Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/GQJjBvX0QPCufI3wt4pSYNHpQ-8.roa
File:                     GQJjBvX0QPCufI3wt4pSYNHpQ-8.roa (raw, json)
Hash identifier:          SN0sJtX58aa2E7Zsu2qJYjEaPe5UWm9o8LYtMB7qpEw=
Subject key identifier:   19:02:63:06:F5:F4:40:F0:AE:7C:8D:F0:B7:8A:52:60:D1:E9:43:EF
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       019427485383BF496632114BB4F763E23308
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/GQJjBvX0QPCufI3wt4pSYNHpQ-8.roa
Signing time:             Thu 02 Jan 2025 13:50:38 +0000
ROA not before:           Thu 02 Jan 2025 13:50:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39871
IP address blocks:        192.36.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:53:83:bf:49:66:32:11:4b:b4:f7:63:e2:33:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 13:50:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=19026306f5f440f0ae7c8df0b78a5260d1e943ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:10:da:08:2c:e1:06:3c:91:96:9f:72:0a:85:
                    d3:28:d9:79:d9:f7:d3:af:17:af:81:96:c0:76:75:
                    1a:9d:0f:e3:de:a8:64:79:ed:58:1b:5e:3c:06:a8:
                    3f:c3:9b:ab:34:16:07:ba:1c:c4:9e:17:d7:7b:73:
                    4b:aa:11:9d:9a:63:1b:35:48:73:b6:a0:8e:d0:05:
                    65:bd:01:40:78:52:33:c6:63:d6:11:15:1e:8d:09:
                    ee:90:e6:04:f2:51:41:c4:4f:3d:f1:8e:20:fe:05:
                    d1:43:9c:1f:a6:5a:43:49:68:a7:f5:33:bf:08:3a:
                    a4:9d:73:cd:31:fd:28:e2:22:fd:1d:b1:22:f9:59:
                    7a:66:0d:1b:04:27:1d:2d:16:aa:05:60:70:3c:46:
                    a5:3a:8a:f3:78:bd:e9:4a:83:52:99:0d:75:6f:44:
                    86:7d:7f:81:ed:39:9c:01:c0:e0:17:7c:b2:d6:85:
                    ef:fc:0b:f1:35:18:03:58:83:70:f7:1c:79:2a:0d:
                    47:46:7e:a2:e4:fd:99:ce:6c:ec:bd:da:42:b6:cc:
                    d8:49:8a:59:5d:58:63:85:23:72:d0:85:da:c7:63:
                    c2:4e:53:af:cb:7b:ce:01:53:ea:ba:e0:9a:95:76:
                    ce:64:8e:e3:7c:68:76:cb:96:9a:dd:c9:48:b3:6d:
                    6c:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:02:63:06:F5:F4:40:F0:AE:7C:8D:F0:B7:8A:52:60:D1:E9:43:EF
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/GQJjBvX0QPCufI3wt4pSYNHpQ-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.36.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:9b:53:45:cc:3f:ae:31:c2:8f:f3:c3:6d:70:4a:b8:c7:a4:
         14:8e:9f:6e:43:fc:e7:81:c6:30:66:d8:07:b8:c0:7a:ce:b6:
         b3:a4:c0:10:1e:07:4c:a5:d8:eb:ea:42:7a:30:72:1a:3d:b7:
         2d:0a:2b:d0:b6:eb:83:53:3a:77:72:a6:7b:36:89:29:bf:94:
         77:9e:8b:1c:b7:5d:46:b7:26:27:c2:04:88:29:7f:ce:85:a2:
         d9:55:a1:4e:b7:4b:ef:d0:75:84:ba:83:bf:e1:75:4c:27:c1:
         a7:be:4a:ab:93:d3:7c:ca:10:a9:6d:87:9a:4c:13:95:14:30:
         b9:fb:91:89:55:ba:07:8a:05:8b:23:1b:2c:9b:eb:ad:89:32:
         88:fa:62:bb:e6:5f:6e:bd:cf:68:ce:7b:bc:bb:e3:af:dd:04:
         e2:9f:5f:de:f8:e6:0c:83:4e:0d:75:f6:ae:cd:8d:6f:26:e6:
         83:d2:6a:62:bf:98:38:34:82:f6:8d:5d:21:d9:6e:82:7d:de:
         b4:60:45:bc:69:30:d6:5a:f2:bb:c8:1d:ff:e5:63:e6:b7:4b:
         05:89:a6:f4:bd:9c:24:2b:79:e7:52:ea:e1:3e:3b:ab:b1:0f:
         5b:1b:98:ca:c0:25:09:88:41:b8:f5:b5:1e:6d:86:75:d8:db:
         dc:c3:f4:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSFODv0lmMhFLtPdj4jMIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwMTAyMTM1MDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTAyNjMwNmY1ZjQ0MGYwYWU3YzhkZjBiNzhhNTI2MGQxZTk0M2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhDaCCzhBjyRlp9yCoXTKNl52ffT
rxevgZbAdnUanQ/j3qhkee1YG148Bqg/w5urNBYHuhzEnhfXe3NLqhGdmmMbNUhz
tqCO0AVlvQFAeFIzxmPWERUejQnukOYE8lFBxE898Y4g/gXRQ5wfplpDSWin9TO/
CDqknXPNMf0o4iL9HbEi+Vl6Zg0bBCcdLRaqBWBwPEalOorzeL3pSoNSmQ11b0SG
fX+B7TmcAcDgF3yy1oXv/AvxNRgDWINw9xx5Kg1HRn6i5P2ZzmzsvdpCtszYSYpZ
XVhjhSNy0IXax2PCTlOvy3vOAVPquuCalXbOZI7jfGh2y5aa3clIs21s9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBkCYwb19EDwrnyN8LeKUmDR6UPvMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvR1FKakJ2WDBRUEN1Zkkzd3Q0cFNZTkhwUS04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwCSFMA0G
CSqGSIb3DQEBCwUAA4IBAQCJm1NFzD+uMcKP88NtcEq4x6QUjp9uQ/zngcYwZtgH
uMB6zrazpMAQHgdMpdjr6kJ6MHIaPbctCivQtuuDUzp3cqZ7Nokpv5R3nosct11G
tyYnwgSIKX/OhaLZVaFOt0vv0HWEuoO/4XVMJ8Gnvkqrk9N8yhCpbYeaTBOVFDC5
+5GJVboHigWLIxssm+utiTKI+mK75l9uvc9oznu8u+Ov3QTin1/e+OYMg04Ndfau
zY1vJuaD0mpiv5g4NIL2jV0h2W6Cfd60YEW8aTDWWvK7yB3/5WPmt0sFiab0vZwk
K3nnUurhPjursQ9bG5jKwCUJiEG49bUebYZ12Nvcw/Rr
-----END CERTIFICATE-----