Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/3m1mC4aRXvH9pyEYcn9b83ax1Tc.roa
File:                     3m1mC4aRXvH9pyEYcn9b83ax1Tc.roa (raw, json)
Hash identifier:          2Bs64m5xJ83Axwpck7pZe2Ke9zppNJ+GEEc9zRJskI4=
Subject key identifier:   DE:6D:66:0B:86:91:5E:F1:FD:A7:21:18:72:7F:5B:F3:76:B1:D5:37
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018CC802E8E3711FF5BA7303C272FEAFB2C5
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/3m1mC4aRXvH9pyEYcn9b83ax1Tc.roa
Signing time:             Tue 02 Jan 2024 02:31:23 +0000
ROA not before:           Tue 02 Jan 2024 02:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39326
IP address blocks:        192.121.112.0/24 maxlen: 24
                          192.121.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:e8:e3:71:1f:f5:ba:73:03:c2:72:fe:af:b2:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 02:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de6d660b86915ef1fda72118727f5bf376b1d537
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:c3:cf:7b:6c:0b:9f:ad:e0:a2:2f:25:74:f4:
                    32:26:27:8b:79:69:04:cc:73:80:e8:fe:9d:77:c2:
                    58:31:cd:b6:8d:fe:8d:ef:31:73:fe:52:c1:f0:0b:
                    82:7d:97:b4:38:6c:c1:80:4b:14:26:08:c1:2c:b8:
                    e1:74:ff:e5:b2:7e:8e:9d:c0:6c:82:67:c1:20:40:
                    09:c4:2e:c8:d6:e6:80:e5:9e:bb:90:83:c3:c6:91:
                    e6:89:d1:79:44:f3:4b:ea:bf:7b:42:d9:d7:a5:e4:
                    9d:a9:f4:24:6e:08:71:06:e7:2f:58:30:b3:bd:62:
                    61:b6:f4:69:ec:de:81:cb:9e:6d:eb:1d:72:96:56:
                    9b:4a:36:18:2c:bb:1d:57:04:63:5a:d4:0c:ec:71:
                    28:a9:9e:47:74:01:bf:be:bc:de:4a:4a:91:6b:36:
                    ad:1b:4a:fd:44:b3:78:be:63:4f:c4:08:00:d0:08:
                    01:65:e1:b5:33:2c:07:38:14:4e:07:97:2a:f7:93:
                    00:99:fe:57:a5:72:cd:91:f0:41:d6:a0:b0:ec:3c:
                    6f:75:ef:92:cb:18:a8:20:98:ec:41:50:8b:aa:07:
                    c3:76:73:90:ed:9a:0a:ab:c6:69:bb:e9:17:61:40:
                    48:9f:c3:27:75:b6:6e:b3:fd:39:cf:7b:00:e3:ef:
                    97:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:6D:66:0B:86:91:5E:F1:FD:A7:21:18:72:7F:5B:F3:76:B1:D5:37
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/3m1mC4aRXvH9pyEYcn9b83ax1Tc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.121.112.0/23

    Signature Algorithm: sha256WithRSAEncryption
         bb:e6:99:e2:08:49:e8:fa:51:f5:28:19:90:59:0d:43:7e:e3:
         bc:12:e2:81:6b:96:2d:1c:3d:72:16:c9:44:f2:b4:9d:4a:78:
         b5:f5:3b:89:08:ad:35:b9:64:f6:7f:1e:da:cd:88:d5:46:71:
         4e:17:2d:f9:3c:7c:ad:be:19:54:f7:d8:d6:fa:35:7a:b8:a9:
         0f:a3:fc:e3:15:3b:6f:46:a1:1b:df:86:7b:ba:bc:75:08:75:
         16:f6:1e:98:dc:1a:84:ca:2c:6e:f5:64:c3:05:e1:3d:f7:51:
         bb:3c:7c:b4:eb:7b:35:b3:e8:8c:09:97:31:41:e6:a0:5a:6e:
         b2:b1:d7:b3:51:68:db:ed:67:00:24:0d:49:61:0c:62:26:d7:
         e5:2c:06:3b:63:58:03:38:f6:11:a8:df:a5:cb:44:df:6c:eb:
         94:3f:06:0d:2b:b0:f9:d0:0b:de:fb:10:ec:46:6b:55:56:09:
         a5:02:d2:3f:f3:50:b7:13:0f:21:47:69:4c:74:bd:9c:ab:76:
         d0:b4:dc:9e:19:95:69:ab:3f:f0:89:55:97:11:8a:77:6a:35:
         b1:69:d6:b0:ec:a1:3c:a4:e7:67:5f:02:f9:fe:be:6b:5e:8c:
         bc:09:d8:43:96:97:be:01:01:49:9c:06:ca:8b:bc:64:4b:76:
         c7:59:84:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAujjcR/1unMDwnL+r7LFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwMTAyMDIzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTZkNjYwYjg2OTE1ZWYxZmRhNzIxMTg3MjdmNWJmMzc2YjFkNTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxMPPe2wLn63goi8ldPQyJieLeWkE
zHOA6P6dd8JYMc22jf6N7zFz/lLB8AuCfZe0OGzBgEsUJgjBLLjhdP/lsn6OncBs
gmfBIEAJxC7I1uaA5Z67kIPDxpHmidF5RPNL6r97QtnXpeSdqfQkbghxBucvWDCz
vWJhtvRp7N6By55t6x1yllabSjYYLLsdVwRjWtQM7HEoqZ5HdAG/vrzeSkqRazat
G0r9RLN4vmNPxAgA0AgBZeG1MywHOBROB5cq95MAmf5XpXLNkfBB1qCw7Dxvde+S
yxioIJjsQVCLqgfDdnOQ7ZoKq8Zpu+kXYUBIn8MndbZus/05z3sA4++XZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN5tZguGkV7x/achGHJ/W/N2sdU3MB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvM20xbUM0YVJYdkg5cHlFWWNuOWI4M2F4MVRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwHlwMA0G
CSqGSIb3DQEBCwUAA4IBAQC75pniCEno+lH1KBmQWQ1DfuO8EuKBa5YtHD1yFslE
8rSdSni19TuJCK01uWT2fx7azYjVRnFOFy35PHytvhlU99jW+jV6uKkPo/zjFTtv
RqEb34Z7urx1CHUW9h6Y3BqEyixu9WTDBeE991G7PHy063s1s+iMCZcxQeagWm6y
sdezUWjb7WcAJA1JYQxiJtflLAY7Y1gDOPYRqN+ly0TfbOuUPwYNK7D50Ave+xDs
RmtVVgmlAtI/81C3Ew8hR2lMdL2cq3bQtNyeGZVpqz/wiVWXEYp3ajWxadaw7KE8
pOdnXwL5/r5rXoy8CdhDlpe+AQFJnAbKi7xkS3bHWYRJ
-----END CERTIFICATE-----