Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/D83U1EeBLF4fYdSL_KTa5s7UZso.roa
File:                     D83U1EeBLF4fYdSL_KTa5s7UZso.roa (raw, json)
Hash identifier:          xraRwW4KUNmv/RclEZISCXfrPRpHPt5IxoSY7/gD2pw=
Subject key identifier:   0F:CD:D4:D4:47:81:2C:5E:1F:61:D4:8B:FC:A4:DA:E6:CE:D4:66:CA
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       01951300037FC4F3CDED72AC59B69818EAB9
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/D83U1EeBLF4fYdSL_KTa5s7UZso.roa
Signing time:             Mon 17 Feb 2025 08:22:02 +0000
ROA not before:           Mon 17 Feb 2025 08:22:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48220
IP address blocks:        193.235.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:13:00:03:7f:c4:f3:cd:ed:72:ac:59:b6:98:18:ea:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Feb 17 08:22:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0fcdd4d447812c5e1f61d48bfca4dae6ced466ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ad:ff:a5:bb:e3:e1:3c:9d:6d:0d:56:df:2c:
                    8f:bf:81:06:f9:8d:5b:2e:72:5e:46:e2:bc:58:7c:
                    f0:b7:04:d0:5c:fe:91:3f:bd:63:c7:d6:35:27:0d:
                    d5:60:c9:7b:8b:c1:c6:0e:b4:71:ae:74:d8:8c:c2:
                    7e:16:ef:ba:1a:8b:b9:d6:87:3a:2e:3d:6e:94:7a:
                    38:b2:14:17:f0:b8:82:0f:08:79:77:4d:54:d3:2e:
                    06:e7:2f:76:18:52:4d:9e:9c:e1:77:78:cc:8a:20:
                    c0:a7:c0:92:76:ca:3b:6c:df:a5:5b:86:9f:42:c4:
                    b5:c9:8a:76:5b:6f:07:aa:b7:96:3f:30:ce:31:cd:
                    09:b1:7e:41:e0:9a:dc:c6:42:e6:97:2b:5c:e3:8a:
                    62:a9:65:00:20:b7:4a:14:f6:35:42:4f:f3:f3:09:
                    e7:62:fc:52:9b:eb:f2:c5:fd:d1:61:67:95:8e:14:
                    9b:63:12:6f:a3:3b:ea:e0:75:db:45:d6:ca:2d:eb:
                    a0:73:41:34:0f:19:c0:d9:c3:32:c9:33:0c:07:a2:
                    8b:a8:34:a1:e0:86:2d:15:f6:85:25:8d:d3:fe:95:
                    a2:bc:e3:be:5f:48:1b:c6:9b:21:9d:1a:04:ef:97:
                    30:34:20:ae:53:76:f6:a4:f7:f3:74:24:de:cb:fb:
                    f2:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:CD:D4:D4:47:81:2C:5E:1F:61:D4:8B:FC:A4:DA:E6:CE:D4:66:CA
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/D83U1EeBLF4fYdSL_KTa5s7UZso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.235.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:ac:0e:cb:7c:1c:2a:62:9b:f6:91:2c:e8:fb:76:35:1a:6b:
         ea:ce:93:c1:66:68:81:15:2a:96:bf:dc:1e:ff:93:01:44:1c:
         d4:f4:9c:75:2d:02:a6:16:dd:ab:08:3e:7a:c0:97:1d:74:4f:
         05:c5:37:5a:b6:08:e0:16:d5:c5:47:1a:2a:0e:6d:ba:1a:7a:
         bd:92:86:dc:87:18:96:af:bb:c0:5c:4e:ed:81:15:96:2d:fc:
         93:27:81:a4:2d:07:48:44:31:28:ae:ee:20:83:59:77:a7:37:
         78:66:fe:2f:f0:c1:47:50:2c:33:06:cb:f4:00:95:69:88:47:
         77:aa:fb:f8:7c:c4:c8:82:b4:b6:84:25:a4:a0:d6:d7:e6:0f:
         44:bf:40:b2:f1:83:98:38:23:a6:b6:b7:9d:2a:23:ba:7c:b2:
         a6:a2:d7:1d:97:d1:fc:19:c5:39:4b:c0:7b:c5:ca:dc:9a:49:
         ba:91:23:e5:0f:fe:dc:8b:e6:47:cc:37:65:ff:a4:19:78:5e:
         dd:21:8f:e2:03:4d:16:fe:00:53:d2:56:7f:15:9c:31:d2:b6:
         63:98:d8:b3:0d:9f:59:f8:7c:ce:9b:36:0d:e1:cf:74:a2:e3:
         53:ba:29:a6:96:6b:c4:18:e5:6f:95:c6:6e:12:f7:96:bf:1e:
         d2:79:34:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUTAAN/xPPN7XKsWbaYGOq5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwMjE3MDgyMjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmNkZDRkNDQ3ODEyYzVlMWY2MWQ0OGJmY2E0ZGFlNmNlZDQ2NmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv63/pbvj4TydbQ1W3yyPv4EG+Y1b
LnJeRuK8WHzwtwTQXP6RP71jx9Y1Jw3VYMl7i8HGDrRxrnTYjMJ+Fu+6Gou51oc6
Lj1ulHo4shQX8LiCDwh5d01U0y4G5y92GFJNnpzhd3jMiiDAp8CSdso7bN+lW4af
QsS1yYp2W28HqreWPzDOMc0JsX5B4JrcxkLmlytc44piqWUAILdKFPY1Qk/z8wnn
YvxSm+vyxf3RYWeVjhSbYxJvozvq4HXbRdbKLeugc0E0DxnA2cMyyTMMB6KLqDSh
4IYtFfaFJY3T/pWivOO+X0gbxpshnRoE75cwNCCuU3b2pPfzdCTey/vygQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA/N1NRHgSxeH2HUi/yk2ubO1GbKMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvRDgzVTFFZUJMRjRmWWRTTF9LVGE1czdVWnNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAweuaMA0G
CSqGSIb3DQEBCwUAA4IBAQBdrA7LfBwqYpv2kSzo+3Y1GmvqzpPBZmiBFSqWv9we
/5MBRBzU9Jx1LQKmFt2rCD56wJcddE8FxTdatgjgFtXFRxoqDm26Gnq9kobchxiW
r7vAXE7tgRWWLfyTJ4GkLQdIRDEoru4gg1l3pzd4Zv4v8MFHUCwzBsv0AJVpiEd3
qvv4fMTIgrS2hCWkoNbX5g9Ev0Cy8YOYOCOmtredKiO6fLKmotcdl9H8GcU5S8B7
xcrcmkm6kSPlD/7ci+ZHzDdl/6QZeF7dIY/iA00W/gBT0lZ/FZwx0rZjmNizDZ9Z
+HzOmzYN4c90ouNTuimmlmvEGOVvlcZuEveWvx7SeTRx
-----END CERTIFICATE-----