Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/3ba7cd-e815-45ce-92e1-202c51720ab7/1/U09PaAX2gIT9GofmCj819cjr9kM.roa
File:                     U09PaAX2gIT9GofmCj819cjr9kM.roa (raw, json)
Hash identifier:          vOHNuhKmzJzmUEDZAuL5feLSLcKapp9hNyu+rDA8sOg=
Subject key identifier:   53:4F:4F:68:05:F6:80:84:FD:1A:87:E6:0A:3F:35:F5:C8:EB:F6:43
Certificate issuer:       /CN=e2c6816e0a3a2f616c3aa77a36b4caf7a9224034
Certificate serial:       018CC56E0F96AFDF788D142B4D34FF518780
Authority key identifier: E2:C6:81:6E:0A:3A:2F:61:6C:3A:A7:7A:36:B4:CA:F7:A9:22:40:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4saBbgo6L2FsOqd6NrTK96kiQDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/3ba7cd-e815-45ce-92e1-202c51720ab7/1/U09PaAX2gIT9GofmCj819cjr9kM.roa
Signing time:             Mon 01 Jan 2024 14:29:33 +0000
ROA not before:           Mon 01 Jan 2024 14:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        134.102.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/3ba7cd-e815-45ce-92e1-202c51720ab7/1/4saBbgo6L2FsOqd6NrTK96kiQDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/3ba7cd-e815-45ce-92e1-202c51720ab7/1/4saBbgo6L2FsOqd6NrTK96kiQDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4saBbgo6L2FsOqd6NrTK96kiQDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:0f:96:af:df:78:8d:14:2b:4d:34:ff:51:87:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c6816e0a3a2f616c3aa77a36b4caf7a9224034
        Validity
            Not Before: Jan  1 14:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=534f4f6805f68084fd1a87e60a3f35f5c8ebf643
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:12:7a:cd:ae:b3:c2:e9:c3:c5:7c:59:70:5d:
                    11:fd:68:99:de:72:f3:1c:e6:8f:0c:87:c4:54:f7:
                    12:38:39:b6:3f:dc:9e:b7:85:ee:db:ca:68:f6:e9:
                    02:4e:78:74:24:95:34:ff:3e:de:ea:3c:05:cc:e8:
                    20:4b:e4:7e:6a:42:65:08:08:76:a3:a6:e6:d6:31:
                    d1:23:06:9e:09:e8:4e:0b:35:8e:50:8e:0f:98:9e:
                    1c:78:2f:dd:0d:c8:07:09:70:0e:a6:dc:7e:28:e9:
                    fe:62:bb:a9:69:6a:79:92:95:cd:2d:80:b6:4a:f9:
                    3c:9a:43:c0:1e:a4:f7:f8:e9:a0:2b:38:65:c8:f4:
                    3a:a4:af:db:72:40:39:98:c4:13:ee:c6:ba:82:e8:
                    4c:69:38:36:55:5a:ab:87:f6:c7:89:32:24:cf:a8:
                    91:47:bc:25:9c:2e:47:ac:7f:32:63:f9:94:29:de:
                    8f:c4:4a:ef:e4:ac:fc:ef:23:9b:82:70:11:08:1c:
                    7f:75:1d:b3:61:e3:4e:0f:29:16:75:43:1d:35:03:
                    8c:fe:58:d9:63:3b:43:bc:ed:20:cf:be:c3:e8:44:
                    a1:23:41:96:da:bd:ec:5f:fa:4c:1d:5d:3b:87:a1:
                    cc:c5:12:6c:bc:e2:7b:0c:34:1c:0f:b5:a9:97:46:
                    6f:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:4F:4F:68:05:F6:80:84:FD:1A:87:E6:0A:3F:35:F5:C8:EB:F6:43
            X509v3 Authority Key Identifier:
                keyid:E2:C6:81:6E:0A:3A:2F:61:6C:3A:A7:7A:36:B4:CA:F7:A9:22:40:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4saBbgo6L2FsOqd6NrTK96kiQDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/3ba7cd-e815-45ce-92e1-202c51720ab7/1/U09PaAX2gIT9GofmCj819cjr9kM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/3ba7cd-e815-45ce-92e1-202c51720ab7/1/4saBbgo6L2FsOqd6NrTK96kiQDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.102.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         19:1d:e1:d2:fc:30:66:8c:80:f7:b6:4f:68:5e:d6:3f:95:24:
         e0:6b:82:9e:e5:d5:c1:a1:5d:80:2a:14:9d:b9:6b:4f:db:38:
         75:47:7e:7a:7d:7e:18:6d:c1:2c:06:9e:4a:c8:79:97:f2:bf:
         af:bb:a7:41:1d:96:c5:39:8d:88:93:b3:6c:f3:e5:50:21:2a:
         b2:a8:fe:40:e6:1b:cb:aa:77:79:43:d0:af:62:64:54:6b:17:
         32:62:44:ce:bf:64:a0:fd:1c:e1:54:2e:0d:24:4f:93:ee:d9:
         25:20:06:c7:93:72:f5:a0:29:53:7d:ce:8a:82:da:7a:85:2b:
         2e:32:55:de:29:62:77:b3:ad:65:83:df:02:0a:a2:3b:6d:3b:
         ec:29:72:0c:3e:21:ce:e2:b9:46:9c:ad:9e:b6:c4:bc:40:4a:
         a2:3e:d9:9f:82:5f:81:63:04:fa:c6:e1:10:9d:15:d9:b4:69:
         a4:18:ac:39:92:07:87:4e:0c:f3:73:bd:05:ca:a5:18:5d:fb:
         1f:5c:2d:c7:73:b4:b9:e1:a3:6c:89:e0:78:36:79:de:5e:03:
         17:87:fd:1d:e4:8a:ca:83:af:0d:5e:3f:07:f7:ad:42:ab:99:
         82:a6:ec:fd:f8:21:3c:5d:31:87:d5:d6:33:a8:19:da:ed:e8:
         22:2f:80:af
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzFbg+Wr994jRQrTTT/UYeAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzY4MTZlMGEzYTJmNjE2YzNhYTc3YTM2YjRjYWY3YTky
MjQwMzQwHhcNMjQwMTAxMTQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzRmNGY2ODA1ZjY4MDg0ZmQxYTg3ZTYwYTNmMzVmNWM4ZWJmNjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkBJ6za6zwunDxXxZcF0R/WiZ3nLz
HOaPDIfEVPcSODm2P9yet4Xu28po9ukCTnh0JJU0/z7e6jwFzOggS+R+akJlCAh2
o6bm1jHRIwaeCehOCzWOUI4PmJ4ceC/dDcgHCXAOptx+KOn+YrupaWp5kpXNLYC2
Svk8mkPAHqT3+OmgKzhlyPQ6pK/bckA5mMQT7sa6guhMaTg2VVqrh/bHiTIkz6iR
R7wlnC5HrH8yY/mUKd6PxErv5Kz87yObgnARCBx/dR2zYeNODykWdUMdNQOM/ljZ
YztDvO0gz77D6EShI0GW2r3sX/pMHV07h6HMxRJsvOJ7DDQcD7Wpl0Zv6wIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFFNPT2gF9oCE/RqH5go/NfXI6/ZDMB8GA1UdIwQY
MBaAFOLGgW4KOi9hbDqneja0yvepIkA0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNhQmJnbzZMMkZzT3FkNk5yVEs5NmtpUURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8zYmE3Y2QtZTgxNS00NWNlLTkyZTEt
MjAyYzUxNzIwYWI3LzEvVTA5UGFBWDJnSVQ5R29mbUNqODE5Y2pyOWtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8zYmE3Y2QtZTgxNS00NWNlLTkyZTEtMjAyYzUxNzIwYWI3
LzEvNHNhQmJnbzZMMkZzT3FkNk5yVEs5NmtpUURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAhmYwDQYJ
KoZIhvcNAQELBQADggEBABkd4dL8MGaMgPe2T2he1j+VJOBrgp7l1cGhXYAqFJ25
a0/bOHVHfnp9fhhtwSwGnkrIeZfyv6+7p0EdlsU5jYiTs2zz5VAhKrKo/kDmG8uq
d3lD0K9iZFRrFzJiRM6/ZKD9HOFULg0kT5Pu2SUgBseTcvWgKVN9zoqC2nqFKy4y
Vd4pYnezrWWD3wIKojttO+wpcgw+Ic7iuUacrZ62xLxASqI+2Z+CX4FjBPrG4RCd
Fdm0aaQYrDmSB4dODPNzvQXKpRhd+x9cLcdztLnho2yJ4Hg2ed5eAxeH/R3kisqD
rw1ePwf3rUKrmYKm7P34ITxdMYfV1jOoGdrt6CIvgK8=
-----END CERTIFICATE-----