Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/T-tLD6fOifOJcDDzMagKd0KlPbI.roa
File:                     T-tLD6fOifOJcDDzMagKd0KlPbI.roa (raw, json)
Hash identifier:          Hh4kLWwP/1F32n6xjfm1w4JbT2SUZhEwRaZnpWR6ADM=
Subject key identifier:   4F:EB:4B:0F:A7:CE:89:F3:89:70:30:F3:31:A8:0A:77:42:A5:3D:B2
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       019427487FB67D2771D487E5F286AF8D7575
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/T-tLD6fOifOJcDDzMagKd0KlPbI.roa
Signing time:             Thu 02 Jan 2025 13:50:50 +0000
ROA not before:           Thu 02 Jan 2025 13:50:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210409
IP address blocks:        193.182.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:7f:b6:7d:27:71:d4:87:e5:f2:86:af:8d:75:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 13:50:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4feb4b0fa7ce89f3897030f331a80a7742a53db2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:40:b0:ac:ab:69:22:1b:fb:83:27:f0:4f:a5:
                    f3:64:3a:38:a5:c0:b6:4d:6f:bf:7a:1b:de:68:cb:
                    2a:9a:0a:95:66:bf:d4:b7:4d:fb:a5:66:39:16:ae:
                    7a:a9:ed:17:48:9e:cc:20:fe:c9:61:da:3a:89:4c:
                    65:61:0c:de:28:7c:e0:96:5d:fd:7e:47:9c:21:ac:
                    91:d9:6f:e2:5b:dc:ab:67:c6:79:94:69:4e:b2:02:
                    39:f2:8a:f1:38:de:bc:95:76:88:56:ff:3b:db:28:
                    89:ab:cd:f0:d5:7d:15:e3:ab:5d:0b:39:87:da:44:
                    9f:16:fd:df:cc:95:5c:d1:6b:06:ae:86:c7:9e:c2:
                    ce:e9:2c:07:b8:db:a3:6d:6e:1b:1e:78:a5:03:31:
                    d7:3a:53:35:2c:18:07:f6:a7:53:ba:04:b9:ac:76:
                    16:7f:31:00:f9:7a:62:cf:76:a3:e8:2d:89:8a:56:
                    a4:d6:10:b3:c8:26:a3:82:a8:da:a4:81:97:3d:62:
                    38:d1:13:88:8c:e0:93:aa:86:de:0c:11:ce:b8:7e:
                    1c:61:04:a3:9d:a7:76:a2:6a:51:bd:c6:9e:9f:3b:
                    22:3e:f6:ae:0e:f0:8b:25:28:88:a2:b3:63:6a:1c:
                    a7:7d:d4:40:c5:b0:ac:7a:a2:3d:41:d3:0b:5b:f8:
                    f6:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:EB:4B:0F:A7:CE:89:F3:89:70:30:F3:31:A8:0A:77:42:A5:3D:B2
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/T-tLD6fOifOJcDDzMagKd0KlPbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.182.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:4f:ed:9a:ff:cb:bf:2e:6c:44:8f:5d:8f:4a:fa:40:ce:96:
         ed:e7:a9:93:4b:0b:4c:a9:c4:99:5e:63:d7:58:9f:cf:59:67:
         c7:9c:00:a7:68:52:6b:3a:dc:c0:c2:8e:1a:74:54:71:76:e3:
         37:a9:a5:45:76:85:2d:d2:e7:41:ad:84:a0:7c:f4:7e:dc:b2:
         37:74:81:33:16:08:c1:ed:7c:a3:a5:b4:85:a0:92:cb:05:08:
         f0:8b:3d:a0:6a:ec:1f:9d:b4:eb:77:6d:f1:71:de:ac:8e:a8:
         97:58:5f:af:6c:a1:fe:f3:a5:38:99:73:28:7b:7d:df:1e:a2:
         6b:cd:2b:4c:b2:19:92:19:a2:e5:d8:e9:57:54:44:51:45:13:
         b3:98:4a:38:6e:66:74:4d:f4:67:21:f8:56:1c:50:c9:0c:5d:
         ab:7f:6c:86:d9:ad:38:05:6b:d6:31:da:60:03:dd:b7:7e:a4:
         ea:ba:d1:1d:b8:40:75:7a:6b:5e:f3:36:59:09:39:e5:77:4a:
         36:df:4e:59:e3:e4:33:4e:f5:c2:5d:d8:da:a8:50:1b:c0:27:
         34:80:42:91:cd:ff:70:26:fd:98:05:c5:36:d9:b6:03:9d:14:
         7b:89:ab:ee:c3:65:ec:ff:ac:92:b3:98:d8:c7:a2:7b:70:4e:
         82:a9:fd:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSH+2fSdx1Ifl8oavjXV1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwMTAyMTM1MDUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmViNGIwZmE3Y2U4OWYzODk3MDMwZjMzMWE4MGE3NzQyYTUzZGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn0CwrKtpIhv7gyfwT6XzZDo4pcC2
TW+/ehveaMsqmgqVZr/Ut037pWY5Fq56qe0XSJ7MIP7JYdo6iUxlYQzeKHzgll39
fkecIayR2W/iW9yrZ8Z5lGlOsgI58orxON68lXaIVv872yiJq83w1X0V46tdCzmH
2kSfFv3fzJVc0WsGrobHnsLO6SwHuNujbW4bHnilAzHXOlM1LBgH9qdTugS5rHYW
fzEA+Xpiz3aj6C2Jilak1hCzyCajgqjapIGXPWI40ROIjOCTqobeDBHOuH4cYQSj
nad2ompRvcaenzsiPvauDvCLJSiIorNjahynfdRAxbCseqI9QdMLW/j2NQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE/rSw+nzonziXAw8zGoCndCpT2yMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvVC10TEQ2Zk9pZk9KY0REek1hZ0tkMEtsUGJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbYHMA0G
CSqGSIb3DQEBCwUAA4IBAQCvT+2a/8u/LmxEj12PSvpAzpbt56mTSwtMqcSZXmPX
WJ/PWWfHnACnaFJrOtzAwo4adFRxduM3qaVFdoUt0udBrYSgfPR+3LI3dIEzFgjB
7XyjpbSFoJLLBQjwiz2gauwfnbTrd23xcd6sjqiXWF+vbKH+86U4mXMoe33fHqJr
zStMshmSGaLl2OlXVERRRROzmEo4bmZ0TfRnIfhWHFDJDF2rf2yG2a04BWvWMdpg
A923fqTqutEduEB1emte8zZZCTnld0o2305Z4+QzTvXCXdjaqFAbwCc0gEKRzf9w
Jv2YBcU22bYDnRR7iavuw2Xs/6ySs5jYx6J7cE6Cqf0W
-----END CERTIFICATE-----