Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/cwoGZ1Ba9mKeFbSuklNP7uFWImU.roa
File:                     cwoGZ1Ba9mKeFbSuklNP7uFWImU.roa (raw, json)
Hash identifier:          0/rqIulb8qlY7YjURCycK/2Yivmyktrc+spc2E2kCps=
Subject key identifier:   73:0A:06:67:50:5A:F6:62:9E:15:B4:AE:92:53:4F:EE:E1:56:22:65
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018CC803014C374A71FA474B16B2C33965E9
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/cwoGZ1Ba9mKeFbSuklNP7uFWImU.roa
Signing time:             Tue 02 Jan 2024 02:31:29 +0000
ROA not before:           Tue 02 Jan 2024 02:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203426
IP address blocks:        193.235.52.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:03:01:4c:37:4a:71:fa:47:4b:16:b2:c3:39:65:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 02:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=730a0667505af6629e15b4ae92534feee1562265
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:d3:6e:c9:be:b4:75:ae:59:fd:c8:a7:6f:2e:
                    18:34:5e:ce:eb:25:fe:bc:47:f0:6f:3f:85:a6:f6:
                    92:4a:af:0c:7e:d4:fa:d0:59:8b:92:2d:c5:70:e8:
                    70:2a:41:e6:4b:80:e2:08:8e:c3:26:59:d6:96:6b:
                    1f:f6:e1:49:36:57:e1:50:64:89:1f:07:c5:26:36:
                    e0:1a:f8:de:a3:68:c0:4c:8c:1a:49:bf:48:b6:ee:
                    10:54:45:f5:3d:6f:5b:d5:d3:fe:2e:5a:82:79:12:
                    67:eb:cc:de:92:97:e4:fe:8d:c4:d6:d3:f6:ab:d4:
                    e5:61:00:55:36:01:0c:7b:02:9f:9b:e4:96:ab:9d:
                    a3:0b:ca:78:39:85:3c:c6:71:be:2c:41:d7:7d:8f:
                    c5:ae:3f:3a:d5:86:bb:b6:a6:f3:96:98:84:84:25:
                    a3:1b:0f:41:0e:0b:dd:06:42:f1:7a:0e:fd:cf:fa:
                    f6:13:f7:3e:29:2e:01:4e:16:2c:e1:77:9d:cd:9c:
                    ee:38:1e:da:b9:22:18:07:25:e7:7d:d6:8e:45:7f:
                    35:50:da:08:3b:61:36:5c:da:78:96:c7:5e:d7:aa:
                    09:c0:68:54:6e:12:58:36:77:a3:2d:55:1d:27:1e:
                    b6:dc:f0:9e:00:d0:e3:d4:b0:e4:6a:97:bd:33:24:
                    be:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:0A:06:67:50:5A:F6:62:9E:15:B4:AE:92:53:4F:EE:E1:56:22:65
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/cwoGZ1Ba9mKeFbSuklNP7uFWImU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.235.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         52:bb:22:28:d9:f4:37:3d:08:93:36:99:42:ad:b6:80:01:f5:
         16:57:2d:90:95:42:3f:88:eb:15:58:98:5d:e2:70:fe:08:ac:
         7d:b3:70:e0:eb:56:37:20:6f:91:e1:29:de:40:d3:97:bb:15:
         41:45:6e:8a:9a:8d:f1:a7:e8:c8:b4:6b:f9:e6:91:4a:85:21:
         2b:6b:39:12:64:15:3f:21:47:c2:4f:b8:3d:a3:46:46:dd:fd:
         28:7c:9b:87:84:f5:6b:76:ad:fd:5b:49:69:c3:92:71:c6:8b:
         49:6c:91:e7:3e:92:f9:de:40:2b:20:13:8b:16:e1:b2:5d:11:
         91:0c:30:29:f0:64:b6:1f:cd:74:69:ae:78:d8:47:3e:b8:41:
         b4:b0:a1:cd:ee:97:d3:f1:e3:4e:4b:d7:1b:4c:04:4b:b6:fb:
         53:4b:f7:04:3c:f7:cb:aa:f2:35:19:72:3c:00:c6:40:64:07:
         19:5d:00:16:b4:3b:28:16:88:02:2b:55:66:81:4c:9d:f2:30:
         30:b7:85:d5:29:4a:18:1c:24:b4:4b:66:fc:93:fa:b4:6d:e2:
         7c:50:69:0f:a9:ae:09:6b:29:5b:93:c3:f6:80:a8:3b:08:54:
         b9:0e:fb:2e:44:2e:f7:03:99:08:b0:ff:c8:04:74:56:c0:2d:
         4e:09:20:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAwFMN0px+kdLFrLDOWXpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwMTAyMDIzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzBhMDY2NzUwNWFmNjYyOWUxNWI0YWU5MjUzNGZlZWUxNTYyMjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkdNuyb60da5Z/cinby4YNF7O6yX+
vEfwbz+FpvaSSq8MftT60FmLki3FcOhwKkHmS4DiCI7DJlnWlmsf9uFJNlfhUGSJ
HwfFJjbgGvjeo2jATIwaSb9Itu4QVEX1PW9b1dP+LlqCeRJn68zekpfk/o3E1tP2
q9TlYQBVNgEMewKfm+SWq52jC8p4OYU8xnG+LEHXfY/Frj861Ya7tqbzlpiEhCWj
Gw9BDgvdBkLxeg79z/r2E/c+KS4BThYs4XedzZzuOB7auSIYByXnfdaORX81UNoI
O2E2XNp4lsde16oJwGhUbhJYNnejLVUdJx623PCeANDj1LDkape9MyS+FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHMKBmdQWvZinhW0rpJTT+7hViJlMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvY3dvR1oxQmE5bUtlRmJTdWtsTlA3dUZXSW1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwes0MA0G
CSqGSIb3DQEBCwUAA4IBAQBSuyIo2fQ3PQiTNplCrbaAAfUWVy2QlUI/iOsVWJhd
4nD+CKx9s3Dg61Y3IG+R4SneQNOXuxVBRW6Kmo3xp+jItGv55pFKhSErazkSZBU/
IUfCT7g9o0ZG3f0ofJuHhPVrdq39W0lpw5JxxotJbJHnPpL53kArIBOLFuGyXRGR
DDAp8GS2H810aa542Ec+uEG0sKHN7pfT8eNOS9cbTARLtvtTS/cEPPfLqvI1GXI8
AMZAZAcZXQAWtDsoFogCK1VmgUyd8jAwt4XVKUoYHCS0S2b8k/q0beJ8UGkPqa4J
aylbk8P2gKg7CFS5DvsuRC73A5kIsP/IBHRWwC1OCSBE
-----END CERTIFICATE-----