Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/B8PBmFnz7IXTajbUGvW4v80pyfM.roa
File:                     B8PBmFnz7IXTajbUGvW4v80pyfM.roa (raw, json)
Hash identifier:          FA7CO648buo8y3ICvs030DPO069K2YrLzYlhkizUohQ=
Subject key identifier:   07:C3:C1:98:59:F3:EC:85:D3:6A:36:D4:1A:F5:B8:BF:CD:29:C9:F3
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       0194274844F644B7F0827EA0C04626BB6FA3
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/B8PBmFnz7IXTajbUGvW4v80pyfM.roa
Signing time:             Thu 02 Jan 2025 13:50:35 +0000
ROA not before:           Thu 02 Jan 2025 13:50:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20626
IP address blocks:        193.235.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:44:f6:44:b7:f0:82:7e:a0:c0:46:26:bb:6f:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 13:50:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07c3c19859f3ec85d36a36d41af5b8bfcd29c9f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:37:d7:df:9e:d5:b5:67:21:41:f2:a9:06:18:
                    e3:9a:f7:65:47:37:ff:dc:5a:39:87:29:d6:1f:56:
                    5c:44:4f:4e:89:d6:38:45:fc:5c:58:30:16:57:b1:
                    0f:e6:b5:c0:4f:0d:1b:f8:10:d8:18:63:72:ba:b5:
                    47:65:f2:c8:a7:ed:d8:06:59:af:f0:1c:45:f3:0a:
                    86:48:be:53:18:6e:3b:a0:1b:2d:24:39:cb:5f:85:
                    86:af:4c:86:47:dd:3e:1c:24:2a:89:03:ef:92:d2:
                    17:6e:aa:6f:b3:eb:48:08:b4:8e:b1:55:09:85:bf:
                    b9:16:22:07:3b:d8:1a:54:7d:4c:0f:6e:78:96:2c:
                    7a:cc:d5:8d:6d:b4:0b:3e:2c:0f:f4:cc:ef:30:bf:
                    8a:14:c1:60:e2:7b:4b:3f:c3:2c:82:d9:a9:52:c9:
                    ab:8c:a7:95:1e:62:3f:4e:14:17:e2:f0:c9:75:77:
                    10:21:f9:fc:17:8d:ca:6a:86:41:a2:60:fe:f5:6c:
                    e1:13:5e:77:20:f3:4b:b0:3a:1b:33:eb:a7:ba:0d:
                    02:01:69:2d:ac:2e:e9:3d:b7:64:b8:31:27:ef:af:
                    25:3a:f7:ce:b5:9c:7c:a5:ab:c6:d9:0f:08:dc:d8:
                    5b:5b:d5:fa:61:b6:32:1c:94:38:00:1d:cb:3b:cf:
                    84:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:C3:C1:98:59:F3:EC:85:D3:6A:36:D4:1A:F5:B8:BF:CD:29:C9:F3
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/B8PBmFnz7IXTajbUGvW4v80pyfM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.235.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:72:7f:bd:84:85:25:7d:c0:5f:9b:cd:6b:90:74:c4:7e:fc:
         06:38:d1:5c:fb:0b:ff:55:e5:a5:1c:0c:28:dd:c5:86:75:f9:
         68:f9:fa:e8:11:6a:65:db:22:eb:11:6b:0c:ad:bc:56:d4:62:
         50:bf:56:b2:c8:ea:03:bc:98:ff:fe:f2:6e:5f:ee:ad:6d:0c:
         64:0b:d0:99:26:8e:89:74:be:19:6b:a0:95:d3:05:88:9a:0f:
         5a:f6:ed:81:3c:7a:eb:4e:97:c6:97:50:96:53:8d:e3:b5:5f:
         58:50:59:02:f9:24:67:73:93:92:a5:9f:f2:41:ab:3b:11:c1:
         3b:4c:38:89:76:81:aa:ce:4c:68:d8:ce:36:1b:01:d4:bb:96:
         80:be:b3:cf:2e:f4:7c:f4:fa:87:4c:06:06:ee:a0:a9:41:28:
         ff:75:02:a1:17:90:24:1f:6b:be:55:9a:6f:18:12:1a:99:11:
         3b:d1:28:db:6e:7e:3b:bd:5a:11:73:5d:e0:47:21:89:18:26:
         07:54:e3:0b:39:f0:2d:22:33:12:71:32:90:93:45:8b:ad:a0:
         e8:b5:a8:73:8b:2f:ee:38:a0:90:85:03:71:f3:58:3d:45:33:
         c6:66:05:46:66:30:ac:f2:a8:83:3e:83:71:1a:3b:a3:68:54:
         cf:bd:47:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSET2RLfwgn6gwEYmu2+jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwMTAyMTM1MDM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2MzYzE5ODU5ZjNlYzg1ZDM2YTM2ZDQxYWY1YjhiZmNkMjljOWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtzfX357VtWchQfKpBhjjmvdlRzf/
3Fo5hynWH1ZcRE9OidY4RfxcWDAWV7EP5rXATw0b+BDYGGNyurVHZfLIp+3YBlmv
8BxF8wqGSL5TGG47oBstJDnLX4WGr0yGR90+HCQqiQPvktIXbqpvs+tICLSOsVUJ
hb+5FiIHO9gaVH1MD254lix6zNWNbbQLPiwP9MzvML+KFMFg4ntLP8MsgtmpUsmr
jKeVHmI/ThQX4vDJdXcQIfn8F43KaoZBomD+9WzhE153IPNLsDobM+unug0CAWkt
rC7pPbdkuDEn768lOvfOtZx8pavG2Q8I3NhbW9X6YbYyHJQ4AB3LO8+E2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAfDwZhZ8+yF02o21Br1uL/NKcnzMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvQjhQQm1Gbno3SVhUYWpiVUd2VzR2ODBweWZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwevsMA0G
CSqGSIb3DQEBCwUAA4IBAQBLcn+9hIUlfcBfm81rkHTEfvwGONFc+wv/VeWlHAwo
3cWGdflo+froEWpl2yLrEWsMrbxW1GJQv1ayyOoDvJj//vJuX+6tbQxkC9CZJo6J
dL4Za6CV0wWImg9a9u2BPHrrTpfGl1CWU43jtV9YUFkC+SRnc5OSpZ/yQas7EcE7
TDiJdoGqzkxo2M42GwHUu5aAvrPPLvR89PqHTAYG7qCpQSj/dQKhF5AkH2u+VZpv
GBIamRE70Sjbbn47vVoRc13gRyGJGCYHVOMLOfAtIjMScTKQk0WLraDotahziy/u
OKCQhQNx81g9RTPGZgVGZjCs8qiDPoNxGjujaFTPvUdW
-----END CERTIFICATE-----