Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/51fdbb-8ba2-4b7e-980f-ee60b0ddbdaa/1/1Oz2TycldyHxmtakQX-1HGXNfYA.roa
File:                     1Oz2TycldyHxmtakQX-1HGXNfYA.roa (raw, json)
Hash identifier:          jtDUW0vLTGuS+6XPgIsYD7INVk9FL6kJu7I01J+xahA=
Subject key identifier:   D4:EC:F6:4F:27:25:77:21:F1:9A:D6:A4:41:7F:B5:1C:65:CD:7D:80
Certificate issuer:       /CN=90dcce91000451494c43c15d172da2eb9d5b7956
Certificate serial:       018CC8712E14D6771991D6C18DCE1DB1B25E
Authority key identifier: 90:DC:CE:91:00:04:51:49:4C:43:C1:5D:17:2D:A2:EB:9D:5B:79:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kNzOkQAEUUlMQ8FdFy2i651beVY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/51fdbb-8ba2-4b7e-980f-ee60b0ddbdaa/1/1Oz2TycldyHxmtakQX-1HGXNfYA.roa
Signing time:             Tue 02 Jan 2024 04:31:49 +0000
ROA not before:           Tue 02 Jan 2024 04:31:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137
IP address blocks:        131.114.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/51fdbb-8ba2-4b7e-980f-ee60b0ddbdaa/1/kNzOkQAEUUlMQ8FdFy2i651beVY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/51fdbb-8ba2-4b7e-980f-ee60b0ddbdaa/1/kNzOkQAEUUlMQ8FdFy2i651beVY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kNzOkQAEUUlMQ8FdFy2i651beVY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:2e:14:d6:77:19:91:d6:c1:8d:ce:1d:b1:b2:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90dcce91000451494c43c15d172da2eb9d5b7956
        Validity
            Not Before: Jan  2 04:31:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4ecf64f27257721f19ad6a4417fb51c65cd7d80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:db:43:fe:ea:42:ef:7a:a0:03:43:dd:ad:06:
                    9b:6f:72:55:d9:c9:5a:88:8d:18:0c:7f:cc:51:38:
                    13:aa:44:81:1d:a7:4f:9e:a3:df:4c:1e:f3:fe:04:
                    d5:2a:78:3f:00:c3:d7:86:5c:94:e7:c2:d2:86:28:
                    c6:f4:94:fc:cf:ab:f8:60:13:2d:2f:b7:68:59:3a:
                    8d:83:5f:1e:9e:01:82:65:7c:1b:7d:6e:bb:0c:1c:
                    dd:bc:4d:bd:a8:32:85:56:59:99:ba:75:2b:26:07:
                    dc:f7:53:5b:47:43:c1:d6:b2:ea:4a:c1:c2:41:1d:
                    05:82:5f:0c:d8:a5:55:dc:63:e8:69:8e:3d:31:2a:
                    1c:95:8e:e8:2b:76:86:af:cf:c8:19:ec:e9:6d:57:
                    e9:32:74:04:bc:db:0f:e8:08:6e:7e:72:ae:16:9d:
                    73:b8:29:11:a3:34:6f:8d:1f:d3:93:de:1b:d3:32:
                    3a:26:93:f2:d6:3b:53:c6:e6:4b:de:ec:85:81:8f:
                    10:85:54:a3:0d:28:0f:9b:0c:4a:cf:77:f4:67:58:
                    40:df:23:c4:40:2f:76:20:0f:52:cf:51:3d:c6:87:
                    bf:0f:b7:21:a4:43:d1:f2:e6:2c:63:37:73:4a:ce:
                    93:2b:53:b3:36:2c:80:29:1c:ac:78:87:f6:07:4d:
                    21:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:EC:F6:4F:27:25:77:21:F1:9A:D6:A4:41:7F:B5:1C:65:CD:7D:80
            X509v3 Authority Key Identifier:
                keyid:90:DC:CE:91:00:04:51:49:4C:43:C1:5D:17:2D:A2:EB:9D:5B:79:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kNzOkQAEUUlMQ8FdFy2i651beVY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/51fdbb-8ba2-4b7e-980f-ee60b0ddbdaa/1/1Oz2TycldyHxmtakQX-1HGXNfYA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/51fdbb-8ba2-4b7e-980f-ee60b0ddbdaa/1/kNzOkQAEUUlMQ8FdFy2i651beVY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.114.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         19:8f:91:cb:0d:53:9c:06:27:07:36:de:92:8b:7b:57:44:32:
         ec:52:71:f4:37:0e:f2:fa:d6:d6:6b:40:18:ad:63:7f:08:e8:
         42:42:7b:fb:a9:f3:6b:d0:98:16:33:df:2c:97:95:74:82:4e:
         82:52:66:49:e6:90:dd:3c:a7:86:a6:17:ce:e9:47:86:c5:d7:
         20:cf:b4:91:1a:a4:9d:a6:f1:73:92:5e:be:53:f2:db:52:eb:
         b6:46:ed:04:a0:c9:ed:9e:02:61:a5:fe:ae:2f:f5:f1:8e:4d:
         60:08:00:38:40:f3:17:a8:dc:55:91:24:f9:99:91:4c:ca:8f:
         d4:52:24:2f:22:a5:54:61:35:56:91:a4:c5:a5:8c:d5:52:43:
         76:3c:20:35:15:49:cc:63:62:ed:8e:80:7a:21:cc:88:ba:aa:
         4a:07:06:d1:b1:43:a9:17:c7:ec:4b:58:ba:d7:2a:89:6e:19:
         81:32:04:a8:81:9e:fb:0e:53:d5:d9:87:0b:4f:d2:10:36:80:
         1b:78:ce:1e:f2:fe:2d:48:c7:e8:99:66:74:d8:5c:15:22:ed:
         13:ff:ef:d8:9e:d7:4a:ee:54:15:9c:15:19:8c:f8:4f:66:14:
         5c:a8:14:7b:c6:18:7c:fa:48:5c:73:a7:c7:3a:a8:0f:bc:d0:
         7c:30:da:44
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzIcS4U1ncZkdbBjc4dsbJeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwZGNjZTkxMDAwNDUxNDk0YzQzYzE1ZDE3MmRhMmViOWQ1
Yjc5NTYwHhcNMjQwMTAyMDQzMTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGVjZjY0ZjI3MjU3NzIxZjE5YWQ2YTQ0MTdmYjUxYzY1Y2Q3ZDgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgttD/upC73qgA0PdrQabb3JV2cla
iI0YDH/MUTgTqkSBHadPnqPfTB7z/gTVKng/AMPXhlyU58LShijG9JT8z6v4YBMt
L7doWTqNg18engGCZXwbfW67DBzdvE29qDKFVlmZunUrJgfc91NbR0PB1rLqSsHC
QR0Fgl8M2KVV3GPoaY49MSoclY7oK3aGr8/IGezpbVfpMnQEvNsP6AhufnKuFp1z
uCkRozRvjR/Tk94b0zI6JpPy1jtTxuZL3uyFgY8QhVSjDSgPmwxKz3f0Z1hA3yPE
QC92IA9Sz1E9xoe/D7chpEPR8uYsYzdzSs6TK1OzNiyAKRyseIf2B00hHQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFNTs9k8nJXch8ZrWpEF/tRxlzX2AMB8GA1UdIwQY
MBaAFJDczpEABFFJTEPBXRctouudW3lWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva056T2tRQUVVVWxNUThGZEZ5Mmk2NTFiZVZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi81MWZkYmItOGJhMi00YjdlLTk4MGYt
ZWU2MGIwZGRiZGFhLzEvMU96MlR5Y2xkeUh4bXRha1FYLTFIR1hOZllBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi81MWZkYmItOGJhMi00YjdlLTk4MGYtZWU2MGIwZGRiZGFh
LzEva056T2tRQUVVVWxNUThGZEZ5Mmk2NTFiZVZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAg3IwDQYJ
KoZIhvcNAQELBQADggEBABmPkcsNU5wGJwc23pKLe1dEMuxScfQ3DvL61tZrQBit
Y38I6EJCe/up82vQmBYz3yyXlXSCToJSZknmkN08p4amF87pR4bF1yDPtJEapJ2m
8XOSXr5T8ttS67ZG7QSgye2eAmGl/q4v9fGOTWAIADhA8xeo3FWRJPmZkUzKj9RS
JC8ipVRhNVaRpMWljNVSQ3Y8IDUVScxjYu2OgHohzIi6qkoHBtGxQ6kXx+xLWLrX
KoluGYEyBKiBnvsOU9XZhwtP0hA2gBt4zh7y/i1Ix+iZZnTYXBUi7RP/79ie10ru
VBWcFRmM+E9mFFyoFHvGGHz6SFxzp8c6qA+80Hww2kQ=
-----END CERTIFICATE-----