Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/7nBnr4ikueLtHQ-vlngEEbd6NA4.roa
File:                     7nBnr4ikueLtHQ-vlngEEbd6NA4.roa (raw, json)
Hash identifier:          e9fwMqN70xEPomOIzhv2o5n9LbZ9WX08EkhVgqJLW98=
Subject key identifier:   EE:70:67:AF:88:A4:B9:E2:ED:1D:0F:AF:96:78:04:11:B7:7A:34:0E
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       019427486445A18F56932BD7635391D92987
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/7nBnr4ikueLtHQ-vlngEEbd6NA4.roa
Signing time:             Thu 02 Jan 2025 13:50:43 +0000
ROA not before:           Thu 02 Jan 2025 13:50:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58653
IP address blocks:        193.235.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:64:45:a1:8f:56:93:2b:d7:63:53:91:d9:29:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 13:50:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee7067af88a4b9e2ed1d0faf96780411b77a340e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:ff:f5:25:ec:b9:13:e3:d0:35:2e:19:c5:84:
                    12:14:3e:3c:2b:7f:68:ca:31:bd:f2:03:da:24:48:
                    66:b8:62:34:96:d0:5f:68:7e:dc:4f:ba:d3:71:16:
                    8e:00:f3:94:0a:e1:ee:08:50:91:57:a2:11:b8:61:
                    76:5d:0e:c8:e6:b3:18:8e:7d:bf:57:ef:89:25:1e:
                    95:b8:90:f3:bd:24:43:3f:5a:6c:d5:57:52:79:e2:
                    70:63:96:2c:14:a9:e7:04:cc:84:d2:6c:96:d7:6a:
                    6c:74:e4:0f:b4:00:dc:18:7f:df:07:da:4e:94:a5:
                    06:aa:3f:b9:1e:1c:fb:10:05:0c:d6:54:d5:db:7a:
                    a4:ee:2c:30:ae:ae:cd:5b:d3:af:fc:d5:d4:38:50:
                    27:81:3e:b3:9b:7c:4c:18:68:a4:13:9d:97:8e:6a:
                    f9:78:f0:18:c6:00:43:e7:53:98:79:53:11:65:8e:
                    18:2d:4e:c4:20:76:d3:69:53:76:fc:02:a8:35:3a:
                    c8:b8:ae:4f:1d:25:0c:f9:2a:8a:18:ba:b2:97:ad:
                    ac:d9:60:5e:f3:a9:7b:39:93:56:d3:7a:46:64:91:
                    06:e8:e2:71:08:78:53:58:fb:c8:74:5d:d9:ab:70:
                    c6:3b:c7:b5:2e:ef:46:db:77:26:fc:c9:53:a5:20:
                    7e:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:70:67:AF:88:A4:B9:E2:ED:1D:0F:AF:96:78:04:11:B7:7A:34:0E
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/7nBnr4ikueLtHQ-vlngEEbd6NA4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.235.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:3e:70:5c:0c:22:0e:c3:2b:81:86:f6:9a:5b:66:1f:66:93:
         42:34:1c:ef:1d:7f:87:47:9a:8f:a6:4e:78:7a:25:21:83:71:
         8d:f7:22:a9:05:ad:84:a7:ec:69:c4:cb:21:a1:e2:82:76:d3:
         18:44:97:d4:13:d7:7c:52:c8:11:98:b3:5a:d9:fc:eb:a6:ba:
         19:3c:5f:b6:51:e0:25:e4:08:47:a6:3b:11:80:64:ce:a8:2c:
         1c:0b:b9:e2:df:aa:fc:05:e3:57:46:d4:40:1a:3c:69:48:6d:
         14:e5:9a:51:83:5c:8a:be:a6:9c:f1:b6:5c:16:5e:5b:dc:84:
         75:13:fd:ea:66:d1:e5:ec:1e:96:72:e3:b5:0f:31:ff:92:ea:
         17:db:c4:c3:86:54:5d:46:dd:3d:9e:40:62:b9:b2:0d:b9:3d:
         67:18:f6:72:51:83:16:b4:15:14:0c:6c:78:d4:9d:b4:18:b2:
         77:39:36:a4:18:25:c6:13:2c:20:35:20:06:f8:57:35:d6:27:
         03:c3:83:41:26:de:e6:01:8a:77:4f:83:4b:97:2c:14:12:7b:
         8b:fd:c5:ff:65:fd:2f:9c:9a:fd:b9:a5:3c:bf:d7:d7:36:bf:
         fc:90:4f:e9:11:df:58:f9:bc:ed:0e:03:2c:3a:0e:3f:3b:34:
         69:74:fd:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSGRFoY9WkyvXY1OR2SmHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwMTAyMTM1MDQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTcwNjdhZjg4YTRiOWUyZWQxZDBmYWY5Njc4MDQxMWI3N2EzNDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxv/1Jey5E+PQNS4ZxYQSFD48K39o
yjG98gPaJEhmuGI0ltBfaH7cT7rTcRaOAPOUCuHuCFCRV6IRuGF2XQ7I5rMYjn2/
V++JJR6VuJDzvSRDP1ps1VdSeeJwY5YsFKnnBMyE0myW12psdOQPtADcGH/fB9pO
lKUGqj+5Hhz7EAUM1lTV23qk7iwwrq7NW9Ov/NXUOFAngT6zm3xMGGikE52Xjmr5
ePAYxgBD51OYeVMRZY4YLU7EIHbTaVN2/AKoNTrIuK5PHSUM+SqKGLqyl62s2WBe
86l7OZNW03pGZJEG6OJxCHhTWPvIdF3Zq3DGO8e1Lu9G23cm/MlTpSB+WwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO5wZ6+IpLni7R0Pr5Z4BBG3ejQOMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvN25CbnI0aWt1ZUx0SFEtdmxuZ0VFYmQ2TkE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwetoMA0G
CSqGSIb3DQEBCwUAA4IBAQAOPnBcDCIOwyuBhvaaW2YfZpNCNBzvHX+HR5qPpk54
eiUhg3GN9yKpBa2Ep+xpxMshoeKCdtMYRJfUE9d8UsgRmLNa2fzrproZPF+2UeAl
5AhHpjsRgGTOqCwcC7ni36r8BeNXRtRAGjxpSG0U5ZpRg1yKvqac8bZcFl5b3IR1
E/3qZtHl7B6WcuO1DzH/kuoX28TDhlRdRt09nkBiubINuT1nGPZyUYMWtBUUDGx4
1J20GLJ3OTakGCXGEywgNSAG+Fc11icDw4NBJt7mAYp3T4NLlywUEnuL/cX/Zf0v
nJr9uaU8v9fXNr/8kE/pEd9Y+bztDgMsOg4/OzRpdP1E
-----END CERTIFICATE-----