Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/SFJFv2Xo27pvSEZFgoZD3WeZeO0.roa
File:                     SFJFv2Xo27pvSEZFgoZD3WeZeO0.roa (raw, json)
Hash identifier:          B3jL3vn1zzXB7mEfpgK7jNf9QRtSlU1s8hIqBrIStdI=
Subject key identifier:   48:52:45:BF:65:E8:DB:BA:6F:48:46:45:82:86:43:DD:67:99:78:ED
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       0191F9B0F3F0886FF9AB816E4A45521D0A5F
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/SFJFv2Xo27pvSEZFgoZD3WeZeO0.roa
Signing time:             Mon 16 Sep 2024 07:16:49 +0000
ROA not before:           Mon 16 Sep 2024 07:16:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208453
IP address blocks:        193.181.23.0/24 maxlen: 24
                          193.181.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:f9:b0:f3:f0:88:6f:f9:ab:81:6e:4a:45:52:1d:0a:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Sep 16 07:16:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=485245bf65e8dbba6f484645828643dd679978ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:07:d9:0b:3a:f5:fd:9e:f5:71:6a:3d:d1:0e:
                    c6:6b:06:1d:94:af:c4:03:75:dc:a7:e2:af:ab:9a:
                    78:fd:95:16:71:a5:df:9b:b4:8c:9c:8d:46:b4:b4:
                    aa:1d:69:61:32:b5:a5:80:d5:69:11:7d:fc:df:1f:
                    8b:07:fd:14:e9:c6:25:7a:19:01:c7:76:0e:f5:cb:
                    35:87:76:a5:ee:e7:60:6f:97:c4:91:04:df:56:2f:
                    52:62:25:3b:e2:fc:62:f9:e5:a2:29:0c:e2:35:5d:
                    4f:ed:a4:bf:c0:9f:1a:6e:17:f5:1b:a2:5d:bb:12:
                    73:55:39:f9:48:d9:b1:2f:7a:79:4c:57:91:13:f1:
                    8d:09:da:36:e0:68:a7:c0:05:7a:28:b2:88:ff:5c:
                    77:34:f4:94:44:a3:9a:85:f4:df:e4:e5:ff:e1:34:
                    ab:cc:0e:b2:8e:01:9d:06:02:05:25:8f:f9:a0:34:
                    96:45:a2:3a:11:02:ef:81:ba:a7:65:37:62:f5:f8:
                    b6:85:4a:8e:06:6a:17:0f:59:42:9e:e4:f5:c7:49:
                    0b:f4:d6:de:ec:de:46:9d:8b:11:6d:f7:3d:7c:33:
                    67:b2:19:8b:d6:a8:db:75:89:85:04:ab:2e:cb:1d:
                    f7:63:97:36:b5:46:26:be:11:71:1b:25:5a:75:69:
                    74:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:52:45:BF:65:E8:DB:BA:6F:48:46:45:82:86:43:DD:67:99:78:ED
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/SFJFv2Xo27pvSEZFgoZD3WeZeO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.181.23.0/24
                  193.181.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:f7:4a:81:ab:9b:7a:7e:2f:86:0a:83:10:1a:bd:28:fe:92:
         91:68:90:7c:7f:9b:b5:46:22:81:de:71:c0:b4:5f:03:2d:0d:
         4a:ac:bb:96:b1:63:0d:95:9d:c0:f6:87:f6:ba:c0:7b:6f:eb:
         80:02:1d:c4:2b:1a:52:9f:97:1d:72:83:d9:bd:74:ac:ae:2c:
         64:2a:16:a2:c2:33:0d:0f:52:4a:83:26:70:77:ce:40:d1:ba:
         e1:85:2f:69:f6:5e:93:f1:fe:89:86:fd:9d:43:5c:2a:f8:9a:
         19:86:c6:6c:df:d1:cb:96:ef:29:93:a3:44:a1:88:ce:d7:c1:
         19:48:41:7a:fe:7f:20:7b:be:41:7c:93:3f:f5:da:ea:51:a6:
         69:42:6e:d0:e3:bb:75:df:69:cc:73:87:43:47:27:9a:af:8d:
         8d:e5:0f:a5:1c:63:b8:a0:4f:e5:9d:48:c8:2c:86:9d:e0:fb:
         5c:4c:8b:a3:23:91:ed:50:8c:e9:f0:44:c1:2f:41:3a:c4:41:
         28:15:02:d3:b8:a9:1e:6f:f9:0b:9c:1f:52:c9:b2:93:49:2a:
         3d:68:0b:29:ea:81:df:78:2b:19:1b:c1:f1:e2:f9:cd:5f:87:
         6f:54:c2:c7:25:f1:6f:a1:4a:52:23:f8:2d:81:82:c0:49:be:
         59:16:01:c7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZH5sPPwiG/5q4FuSkVSHQpfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwOTE2MDcxNjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODUyNDViZjY1ZThkYmJhNmY0ODQ2NDU4Mjg2NDNkZDY3OTk3OGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlAfZCzr1/Z71cWo90Q7GawYdlK/E
A3Xcp+Kvq5p4/ZUWcaXfm7SMnI1GtLSqHWlhMrWlgNVpEX383x+LB/0U6cYlehkB
x3YO9cs1h3al7udgb5fEkQTfVi9SYiU74vxi+eWiKQziNV1P7aS/wJ8abhf1G6Jd
uxJzVTn5SNmxL3p5TFeRE/GNCdo24GinwAV6KLKI/1x3NPSURKOahfTf5OX/4TSr
zA6yjgGdBgIFJY/5oDSWRaI6EQLvgbqnZTdi9fi2hUqOBmoXD1lCnuT1x0kL9Nbe
7N5GnYsRbfc9fDNnshmL1qjbdYmFBKsuyx33Y5c2tUYmvhFxGyVadWl0YwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEhSRb9l6Nu6b0hGRYKGQ91nmXjtMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvU0ZKRnYyWG8yN3B2U0VaRmdvWkQzV2VaZU8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwbUXAwQA
wbUdMA0GCSqGSIb3DQEBCwUAA4IBAQAS90qBq5t6fi+GCoMQGr0o/pKRaJB8f5u1
RiKB3nHAtF8DLQ1KrLuWsWMNlZ3A9of2usB7b+uAAh3EKxpSn5cdcoPZvXSsrixk
KhaiwjMND1JKgyZwd85A0brhhS9p9l6T8f6Jhv2dQ1wq+JoZhsZs39HLlu8pk6NE
oYjO18EZSEF6/n8ge75BfJM/9drqUaZpQm7Q47t132nMc4dDRyear42N5Q+lHGO4
oE/lnUjILIad4PtcTIujI5HtUIzp8ETBL0E6xEEoFQLTuKkeb/kLnB9SybKTSSo9
aAsp6oHfeCsZG8Hx4vnNX4dvVMLHJfFvoUpSI/gtgYLASb5ZFgHH
-----END CERTIFICATE-----