Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/cf683e-6abd-4f5d-9943-02f3ddba1942/1/t16PzAlvWekYsP-M8rbE-GQqrKw.roa
File:                     t16PzAlvWekYsP-M8rbE-GQqrKw.roa (raw, json)
Hash identifier:          3vnPnuhk/OI+4T9XrhuO16OQVY7hpcxK0i/qFVmYQP8=
Subject key identifier:   B7:5E:8F:CC:09:6F:59:E9:18:B0:FF:8C:F2:B6:C4:F8:64:2A:AC:AC
Certificate issuer:       /CN=954a9351eb66d8d8624e20d169f766b72f58acc0
Certificate serial:       0194FA3BFC2DCE9565AB4566A78180B945AB
Authority key identifier: 95:4A:93:51:EB:66:D8:D8:62:4E:20:D1:69:F7:66:B7:2F:58:AC:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lUqTUetm2NhiTiDRafdmty9YrMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/cf683e-6abd-4f5d-9943-02f3ddba1942/1/t16PzAlvWekYsP-M8rbE-GQqrKw.roa
Signing time:             Wed 12 Feb 2025 12:57:02 +0000
ROA not before:           Wed 12 Feb 2025 12:57:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     553
IP address blocks:        134.2.0.0/16 maxlen: 16
                          192.42.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/cf683e-6abd-4f5d-9943-02f3ddba1942/1/lUqTUetm2NhiTiDRafdmty9YrMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/cf683e-6abd-4f5d-9943-02f3ddba1942/1/lUqTUetm2NhiTiDRafdmty9YrMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lUqTUetm2NhiTiDRafdmty9YrMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 21:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:fa:3b:fc:2d:ce:95:65:ab:45:66:a7:81:80:b9:45:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=954a9351eb66d8d8624e20d169f766b72f58acc0
        Validity
            Not Before: Feb 12 12:57:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b75e8fcc096f59e918b0ff8cf2b6c4f8642aacac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:d4:9a:ea:93:6d:4f:fe:96:dc:20:5e:d4:f0:
                    a9:45:a2:81:aa:69:5b:95:09:fa:1f:e9:e0:19:fd:
                    bc:80:19:e2:d5:74:81:8c:5d:ab:fd:f8:ec:a6:fb:
                    60:94:da:b5:b4:87:ed:99:33:b3:b0:29:ab:64:2a:
                    ee:a8:93:83:e6:0f:46:ba:0d:d9:c7:c8:84:1b:2e:
                    b0:7e:ef:b0:0c:ca:29:4a:58:79:3f:58:0b:c1:04:
                    e6:a0:ee:51:5b:08:bd:1b:59:94:62:bf:c3:51:16:
                    be:93:b4:8b:1c:a4:35:41:31:3f:ab:4c:13:3f:c3:
                    5f:80:f3:d6:10:40:3c:e5:6f:37:0f:b8:a9:c3:88:
                    7c:e7:c5:90:d9:f9:68:bd:b4:f5:11:cf:66:b8:f9:
                    92:41:c9:21:75:68:c6:dd:43:10:eb:f0:c5:1f:d6:
                    72:ba:8b:77:45:a0:bb:35:ea:7e:85:58:bc:5a:0a:
                    09:79:97:8d:ae:6a:5e:e8:4f:fa:50:30:07:5b:23:
                    44:8e:01:c9:5b:bc:4d:5c:d4:9a:8f:e0:20:15:87:
                    13:d6:70:69:a8:bc:26:5a:a0:b3:4b:1b:98:ad:c7:
                    97:6e:43:c8:63:93:df:a2:7b:cf:2d:09:53:6b:8c:
                    24:86:3e:68:fd:b6:8a:02:1b:76:87:70:53:4d:00:
                    eb:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:5E:8F:CC:09:6F:59:E9:18:B0:FF:8C:F2:B6:C4:F8:64:2A:AC:AC
            X509v3 Authority Key Identifier:
                keyid:95:4A:93:51:EB:66:D8:D8:62:4E:20:D1:69:F7:66:B7:2F:58:AC:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lUqTUetm2NhiTiDRafdmty9YrMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/cf683e-6abd-4f5d-9943-02f3ddba1942/1/t16PzAlvWekYsP-M8rbE-GQqrKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/cf683e-6abd-4f5d-9943-02f3ddba1942/1/lUqTUetm2NhiTiDRafdmty9YrMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.2.0.0/16
                  192.42.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:d4:5e:b0:5a:e4:51:c3:97:36:c5:34:b9:fd:e9:7e:5b:a1:
         71:ef:8b:37:4a:8c:aa:c8:2d:f1:2d:e5:15:55:19:9e:2a:28:
         40:3b:30:f7:89:c9:35:da:04:4f:98:eb:cb:18:ec:e8:00:bc:
         02:dd:3a:25:47:e8:b7:f2:ec:22:1e:3f:96:15:92:c7:59:b7:
         4d:bc:ea:81:d1:5e:ea:59:f4:8c:a8:61:ac:94:57:7f:77:73:
         61:72:a8:e7:e2:7a:23:6d:83:86:17:3c:f9:ec:09:df:7b:59:
         4f:3f:e4:5f:2a:72:e1:ec:1d:49:75:43:82:45:12:c7:a5:21:
         61:f7:fa:2e:f8:79:a2:30:b8:d8:2c:e3:c8:eb:fd:f8:3c:a8:
         eb:f6:81:82:da:ba:59:ea:96:c8:f9:6e:7c:04:72:e6:ab:6d:
         b5:12:91:ac:fe:19:8f:f2:fa:71:2f:31:dc:27:ce:f7:b2:36:
         b9:4f:03:bb:98:60:f1:94:3d:6c:3f:b6:10:e1:7b:06:29:d2:
         f5:23:bd:a7:46:c9:0c:d7:47:e2:35:2a:78:a5:fb:d2:2c:e7:
         d7:9c:00:ec:e9:09:51:ef:fa:83:3b:9a:69:ba:b1:cf:93:8e:
         9c:2b:4b:83:58:d1:0c:67:7e:76:de:f4:31:be:d8:61:81:ba:
         76:57:c1:f3
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAZT6O/wtzpVlq0Vmp4GAuUWrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1NGE5MzUxZWI2NmQ4ZDg2MjRlMjBkMTY5Zjc2NmI3MmY1
OGFjYzAwHhcNMjUwMjEyMTI1NzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzVlOGZjYzA5NmY1OWU5MThiMGZmOGNmMmI2YzRmODY0MmFhY2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5dSa6pNtT/6W3CBe1PCpRaKBqmlb
lQn6H+ngGf28gBni1XSBjF2r/fjspvtglNq1tIftmTOzsCmrZCruqJOD5g9Gug3Z
x8iEGy6wfu+wDMopSlh5P1gLwQTmoO5RWwi9G1mUYr/DURa+k7SLHKQ1QTE/q0wT
P8NfgPPWEEA85W83D7ipw4h858WQ2flovbT1Ec9muPmSQckhdWjG3UMQ6/DFH9Zy
uot3RaC7Nep+hVi8WgoJeZeNrmpe6E/6UDAHWyNEjgHJW7xNXNSaj+AgFYcT1nBp
qLwmWqCzSxuYrceXbkPIY5PfonvPLQlTa4wkhj5o/baKAht2h3BTTQDrRwIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFLdej8wJb1npGLD/jPK2xPhkKqysMB8GA1UdIwQY
MBaAFJVKk1HrZtjYYk4g0Wn3ZrcvWKzAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFVxVFVldG0yTmhpVGlEUmFmZG10eTlZck1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jZjY4M2UtNmFiZC00ZjVkLTk5NDMt
MDJmM2RkYmExOTQyLzEvdDE2UHpBbHZXZWtZc1AtTThyYkUtR1Fxckt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9jZjY4M2UtNmFiZC00ZjVkLTk5NDMtMDJmM2RkYmExOTQy
LzEvbFVxVFVldG0yTmhpVGlEUmFmZG10eTlZck1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwMAhgIDBADA
Ko8wDQYJKoZIhvcNAQELBQADggEBADrUXrBa5FHDlzbFNLn96X5boXHvizdKjKrI
LfEt5RVVGZ4qKEA7MPeJyTXaBE+Y68sY7OgAvALdOiVH6Lfy7CIeP5YVksdZt028
6oHRXupZ9IyoYayUV393c2FyqOfieiNtg4YXPPnsCd97WU8/5F8qcuHsHUl1Q4JF
EselIWH3+i74eaIwuNgs48jr/fg8qOv2gYLaulnqlsj5bnwEcuarbbUSkaz+GY/y
+nEvMdwnzveyNrlPA7uYYPGUPWw/thDhewYp0vUjvadGyQzXR+I1Knil+9Is59ec
AOzpCVHv+oM7mmm6sc+TjpwrS4NY0Qxnfnbe9DG+2GGBunZXwfM=
-----END CERTIFICATE-----