Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/336db3-71a8-43ef-9b9f-6a6c6e096071/1/n03h8sMDo43n81vaFLA1Flb6pvo.roa
File:                     n03h8sMDo43n81vaFLA1Flb6pvo.roa (raw, json)
Hash identifier:          1jYuVTTwwEM5gnuAE/eazy2dl8Rp9Sa/oSSEbshx/b8=
Subject key identifier:   9F:4D:E1:F2:C3:03:A3:8D:E7:F3:5B:DA:14:B0:35:16:56:FA:A6:FA
Certificate issuer:       /CN=d2581479dee3b5994f11c9d9564631bf5a404c07
Certificate serial:       018CC870A80F11256DDA818032873B505E4E
Authority key identifier: D2:58:14:79:DE:E3:B5:99:4F:11:C9:D9:56:46:31:BF:5A:40:4C:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0lgUed7jtZlPEcnZVkYxv1pATAc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/336db3-71a8-43ef-9b9f-6a6c6e096071/1/n03h8sMDo43n81vaFLA1Flb6pvo.roa
Signing time:             Tue 02 Jan 2024 04:31:15 +0000
ROA not before:           Tue 02 Jan 2024 04:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2200
IP address blocks:        134.59.0.0/16 maxlen: 16
                          157.169.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/336db3-71a8-43ef-9b9f-6a6c6e096071/1/0lgUed7jtZlPEcnZVkYxv1pATAc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/336db3-71a8-43ef-9b9f-6a6c6e096071/1/0lgUed7jtZlPEcnZVkYxv1pATAc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0lgUed7jtZlPEcnZVkYxv1pATAc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:a8:0f:11:25:6d:da:81:80:32:87:3b:50:5e:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2581479dee3b5994f11c9d9564631bf5a404c07
        Validity
            Not Before: Jan  2 04:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f4de1f2c303a38de7f35bda14b0351656faa6fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:33:cb:bb:8e:48:16:6f:7a:6b:6c:fc:2e:91:
                    2a:c8:21:39:99:58:75:f6:20:51:4f:5e:98:67:d3:
                    22:51:d4:ff:2d:36:14:b5:d0:d1:d0:6d:16:ce:08:
                    d1:11:2c:97:63:2a:e7:a7:ad:08:76:fd:08:be:df:
                    e8:3f:d2:4b:3b:c8:c4:41:d5:5b:ca:9f:3d:aa:38:
                    52:b2:c2:20:a4:ae:19:93:25:c7:50:22:6a:3d:ee:
                    89:9e:f1:60:31:79:09:b8:3c:43:aa:47:67:85:e4:
                    e9:3b:96:91:91:d0:a2:53:33:41:7d:e0:fb:91:47:
                    7b:16:32:d2:a9:aa:a4:7c:86:51:8a:19:38:bd:89:
                    c0:f5:36:15:92:4c:cf:f3:42:ff:c8:3a:62:68:90:
                    a8:1b:05:5e:89:8a:9f:eb:0c:d9:83:40:ab:40:78:
                    38:57:dd:02:d9:0b:b7:18:45:2d:c8:86:c7:d3:04:
                    1f:b4:7e:90:3a:e2:9e:b4:33:8a:79:c3:93:d7:bc:
                    3f:e4:ce:83:cb:9c:93:96:e9:01:67:dc:73:33:d7:
                    00:2d:37:34:77:f6:b7:37:a7:70:f9:d9:fb:c1:32:
                    2e:4d:0e:9f:5f:bd:d5:8d:0c:1a:3b:a0:30:7c:93:
                    bc:d3:26:4e:bd:0a:cd:de:6b:a3:53:6a:d2:fb:21:
                    0c:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:4D:E1:F2:C3:03:A3:8D:E7:F3:5B:DA:14:B0:35:16:56:FA:A6:FA
            X509v3 Authority Key Identifier:
                keyid:D2:58:14:79:DE:E3:B5:99:4F:11:C9:D9:56:46:31:BF:5A:40:4C:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0lgUed7jtZlPEcnZVkYxv1pATAc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/336db3-71a8-43ef-9b9f-6a6c6e096071/1/n03h8sMDo43n81vaFLA1Flb6pvo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/336db3-71a8-43ef-9b9f-6a6c6e096071/1/0lgUed7jtZlPEcnZVkYxv1pATAc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.59.0.0/16
                  157.169.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         97:15:82:b2:a0:80:22:f0:0a:a4:2b:4c:33:f4:f3:84:e9:49:
         d4:23:84:f7:0c:f4:e9:7f:80:d1:7a:c4:e6:bb:d5:51:54:07:
         80:d5:a8:87:ea:f8:ba:f7:82:0f:c0:c9:ab:7d:2b:e9:ea:36:
         13:48:87:c6:18:3c:f0:04:6e:b1:33:be:f1:53:45:41:a9:c9:
         17:7f:ec:cc:d0:c9:92:5a:76:72:c6:65:5c:3e:6e:95:38:86:
         20:69:83:ba:e6:85:e3:f6:5e:d7:2f:15:80:f9:92:b4:cd:54:
         25:e2:b6:f1:22:0e:1a:a7:dd:ad:0c:1b:4c:19:cc:47:5b:43:
         d9:32:b6:9a:03:a8:93:0d:54:d0:9b:cd:ff:07:73:1f:c0:a4:
         0b:19:d5:91:95:42:a9:12:cb:02:83:60:65:6c:32:c4:2f:06:
         9e:73:35:81:9e:db:fa:8c:d4:6c:8e:75:10:23:48:fb:a6:53:
         6c:bc:b0:d0:ee:69:f6:ee:48:22:bb:b5:a1:84:bf:36:df:c2:
         27:a0:df:e0:d4:c1:34:62:50:8d:0f:aa:ae:f8:68:26:8d:9c:
         ee:58:cc:b8:82:29:6f:41:e2:29:82:41:dc:68:5f:80:0b:82:
         5d:3f:23:0c:7b:65:63:e7:60:b1:36:81:6e:4e:2c:46:39:35:
         5f:9a:b8:47
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAYzIcKgPESVt2oGAMoc7UF5OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNTgxNDc5ZGVlM2I1OTk0ZjExYzlkOTU2NDYzMWJmNWE0
MDRjMDcwHhcNMjQwMTAyMDQzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjRkZTFmMmMzMDNhMzhkZTdmMzViZGExNGIwMzUxNjU2ZmFhNmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjPLu45IFm96a2z8LpEqyCE5mVh1
9iBRT16YZ9MiUdT/LTYUtdDR0G0WzgjRESyXYyrnp60Idv0Ivt/oP9JLO8jEQdVb
yp89qjhSssIgpK4ZkyXHUCJqPe6JnvFgMXkJuDxDqkdnheTpO5aRkdCiUzNBfeD7
kUd7FjLSqaqkfIZRihk4vYnA9TYVkkzP80L/yDpiaJCoGwVeiYqf6wzZg0CrQHg4
V90C2Qu3GEUtyIbH0wQftH6QOuKetDOKecOT17w/5M6Dy5yTlukBZ9xzM9cALTc0
d/a3N6dw+dn7wTIuTQ6fX73VjQwaO6AwfJO80yZOvQrN3mujU2rS+yEMZwIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFJ9N4fLDA6ON5/Nb2hSwNRZW+qb6MB8GA1UdIwQY
MBaAFNJYFHne47WZTxHJ2VZGMb9aQEwHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGxnVWVkN2p0WmxQRWNuWlZrWXh2MXBBVEFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8zMzZkYjMtNzFhOC00M2VmLTliOWYt
NmE2YzZlMDk2MDcxLzEvbjAzaDhzTURvNDNuODF2YUZMQTFGbGI2cHZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8zMzZkYjMtNzFhOC00M2VmLTliOWYtNmE2YzZlMDk2MDcx
LzEvMGxnVWVkN2p0WmxQRWNuWlZrWXh2MXBBVEFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCMGCCsGAQUFBwEHAQH/BBQwEjAQBAIAATAKAwMAhjsDAwCd
qTANBgkqhkiG9w0BAQsFAAOCAQEAlxWCsqCAIvAKpCtMM/TzhOlJ1COE9wz06X+A
0XrE5rvVUVQHgNWoh+r4uveCD8DJq30r6eo2E0iHxhg88ARusTO+8VNFQanJF3/s
zNDJklp2csZlXD5ulTiGIGmDuuaF4/Ze1y8VgPmStM1UJeK28SIOGqfdrQwbTBnM
R1tD2TK2mgOokw1U0JvN/wdzH8CkCxnVkZVCqRLLAoNgZWwyxC8GnnM1gZ7b+ozU
bI51ECNI+6ZTbLyw0O5p9u5IIru1oYS/Nt/CJ6Df4NTBNGJQjQ+qrvhoJo2c7ljM
uIIpb0HiKYJB3GhfgAuCXT8jDHtlY+dgsTaBbk4sRjk1X5q4Rw==
-----END CERTIFICATE-----