Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/3ba7cd-e815-45ce-92e1-202c51720ab7/1/ulLbtOc6Qp1yKXQQUOt_f70BmFE.roa
File:                     ulLbtOc6Qp1yKXQQUOt_f70BmFE.roa (raw, json)
Hash identifier:          YXCw2FZd5PginHPRvRNBgQK3YOd2UnylrB+hjikSz1U=
Subject key identifier:   BA:52:DB:B4:E7:3A:42:9D:72:29:74:10:50:EB:7F:7F:BD:01:98:51
Certificate issuer:       /CN=e2c6816e0a3a2f616c3aa77a36b4caf7a9224034
Certificate serial:       01941FFAB9EAD8D266A316AE667ED26A65DF
Authority key identifier: E2:C6:81:6E:0A:3A:2F:61:6C:3A:A7:7A:36:B4:CA:F7:A9:22:40:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4saBbgo6L2FsOqd6NrTK96kiQDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/3ba7cd-e815-45ce-92e1-202c51720ab7/1/ulLbtOc6Qp1yKXQQUOt_f70BmFE.roa
Signing time:             Wed 01 Jan 2025 03:48:32 +0000
ROA not before:           Wed 01 Jan 2025 03:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        134.102.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/3ba7cd-e815-45ce-92e1-202c51720ab7/1/4saBbgo6L2FsOqd6NrTK96kiQDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/3ba7cd-e815-45ce-92e1-202c51720ab7/1/4saBbgo6L2FsOqd6NrTK96kiQDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4saBbgo6L2FsOqd6NrTK96kiQDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:b9:ea:d8:d2:66:a3:16:ae:66:7e:d2:6a:65:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c6816e0a3a2f616c3aa77a36b4caf7a9224034
        Validity
            Not Before: Jan  1 03:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba52dbb4e73a429d7229741050eb7f7fbd019851
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:07:9f:60:f1:72:48:ac:69:60:f8:4f:20:ad:
                    fd:31:0d:ed:27:d6:56:43:23:e7:6a:23:34:1c:2c:
                    40:39:67:2e:36:72:cf:e0:d3:1b:58:3c:64:1d:eb:
                    47:3a:e7:a5:53:a9:c8:0f:2c:24:39:60:9c:0d:64:
                    ed:56:72:7d:eb:6c:e8:36:fa:c9:9e:1b:b0:10:ad:
                    68:c5:a8:20:6d:f8:c0:6b:a2:58:c6:36:73:39:2a:
                    f4:a7:5e:74:2a:1e:bc:e8:52:00:40:97:16:55:94:
                    bc:91:c2:3a:b1:9a:fe:0a:51:77:c5:a2:cd:76:ef:
                    d2:ac:39:c1:86:5a:9e:e7:c1:09:49:c1:4c:b6:77:
                    c4:e5:97:8c:31:7a:81:ce:04:b9:09:e2:03:b7:97:
                    a5:11:30:3e:00:ad:b7:7a:a6:fd:96:05:cf:22:2c:
                    23:21:2e:7a:e0:9c:7b:27:b0:75:42:94:c3:6a:38:
                    20:b3:8d:f6:81:36:14:8a:43:ec:b0:4b:62:60:58:
                    8d:3a:7d:45:ac:20:0a:b0:5e:82:c2:a7:74:b4:b1:
                    01:38:fd:97:b5:68:58:88:b4:52:8a:36:2b:fc:ef:
                    40:cb:bf:24:7b:1d:ee:b1:15:6f:07:0c:5e:6d:7b:
                    77:43:36:37:7a:f0:e1:05:3a:2d:11:75:10:7c:4e:
                    06:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:52:DB:B4:E7:3A:42:9D:72:29:74:10:50:EB:7F:7F:BD:01:98:51
            X509v3 Authority Key Identifier:
                keyid:E2:C6:81:6E:0A:3A:2F:61:6C:3A:A7:7A:36:B4:CA:F7:A9:22:40:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4saBbgo6L2FsOqd6NrTK96kiQDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/3ba7cd-e815-45ce-92e1-202c51720ab7/1/ulLbtOc6Qp1yKXQQUOt_f70BmFE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/3ba7cd-e815-45ce-92e1-202c51720ab7/1/4saBbgo6L2FsOqd6NrTK96kiQDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.102.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         12:74:40:1b:13:92:b3:69:24:df:a6:00:f8:0b:ff:0d:b7:af:
         5c:5f:54:86:6e:b8:32:ec:3c:38:38:b0:d0:41:07:fc:fd:96:
         6e:bd:90:df:57:78:c8:77:ad:4b:27:1f:17:e0:38:98:61:31:
         7e:13:64:97:dd:98:a5:3b:c8:f8:06:0a:5c:db:15:ba:90:c5:
         10:7f:85:32:8b:68:0e:9d:5f:8a:a6:93:37:8a:76:bd:a5:d1:
         13:37:11:9b:e1:16:e2:46:40:3f:7f:ba:9a:ad:07:fa:5a:39:
         41:b8:7d:c6:5d:24:42:ad:e4:e0:6d:a5:1e:33:f6:1e:32:83:
         d2:76:5f:f8:1e:a3:e2:8f:cf:fc:dc:2a:e9:e7:bb:bb:0c:b1:
         08:cb:e5:cb:ea:61:7b:1b:d3:5f:17:68:8d:f3:24:83:9a:91:
         db:2f:18:4a:70:4c:e8:7f:07:04:8d:04:59:73:2e:6f:8c:bd:
         b3:b1:13:dd:12:1c:ed:5c:bb:cf:10:8d:33:0b:82:7d:55:f8:
         c5:5d:61:93:02:6b:32:de:c7:f8:f8:37:01:5d:68:0c:8f:d5:
         42:52:b3:f4:f3:7d:16:30:0c:82:79:4c:72:51:ca:fa:28:75:
         d3:69:64:db:ec:d7:aa:f2:8c:2c:42:8c:8a:c2:10:80:82:50:
         e0:f8:fd:f2
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQf+rnq2NJmoxauZn7SamXfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzY4MTZlMGEzYTJmNjE2YzNhYTc3YTM2YjRjYWY3YTky
MjQwMzQwHhcNMjUwMTAxMDM0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTUyZGJiNGU3M2E0MjlkNzIyOTc0MTA1MGViN2Y3ZmJkMDE5ODUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQefYPFySKxpYPhPIK39MQ3tJ9ZW
QyPnaiM0HCxAOWcuNnLP4NMbWDxkHetHOuelU6nIDywkOWCcDWTtVnJ962zoNvrJ
nhuwEK1oxaggbfjAa6JYxjZzOSr0p150Kh686FIAQJcWVZS8kcI6sZr+ClF3xaLN
du/SrDnBhlqe58EJScFMtnfE5ZeMMXqBzgS5CeIDt5elETA+AK23eqb9lgXPIiwj
IS564Jx7J7B1QpTDajggs432gTYUikPssEtiYFiNOn1FrCAKsF6Cwqd0tLEBOP2X
tWhYiLRSijYr/O9Ay78kex3usRVvBwxebXt3QzY3evDhBTotEXUQfE4GDQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFLpS27TnOkKdcil0EFDrf3+9AZhRMB8GA1UdIwQY
MBaAFOLGgW4KOi9hbDqneja0yvepIkA0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNhQmJnbzZMMkZzT3FkNk5yVEs5NmtpUURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8zYmE3Y2QtZTgxNS00NWNlLTkyZTEt
MjAyYzUxNzIwYWI3LzEvdWxMYnRPYzZRcDF5S1hRUVVPdF9mNzBCbUZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8zYmE3Y2QtZTgxNS00NWNlLTkyZTEtMjAyYzUxNzIwYWI3
LzEvNHNhQmJnbzZMMkZzT3FkNk5yVEs5NmtpUURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAhmYwDQYJ
KoZIhvcNAQELBQADggEBABJ0QBsTkrNpJN+mAPgL/w23r1xfVIZuuDLsPDg4sNBB
B/z9lm69kN9XeMh3rUsnHxfgOJhhMX4TZJfdmKU7yPgGClzbFbqQxRB/hTKLaA6d
X4qmkzeKdr2l0RM3EZvhFuJGQD9/upqtB/paOUG4fcZdJEKt5OBtpR4z9h4yg9J2
X/geo+KPz/zcKunnu7sMsQjL5cvqYXsb018XaI3zJIOakdsvGEpwTOh/BwSNBFlz
Lm+MvbOxE90SHO1cu88QjTMLgn1V+MVdYZMCazLex/j4NwFdaAyP1UJSs/TzfRYw
DIJ5THJRyvooddNpZNvs16ryjCxCjIrCEICCUOD4/fI=
-----END CERTIFICATE-----