Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/BF2rjLl5DnP1ydAuX5KaE9a6eeI.roa
File:                     BF2rjLl5DnP1ydAuX5KaE9a6eeI.roa (raw, json)
Hash identifier:          KfQVfYjjGIyXGH1hBVVw8Uuhi0BS80IBQ5gVfeg64fU=
Subject key identifier:   04:5D:AB:8C:B9:79:0E:73:F5:C9:D0:2E:5F:92:9A:13:D6:BA:79:E2
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       0194274857A4CDD5BBAD1165877B4033D2C9
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/BF2rjLl5DnP1ydAuX5KaE9a6eeI.roa
Signing time:             Thu 02 Jan 2025 13:50:39 +0000
ROA not before:           Thu 02 Jan 2025 13:50:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44136
IP address blocks:        193.180.18.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:57:a4:cd:d5:bb:ad:11:65:87:7b:40:33:d2:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 13:50:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=045dab8cb9790e73f5c9d02e5f929a13d6ba79e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:4b:c9:87:5f:ae:10:b2:9a:69:ab:cc:73:53:
                    a6:41:d8:03:7d:1c:04:80:28:53:ea:fb:70:24:d8:
                    08:5e:b2:68:cd:13:1b:59:28:88:a4:a0:a7:4c:df:
                    cf:90:a8:4b:27:91:61:3f:74:a4:9f:64:94:d8:2f:
                    e9:6c:08:3f:72:88:2e:28:f2:6a:2a:e2:6b:7d:dc:
                    46:9e:cb:85:69:8b:7f:c8:78:47:45:b5:e9:7b:f4:
                    d9:92:cb:f0:eb:3d:b0:8d:d6:59:8b:c9:0a:51:e1:
                    9d:a0:24:9a:1d:37:6d:71:f0:b5:19:6c:ee:a7:c3:
                    6d:cd:dd:ee:f9:58:48:68:00:53:c8:56:f7:6b:18:
                    7c:51:16:51:09:5e:1b:39:cd:bf:4d:fe:88:92:c2:
                    88:62:ab:c1:93:56:cb:a9:95:83:9a:31:18:72:fb:
                    af:13:b2:cd:29:18:7a:a0:c6:71:5a:63:9f:59:87:
                    e6:91:81:52:e8:b7:dc:6d:36:c7:1c:3c:4c:66:83:
                    91:c2:a1:cb:30:53:4c:fe:f4:3d:09:77:16:d8:06:
                    5d:28:00:fa:52:69:d6:7c:19:b1:91:84:d2:74:4f:
                    0e:91:ab:c8:b9:89:0c:9a:cb:39:51:d7:32:22:ea:
                    0f:db:5f:74:fa:3f:dd:7d:3d:5b:7a:ed:3b:52:8e:
                    2d:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:5D:AB:8C:B9:79:0E:73:F5:C9:D0:2E:5F:92:9A:13:D6:BA:79:E2
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/BF2rjLl5DnP1ydAuX5KaE9a6eeI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.180.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9c:eb:b2:de:8a:58:8f:6f:9a:95:2c:9e:d1:5d:f2:63:f9:67:
         94:0f:c6:d9:70:31:66:bb:2f:ed:d1:3d:7d:a2:39:6c:1e:32:
         5c:93:25:14:f2:92:06:6e:2f:86:0a:f1:a4:6c:c7:74:4d:f3:
         06:46:6f:ed:0c:a1:4c:fc:13:92:77:62:28:f7:16:26:1b:74:
         c7:f6:57:4a:7e:73:ac:53:c6:d5:da:c2:1d:64:ed:f0:42:71:
         8d:a4:29:da:4c:5c:c6:e9:50:e9:45:aa:46:c8:fe:f5:5b:61:
         ee:14:33:03:21:08:a1:b2:47:c7:b5:44:46:99:81:e4:b4:67:
         cb:a7:ed:a9:17:f3:db:47:0d:ff:da:64:7d:3f:d6:72:f2:d7:
         6f:10:8b:6f:e0:df:b1:6c:c5:b4:2e:33:5c:f3:60:bb:56:54:
         02:78:a5:16:74:3e:0e:23:37:59:75:b8:2f:46:a6:84:67:0a:
         92:02:04:4c:2d:b6:82:25:eb:71:2a:fb:53:39:47:55:97:8d:
         1f:c5:61:24:bd:45:95:05:3e:8b:f9:3e:f6:dc:68:1f:02:12:
         31:76:55:01:db:25:92:f4:d3:b3:cd:c8:b4:e7:cd:79:86:3c:
         c3:27:b5:2a:08:ed:60:32:89:46:85:ee:64:53:8b:6c:d0:dd:
         82:0e:64:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSFekzdW7rRFlh3tAM9LJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwMTAyMTM1MDM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDVkYWI4Y2I5NzkwZTczZjVjOWQwMmU1ZjkyOWExM2Q2YmE3OWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmUvJh1+uELKaaavMc1OmQdgDfRwE
gChT6vtwJNgIXrJozRMbWSiIpKCnTN/PkKhLJ5FhP3Skn2SU2C/pbAg/coguKPJq
KuJrfdxGnsuFaYt/yHhHRbXpe/TZksvw6z2wjdZZi8kKUeGdoCSaHTdtcfC1GWzu
p8Ntzd3u+VhIaABTyFb3axh8URZRCV4bOc2/Tf6IksKIYqvBk1bLqZWDmjEYcvuv
E7LNKRh6oMZxWmOfWYfmkYFS6LfcbTbHHDxMZoORwqHLMFNM/vQ9CXcW2AZdKAD6
UmnWfBmxkYTSdE8OkavIuYkMmss5UdcyIuoP2190+j/dfT1beu07Uo4tVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFARdq4y5eQ5z9cnQLl+SmhPWunniMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvQkYycmpMbDVEblAxeWRBdVg1S2FFOWE2ZWVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwbQSMA0G
CSqGSIb3DQEBCwUAA4IBAQCc67LeiliPb5qVLJ7RXfJj+WeUD8bZcDFmuy/t0T19
ojlsHjJckyUU8pIGbi+GCvGkbMd0TfMGRm/tDKFM/BOSd2Io9xYmG3TH9ldKfnOs
U8bV2sIdZO3wQnGNpCnaTFzG6VDpRapGyP71W2HuFDMDIQihskfHtURGmYHktGfL
p+2pF/PbRw3/2mR9P9Zy8tdvEItv4N+xbMW0LjNc82C7VlQCeKUWdD4OIzdZdbgv
RqaEZwqSAgRMLbaCJetxKvtTOUdVl40fxWEkvUWVBT6L+T723GgfAhIxdlUB2yWS
9NOzzci05815hjzDJ7UqCO1gMolGhe5kU4ts0N2CDmQg
-----END CERTIFICATE-----