Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/fe45cf-4ad2-41d9-bbca-203cfa238696/1/DLn7puMB9c1QF952DSDa_BucbHw.roa
File:                     DLn7puMB9c1QF952DSDa_BucbHw.roa (raw, json)
Hash identifier:          +/CrC9j4bEl57mhlbYgGgF2tqHBnCmVYfme1XlmXPCs=
Subject key identifier:   0C:B9:FB:A6:E3:01:F5:CD:50:17:DE:76:0D:20:DA:FC:1B:9C:6C:7C
Certificate issuer:       /CN=cdfcbde632d106faad98c2c1895a877ca601521a
Certificate serial:       018CC3B744B6D4D25F7ECFA7211333CAA267
Authority key identifier: CD:FC:BD:E6:32:D1:06:FA:AD:98:C2:C1:89:5A:87:7C:A6:01:52:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zfy95jLRBvqtmMLBiVqHfKYBUho.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/fe45cf-4ad2-41d9-bbca-203cfa238696/1/DLn7puMB9c1QF952DSDa_BucbHw.roa
Signing time:             Mon 01 Jan 2024 06:30:16 +0000
ROA not before:           Mon 01 Jan 2024 06:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1103
IP address blocks:        137.120.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/fe45cf-4ad2-41d9-bbca-203cfa238696/1/zfy95jLRBvqtmMLBiVqHfKYBUho.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/fe45cf-4ad2-41d9-bbca-203cfa238696/1/zfy95jLRBvqtmMLBiVqHfKYBUho.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zfy95jLRBvqtmMLBiVqHfKYBUho.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:44:b6:d4:d2:5f:7e:cf:a7:21:13:33:ca:a2:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdfcbde632d106faad98c2c1895a877ca601521a
        Validity
            Not Before: Jan  1 06:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0cb9fba6e301f5cd5017de760d20dafc1b9c6c7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:6e:fe:0b:93:80:5f:c1:60:7c:01:d8:5d:cd:
                    bd:52:2b:58:cf:27:5a:39:de:e9:15:c7:c5:5c:a5:
                    d1:ef:71:97:68:02:fb:50:cf:bf:ec:db:df:06:ef:
                    d7:b0:12:66:63:4e:f8:e0:db:a2:e6:fc:55:78:9f:
                    66:94:93:41:91:f6:68:73:72:50:4a:d2:f7:98:ea:
                    c7:0d:63:23:f4:a3:30:3c:6f:b1:58:c9:44:d2:66:
                    69:10:cd:55:27:03:b2:5c:c4:20:04:53:c9:52:82:
                    dd:6c:4e:f4:52:4f:c9:a9:ef:3a:9f:15:de:b1:62:
                    0b:91:b2:84:b0:a9:10:73:f8:6a:de:e1:36:0a:30:
                    e8:ef:f7:0d:d9:c5:85:fc:48:df:c8:f7:3b:7c:5d:
                    69:e8:c8:12:0b:fc:f0:36:d6:59:ce:b3:67:c0:30:
                    06:5a:58:53:a9:f1:98:b9:6f:44:bc:bc:ec:6f:4e:
                    21:8b:4a:6a:2d:0d:c6:e9:a7:6f:86:4a:39:85:0a:
                    58:d4:84:58:e3:06:7e:11:4b:80:2c:a0:55:3e:72:
                    66:da:a3:89:e9:68:64:ab:1f:3f:1b:8c:25:c1:27:
                    a6:53:1f:f3:7e:85:28:de:d4:5e:54:3b:9c:3d:0e:
                    19:11:b2:b0:17:2a:27:5e:77:01:3f:8e:28:77:e1:
                    71:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:B9:FB:A6:E3:01:F5:CD:50:17:DE:76:0D:20:DA:FC:1B:9C:6C:7C
            X509v3 Authority Key Identifier:
                keyid:CD:FC:BD:E6:32:D1:06:FA:AD:98:C2:C1:89:5A:87:7C:A6:01:52:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zfy95jLRBvqtmMLBiVqHfKYBUho.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/fe45cf-4ad2-41d9-bbca-203cfa238696/1/DLn7puMB9c1QF952DSDa_BucbHw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/fe45cf-4ad2-41d9-bbca-203cfa238696/1/zfy95jLRBvqtmMLBiVqHfKYBUho.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  137.120.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         29:54:50:91:97:24:ed:f1:86:5f:75:16:35:bd:87:c8:07:c2:
         65:f0:8f:e9:68:c4:f6:95:07:62:20:60:c5:38:14:2d:c1:3e:
         93:d4:45:ee:29:64:67:dd:e6:41:b3:49:4e:0b:49:d1:a1:4d:
         fe:55:ae:f5:7f:f3:e3:c1:3b:72:a3:8c:b7:74:1c:44:22:c4:
         39:39:ca:27:33:39:4f:c8:3f:65:5d:7d:e6:05:30:63:04:bc:
         b3:0e:e4:37:1b:f4:13:85:f1:4e:2e:b9:cc:2e:91:56:4a:a1:
         76:ab:e5:a9:fb:2f:eb:38:f0:8c:de:d9:2f:a6:0e:f4:e3:71:
         08:66:15:3f:25:42:3d:1e:21:4b:c4:3e:bc:f1:b3:24:65:a0:
         1b:cd:0c:42:66:90:be:15:c1:c1:ab:2c:71:63:ca:41:8a:32:
         c6:7d:f4:87:ef:48:87:70:a2:88:ba:ef:75:d8:87:8d:55:42:
         f7:1c:15:09:ef:b9:04:b2:0f:58:55:3a:d9:95:c1:a1:84:71:
         e0:a8:d5:e0:57:c2:b6:77:26:61:9d:2d:d1:0e:51:a9:0c:be:
         38:79:0c:6b:f0:aa:51:e4:bc:35:a1:20:ef:26:a6:d0:1c:a5:
         06:ac:6c:d2:75:49:22:4c:21:42:5c:df:3c:2f:cd:a0:e3:2a:
         13:22:ab:1d
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzDt0S21NJffs+nIRMzyqJnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkZmNiZGU2MzJkMTA2ZmFhZDk4YzJjMTg5NWE4NzdjYTYw
MTUyMWEwHhcNMjQwMTAxMDYzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2I5ZmJhNmUzMDFmNWNkNTAxN2RlNzYwZDIwZGFmYzFiOWM2YzdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm27+C5OAX8FgfAHYXc29UitYzyda
Od7pFcfFXKXR73GXaAL7UM+/7NvfBu/XsBJmY0744Nui5vxVeJ9mlJNBkfZoc3JQ
StL3mOrHDWMj9KMwPG+xWMlE0mZpEM1VJwOyXMQgBFPJUoLdbE70Uk/Jqe86nxXe
sWILkbKEsKkQc/hq3uE2CjDo7/cN2cWF/EjfyPc7fF1p6MgSC/zwNtZZzrNnwDAG
WlhTqfGYuW9EvLzsb04hi0pqLQ3G6advhko5hQpY1IRY4wZ+EUuALKBVPnJm2qOJ
6Whkqx8/G4wlwSemUx/zfoUo3tReVDucPQ4ZEbKwFyonXncBP44od+FxBwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFAy5+6bjAfXNUBfedg0g2vwbnGx8MB8GA1UdIwQY
MBaAFM38veYy0Qb6rZjCwYlah3ymAVIaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemZ5OTVqTFJCdnF0bU1MQmlWcUhmS1lCVWhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9mZTQ1Y2YtNGFkMi00MWQ5LWJiY2Et
MjAzY2ZhMjM4Njk2LzEvRExuN3B1TUI5YzFRRjk1MkRTRGFfQnVjYkh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9mZTQ1Y2YtNGFkMi00MWQ5LWJiY2EtMjAzY2ZhMjM4Njk2
LzEvemZ5OTVqTFJCdnF0bU1MQmlWcUhmS1lCVWhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAiXgwDQYJ
KoZIhvcNAQELBQADggEBAClUUJGXJO3xhl91FjW9h8gHwmXwj+loxPaVB2IgYMU4
FC3BPpPURe4pZGfd5kGzSU4LSdGhTf5VrvV/8+PBO3KjjLd0HEQixDk5yiczOU/I
P2VdfeYFMGMEvLMO5Dcb9BOF8U4uucwukVZKoXar5an7L+s48Ize2S+mDvTjcQhm
FT8lQj0eIUvEPrzxsyRloBvNDEJmkL4VwcGrLHFjykGKMsZ99IfvSIdwooi673XY
h41VQvccFQnvuQSyD1hVOtmVwaGEceCo1eBXwrZ3JmGdLdEOUakMvjh5DGvwqlHk
vDWhIO8mptAcpQasbNJ1SSJMIUJc3zwvzaDjKhMiqx0=
-----END CERTIFICATE-----