Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/257YB55kDMqS6l6T1MJHiq9DRYc.roa
File:                     257YB55kDMqS6l6T1MJHiq9DRYc.roa (raw, json)
Hash identifier:          uPjiEoGRn/lbr93+o73VUW13ZvB0YIPWnpQoi7oQp2s=
Subject key identifier:   DB:9E:D8:07:9E:64:0C:CA:92:EA:5E:93:D4:C2:47:8A:AF:43:45:87
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       01900BC714B04D8474E45CB893EB2FFF3518
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/257YB55kDMqS6l6T1MJHiq9DRYc.roa
Signing time:             Wed 12 Jun 2024 09:28:34 +0000
ROA not before:           Wed 12 Jun 2024 09:28:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20513
IP address blocks:        194.71.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:0b:c7:14:b0:4d:84:74:e4:5c:b8:93:eb:2f:ff:35:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jun 12 09:28:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db9ed8079e640cca92ea5e93d4c2478aaf434587
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:9f:76:f6:e6:5d:d7:b0:32:41:d5:4b:a1:04:
                    f8:d6:7d:fd:c1:2c:c8:74:bc:c2:a1:e9:bf:46:39:
                    d7:fa:09:d3:09:90:15:45:0b:36:f5:05:59:77:54:
                    b5:47:78:5d:f9:c1:54:36:99:90:a4:8f:0c:86:13:
                    a3:eb:00:17:ba:93:e7:d3:37:92:0e:b3:15:d6:df:
                    56:61:37:af:4d:86:31:00:4f:af:e9:13:36:af:d8:
                    bc:60:dc:37:fc:4f:a3:00:be:c4:5e:6c:20:16:2f:
                    ff:f1:17:14:70:bf:d5:22:97:07:3b:b9:05:61:e5:
                    8f:3c:0f:6d:0b:99:b4:37:36:1e:d3:75:8b:24:b6:
                    55:a3:3d:a3:1f:0d:9d:9e:93:14:db:26:aa:55:d3:
                    42:66:3b:89:5e:01:3e:73:30:47:22:eb:bc:a3:14:
                    f8:09:50:bc:e0:1c:e1:1d:35:d1:da:6a:0a:81:da:
                    16:c6:b1:be:11:4f:a0:b7:40:b7:87:75:58:3f:1d:
                    f6:b6:b5:74:40:f9:b8:6d:d6:99:ec:db:c9:36:73:
                    d2:f8:5b:0d:56:c0:d0:25:10:8c:e6:dc:86:ca:56:
                    7f:ee:40:da:14:0a:d9:67:3c:01:ac:a6:68:f7:58:
                    df:dc:d4:83:e4:d3:90:18:b0:73:bf:f7:33:d3:a3:
                    7d:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:9E:D8:07:9E:64:0C:CA:92:EA:5E:93:D4:C2:47:8A:AF:43:45:87
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/257YB55kDMqS6l6T1MJHiq9DRYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.71.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:92:bc:46:49:51:e4:91:a8:b5:be:79:3c:b2:d6:45:80:00:
         c0:a7:b6:ca:59:4d:65:08:0e:24:4e:7d:bd:81:4e:7a:ed:5f:
         c8:09:f3:59:01:aa:5a:bc:f4:d5:db:d9:d9:e9:02:55:27:c5:
         f0:9e:aa:70:d3:45:33:e6:32:8d:bb:3c:12:32:e2:d9:de:f5:
         de:c9:f3:9d:07:48:e1:67:4a:76:e6:b6:84:db:84:72:c5:48:
         95:58:b6:1f:7e:2a:bf:9b:bf:53:e4:e2:7f:4a:91:fa:54:0d:
         a7:15:ee:d2:cc:81:91:17:7b:6a:fc:87:0d:af:6c:ab:e6:53:
         63:95:20:1c:6b:80:ae:3b:a5:ff:0c:2b:b2:37:04:6f:c2:ed:
         19:ec:56:1a:25:86:e6:8d:b0:24:d1:a8:5f:f5:95:f3:39:cf:
         0e:7e:b3:23:89:60:cb:81:58:3b:cf:3e:0d:17:8f:1b:0f:1d:
         8b:f1:0b:16:a8:31:08:e3:d5:9e:56:95:8d:d4:27:0f:b1:a4:
         42:27:ec:a5:03:ee:e8:20:f9:ba:2f:49:82:89:f3:48:2b:73:
         0c:ed:cf:25:08:f1:f4:c4:e9:b1:d1:8e:c2:7f:c1:87:fb:51:
         2f:bf:31:86:60:b7:c3:59:29:05:c9:ba:b9:6b:ac:74:e5:0e:
         43:6b:31:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZALxxSwTYR05Fy4k+sv/zUYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwNjEyMDkyODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjllZDgwNzllNjQwY2NhOTJlYTVlOTNkNGMyNDc4YWFmNDM0NTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu5929uZd17AyQdVLoQT41n39wSzI
dLzCoem/RjnX+gnTCZAVRQs29QVZd1S1R3hd+cFUNpmQpI8MhhOj6wAXupPn0zeS
DrMV1t9WYTevTYYxAE+v6RM2r9i8YNw3/E+jAL7EXmwgFi//8RcUcL/VIpcHO7kF
YeWPPA9tC5m0NzYe03WLJLZVoz2jHw2dnpMU2yaqVdNCZjuJXgE+czBHIuu8oxT4
CVC84BzhHTXR2moKgdoWxrG+EU+gt0C3h3VYPx32trV0QPm4bdaZ7NvJNnPS+FsN
VsDQJRCM5tyGylZ/7kDaFArZZzwBrKZo91jf3NSD5NOQGLBzv/cz06N9NwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNue2AeeZAzKkupek9TCR4qvQ0WHMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvMjU3WUI1NWtETXFTNmw2VDFNSkhpcTlEUlljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwke8MA0G
CSqGSIb3DQEBCwUAA4IBAQB5krxGSVHkkai1vnk8stZFgADAp7bKWU1lCA4kTn29
gU567V/ICfNZAapavPTV29nZ6QJVJ8Xwnqpw00Uz5jKNuzwSMuLZ3vXeyfOdB0jh
Z0p25raE24RyxUiVWLYffiq/m79T5OJ/SpH6VA2nFe7SzIGRF3tq/IcNr2yr5lNj
lSAca4CuO6X/DCuyNwRvwu0Z7FYaJYbmjbAk0ahf9ZXzOc8OfrMjiWDLgVg7zz4N
F48bDx2L8QsWqDEI49WeVpWN1CcPsaRCJ+ylA+7oIPm6L0mCifNIK3MM7c8lCPH0
xOmx0Y7Cf8GH+1EvvzGGYLfDWSkFybq5a6x05Q5DazEz
-----END CERTIFICATE-----