Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/2Jyl4MY_xd3xva2xyG-fJ7Aoaj4.roa
File:                     2Jyl4MY_xd3xva2xyG-fJ7Aoaj4.roa (raw, json)
Hash identifier:          ruPrHcNytRGJRD3DJDZvNQf+oct4Gj3kZ7CynRKwUnE=
Subject key identifier:   D8:9C:A5:E0:C6:3F:C5:DD:F1:BD:AD:B1:C8:6F:9F:27:B0:28:6A:3E
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018CC802E84BB7581A1F29156EF592BFA688
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/2Jyl4MY_xd3xva2xyG-fJ7Aoaj4.roa
Signing time:             Tue 02 Jan 2024 02:31:22 +0000
ROA not before:           Tue 02 Jan 2024 02:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35073
IP address blocks:        194.71.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:e8:4b:b7:58:1a:1f:29:15:6e:f5:92:bf:a6:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 02:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d89ca5e0c63fc5ddf1bdadb1c86f9f27b0286a3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:67:e1:bd:8e:84:3b:0f:17:6f:e3:58:5c:0d:
                    aa:ce:a8:74:f7:aa:28:29:dc:dd:bd:50:26:1c:dd:
                    5e:cf:8e:b6:85:63:65:86:44:ec:33:39:1b:44:01:
                    d0:eb:cb:0d:d9:b5:a2:e3:c6:e2:ff:8e:83:5c:9e:
                    2d:53:a8:72:21:22:c5:0d:c7:ae:ec:06:aa:25:b8:
                    33:c3:49:7b:3b:ae:15:b9:4e:11:5a:a4:c4:b2:0e:
                    34:af:f6:b9:5d:d0:46:00:c7:40:ee:c5:59:62:ad:
                    1a:fb:19:c0:91:40:57:15:ca:df:15:e5:52:6a:b5:
                    9b:36:cd:27:29:fc:82:5e:97:ee:8d:17:cd:e1:21:
                    d0:a1:f1:6a:7c:41:fa:bb:02:7c:37:9e:b7:fc:3b:
                    da:9a:9d:da:f3:02:35:23:f1:ce:4a:12:6e:11:65:
                    13:0b:ce:71:cf:89:49:f6:fe:1b:e3:6c:7d:6c:d9:
                    a2:b1:da:da:d0:53:c4:9a:bb:1f:3f:b0:13:2b:cc:
                    c9:03:af:59:f4:6c:06:22:4d:59:c9:26:0c:2f:4c:
                    56:74:70:8a:8e:eb:e8:db:5a:59:9b:b9:93:3d:ca:
                    01:c3:92:25:ec:5d:74:7a:8d:73:6c:2d:fb:f6:44:
                    3e:cf:56:37:6e:49:4f:2c:e2:c5:fc:a5:21:0e:7c:
                    b0:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:9C:A5:E0:C6:3F:C5:DD:F1:BD:AD:B1:C8:6F:9F:27:B0:28:6A:3E
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/2Jyl4MY_xd3xva2xyG-fJ7Aoaj4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.71.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:ad:26:42:e5:52:6f:a6:91:62:fa:1a:d5:4b:20:b1:f9:92:
         91:8e:8b:fe:97:b5:8b:6e:90:6b:fe:39:85:4f:98:b8:95:62:
         9a:86:7d:bb:15:ba:30:07:a7:49:e6:2f:85:4f:c5:36:ef:17:
         a8:c9:6e:5b:99:9b:e5:a2:b4:d0:1d:1e:ff:bd:33:9f:dc:fe:
         0a:db:53:d6:78:65:3e:74:0b:d3:6e:0c:ff:2c:b8:aa:70:29:
         8a:b3:c6:5d:d8:c5:f2:eb:11:70:af:72:b3:95:8d:b1:a0:3e:
         ef:5b:f4:f9:95:9d:b2:26:88:44:30:19:18:9f:4e:f1:1c:73:
         c1:f3:2a:fc:54:b8:a5:22:3e:44:20:39:62:b9:91:fa:0f:23:
         c4:25:9e:81:12:5d:af:8f:12:d6:91:b9:e3:42:be:c4:74:99:
         e0:4e:52:51:50:aa:ec:3b:c2:8b:c3:7d:24:04:fd:88:95:b0:
         dc:12:37:64:e4:51:70:68:cd:36:ce:98:6b:36:29:7c:25:8f:
         30:9c:fe:49:b4:31:53:72:d4:23:2c:a3:95:ad:d8:de:22:c5:
         03:6d:ec:ef:5e:9b:a2:ec:a0:9b:06:e5:fc:bd:78:fe:c9:93:
         db:a3:0d:e3:5b:8c:40:68:07:a2:5e:74:52:d4:87:46:b9:20:
         74:b4:c8:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAuhLt1gaHykVbvWSv6aIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwMTAyMDIzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODljYTVlMGM2M2ZjNWRkZjFiZGFkYjFjODZmOWYyN2IwMjg2YTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2fhvY6EOw8Xb+NYXA2qzqh096oo
KdzdvVAmHN1ez462hWNlhkTsMzkbRAHQ68sN2bWi48bi/46DXJ4tU6hyISLFDceu
7AaqJbgzw0l7O64VuU4RWqTEsg40r/a5XdBGAMdA7sVZYq0a+xnAkUBXFcrfFeVS
arWbNs0nKfyCXpfujRfN4SHQofFqfEH6uwJ8N563/Dvamp3a8wI1I/HOShJuEWUT
C85xz4lJ9v4b42x9bNmisdra0FPEmrsfP7ATK8zJA69Z9GwGIk1ZySYML0xWdHCK
juvo21pZm7mTPcoBw5Il7F10eo1zbC379kQ+z1Y3bklPLOLF/KUhDnywFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNicpeDGP8Xd8b2tschvnyewKGo+MB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvMkp5bDRNWV94ZDN4dmEyeHlHLWZKN0FvYWo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwkdhMA0G
CSqGSIb3DQEBCwUAA4IBAQCVrSZC5VJvppFi+hrVSyCx+ZKRjov+l7WLbpBr/jmF
T5i4lWKahn27FbowB6dJ5i+FT8U27xeoyW5bmZvlorTQHR7/vTOf3P4K21PWeGU+
dAvTbgz/LLiqcCmKs8Zd2MXy6xFwr3KzlY2xoD7vW/T5lZ2yJohEMBkYn07xHHPB
8yr8VLilIj5EIDliuZH6DyPEJZ6BEl2vjxLWkbnjQr7EdJngTlJRUKrsO8KLw30k
BP2IlbDcEjdk5FFwaM02zphrNil8JY8wnP5JtDFTctQjLKOVrdjeIsUDbezvXpui
7KCbBuX8vXj+yZPbow3jW4xAaAeiXnRS1IdGuSB0tMg2
-----END CERTIFICATE-----