Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/FVvqzNqc5xSzBG4gXtRlkKN3sCw.roa
File:                     FVvqzNqc5xSzBG4gXtRlkKN3sCw.roa (raw, json)
Hash identifier:          76qvXkV+c5ax95JqvMlUz4rMR9ArN3MqPHSq79mLTWg=
Subject key identifier:   15:5B:EA:CC:DA:9C:E7:14:B3:04:6E:20:5E:D4:65:90:A3:77:B0:2C
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018CC802EEDD2FEF223DC5EDD576E1D08516
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/FVvqzNqc5xSzBG4gXtRlkKN3sCw.roa
Signing time:             Tue 02 Jan 2024 02:31:24 +0000
ROA not before:           Tue 02 Jan 2024 02:31:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47527
IP address blocks:        192.121.236.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:ee:dd:2f:ef:22:3d:c5:ed:d5:76:e1:d0:85:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 02:31:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=155beaccda9ce714b3046e205ed46590a377b02c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:03:b6:a2:6a:97:05:d9:5c:32:ea:8b:f6:c2:
                    ca:b9:ea:fc:35:f3:52:c5:44:29:a1:fb:5c:02:c0:
                    66:c6:33:2f:86:55:0b:19:7b:70:ea:bf:91:28:10:
                    18:15:d6:6b:21:4f:7f:1c:cb:27:6c:8e:0a:ed:10:
                    e4:b1:b8:c9:c2:92:be:ad:65:87:18:15:5e:ad:03:
                    6e:45:d2:ba:cc:3e:14:e8:31:f8:2a:0b:3d:65:80:
                    6f:15:f3:d7:c8:6e:0c:58:7a:a2:ca:3f:24:bb:5d:
                    99:61:99:9b:2e:22:14:5f:9f:52:a5:81:e9:cc:15:
                    d3:df:ee:8b:a9:23:4a:0e:c8:ae:3c:2d:1a:b4:42:
                    e5:81:7c:e7:33:d5:c8:4f:1a:9b:fc:89:27:e5:e2:
                    d3:5c:37:86:1b:58:43:bd:df:fa:15:60:3b:28:1c:
                    9a:f5:44:ca:1d:85:35:0f:c6:50:d3:84:27:ca:0d:
                    b0:17:23:d6:d7:8d:66:3e:5a:5a:5c:de:e1:b8:6a:
                    14:75:bb:0d:35:51:e9:ea:8f:28:22:c8:ab:57:b0:
                    f2:ac:9b:c0:e4:0a:b8:59:2e:af:28:b3:a6:e8:2f:
                    a0:07:39:50:82:78:47:70:fb:45:fa:09:b1:76:3c:
                    74:85:75:6c:32:f8:b6:8b:4e:a0:a4:5d:db:54:14:
                    2b:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:5B:EA:CC:DA:9C:E7:14:B3:04:6E:20:5E:D4:65:90:A3:77:B0:2C
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/FVvqzNqc5xSzBG4gXtRlkKN3sCw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.121.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:84:30:0c:8d:de:a8:20:b3:e5:47:d4:fa:b2:66:67:84:70:
         5c:5c:d4:8f:70:dc:85:83:b7:88:7f:8b:00:28:7e:db:19:e1:
         d8:22:d1:bd:14:08:b4:23:78:25:e3:32:60:34:b8:95:b8:58:
         d4:fb:b8:67:ab:72:70:86:30:a4:3c:41:b1:9a:2f:1c:9f:6f:
         46:93:0a:2a:5e:9a:6e:69:bf:a3:8c:bd:09:10:16:fe:e8:f3:
         95:84:42:f0:7c:72:1b:bb:0d:7a:3c:d6:9e:3c:b0:23:90:5b:
         cb:e6:67:44:4b:00:74:37:d8:b7:05:bf:4b:f0:f3:68:b0:9e:
         59:85:d9:db:91:04:1c:2e:b0:3c:b6:e3:49:8d:d5:0a:9f:4e:
         32:60:f7:21:ae:61:83:b6:57:9a:62:8d:fd:8c:76:08:a2:91:
         a6:47:73:08:49:19:45:31:d7:05:b0:41:97:23:14:91:cb:40:
         97:8d:bd:b6:4b:ff:6b:4a:78:d1:42:18:2a:7c:4b:ce:56:b0:
         fe:d8:15:61:56:5c:ff:68:3c:37:f5:bf:b0:ed:7b:bd:03:e6:
         d6:21:e3:bc:4e:0c:3e:b1:17:90:f8:e3:64:c6:86:65:96:1d:
         b3:b4:9a:e8:c1:41:08:91:b9:e4:75:e3:d9:05:fc:35:ed:8e:
         0c:0e:62:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAu7dL+8iPcXt1Xbh0IUWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwMTAyMDIzMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTViZWFjY2RhOWNlNzE0YjMwNDZlMjA1ZWQ0NjU5MGEzNzdiMDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8AO2omqXBdlcMuqL9sLKuer8NfNS
xUQpoftcAsBmxjMvhlULGXtw6r+RKBAYFdZrIU9/HMsnbI4K7RDksbjJwpK+rWWH
GBVerQNuRdK6zD4U6DH4Kgs9ZYBvFfPXyG4MWHqiyj8ku12ZYZmbLiIUX59SpYHp
zBXT3+6LqSNKDsiuPC0atELlgXznM9XITxqb/Ikn5eLTXDeGG1hDvd/6FWA7KBya
9UTKHYU1D8ZQ04Qnyg2wFyPW141mPlpaXN7huGoUdbsNNVHp6o8oIsirV7DyrJvA
5Aq4WS6vKLOm6C+gBzlQgnhHcPtF+gmxdjx0hXVsMvi2i06gpF3bVBQrEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBVb6szanOcUswRuIF7UZZCjd7AsMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvRlZ2cXpOcWM1eFN6Qkc0Z1h0UmxrS04zc0N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwHnsMA0G
CSqGSIb3DQEBCwUAA4IBAQC3hDAMjd6oILPlR9T6smZnhHBcXNSPcNyFg7eIf4sA
KH7bGeHYItG9FAi0I3gl4zJgNLiVuFjU+7hnq3JwhjCkPEGxmi8cn29GkwoqXppu
ab+jjL0JEBb+6POVhELwfHIbuw16PNaePLAjkFvL5mdESwB0N9i3Bb9L8PNosJ5Z
hdnbkQQcLrA8tuNJjdUKn04yYPchrmGDtleaYo39jHYIopGmR3MISRlFMdcFsEGX
IxSRy0CXjb22S/9rSnjRQhgqfEvOVrD+2BVhVlz/aDw39b+w7Xu9A+bWIeO8Tgw+
sReQ+ONkxoZllh2ztJrowUEIkbnkdePZBfw17Y4MDmL5
-----END CERTIFICATE-----