Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/OaoiZ6qeGsRPj6hsEmD4Ur-o2Rs.roa
File:                     OaoiZ6qeGsRPj6hsEmD4Ur-o2Rs.roa (raw, json)
Hash identifier:          7T7ftTieiyEAW8bl84tY98Wg9V8Ua6CHcC2mnkHAL2o=
Subject key identifier:   39:AA:22:67:AA:9E:1A:C4:4F:8F:A8:6C:12:60:F8:52:BF:A8:D9:1B
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       0192D2888C8F80041FDD6FC4804A888870A6
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/OaoiZ6qeGsRPj6hsEmD4Ur-o2Rs.roa
Signing time:             Mon 28 Oct 2024 09:50:17 +0000
ROA not before:           Mon 28 Oct 2024 09:50:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60068
IP address blocks:        193.181.193.0/24 maxlen: 24
                          193.235.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d2:88:8c:8f:80:04:1f:dd:6f:c4:80:4a:88:88:70:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Oct 28 09:50:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39aa2267aa9e1ac44f8fa86c1260f852bfa8d91b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:0b:0c:ca:cf:31:fd:35:01:7e:bf:82:2c:94:
                    36:18:6d:41:a5:38:d2:bd:f2:81:57:58:be:6d:2e:
                    42:91:06:84:38:78:71:7d:b1:ff:f4:1c:ba:2e:22:
                    4e:85:e6:68:25:af:16:3f:8d:d3:d9:3d:5a:0f:1b:
                    70:53:55:3d:6a:66:a2:9e:84:64:6e:a0:93:0a:8b:
                    7e:c3:c8:cc:79:11:08:c5:c5:ef:c9:f2:66:8e:62:
                    8d:f4:42:58:bc:9d:19:86:bb:f5:10:18:53:80:ee:
                    dd:d6:b7:6a:c9:c0:9f:13:0b:9b:29:9b:74:b4:f2:
                    b3:4e:9b:1a:dc:89:d1:df:97:1d:1c:8d:8a:75:43:
                    d4:a7:9d:68:9c:ec:98:c5:ad:cc:42:fe:d7:c7:62:
                    86:a3:55:1e:65:7d:d2:a2:7a:7a:b6:79:20:20:6e:
                    de:74:a6:76:9b:5d:b3:85:80:42:56:34:d1:ec:aa:
                    64:ce:5e:57:c8:85:6f:8f:81:95:4c:7f:5d:1f:e8:
                    9f:2e:b0:b7:69:9c:83:d1:13:de:6a:9c:fa:63:be:
                    3e:c5:de:25:5d:74:f0:6e:0c:32:6e:a8:19:61:89:
                    67:12:9a:b2:51:bc:d2:4e:3e:50:67:44:2c:7b:cb:
                    26:23:01:26:3f:52:aa:ce:1a:0c:1d:a3:5f:2a:0b:
                    f6:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:AA:22:67:AA:9E:1A:C4:4F:8F:A8:6C:12:60:F8:52:BF:A8:D9:1B
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/OaoiZ6qeGsRPj6hsEmD4Ur-o2Rs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.181.193.0/24
                  193.235.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:6c:8b:98:96:cd:1a:bb:20:89:bd:05:37:30:59:02:48:fd:
         45:b9:cb:56:c3:e7:a8:6b:0e:04:6f:70:22:b4:a5:db:f5:e2:
         47:36:0e:ea:85:d3:bb:a3:3c:16:03:c4:c2:6c:a3:26:86:ba:
         b3:95:b4:fa:0b:11:6e:bb:77:dc:7d:9e:9a:23:84:9c:44:ef:
         d9:53:62:90:7a:26:f7:dd:01:ac:1a:85:9e:a5:55:88:ff:e9:
         8e:b8:8d:b0:01:a5:54:d9:cb:2c:47:4d:cf:4a:fa:87:ae:de:
         fd:c6:8d:d9:4b:bb:40:88:7e:d5:ff:68:04:02:e8:01:ad:52:
         a2:1a:5b:3a:63:ed:58:e8:b7:22:e7:5a:97:fd:30:31:9c:64:
         38:0f:c4:cf:35:e0:1b:8e:b7:19:e1:ff:a4:d7:16:8c:2c:96:
         69:50:e1:a6:da:17:ef:c2:57:68:79:ba:91:83:f2:5d:7b:23:
         6d:59:42:10:ae:66:33:2b:8a:54:a7:45:74:af:7c:0f:09:e0:
         97:73:fa:4c:0d:b8:67:cf:62:0c:3a:5b:7e:ce:c3:56:2f:ff:
         8e:23:13:55:8e:c2:77:a1:9f:63:77:cb:14:20:99:81:b2:7f:
         10:e4:fb:54:a8:5e:66:78:ca:9e:5e:b7:ba:bd:b0:44:23:59:
         9a:51:80:4c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZLSiIyPgAQf3W/EgEqIiHCmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQxMDI4MDk1MDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWFhMjI2N2FhOWUxYWM0NGY4ZmE4NmMxMjYwZjg1MmJmYThkOTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQsMys8x/TUBfr+CLJQ2GG1BpTjS
vfKBV1i+bS5CkQaEOHhxfbH/9By6LiJOheZoJa8WP43T2T1aDxtwU1U9amainoRk
bqCTCot+w8jMeREIxcXvyfJmjmKN9EJYvJ0Zhrv1EBhTgO7d1rdqycCfEwubKZt0
tPKzTpsa3InR35cdHI2KdUPUp51onOyYxa3MQv7Xx2KGo1UeZX3Sonp6tnkgIG7e
dKZ2m12zhYBCVjTR7Kpkzl5XyIVvj4GVTH9dH+ifLrC3aZyD0RPeapz6Y74+xd4l
XXTwbgwybqgZYYlnEpqyUbzSTj5QZ0Qse8smIwEmP1KqzhoMHaNfKgv2zQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDmqImeqnhrET4+obBJg+FK/qNkbMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvT2FvaVo2cWVHc1JQajZoc0VtRDRVci1vMlJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwbXBAwQA
wesgMA0GCSqGSIb3DQEBCwUAA4IBAQCGbIuYls0auyCJvQU3MFkCSP1FuctWw+eo
aw4Eb3AitKXb9eJHNg7qhdO7ozwWA8TCbKMmhrqzlbT6CxFuu3fcfZ6aI4ScRO/Z
U2KQeib33QGsGoWepVWI/+mOuI2wAaVU2cssR03PSvqHrt79xo3ZS7tAiH7V/2gE
AugBrVKiGls6Y+1Y6Lci51qX/TAxnGQ4D8TPNeAbjrcZ4f+k1xaMLJZpUOGm2hfv
wldoebqRg/JdeyNtWUIQrmYzK4pUp0V0r3wPCeCXc/pMDbhnz2IMOlt+zsNWL/+O
IxNVjsJ3oZ9jd8sUIJmBsn8Q5PtUqF5meMqeXre6vbBEI1maUYBM
-----END CERTIFICATE-----