Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/1ed3e2-a09c-49c2-9928-c5c082a313f7/1/mtyuTRzC-9JaoORlY8TKyu8b_y8.roa
File:                     mtyuTRzC-9JaoORlY8TKyu8b_y8.roa (raw, json)
Hash identifier:          2S+z9rT5/2qaxvr4MM+YD7//kX4namDVOC0PxFZMcdk=
Subject key identifier:   9A:DC:AE:4D:1C:C2:FB:D2:5A:A0:E4:65:63:C4:CA:CA:EF:1B:FF:2F
Certificate issuer:       /CN=45962ea566054656ef82aace2d71c76d1b0b88bb
Certificate serial:       018CC8DE207403D49F725DF92DF48FFBC620
Authority key identifier: 45:96:2E:A5:66:05:46:56:EF:82:AA:CE:2D:71:C7:6D:1B:0B:88:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RZYupWYFRlbvgqrOLXHHbRsLiLs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/1ed3e2-a09c-49c2-9928-c5c082a313f7/1/mtyuTRzC-9JaoORlY8TKyu8b_y8.roa
Signing time:             Tue 02 Jan 2024 06:30:49 +0000
ROA not before:           Tue 02 Jan 2024 06:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        130.193.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/1ed3e2-a09c-49c2-9928-c5c082a313f7/1/RZYupWYFRlbvgqrOLXHHbRsLiLs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/1ed3e2-a09c-49c2-9928-c5c082a313f7/1/RZYupWYFRlbvgqrOLXHHbRsLiLs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RZYupWYFRlbvgqrOLXHHbRsLiLs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:20:74:03:d4:9f:72:5d:f9:2d:f4:8f:fb:c6:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45962ea566054656ef82aace2d71c76d1b0b88bb
        Validity
            Not Before: Jan  2 06:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9adcae4d1cc2fbd25aa0e46563c4cacaef1bff2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:64:9c:b3:41:91:80:41:27:4c:44:33:5c:44:
                    da:b8:cf:0d:71:20:f3:cf:c0:41:54:94:1a:fe:88:
                    df:61:49:7d:7a:0b:e1:dd:ac:43:1e:9b:76:fa:f0:
                    52:49:b8:60:c6:72:83:07:24:97:3b:6b:19:54:bd:
                    73:5f:59:c7:6b:bd:62:24:b7:66:c8:08:e3:fc:2b:
                    ff:59:ce:3d:71:b6:ea:9c:2a:71:f5:d6:fd:d1:7b:
                    21:28:14:20:45:8d:45:e0:2b:a5:4d:3d:e8:93:18:
                    d3:a8:d9:a1:a5:38:59:2a:be:fc:37:33:cc:33:3b:
                    ea:1f:32:e3:b9:11:f1:2d:84:9d:ce:ce:db:4e:8e:
                    bd:8a:f3:92:6e:1f:f0:95:60:81:b2:01:89:82:4a:
                    6a:c5:9b:cd:55:7a:73:fe:01:35:52:77:cd:68:76:
                    42:2b:7c:b6:ce:dc:db:cd:e2:d2:48:eb:1a:8a:bc:
                    46:ce:df:9d:ac:78:9c:a5:80:2b:81:41:a8:d1:8f:
                    aa:9b:e8:43:bc:d8:06:9a:16:83:79:f5:5b:cf:91:
                    41:47:a2:e2:ce:23:ed:b3:c7:ce:58:af:43:e9:35:
                    46:f2:81:f2:69:0f:d0:32:35:d6:29:b8:e0:db:a8:
                    2c:fa:97:16:07:82:3e:a2:18:4b:1c:d7:3a:6d:66:
                    2f:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:DC:AE:4D:1C:C2:FB:D2:5A:A0:E4:65:63:C4:CA:CA:EF:1B:FF:2F
            X509v3 Authority Key Identifier:
                keyid:45:96:2E:A5:66:05:46:56:EF:82:AA:CE:2D:71:C7:6D:1B:0B:88:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RZYupWYFRlbvgqrOLXHHbRsLiLs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/1ed3e2-a09c-49c2-9928-c5c082a313f7/1/mtyuTRzC-9JaoORlY8TKyu8b_y8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/1ed3e2-a09c-49c2-9928-c5c082a313f7/1/RZYupWYFRlbvgqrOLXHHbRsLiLs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.193.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:ff:9a:aa:86:b9:4e:ff:e3:b3:6d:6b:cd:d4:38:88:a1:6c:
         c7:09:12:70:bb:93:2a:72:15:5e:cd:32:b0:90:4a:31:74:ac:
         79:30:25:c7:4c:55:45:83:13:89:2b:b7:47:f8:fd:52:ea:60:
         fd:e4:ee:88:eb:9e:57:d5:f9:af:bf:2c:50:42:1d:97:7d:a3:
         09:cc:c5:53:38:6a:1b:c4:a3:22:3a:70:39:50:19:b5:04:29:
         5f:fc:e8:2b:31:14:c8:64:69:d2:7f:63:c3:05:ae:0d:34:20:
         e5:6f:af:9b:d1:58:df:a1:f3:c3:f8:d6:3c:f6:12:85:93:b0:
         c0:ce:2b:08:04:de:1a:d1:01:2a:77:a5:c4:0e:81:1f:a9:ab:
         0f:e5:b6:93:70:ae:1e:f4:0c:68:75:1e:33:ea:a0:7a:a0:88:
         ef:a9:9c:0d:7e:8c:e9:bd:a9:cb:9e:dd:d4:db:f2:0d:b2:7c:
         d5:f4:cf:0a:a9:7a:48:9b:aa:6b:b1:5f:6d:0d:08:09:f1:1b:
         9c:3e:af:cf:e6:39:01:0c:21:6d:6f:04:9e:03:40:fb:ba:20:
         b6:e6:5c:25:4a:d5:89:eb:45:97:31:99:a0:3f:6a:c2:0e:ef:
         bc:26:8b:a7:82:15:71:a7:77:d9:0b:b3:2f:23:d1:55:0e:03:
         5a:dd:5c:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3iB0A9Sfcl35LfSP+8YgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1OTYyZWE1NjYwNTQ2NTZlZjgyYWFjZTJkNzFjNzZkMWIw
Yjg4YmIwHhcNMjQwMTAyMDYzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWRjYWU0ZDFjYzJmYmQyNWFhMGU0NjU2M2M0Y2FjYWVmMWJmZjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhmScs0GRgEEnTEQzXETauM8NcSDz
z8BBVJQa/ojfYUl9egvh3axDHpt2+vBSSbhgxnKDBySXO2sZVL1zX1nHa71iJLdm
yAjj/Cv/Wc49cbbqnCpx9db90XshKBQgRY1F4CulTT3okxjTqNmhpThZKr78NzPM
MzvqHzLjuRHxLYSdzs7bTo69ivOSbh/wlWCBsgGJgkpqxZvNVXpz/gE1UnfNaHZC
K3y2ztzbzeLSSOsairxGzt+drHicpYArgUGo0Y+qm+hDvNgGmhaDefVbz5FBR6Li
ziPts8fOWK9D6TVG8oHyaQ/QMjXWKbjg26gs+pcWB4I+ohhLHNc6bWYvTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJrcrk0cwvvSWqDkZWPEysrvG/8vMB8GA1UdIwQY
MBaAFEWWLqVmBUZW74Kqzi1xx20bC4i7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlpZdXBXWUZSbGJ2Z3FyT0xYSEhiUnNMaUxzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8xZWQzZTItYTA5Yy00OWMyLTk5Mjgt
YzVjMDgyYTMxM2Y3LzEvbXR5dVRSekMtOUphb09SbFk4VEt5dThiX3k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8xZWQzZTItYTA5Yy00OWMyLTk5MjgtYzVjMDgyYTMxM2Y3
LzEvUlpZdXBXWUZSbGJ2Z3FyT0xYSEhiUnNMaUxzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgsECMA0G
CSqGSIb3DQEBCwUAA4IBAQCI/5qqhrlO/+OzbWvN1DiIoWzHCRJwu5MqchVezTKw
kEoxdKx5MCXHTFVFgxOJK7dH+P1S6mD95O6I655X1fmvvyxQQh2XfaMJzMVTOGob
xKMiOnA5UBm1BClf/OgrMRTIZGnSf2PDBa4NNCDlb6+b0VjfofPD+NY89hKFk7DA
zisIBN4a0QEqd6XEDoEfqasP5baTcK4e9AxodR4z6qB6oIjvqZwNfozpvanLnt3U
2/INsnzV9M8KqXpIm6prsV9tDQgJ8RucPq/P5jkBDCFtbwSeA0D7uiC25lwlStWJ
60WXMZmgP2rCDu+8JounghVxp3fZC7MvI9FVDgNa3Vyt
-----END CERTIFICATE-----