Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/OGXlLG5Ig1NaKmJt1G7jTNvkfC4.roa
File:                     OGXlLG5Ig1NaKmJt1G7jTNvkfC4.roa (raw, json)
Hash identifier:          aoyO0Iqzv9KWri1AroBnn8MRTtpKkx48W1jqbWzQvXs=
Subject key identifier:   38:65:E5:2C:6E:48:83:53:5A:2A:62:6D:D4:6E:E3:4C:DB:E4:7C:2E
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       0192B954D3B646740273A7C228BD8FA4C061
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/OGXlLG5Ig1NaKmJt1G7jTNvkfC4.roa
Signing time:             Wed 23 Oct 2024 12:23:17 +0000
ROA not before:           Wed 23 Oct 2024 12:23:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213976
IP address blocks:        192.121.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b9:54:d3:b6:46:74:02:73:a7:c2:28:bd:8f:a4:c0:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Oct 23 12:23:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3865e52c6e4883535a2a626dd46ee34cdbe47c2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:4c:b5:a2:61:f8:82:a5:66:f7:2e:00:77:36:
                    30:9c:f8:72:fa:6d:37:38:8e:9b:ed:26:04:e0:e1:
                    46:66:99:dc:3c:d6:ae:30:8d:19:6b:47:85:a4:d3:
                    99:f3:28:34:ad:b2:44:72:37:ad:c3:e1:28:16:23:
                    fe:19:97:f6:dc:68:db:78:0c:85:c5:40:71:56:6c:
                    73:5b:30:4d:03:0a:2c:b3:06:bb:2d:31:c0:bf:67:
                    82:71:20:86:cb:7f:e0:7a:a4:65:81:32:41:24:1c:
                    40:9e:64:5c:35:1c:72:86:b4:9b:08:87:e8:5b:1e:
                    bc:44:f9:78:be:5e:01:dd:22:10:61:5b:fe:2d:31:
                    03:c5:f2:2a:25:a5:c1:d2:5d:cc:13:a1:36:0b:03:
                    32:6e:59:c8:02:05:4d:db:a4:db:79:14:73:3e:33:
                    85:1e:2f:1e:22:b5:bf:80:a2:d1:a1:15:e0:22:dc:
                    62:94:8e:33:9a:1b:27:7d:5c:46:81:87:c2:38:7d:
                    41:af:27:33:86:16:ae:ec:06:f9:4e:26:5c:31:9d:
                    90:af:02:bf:08:33:d6:f2:0e:11:a3:96:4b:3e:ed:
                    ea:fa:eb:51:08:5c:bb:23:7b:7a:34:8e:87:20:d0:
                    5c:48:11:4d:03:d2:cb:0d:88:47:15:f7:9c:a9:4d:
                    1f:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:65:E5:2C:6E:48:83:53:5A:2A:62:6D:D4:6E:E3:4C:DB:E4:7C:2E
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/OGXlLG5Ig1NaKmJt1G7jTNvkfC4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.121.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:b2:af:ba:99:4a:9d:33:50:9a:2b:78:66:04:96:7e:42:73:
         2c:92:f7:9e:c7:da:3f:57:f7:0c:e1:b4:cf:d7:48:0e:32:37:
         b8:26:52:9b:6b:0a:d5:76:2d:64:80:77:61:2c:1c:a2:64:02:
         84:a7:fe:a2:da:6f:8b:fb:41:1a:b4:3c:05:ee:8f:83:a6:b3:
         59:36:65:ab:17:28:c2:77:34:96:d1:b2:c9:00:b4:6f:fc:ab:
         e8:7d:04:5c:dc:56:1b:af:c9:e4:23:67:46:3f:97:7a:c5:34:
         e4:62:4f:4a:48:ee:68:6c:48:35:fa:00:19:83:cb:85:c7:51:
         ce:46:b8:29:2d:a4:58:d8:41:75:c7:55:87:ed:bf:1d:1a:6f:
         32:07:05:c2:45:8b:cd:ea:53:db:3c:40:1c:73:a9:53:6e:91:
         49:f1:ec:cc:7a:c6:4d:85:8e:96:6d:f1:04:31:d8:70:f2:3c:
         8f:f0:49:48:bf:5e:45:c0:f6:9c:bd:96:9f:3d:2b:00:53:e6:
         5f:bb:8f:db:a7:24:55:a8:be:1c:3f:31:28:dc:9b:a8:01:0e:
         39:3a:b2:60:bd:ec:c3:39:c5:f6:e0:2b:b0:5f:44:fe:48:ea:
         c8:da:a4:be:c8:8c:f9:ca:c9:93:7d:0f:ea:cf:68:32:b3:2d:
         8a:61:f1:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZK5VNO2RnQCc6fCKL2PpMBhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQxMDIzMTIyMzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODY1ZTUyYzZlNDg4MzUzNWEyYTYyNmRkNDZlZTM0Y2RiZTQ3YzJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArUy1omH4gqVm9y4AdzYwnPhy+m03
OI6b7SYE4OFGZpncPNauMI0Za0eFpNOZ8yg0rbJEcjetw+EoFiP+GZf23GjbeAyF
xUBxVmxzWzBNAwosswa7LTHAv2eCcSCGy3/geqRlgTJBJBxAnmRcNRxyhrSbCIfo
Wx68RPl4vl4B3SIQYVv+LTEDxfIqJaXB0l3ME6E2CwMyblnIAgVN26TbeRRzPjOF
Hi8eIrW/gKLRoRXgItxilI4zmhsnfVxGgYfCOH1Bryczhhau7Ab5TiZcMZ2QrwK/
CDPW8g4Ro5ZLPu3q+utRCFy7I3t6NI6HINBcSBFNA9LLDYhHFfecqU0f5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDhl5SxuSINTWipibdRu40zb5HwuMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvT0dYbExHNUlnMU5hS21KdDFHN2pUTnZrZkM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwHk6MA0G
CSqGSIb3DQEBCwUAA4IBAQAVsq+6mUqdM1CaK3hmBJZ+QnMskveex9o/V/cM4bTP
10gOMje4JlKbawrVdi1kgHdhLByiZAKEp/6i2m+L+0EatDwF7o+DprNZNmWrFyjC
dzSW0bLJALRv/KvofQRc3FYbr8nkI2dGP5d6xTTkYk9KSO5obEg1+gAZg8uFx1HO
RrgpLaRY2EF1x1WH7b8dGm8yBwXCRYvN6lPbPEAcc6lTbpFJ8ezMesZNhY6WbfEE
Mdhw8jyP8ElIv15FwPacvZafPSsAU+Zfu4/bpyRVqL4cPzEo3JuoAQ45OrJgvezD
OcX24CuwX0T+SOrI2qS+yIz5ysmTfQ/qz2gysy2KYfEZ
-----END CERTIFICATE-----