Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/as2NHQb3dcKz8yrd8InRAlbwHM4.roa
File:                     as2NHQb3dcKz8yrd8InRAlbwHM4.roa (raw, json)
Hash identifier:          4CbncUr1HYMEuLnfK71dZ9shPxrzW8f1Kj8UGdmVhRY=
Subject key identifier:   6A:CD:8D:1D:06:F7:75:C2:B3:F3:2A:DD:F0:89:D1:02:56:F0:1C:CE
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018D1C1E1CD80FFBC174A21FBAA8D08E2FDB
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/as2NHQb3dcKz8yrd8InRAlbwHM4.roa
Signing time:             Thu 18 Jan 2024 10:29:11 +0000
ROA not before:           Thu 18 Jan 2024 10:29:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208373
IP address blocks:        194.71.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:1c:1e:1c:d8:0f:fb:c1:74:a2:1f:ba:a8:d0:8e:2f:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan 18 10:29:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6acd8d1d06f775c2b3f32addf089d10256f01cce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ac:a4:c3:cf:bc:06:ca:d0:99:c0:8d:78:fb:
                    cc:25:63:59:e6:ff:ef:66:4d:c5:19:8e:2a:03:15:
                    1a:00:cc:dd:a0:a8:e0:2f:e8:21:c4:8c:a9:0e:1d:
                    12:53:45:e7:ee:7a:fd:20:13:6b:2d:69:bf:66:f0:
                    fc:45:bd:02:f4:e5:fc:ec:c4:a2:7d:bb:e4:9b:f7:
                    1a:ac:5d:6e:39:78:0f:2f:7c:e2:ec:77:40:14:cc:
                    b7:80:82:00:75:da:f3:f7:47:16:fc:87:df:9d:bd:
                    fe:79:e9:05:f8:6c:a9:1b:26:ec:79:a4:28:57:8a:
                    35:e8:7e:1d:1a:c9:90:52:7d:56:a8:0b:bd:40:2a:
                    06:80:4b:e6:f6:80:4e:04:c8:ad:45:59:24:09:6c:
                    7d:d5:fb:ff:ec:4c:63:a1:84:25:33:47:ea:c2:da:
                    de:9e:6f:79:4b:b1:9b:52:3d:9b:3c:86:4b:cd:75:
                    57:33:c0:eb:5d:09:7a:31:44:a3:9e:ba:2d:cb:de:
                    44:20:08:18:6e:bf:9c:1c:f2:ef:03:dd:e8:c3:a1:
                    91:04:f3:a4:17:a3:f9:5b:fe:b3:21:3e:da:01:e9:
                    9a:f4:34:95:65:a2:20:77:9a:56:ca:98:62:3f:a1:
                    ea:99:38:0e:83:45:f4:ad:bc:99:69:88:2e:7f:18:
                    5d:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:CD:8D:1D:06:F7:75:C2:B3:F3:2A:DD:F0:89:D1:02:56:F0:1C:CE
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/as2NHQb3dcKz8yrd8InRAlbwHM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.71.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:c2:b1:7e:7c:12:5d:c8:6d:6d:bb:97:a8:90:31:fc:7a:e2:
         a3:b0:96:83:e2:b7:22:71:3b:70:96:31:40:fc:df:e0:65:29:
         14:c7:c4:f2:95:47:ea:dc:60:6b:9c:da:41:60:82:c5:38:35:
         06:4f:12:c4:44:9e:8b:cf:33:26:03:70:e5:09:53:40:c5:a1:
         d8:72:2c:21:5d:f2:78:a7:d9:8f:6a:cb:54:b7:02:f9:05:a5:
         79:71:e7:47:56:38:1c:48:04:3e:2b:5e:b7:48:da:23:8e:f7:
         59:89:c2:8c:0b:4c:30:2f:ef:1a:cd:44:3a:b3:b5:93:31:03:
         5a:9d:c8:81:aa:38:95:8b:92:fb:5f:53:0e:70:bc:37:56:3b:
         8c:35:e9:88:93:0a:73:73:b2:30:e2:db:c5:f0:b8:eb:b0:71:
         04:f9:12:78:55:06:e6:52:e6:61:f5:57:10:f0:58:a3:9a:00:
         f6:db:19:ee:1f:e0:ea:05:11:26:44:78:e8:ca:4d:ea:99:94:
         b9:4e:0d:fa:0f:f6:cf:5b:f5:47:6d:1b:95:ee:23:21:2e:87:
         05:32:f6:fb:5d:8a:a8:4c:14:b8:4f:d2:8a:8a:59:1d:8d:5b:
         5a:5f:ac:e6:42:5a:1b:a8:63:1f:35:a0:94:ba:a7:77:6a:cf:
         41:db:f8:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0cHhzYD/vBdKIfuqjQji/bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwMTE4MTAyOTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWNkOGQxZDA2Zjc3NWMyYjNmMzJhZGRmMDg5ZDEwMjU2ZjAxY2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqaykw8+8BsrQmcCNePvMJWNZ5v/v
Zk3FGY4qAxUaAMzdoKjgL+ghxIypDh0SU0Xn7nr9IBNrLWm/ZvD8Rb0C9OX87MSi
fbvkm/carF1uOXgPL3zi7HdAFMy3gIIAddrz90cW/Iffnb3+eekF+GypGybseaQo
V4o16H4dGsmQUn1WqAu9QCoGgEvm9oBOBMitRVkkCWx91fv/7ExjoYQlM0fqwtre
nm95S7GbUj2bPIZLzXVXM8DrXQl6MUSjnroty95EIAgYbr+cHPLvA93ow6GRBPOk
F6P5W/6zIT7aAema9DSVZaIgd5pWyphiP6HqmTgOg0X0rbyZaYgufxhd7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGrNjR0G93XCs/Mq3fCJ0QJW8BzOMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvYXMyTkhRYjNkY0t6OHlyZDhJblJBbGJ3SE00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwkfFMA0G
CSqGSIb3DQEBCwUAA4IBAQAYwrF+fBJdyG1tu5eokDH8euKjsJaD4rcicTtwljFA
/N/gZSkUx8TylUfq3GBrnNpBYILFODUGTxLERJ6LzzMmA3DlCVNAxaHYciwhXfJ4
p9mPastUtwL5BaV5cedHVjgcSAQ+K163SNojjvdZicKMC0wwL+8azUQ6s7WTMQNa
nciBqjiVi5L7X1MOcLw3VjuMNemIkwpzc7Iw4tvF8LjrsHEE+RJ4VQbmUuZh9VcQ
8FijmgD22xnuH+DqBREmRHjoyk3qmZS5Tg36D/bPW/VHbRuV7iMhLocFMvb7XYqo
TBS4T9KKilkdjVtaX6zmQlobqGMfNaCUuqd3as9B2/g/
-----END CERTIFICATE-----