Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/Jz6r3LDZWtYCMxOH8VJHm1srssc.roa
File:                     Jz6r3LDZWtYCMxOH8VJHm1srssc.roa (raw, json)
Hash identifier:          ovjxwpxwIINBFm8Tmw7LT5i0QXb4zIOLkDEOwedcdkI=
Subject key identifier:   27:3E:AB:DC:B0:D9:5A:D6:02:33:13:87:F1:52:47:9B:5B:2B:B2:C7
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       01942748568E463C7E420262E0E187691728
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/Jz6r3LDZWtYCMxOH8VJHm1srssc.roa
Signing time:             Thu 02 Jan 2025 13:50:39 +0000
ROA not before:           Thu 02 Jan 2025 13:50:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43853
IP address blocks:        193.234.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:56:8e:46:3c:7e:42:02:62:e0:e1:87:69:17:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 13:50:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=273eabdcb0d95ad602331387f152479b5b2bb2c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:d4:f8:48:ff:42:7f:83:3e:71:09:c4:5e:f8:
                    14:73:ef:b2:46:94:74:51:91:be:99:b2:c2:1f:60:
                    ca:ec:30:68:8b:cd:23:b7:49:18:c8:7b:09:9f:a0:
                    aa:f9:13:7e:d0:32:30:e0:27:dd:d1:24:79:13:dd:
                    19:a0:cc:8d:8f:c6:a8:77:e6:87:b6:4f:b9:b7:6d:
                    cf:82:e7:2d:25:fe:d7:8f:21:47:42:16:5a:13:72:
                    82:80:fa:37:3b:b7:5a:85:93:95:2c:25:be:c2:cf:
                    9e:e8:cd:5c:b8:67:b1:bb:ad:fc:11:f2:e3:5e:d9:
                    38:78:61:91:b9:fa:19:0b:2f:bd:dd:00:4f:f1:2f:
                    9c:94:46:7d:df:46:25:b5:68:28:cd:58:7a:a5:b6:
                    85:ce:b6:f8:40:77:93:2a:e2:a7:70:c5:ac:c0:dc:
                    30:40:0a:62:a7:77:86:c9:56:f7:b9:e5:26:91:8a:
                    d6:27:f7:ee:26:e8:90:3f:f8:3b:9b:c2:b6:34:4a:
                    8a:0b:a3:98:55:0f:79:97:bd:6e:00:77:2e:aa:56:
                    93:ff:9b:39:83:f0:27:d0:ea:da:7a:65:64:eb:db:
                    a9:3e:d3:c5:9b:ac:96:39:5a:a0:5c:5c:59:9c:a6:
                    ae:38:3f:c0:48:f8:02:52:c1:de:90:8d:ba:b6:47:
                    bb:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:3E:AB:DC:B0:D9:5A:D6:02:33:13:87:F1:52:47:9B:5B:2B:B2:C7
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/Jz6r3LDZWtYCMxOH8VJHm1srssc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.234.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:f1:52:b4:95:ee:ec:fd:55:b1:77:da:ef:d2:2d:51:53:86:
         40:73:f4:2a:6e:6d:7a:03:af:d2:11:fd:5b:d1:c8:dc:cf:00:
         9f:e2:cb:56:d3:60:f9:8f:0d:23:5b:73:d9:cd:7f:75:72:61:
         33:7a:af:61:08:6d:3b:e7:1e:10:69:01:f5:14:2d:64:81:f5:
         71:4b:24:ad:ac:94:be:c5:dc:43:26:37:8d:71:56:e6:dd:26:
         42:a5:a0:f0:65:08:e5:64:65:b3:33:f6:dd:8f:6c:85:1b:fe:
         04:02:4b:02:d0:3f:1c:b0:06:51:4c:22:0f:4f:03:d1:ba:cd:
         26:77:1a:9e:14:57:77:9a:18:67:11:57:36:9b:89:7a:89:e6:
         57:d7:99:40:8e:9b:f3:e2:28:7d:fe:16:e8:3b:49:1a:a4:6e:
         c2:8c:16:84:a6:b8:f1:af:75:8b:de:6b:84:3a:9b:81:63:a5:
         d8:c9:58:ed:f1:99:57:69:bf:cf:aa:f4:c1:3d:bb:2a:73:2b:
         3f:cf:bf:56:31:8a:db:1e:54:fb:7a:82:39:08:51:bb:6f:1f:
         93:03:38:19:f6:b0:db:c8:d0:13:f1:8a:dd:43:5f:9b:f3:c0:
         d3:09:be:e8:c8:80:e0:76:24:cd:51:72:d5:a0:69:b5:de:a0:
         40:10:f1:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSFaORjx+QgJi4OGHaRcoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwMTAyMTM1MDM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzNlYWJkY2IwZDk1YWQ2MDIzMzEzODdmMTUyNDc5YjViMmJiMmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzNT4SP9Cf4M+cQnEXvgUc++yRpR0
UZG+mbLCH2DK7DBoi80jt0kYyHsJn6Cq+RN+0DIw4Cfd0SR5E90ZoMyNj8aod+aH
tk+5t23PguctJf7XjyFHQhZaE3KCgPo3O7dahZOVLCW+ws+e6M1cuGexu638EfLj
Xtk4eGGRufoZCy+93QBP8S+clEZ930YltWgozVh6pbaFzrb4QHeTKuKncMWswNww
QApip3eGyVb3ueUmkYrWJ/fuJuiQP/g7m8K2NEqKC6OYVQ95l71uAHcuqlaT/5s5
g/An0OraemVk69upPtPFm6yWOVqgXFxZnKauOD/ASPgCUsHekI26tke7QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCc+q9yw2VrWAjMTh/FSR5tbK7LHMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvSno2cjNMRFpXdFlDTXhPSDhWSkhtMXNyc3NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAweqmMA0G
CSqGSIb3DQEBCwUAA4IBAQAr8VK0le7s/VWxd9rv0i1RU4ZAc/Qqbm16A6/SEf1b
0cjczwCf4stW02D5jw0jW3PZzX91cmEzeq9hCG075x4QaQH1FC1kgfVxSyStrJS+
xdxDJjeNcVbm3SZCpaDwZQjlZGWzM/bdj2yFG/4EAksC0D8csAZRTCIPTwPRus0m
dxqeFFd3mhhnEVc2m4l6ieZX15lAjpvz4ih9/hboO0kapG7CjBaEprjxr3WL3muE
OpuBY6XYyVjt8ZlXab/PqvTBPbsqcys/z79WMYrbHlT7eoI5CFG7bx+TAzgZ9rDb
yNAT8YrdQ1+b88DTCb7oyIDgdiTNUXLVoGm13qBAEPGU
-----END CERTIFICATE-----