Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/nZeJQW9rX4EXSjA9EphVISOuUgU.roa
File:                     nZeJQW9rX4EXSjA9EphVISOuUgU.roa (raw, json)
Hash identifier:          ttg0gIS3BHWNbQlIcBoLPESKlDwz3nL8H9Yv37xLJ5o=
Subject key identifier:   9D:97:89:41:6F:6B:5F:81:17:4A:30:3D:12:98:55:21:23:AE:52:05
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018CC802EF4EA491AF6C9822FBD03972D010
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/nZeJQW9rX4EXSjA9EphVISOuUgU.roa
Signing time:             Tue 02 Jan 2024 02:31:24 +0000
ROA not before:           Tue 02 Jan 2024 02:31:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47957
IP address blocks:        193.183.113.0/24 maxlen: 24
                          193.183.114.0/24 maxlen: 24
                          194.71.146.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:ef:4e:a4:91:af:6c:98:22:fb:d0:39:72:d0:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 02:31:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d9789416f6b5f81174a303d1298552123ae5205
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:84:12:1c:47:7a:e9:01:59:e3:af:ad:10:de:
                    c4:74:c0:79:4a:13:a4:e8:3f:17:5b:81:b4:68:ff:
                    55:b6:d0:47:7f:ba:5f:71:67:1f:fc:29:bc:a0:6b:
                    ba:6d:0c:ce:04:3e:59:ba:be:35:80:2f:7b:47:a1:
                    96:92:77:b2:28:64:10:d6:19:2f:75:a7:4a:88:34:
                    28:90:9f:bd:e1:81:e8:7b:a9:55:74:50:a8:fa:1b:
                    7b:47:15:e4:47:68:14:aa:3d:09:6a:a7:fe:17:fe:
                    d4:e9:4d:13:86:e5:dc:23:3d:a3:d0:cf:8b:7b:3a:
                    1b:7c:20:1c:7b:4c:bc:77:a0:c5:c5:7c:1a:f6:84:
                    60:2f:88:ab:92:ca:ce:c3:c3:74:23:9d:16:1a:84:
                    8c:96:db:e1:3c:ea:d4:62:1b:a5:fa:37:61:e1:e0:
                    95:25:09:3d:9d:4c:ba:e5:24:26:ec:20:8f:92:59:
                    7c:06:15:27:cb:c5:d6:fe:1e:dd:43:bf:f1:30:4c:
                    c1:41:61:02:e0:ba:e0:73:96:90:c8:f7:17:dc:ba:
                    01:33:78:d0:f0:e5:3d:3f:84:3f:e2:42:9a:21:39:
                    0a:8b:a2:88:24:1f:17:97:c6:32:26:92:89:68:a2:
                    c8:1d:b1:04:9e:8c:41:27:fc:04:2d:dc:ac:ca:19:
                    ed:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:97:89:41:6F:6B:5F:81:17:4A:30:3D:12:98:55:21:23:AE:52:05
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/nZeJQW9rX4EXSjA9EphVISOuUgU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.183.113.0-193.183.114.255
                  194.71.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:28:b0:a4:46:ad:39:01:30:d6:b6:31:70:db:54:7e:5a:4d:
         34:e1:f4:9d:8b:ac:34:e7:a8:1e:0a:d2:c0:dd:22:d5:67:8b:
         d1:e5:c8:4e:9f:34:76:7b:c2:5c:a9:70:ed:93:f3:41:83:69:
         1c:96:ee:0a:c6:63:19:4a:c9:a9:f6:89:27:c0:54:d1:be:4f:
         26:0a:c0:a2:77:6f:0d:33:f0:15:3e:92:0d:c4:32:3b:7e:5f:
         94:bc:f7:ee:81:dd:26:c8:b8:ab:c9:f9:a3:2e:e2:b6:a5:7c:
         71:f2:8a:3c:a2:fb:d9:b4:ea:24:07:bc:cb:b7:4c:3e:fe:e0:
         00:87:7b:c3:6d:49:de:d7:ad:0e:89:13:7e:99:30:2d:ad:35:
         3b:ef:1f:9c:e8:38:7f:a8:27:1f:b7:03:e7:10:9a:1c:5f:43:
         69:31:ac:d6:76:71:0b:ce:de:a9:73:1a:a4:e4:58:4b:4a:61:
         b4:89:73:10:cd:d7:50:95:62:4a:08:89:5d:24:83:ed:49:5e:
         8a:54:93:d1:43:5c:63:40:56:24:33:fe:b0:e4:e2:5f:73:6e:
         f7:87:52:fb:2c:ba:a0:cc:8b:0e:2c:e7:13:e9:9f:39:21:0e:
         d8:f5:6f:e6:ad:1f:89:02:12:84:fb:f6:81:e0:4c:bf:af:62:
         74:6e:4f:a7
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzIAu9OpJGvbJgi+9A5ctAQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwMTAyMDIzMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDk3ODk0MTZmNmI1ZjgxMTc0YTMwM2QxMjk4NTUyMTIzYWU1MjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjIQSHEd66QFZ46+tEN7EdMB5ShOk
6D8XW4G0aP9VttBHf7pfcWcf/Cm8oGu6bQzOBD5Zur41gC97R6GWkneyKGQQ1hkv
dadKiDQokJ+94YHoe6lVdFCo+ht7RxXkR2gUqj0Jaqf+F/7U6U0ThuXcIz2j0M+L
ezobfCAce0y8d6DFxXwa9oRgL4irksrOw8N0I50WGoSMltvhPOrUYhul+jdh4eCV
JQk9nUy65SQm7CCPkll8BhUny8XW/h7dQ7/xMEzBQWEC4Lrgc5aQyPcX3LoBM3jQ
8OU9P4Q/4kKaITkKi6KIJB8Xl8YyJpKJaKLIHbEEnoxBJ/wELdysyhntXQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFJ2XiUFva1+BF0owPRKYVSEjrlIFMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvblplSlFXOXJYNEVYU2pBOUVwaFZJU091VWdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBADBt3ED
BADBt3IDBAHCR5IwDQYJKoZIhvcNAQELBQADggEBADYosKRGrTkBMNa2MXDbVH5a
TTTh9J2LrDTnqB4K0sDdItVni9HlyE6fNHZ7wlypcO2T80GDaRyW7grGYxlKyan2
iSfAVNG+TyYKwKJ3bw0z8BU+kg3EMjt+X5S89+6B3SbIuKvJ+aMu4ralfHHyijyi
+9m06iQHvMu3TD7+4ACHe8NtSd7XrQ6JE36ZMC2tNTvvH5zoOH+oJx+3A+cQmhxf
Q2kxrNZ2cQvO3qlzGqTkWEtKYbSJcxDN11CVYkoIiV0kg+1JXopUk9FDXGNAViQz
/rDk4l9zbveHUvssuqDMiw4s5xPpnzkhDtj1b+atH4kCEoT79oHgTL+vYnRuT6c=
-----END CERTIFICATE-----