:c8:fc:a7:ea:46:a6:
         d7:0f:ea:41:9a:68:2d:26:5b:42:5a:2d:47:11:c4:8d:c0:a7:
         1b:16:54:21:19:ae:a4:2c:fa:4c:d0:07:a3:c6:96:c0:bf:09:
         6e:32:b6:d9:cc:88:67:bd:5d:70:ae:2b:d2:8a:65:2a:fb:e1:
         53:88:c2:37:0f:ea:1d:d6:56:32:1a:37:10:f2:24:54:6d:e4:
         9b:c5:54:29
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAYzKmZX8nSS+nqxtNRY6VQXYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkOWY3ZGM1MDk1YWJkYjQ0NWQxODk4NTdkMzEwMWE4YWVl
MjlkZmEwHhcNMjQwMTAyMTQzNTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDY0YWFmYWE1ZDdlMTZiMmIxMmUxY2JjMjgzOWIyOTdjNmJjMjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAle8BKt4cvz+H894fmmpI0Vzl82LK
GH5K7IAyN1yqwZcS/+oPJfymBlGrh+mL1qVutPnPNGT616RhPf70yWHB5pWhJdlf
tbpmxBv5m6q+bT2yYKm+V2Sz43Z3ewRgP1plpRPDOqf/t6fsMnVso2XUsk3n628m
J64frfIucARdkO7Iu8WcO/D2A3rOd19+dGJNa8G5uhY2nW07fIzz+eqqM09/P5cb
hVEevV06j4a6VU78o9GVLs7OP48H4g0wX+FQJyFgI0ZtfI1uf2A3n7E8gsDDwbQ3
iHRcXpMZAGzGCZjDHAVrMANUC7F57oLHziLjlDtrloewiMKjeQZhzKV9SwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFN1kqvql1+FrKxLhy8KDmyl8a8IuMB8GA1UdIwQY
MBaAFP2ffcUJWr20RdGJhX0xAaiu4p36MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1o5OXhRbGF2YlJGMFltRmZURUJxSzdpbmZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC81YjYwZTUtODIzNy00NjI4LTk0NmIt
MjIyOWNkODNmM2U1LzEvM1dTcS1xWFg0V3NyRXVITHdvT2JLWHhyd2k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC81YjYwZTUtODIzNy00NjI4LTk0NmItMjIyOWNkODNmM2U1
LzEvX1o5OXhRbGF2YlJGMFltRmZURUJxSzdpbmZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANMAsDAwCGqwME
BIarQDANBgkqhkiG9w0BAQsFAAOCAQEAGL8sdXGxnEhfQ/xrBOhl9kaCrlfmRLsg
CPd1EujenhLZtfz3qlc0KjOLb84IXClqK0/O5DLrhTolCmr/JjBUEqx6vWt9eC8L
xQsbDGIl/bIbyenJxCqpUWMsJrzLJorRB4Zicvtk6ntD71e7/bHQuG17C1CCX9o0
qYReI4q7CBkJY7OTCFFzcJCIqIWTs+7GwV48GhU2KUVaxziIMpJh3o6NHRDljCyC
V62HdN9ZyPyn6kam1w/qQZpoLSZbQlotRxHEjcCnGxZUIRmupCz6TNAHo8aWwL8J
bjK22cyIZ71dcK4r0oplKvvhU4jCNw/qHdZWMho3EPIkVG3km8VUKQ==
-----END CERTIFICATE-----