Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/03b79a-30ed-4d26-8585-9c5d351526b3/1/yUpCnFh46Tqx7sCXg4QHc_cNe3o.roa
File:                     yUpCnFh46Tqx7sCXg4QHc_cNe3o.roa (raw, json)
Hash identifier:          cp+PmQthE9hblxpquCO9Uz9at9P5Zu4kvGvMw6tU+Ug=
Subject key identifier:   C9:4A:42:9C:58:78:E9:3A:B1:EE:C0:97:83:84:07:73:F7:0D:7B:7A
Certificate issuer:       /CN=b43c9c1bdd1e15288ab930d40051b3653cb09e7a
Certificate serial:       019423D6F81FC562998190DA0AC4E14F1F34
Authority key identifier: B4:3C:9C:1B:DD:1E:15:28:8A:B9:30:D4:00:51:B3:65:3C:B0:9E:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tDycG90eFSiKuTDUAFGzZTywnno.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/03b79a-30ed-4d26-8585-9c5d351526b3/1/yUpCnFh46Tqx7sCXg4QHc_cNe3o.roa
Signing time:             Wed 01 Jan 2025 21:47:58 +0000
ROA not before:           Wed 01 Jan 2025 21:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        134.176.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/03b79a-30ed-4d26-8585-9c5d351526b3/1/tDycG90eFSiKuTDUAFGzZTywnno.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/03b79a-30ed-4d26-8585-9c5d351526b3/1/tDycG90eFSiKuTDUAFGzZTywnno.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tDycG90eFSiKuTDUAFGzZTywnno.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:f8:1f:c5:62:99:81:90:da:0a:c4:e1:4f:1f:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b43c9c1bdd1e15288ab930d40051b3653cb09e7a
        Validity
            Not Before: Jan  1 21:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c94a429c5878e93ab1eec09783840773f70d7b7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:24:d0:ab:c0:74:38:ea:99:db:d4:25:62:3c:
                    22:27:3f:e9:29:f5:d2:ad:9f:c1:dc:f6:81:c7:d3:
                    fa:06:29:39:9c:61:7e:e4:ad:ed:96:06:d6:97:27:
                    89:5d:e6:5e:31:96:60:67:ae:c9:c3:68:5a:16:20:
                    99:f4:0c:a8:43:a7:79:8c:60:56:02:58:32:b9:9d:
                    16:22:06:01:fe:5f:6c:24:e5:75:eb:3c:77:40:a9:
                    ce:a4:58:82:aa:07:a0:b3:2f:39:15:65:3d:18:dd:
                    f1:f3:52:17:c0:80:18:cc:9b:08:84:8f:4a:ef:7c:
                    fb:86:a8:47:9f:7c:f9:09:ed:ff:10:f0:b4:b6:50:
                    61:2b:00:73:b2:ab:74:51:86:85:56:94:8d:4c:c3:
                    10:36:69:4b:2a:92:a0:4f:b2:9a:01:29:db:19:47:
                    36:51:38:ec:08:b4:eb:27:c9:3e:3d:6c:7c:0a:3e:
                    6b:b3:1b:c6:bc:c2:58:55:5d:2e:a3:93:30:40:7d:
                    87:33:83:9e:8c:9e:b6:0c:4b:24:1b:e7:4b:1e:ba:
                    f4:c4:64:77:c2:9c:4e:da:61:7a:84:57:0d:f6:be:
                    ba:ed:07:08:28:6f:20:7d:01:a3:05:48:fc:db:b0:
                    66:ad:20:75:31:16:f2:53:67:84:fa:88:39:e6:b8:
                    46:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:4A:42:9C:58:78:E9:3A:B1:EE:C0:97:83:84:07:73:F7:0D:7B:7A
            X509v3 Authority Key Identifier:
                keyid:B4:3C:9C:1B:DD:1E:15:28:8A:B9:30:D4:00:51:B3:65:3C:B0:9E:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tDycG90eFSiKuTDUAFGzZTywnno.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/03b79a-30ed-4d26-8585-9c5d351526b3/1/yUpCnFh46Tqx7sCXg4QHc_cNe3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/03b79a-30ed-4d26-8585-9c5d351526b3/1/tDycG90eFSiKuTDUAFGzZTywnno.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.176.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2c:ea:f6:1d:76:06:2f:03:18:22:6c:de:a3:62:ce:4a:25:07:
         b7:1a:f8:4a:0a:6c:8c:d0:22:8a:52:ce:18:bb:36:d8:de:81:
         33:6e:5d:0b:49:71:6d:17:f7:93:20:58:69:67:53:87:db:33:
         55:4c:bd:89:4b:8a:af:ec:b1:0d:8e:22:67:cf:33:3c:e8:56:
         49:71:35:90:f8:a2:61:4e:f9:6e:80:cb:fd:12:80:e2:05:79:
         f2:d0:80:7b:c4:cd:15:8a:fa:c3:1a:7c:10:cb:9a:bb:f9:5a:
         c9:c0:3a:5f:66:1a:18:e9:1f:38:f7:f5:b6:2d:b8:7e:16:a3:
         c7:5c:a0:b3:42:33:f1:c4:87:7b:6c:1e:8c:61:84:7d:22:5d:
         ab:41:c8:57:04:3a:dd:84:bf:ec:e6:54:bf:aa:be:fd:1d:29:
         3f:c6:c2:bf:c9:22:83:71:d2:69:55:16:17:29:9e:f6:27:76:
         3a:0c:87:d6:ed:0b:ed:1c:33:4f:3b:b0:e7:93:0f:0c:69:e6:
         eb:ba:b7:27:ef:e7:db:5a:1e:ce:e6:60:1f:d1:c6:4f:74:c8:
         e2:5e:c3:96:4d:bc:0a:a2:46:43:fd:8b:21:a1:22:59:3a:2e:
         19:73:4c:bc:b0:08:58:e8:d4:82:35:a8:ca:db:31:52:b3:15:
         06:b1:e6:75
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQj1vgfxWKZgZDaCsThTx80MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0M2M5YzFiZGQxZTE1Mjg4YWI5MzBkNDAwNTFiMzY1M2Ni
MDllN2EwHhcNMjUwMTAxMjE0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTRhNDI5YzU4NzhlOTNhYjFlZWMwOTc4Mzg0MDc3M2Y3MGQ3YjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviTQq8B0OOqZ29QlYjwiJz/pKfXS
rZ/B3PaBx9P6Bik5nGF+5K3tlgbWlyeJXeZeMZZgZ67Jw2haFiCZ9AyoQ6d5jGBW
AlgyuZ0WIgYB/l9sJOV16zx3QKnOpFiCqgegsy85FWU9GN3x81IXwIAYzJsIhI9K
73z7hqhHn3z5Ce3/EPC0tlBhKwBzsqt0UYaFVpSNTMMQNmlLKpKgT7KaASnbGUc2
UTjsCLTrJ8k+PWx8Cj5rsxvGvMJYVV0uo5MwQH2HM4OejJ62DEskG+dLHrr0xGR3
wpxO2mF6hFcN9r667QcIKG8gfQGjBUj827BmrSB1MRbyU2eE+og55rhGAQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFMlKQpxYeOk6se7Al4OEB3P3DXt6MB8GA1UdIwQY
MBaAFLQ8nBvdHhUoirkw1ABRs2U8sJ56MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdER5Y0c5MGVGU2lLdVREVUFGR3paVHl3bm5vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC8wM2I3OWEtMzBlZC00ZDI2LTg1ODUt
OWM1ZDM1MTUyNmIzLzEveVVwQ25GaDQ2VHF4N3NDWGc0UUhjX2NOZTNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC8wM2I3OWEtMzBlZC00ZDI2LTg1ODUtOWM1ZDM1MTUyNmIz
LzEvdER5Y0c5MGVGU2lLdVREVUFGR3paVHl3bm5vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAhrAwDQYJ
KoZIhvcNAQELBQADggEBACzq9h12Bi8DGCJs3qNizkolB7ca+EoKbIzQIopSzhi7
NtjegTNuXQtJcW0X95MgWGlnU4fbM1VMvYlLiq/ssQ2OImfPMzzoVklxNZD4omFO
+W6Ay/0SgOIFefLQgHvEzRWK+sMafBDLmrv5WsnAOl9mGhjpHzj39bYtuH4Wo8dc
oLNCM/HEh3tsHoxhhH0iXatByFcEOt2Ev+zmVL+qvv0dKT/Gwr/JIoNx0mlVFhcp
nvYndjoMh9btC+0cM087sOeTDwxp5uu6tyfv59taHs7mYB/Rxk90yOJew5ZNvAqi
RkP9iyGhIlk6LhlzTLywCFjo1II1qMrbMVKzFQax5nU=
-----END CERTIFICATE-----