Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/Bn_JK2nrWFwI1HggJjv3MybmcIo.roa
File:                     Bn_JK2nrWFwI1HggJjv3MybmcIo.roa (raw, json)
Hash identifier:          2bLNlY47/BwjlZFvvYjuFJxbFfYO3kYl+VmYIECKJX4=
Subject key identifier:   06:7F:C9:2B:69:EB:58:5C:08:D4:78:20:26:3B:F7:33:26:E6:70:8A
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       019427483C1702DC81B3E4E5367212B7E7F5
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/Bn_JK2nrWFwI1HggJjv3MybmcIo.roa
Signing time:             Thu 02 Jan 2025 13:50:32 +0000
ROA not before:           Thu 02 Jan 2025 13:50:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3308
IP address blocks:        193.234.184.0/24 maxlen: 24
                          193.234.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:3c:17:02:dc:81:b3:e4:e5:36:72:12:b7:e7:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 13:50:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=067fc92b69eb585c08d47820263bf73326e6708a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:0d:6c:2a:a3:b9:6d:19:2c:bc:9f:71:ff:9d:
                    77:be:30:f8:60:6b:ea:14:30:19:22:9d:0c:66:5d:
                    fa:1d:b3:87:4a:ff:df:f2:2d:b0:df:de:93:f9:f1:
                    4e:4e:49:52:90:c7:99:d8:ea:b3:63:64:c5:3b:5b:
                    f5:d9:d3:59:20:09:23:fe:be:46:21:8d:80:50:12:
                    d3:3c:d8:06:a0:68:64:a0:8d:47:19:59:33:32:06:
                    bc:77:60:bc:a7:e8:76:8e:31:42:6b:f8:37:1e:ba:
                    2a:98:8d:59:f8:4d:32:df:bf:6b:71:8c:98:cb:2d:
                    ac:11:64:3c:95:87:12:30:3e:90:72:a3:22:76:47:
                    ec:3c:6e:58:e1:82:44:6e:b6:97:6d:ac:09:cf:f4:
                    dc:1d:33:36:73:90:83:3a:68:9b:c5:f8:9b:6a:da:
                    53:89:2f:9c:94:8b:46:d8:7a:c1:b2:2f:5b:cf:1d:
                    30:eb:3c:73:44:47:f3:ed:85:64:c1:9e:3f:47:93:
                    1d:6e:34:ec:fe:95:49:d0:9b:56:ab:83:e2:f6:59:
                    64:a9:ff:5f:e1:85:07:56:7f:aa:d2:6d:66:e0:c7:
                    2f:a8:4e:75:60:5f:b5:3d:0e:9d:64:af:83:1a:57:
                    8e:a1:fb:ec:67:f5:42:6b:3d:01:7e:b1:47:8f:65:
                    bf:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:7F:C9:2B:69:EB:58:5C:08:D4:78:20:26:3B:F7:33:26:E6:70:8A
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/Bn_JK2nrWFwI1HggJjv3MybmcIo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.234.184.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3e:8e:dc:f4:de:09:51:6c:4c:d3:b9:54:b9:0b:f9:59:35:4a:
         b4:71:90:52:f1:e2:c9:b6:f5:75:ce:1c:b4:f6:fc:b7:e4:8b:
         af:7c:ab:a9:47:66:d8:03:30:11:e2:74:05:3b:05:fa:4a:92:
         89:32:66:c9:77:e2:fc:32:01:1f:d2:20:14:fa:4f:45:e2:52:
         89:6e:29:7c:34:88:a1:6c:87:1c:6a:66:f7:da:32:10:7b:a5:
         2d:cf:0e:a8:89:47:dd:c7:33:be:63:88:82:f5:85:65:16:2e:
         dc:07:17:bd:e6:10:7f:bd:f3:3a:66:7a:87:2d:6f:81:91:f3:
         0d:a1:2b:46:da:37:f7:3f:85:f0:a3:d4:56:f7:37:22:ad:18:
         af:8b:35:6a:ef:00:c6:22:1b:41:97:d1:79:c1:ae:39:25:26:
         b2:28:5b:0e:3f:76:c2:4f:74:45:5b:8c:b0:a4:40:2f:24:b8:
         b4:84:50:43:c5:a1:c3:5a:b7:bf:21:a7:19:a7:a7:47:b4:35:
         15:22:5c:6d:21:fd:33:ba:8c:bb:ad:75:04:0c:19:9e:7d:26:
         de:be:58:53:51:d7:b6:b5:32:25:da:2f:67:6f:de:96:7c:5b:
         0b:2b:43:10:7f:0e:85:95:99:4c:dc:94:7c:26:0b:c3:cb:fc:
         dd:f2:8b:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSDwXAtyBs+TlNnISt+f1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwMTAyMTM1MDMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjdmYzkyYjY5ZWI1ODVjMDhkNDc4MjAyNjNiZjczMzI2ZTY3MDhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoA1sKqO5bRksvJ9x/513vjD4YGvq
FDAZIp0MZl36HbOHSv/f8i2w396T+fFOTklSkMeZ2OqzY2TFO1v12dNZIAkj/r5G
IY2AUBLTPNgGoGhkoI1HGVkzMga8d2C8p+h2jjFCa/g3HroqmI1Z+E0y379rcYyY
yy2sEWQ8lYcSMD6QcqMidkfsPG5Y4YJEbraXbawJz/TcHTM2c5CDOmibxfibatpT
iS+clItG2HrBsi9bzx0w6zxzREfz7YVkwZ4/R5MdbjTs/pVJ0JtWq4Pi9llkqf9f
4YUHVn+q0m1m4McvqE51YF+1PQ6dZK+DGleOofvsZ/VCaz0BfrFHj2W/6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAZ/yStp61hcCNR4ICY79zMm5nCKMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvQm5fSksybnJXRndJMUhnZ0pqdjNNeWJtY0lvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBweq4MA0G
CSqGSIb3DQEBCwUAA4IBAQA+jtz03glRbEzTuVS5C/lZNUq0cZBS8eLJtvV1zhy0
9vy35IuvfKupR2bYAzAR4nQFOwX6SpKJMmbJd+L8MgEf0iAU+k9F4lKJbil8NIih
bIccamb32jIQe6Utzw6oiUfdxzO+Y4iC9YVlFi7cBxe95hB/vfM6ZnqHLW+BkfMN
oStG2jf3P4Xwo9RW9zcirRivizVq7wDGIhtBl9F5wa45JSayKFsOP3bCT3RFW4yw
pEAvJLi0hFBDxaHDWre/IacZp6dHtDUVIlxtIf0zuoy7rXUEDBmefSbevlhTUde2
tTIl2i9nb96WfFsLK0MQfw6FlZlM3JR8JgvDy/zd8ovl
-----END CERTIFICATE-----