Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/C-L3Z10aAFBLYAsYgaFf_NViKSU.roa
File:                     C-L3Z10aAFBLYAsYgaFf_NViKSU.roa (raw, json)
Hash identifier:          VsC6avoDwMxYncRzniS0oPPH4+y99THs1mH+PzVpB8c=
Subject key identifier:   0B:E2:F7:67:5D:1A:00:50:4B:60:0B:18:81:A1:5F:FC:D5:62:29:25
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018CC80307197BA1B088C9B87EAE23519EC7
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/C-L3Z10aAFBLYAsYgaFf_NViKSU.roa
Signing time:             Tue 02 Jan 2024 02:31:30 +0000
ROA not before:           Tue 02 Jan 2024 02:31:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209437
IP address blocks:        192.71.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:03:07:19:7b:a1:b0:88:c9:b8:7e:ae:23:51:9e:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 02:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0be2f7675d1a00504b600b1881a15ffcd5622925
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:47:c1:bc:0f:a6:40:15:2b:fe:f1:ca:d8:8e:
                    16:fa:d2:e6:9c:38:99:f4:ed:94:64:1c:f2:71:26:
                    9e:a5:77:12:c9:9f:ba:7d:46:9d:2d:45:5e:3d:43:
                    82:c9:de:1b:12:60:fd:55:f4:9e:dc:b9:bc:13:79:
                    f4:e7:94:4c:f1:14:6a:10:59:49:2a:3e:56:ba:5f:
                    2d:48:a1:0c:f8:93:11:c3:12:4f:2e:83:2c:6b:46:
                    c8:09:88:3b:0e:5a:91:4e:77:34:74:57:cb:20:f1:
                    8d:22:f1:64:a3:cb:ed:5e:70:27:ec:23:5b:13:4a:
                    29:5b:92:02:2e:54:24:ba:23:86:bd:11:73:dd:6d:
                    57:a2:9e:9d:ff:7c:3c:a4:61:9c:07:7c:c6:1c:f4:
                    29:93:36:e6:8c:35:be:a6:52:e1:48:e9:0e:3a:83:
                    cb:4a:cd:35:1a:42:6b:2c:69:dd:1b:88:51:79:38:
                    bd:9f:46:15:79:a7:93:76:db:da:da:29:c8:3b:c0:
                    6a:d4:f5:b5:f6:26:e4:b9:12:40:fb:5e:5f:40:84:
                    7f:ea:b0:4d:1f:0c:08:9a:1e:fa:94:d0:4b:33:23:
                    08:1b:07:59:78:1b:af:1e:f8:b3:63:3a:fd:e8:30:
                    5d:4b:77:59:8c:1f:83:61:cb:50:1c:f5:b4:27:23:
                    33:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:E2:F7:67:5D:1A:00:50:4B:60:0B:18:81:A1:5F:FC:D5:62:29:25
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/C-L3Z10aAFBLYAsYgaFf_NViKSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.71.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:c8:de:f2:0b:19:b1:88:a2:e3:9f:d2:76:63:6d:0a:d7:7e:
         b3:5e:10:1a:ef:e9:21:0e:cd:c4:26:32:df:e0:cd:ba:4a:b8:
         c3:73:01:02:ad:62:1c:ef:ab:97:3b:c5:e1:0b:aa:8b:1f:32:
         63:b4:3c:cf:6a:60:d4:c3:fa:50:7a:60:cf:ee:3d:03:ad:ec:
         fd:d3:ad:ef:0d:ea:ba:5b:fe:ca:8c:ab:c4:72:67:50:10:1a:
         4e:0f:87:0b:64:74:d3:24:36:76:94:c4:0c:75:d1:f8:9c:ec:
         b4:49:ab:ee:d5:8b:10:fc:57:37:62:70:e1:a1:4c:fd:ff:9e:
         f6:b7:ca:1e:38:9c:49:83:cc:5e:e1:f3:0e:4a:4a:0f:79:08:
         6b:10:46:05:a7:00:2a:b6:19:46:bb:74:b7:5f:08:1f:66:52:
         b4:13:d5:54:a5:29:81:23:6b:79:19:b3:f4:a3:71:5b:0c:4e:
         71:9d:cd:88:cb:41:9a:bd:4f:24:11:c9:22:c0:e4:58:97:2e:
         65:14:14:d4:67:d9:80:d3:05:52:71:7e:55:b5:65:7b:41:c3:
         db:a1:f5:6e:ed:a9:78:8a:0c:66:8b:2d:2e:1e:4e:94:c8:0b:
         0c:df:54:6a:4b:2f:79:9c:02:e9:d5:ac:d0:25:5f:2f:52:0d:
         be:f5:b6:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAwcZe6GwiMm4fq4jUZ7HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwMTAyMDIzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmUyZjc2NzVkMWEwMDUwNGI2MDBiMTg4MWExNWZmY2Q1NjIyOTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmkfBvA+mQBUr/vHK2I4W+tLmnDiZ
9O2UZBzycSaepXcSyZ+6fUadLUVePUOCyd4bEmD9VfSe3Lm8E3n055RM8RRqEFlJ
Kj5Wul8tSKEM+JMRwxJPLoMsa0bICYg7DlqRTnc0dFfLIPGNIvFko8vtXnAn7CNb
E0opW5ICLlQkuiOGvRFz3W1Xop6d/3w8pGGcB3zGHPQpkzbmjDW+plLhSOkOOoPL
Ss01GkJrLGndG4hReTi9n0YVeaeTdtva2inIO8Bq1PW19ibkuRJA+15fQIR/6rBN
HwwImh76lNBLMyMIGwdZeBuvHvizYzr96DBdS3dZjB+DYctQHPW0JyMzcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAvi92ddGgBQS2ALGIGhX/zVYiklMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvQy1MM1oxMGFBRkJMWUFzWWdhRmZfTlZpS1NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwEe4MA0G
CSqGSIb3DQEBCwUAA4IBAQAgyN7yCxmxiKLjn9J2Y20K136zXhAa7+khDs3EJjLf
4M26SrjDcwECrWIc76uXO8XhC6qLHzJjtDzPamDUw/pQemDP7j0Drez9063vDeq6
W/7KjKvEcmdQEBpOD4cLZHTTJDZ2lMQMddH4nOy0Savu1YsQ/Fc3YnDhoUz9/572
t8oeOJxJg8xe4fMOSkoPeQhrEEYFpwAqthlGu3S3XwgfZlK0E9VUpSmBI2t5GbP0
o3FbDE5xnc2Iy0GavU8kEckiwORYly5lFBTUZ9mA0wVScX5VtWV7QcPbofVu7al4
igxmiy0uHk6UyAsM31RqSy95nALp1azQJV8vUg2+9bYv
-----END CERTIFICATE-----