Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/03b79a-30ed-4d26-8585-9c5d351526b3/1/YRJyPi3-8d1Eb0U-Dtz2-baff88.roa
File:                     YRJyPi3-8d1Eb0U-Dtz2-baff88.roa (raw, json)
Hash identifier:          EVsNZiVUsHmY+4zLTMqXTDDLsUAMPA9Dun3CUsDfG+0=
Subject key identifier:   61:12:72:3E:2D:FE:F1:DD:44:6F:45:3E:0E:DC:F6:F9:B6:9F:7F:CF
Certificate issuer:       /CN=b43c9c1bdd1e15288ab930d40051b3653cb09e7a
Certificate serial:       018CC3B71DFEBC22577547F9FBD020769FA3
Authority key identifier: B4:3C:9C:1B:DD:1E:15:28:8A:B9:30:D4:00:51:B3:65:3C:B0:9E:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDycG90eFSiKuTDUAFGzZTywnno.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/03b79a-30ed-4d26-8585-9c5d351526b3/1/YRJyPi3-8d1Eb0U-Dtz2-baff88.roa
Signing time:             Mon 01 Jan 2024 06:30:07 +0000
ROA not before:           Mon 01 Jan 2024 06:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        134.176.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/03b79a-30ed-4d26-8585-9c5d351526b3/1/tDycG90eFSiKuTDUAFGzZTywnno.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/03b79a-30ed-4d26-8585-9c5d351526b3/1/tDycG90eFSiKuTDUAFGzZTywnno.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDycG90eFSiKuTDUAFGzZTywnno.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:1d:fe:bc:22:57:75:47:f9:fb:d0:20:76:9f:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b43c9c1bdd1e15288ab930d40051b3653cb09e7a
        Validity
            Not Before: Jan  1 06:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6112723e2dfef1dd446f453e0edcf6f9b69f7fcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:fe:ad:39:ac:fa:b5:28:40:b1:3e:24:3b:19:
                    a2:0d:3e:fc:73:e6:76:bf:3e:22:a1:74:ac:b3:62:
                    24:5d:cc:6f:a6:7f:55:59:d8:ba:2b:b7:b6:97:5e:
                    90:42:8c:7b:88:d1:75:38:c3:53:20:a1:9e:aa:61:
                    08:98:68:cb:3d:c8:72:b0:e8:be:7b:47:59:f5:d0:
                    38:cc:fe:41:50:16:90:59:e4:00:cf:52:7f:f3:a0:
                    f0:23:d6:c7:c8:3f:13:54:19:3a:15:41:0f:92:5c:
                    f6:0f:a2:32:b1:99:5e:b5:e1:06:c1:26:e3:b6:e6:
                    5c:c5:df:1c:a3:63:44:16:7f:37:67:1f:12:55:d6:
                    d2:41:4e:4d:7a:87:5b:2c:5c:7b:9f:2e:0e:46:c1:
                    5e:4c:ea:50:c4:5d:9d:a5:36:75:1b:4d:e4:7d:e5:
                    95:4a:ab:34:cb:d4:4b:cf:59:b7:4c:d7:e3:a5:f1:
                    b1:7a:eb:1f:e0:d4:de:bc:b1:bb:a1:c9:ad:ef:02:
                    8d:bb:c5:43:f5:a3:2e:9d:3d:be:ed:a6:46:27:3c:
                    6e:e8:7a:1a:5c:76:da:dd:3f:cc:b9:79:8d:5f:e2:
                    f7:87:20:85:56:cc:b6:57:f4:19:11:2c:35:8c:5b:
                    d1:11:ab:25:f8:f9:a0:b3:1c:a2:5d:66:09:82:1d:
                    05:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:12:72:3E:2D:FE:F1:DD:44:6F:45:3E:0E:DC:F6:F9:B6:9F:7F:CF
            X509v3 Authority Key Identifier:
                keyid:B4:3C:9C:1B:DD:1E:15:28:8A:B9:30:D4:00:51:B3:65:3C:B0:9E:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDycG90eFSiKuTDUAFGzZTywnno.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/03b79a-30ed-4d26-8585-9c5d351526b3/1/YRJyPi3-8d1Eb0U-Dtz2-baff88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/03b79a-30ed-4d26-8585-9c5d351526b3/1/tDycG90eFSiKuTDUAFGzZTywnno.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.176.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3d:a1:e3:d9:4c:3d:1f:68:ae:3d:9f:26:a8:a8:78:d5:00:d6:
         54:10:e6:25:93:ff:fe:da:83:92:8f:fc:0a:c0:ad:ef:65:d7:
         93:2b:d7:31:86:13:d9:fe:47:7c:19:ae:f1:af:94:9c:80:d7:
         5a:2b:a6:b9:16:9a:ca:5b:6d:ce:c3:3d:c0:89:62:f0:47:79:
         e2:ed:c9:4e:bf:2c:16:0a:4d:05:53:ff:93:d2:e5:12:ff:c7:
         1b:84:9a:a9:86:90:50:a2:4c:6d:26:4e:3d:09:d2:87:9d:78:
         c5:c6:67:63:86:da:98:a6:12:03:99:4d:c3:93:11:87:be:bf:
         11:19:fb:70:80:00:98:54:67:2d:16:f6:db:e4:08:68:b6:49:
         0f:9b:fa:c0:9c:4b:b2:7b:c1:7b:b8:eb:71:39:e6:42:5b:14:
         76:a2:03:74:dc:dd:f7:28:b4:7d:7c:4a:b0:52:91:33:4c:9c:
         04:b1:ba:36:62:9b:2b:a2:01:56:9b:e8:e9:7c:71:07:1e:dc:
         d6:ff:a3:fc:f9:ef:2c:8c:3e:37:df:6c:f7:ad:7b:e5:27:7e:
         71:20:56:0b:f2:41:d2:e3:35:42:3d:b4:72:10:6a:ce:3d:d2:
         8f:48:30:fe:28:e7:a7:99:60:38:19:cb:b8:fd:6e:b8:3f:b9:
         10:50:8f:d0
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzDtx3+vCJXdUf5+9Agdp+jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0M2M5YzFiZGQxZTE1Mjg4YWI5MzBkNDAwNTFiMzY1M2Ni
MDllN2EwHhcNMjQwMTAxMDYzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTEyNzIzZTJkZmVmMWRkNDQ2ZjQ1M2UwZWRjZjZmOWI2OWY3ZmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvv6tOaz6tShAsT4kOxmiDT78c+Z2
vz4ioXSss2IkXcxvpn9VWdi6K7e2l16QQox7iNF1OMNTIKGeqmEImGjLPchysOi+
e0dZ9dA4zP5BUBaQWeQAz1J/86DwI9bHyD8TVBk6FUEPklz2D6IysZleteEGwSbj
tuZcxd8co2NEFn83Zx8SVdbSQU5NeodbLFx7ny4ORsFeTOpQxF2dpTZ1G03kfeWV
Sqs0y9RLz1m3TNfjpfGxeusf4NTevLG7ocmt7wKNu8VD9aMunT2+7aZGJzxu6Hoa
XHba3T/MuXmNX+L3hyCFVsy2V/QZESw1jFvREasl+PmgsxyiXWYJgh0FUwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFGEScj4t/vHdRG9FPg7c9vm2n3/PMB8GA1UdIwQY
MBaAFLQ8nBvdHhUoirkw1ABRs2U8sJ56MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdER5Y0c5MGVGU2lLdVREVUFGR3paVHl3bm5vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC8wM2I3OWEtMzBlZC00ZDI2LTg1ODUt
OWM1ZDM1MTUyNmIzLzEvWVJKeVBpMy04ZDFFYjBVLUR0ejItYmFmZjg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC8wM2I3OWEtMzBlZC00ZDI2LTg1ODUtOWM1ZDM1MTUyNmIz
LzEvdER5Y0c5MGVGU2lLdVREVUFGR3paVHl3bm5vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAhrAwDQYJ
KoZIhvcNAQELBQADggEBAD2h49lMPR9orj2fJqioeNUA1lQQ5iWT//7ag5KP/ArA
re9l15Mr1zGGE9n+R3wZrvGvlJyA11orprkWmspbbc7DPcCJYvBHeeLtyU6/LBYK
TQVT/5PS5RL/xxuEmqmGkFCiTG0mTj0J0oedeMXGZ2OG2pimEgOZTcOTEYe+vxEZ
+3CAAJhUZy0W9tvkCGi2SQ+b+sCcS7J7wXu463E55kJbFHaiA3Tc3fcotH18SrBS
kTNMnASxujZimyuiAVab6Ol8cQce3Nb/o/z57yyMPjffbPete+UnfnEgVgvyQdLj
NUI9tHIQas490o9IMP4o56eZYDgZy7j9brg/uRBQj9A=
-----END CERTIFICATE-----