Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ceWFnZfalUErtJvdjlB1cHmwI34.roa
File:                     ceWFnZfalUErtJvdjlB1cHmwI34.roa (raw, json)
Hash identifier:          bg3CiwlZJIdpNiEyWUftkR3spvkWXR5g2t83/rN7/MI=
Subject key identifier:   71:E5:85:9D:97:DA:95:41:2B:B4:9B:DD:8E:50:75:70:79:B0:23:7E
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018DC1E4A0BD3180579E99F8C53DD1807FFB
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ceWFnZfalUErtJvdjlB1cHmwI34.roa
Signing time:             Mon 19 Feb 2024 15:03:22 +0000
ROA not before:           Mon 19 Feb 2024 15:03:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201216
IP address blocks:        193.181.192.0/24 maxlen: 24
                          194.132.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c1:e4:a0:bd:31:80:57:9e:99:f8:c5:3d:d1:80:7f:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Feb 19 15:03:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71e5859d97da95412bb49bdd8e50757079b0237e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:c0:d3:e4:fa:7e:84:4a:fc:e1:c1:9e:d2:87:
                    80:6d:d7:40:f0:0f:32:82:e1:39:a6:6e:c1:ed:8a:
                    e0:41:8a:35:be:e9:2a:33:5b:e3:21:7c:cd:66:0d:
                    94:b4:d8:cb:e8:9a:be:fb:8e:24:42:f9:e1:6d:ff:
                    ce:ad:ac:ab:66:ab:9a:b9:c1:3b:80:1d:20:46:34:
                    55:91:a9:ff:76:4e:dd:2f:7b:ba:bc:30:c0:fb:6c:
                    50:76:ba:48:68:05:a1:87:1d:a4:51:10:79:a5:d9:
                    5f:33:8a:2a:10:8b:3f:98:82:3d:bd:fb:78:d4:b4:
                    ad:81:0a:f8:fe:d2:8b:db:eb:72:00:97:53:51:ea:
                    66:d8:05:9f:0d:a6:b7:82:37:8b:7a:55:09:90:a1:
                    b2:f4:45:27:ec:04:0a:84:b6:0c:02:31:83:78:db:
                    ab:b1:f8:9a:ea:c2:1a:30:93:f3:17:5c:5c:2f:0b:
                    e2:71:2f:5d:f2:47:15:0d:5d:c4:25:47:8c:0a:10:
                    e4:d0:27:21:b8:30:49:b8:04:2f:a1:9b:94:c7:27:
                    6b:dd:02:ce:c7:cc:cd:0e:69:d2:0f:bc:62:af:10:
                    80:c5:3c:fe:07:8d:95:36:a1:bd:40:24:e5:3c:f3:
                    c2:b3:bb:10:70:80:4a:c2:96:ad:bd:b5:02:2c:fc:
                    b6:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:E5:85:9D:97:DA:95:41:2B:B4:9B:DD:8E:50:75:70:79:B0:23:7E
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ceWFnZfalUErtJvdjlB1cHmwI34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.181.192.0/24
                  194.132.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:d5:24:49:a9:55:10:a3:3c:9f:d3:7c:49:04:e7:f8:b6:f6:
         91:6a:0c:60:86:01:3c:24:04:56:0d:5d:e1:26:8f:6b:01:f5:
         61:1f:0e:06:31:50:fa:6c:12:94:2c:f4:bc:8f:89:a0:b1:fe:
         05:a2:d8:f1:3e:be:62:21:a3:34:fc:d4:42:19:61:62:3a:ca:
         6f:b5:b1:0c:84:0b:7d:c5:38:f1:87:e6:22:1b:c3:37:52:fc:
         9b:dc:85:87:2d:74:5f:b0:e1:52:d7:0f:40:0d:00:d3:17:c2:
         8a:88:c5:bb:4b:95:77:61:37:c8:b3:65:03:3f:45:7b:c2:4d:
         c0:63:ee:a9:ef:41:bc:0d:09:6c:64:02:99:fd:04:0c:9d:d2:
         65:4f:28:2c:92:87:9c:e9:32:17:d8:0a:38:e0:bc:30:6b:81:
         23:e2:e8:df:eb:84:5a:37:0e:6b:f8:44:5a:14:c1:ec:fd:8a:
         94:10:7f:2f:bc:41:08:41:7d:da:ce:0a:15:6c:1d:17:20:05:
         a5:80:0a:41:74:e9:fc:1f:ef:d8:71:ad:a0:fa:04:62:37:60:
         40:8e:ba:fb:b1:cd:17:3b:05:f4:58:d0:b0:82:38:99:96:38:
         fd:dd:09:a7:84:11:dd:2b:d4:38:aa:ce:f2:b7:d7:dc:bc:9c:
         d3:8c:ee:08
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY3B5KC9MYBXnpn4xT3RgH/7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwMjE5MTUwMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWU1ODU5ZDk3ZGE5NTQxMmJiNDliZGQ4ZTUwNzU3MDc5YjAyMzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8DT5Pp+hEr84cGe0oeAbddA8A8y
guE5pm7B7YrgQYo1vukqM1vjIXzNZg2UtNjL6Jq++44kQvnhbf/OrayrZquaucE7
gB0gRjRVkan/dk7dL3u6vDDA+2xQdrpIaAWhhx2kURB5pdlfM4oqEIs/mII9vft4
1LStgQr4/tKL2+tyAJdTUepm2AWfDaa3gjeLelUJkKGy9EUn7AQKhLYMAjGDeNur
sfia6sIaMJPzF1xcLwvicS9d8kcVDV3EJUeMChDk0CchuDBJuAQvoZuUxydr3QLO
x8zNDmnSD7xirxCAxTz+B42VNqG9QCTlPPPCs7sQcIBKwpatvbUCLPy2MQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHHlhZ2X2pVBK7Sb3Y5QdXB5sCN+MB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvY2VXRm5aZmFsVUVydEp2ZGpsQjFjSG13STM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwbXAAwQA
woQdMA0GCSqGSIb3DQEBCwUAA4IBAQA+1SRJqVUQozyf03xJBOf4tvaRagxghgE8
JARWDV3hJo9rAfVhHw4GMVD6bBKULPS8j4mgsf4FotjxPr5iIaM0/NRCGWFiOspv
tbEMhAt9xTjxh+YiG8M3Uvyb3IWHLXRfsOFS1w9ADQDTF8KKiMW7S5V3YTfIs2UD
P0V7wk3AY+6p70G8DQlsZAKZ/QQMndJlTygskoec6TIX2Ao44Lwwa4Ej4ujf64Ra
Nw5r+ERaFMHs/YqUEH8vvEEIQX3azgoVbB0XIAWlgApBdOn8H+/Yca2g+gRiN2BA
jrr7sc0XOwX0WNCwgjiZljj93QmnhBHdK9Q4qs7yt9fcvJzTjO4I
-----END CERTIFICATE-----