Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/T0fc8foU3p7OZfQWqNKhxU3bta0.roa
File:                     T0fc8foU3p7OZfQWqNKhxU3bta0.roa (raw, json)
Hash identifier:          CaZ5g3PNaaEVP/tpx70jyEHIHdtzhOJB7tRFOi1gTK0=
Subject key identifier:   4F:47:DC:F1:FA:14:DE:9E:CE:65:F4:16:A8:D2:A1:C5:4D:DB:B5:AD
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       019427484D3AC7B61571D5F6C6C48F2B8BC5
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/T0fc8foU3p7OZfQWqNKhxU3bta0.roa
Signing time:             Thu 02 Jan 2025 13:50:36 +0000
ROA not before:           Thu 02 Jan 2025 13:50:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34385
IP address blocks:        193.183.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:4d:3a:c7:b6:15:71:d5:f6:c6:c4:8f:2b:8b:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 13:50:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f47dcf1fa14de9ece65f416a8d2a1c54ddbb5ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:2c:fd:0d:4e:54:43:f9:2a:a8:ce:20:0f:1e:
                    2b:e9:3b:be:74:32:d3:ca:39:51:97:61:91:9b:4b:
                    60:87:06:66:75:4c:87:22:70:69:cf:bb:5a:9c:15:
                    f2:ae:f5:0c:d4:be:ad:40:4f:77:5b:20:43:89:d8:
                    97:bd:36:86:52:a4:39:a6:d7:00:28:73:33:2b:ca:
                    a0:0d:30:37:c1:d3:02:19:e9:b7:9f:86:58:5d:23:
                    e0:73:9d:4c:78:c0:d7:46:46:be:da:43:7b:91:18:
                    12:27:ea:8e:91:cb:04:e9:42:05:77:0d:89:f3:d6:
                    cb:ac:88:3c:59:6e:e8:a2:2e:1c:e4:ee:97:da:66:
                    f9:90:b2:4f:53:0a:8e:62:8c:1e:f8:e5:a3:ba:b4:
                    f6:58:ce:5b:1e:42:b6:2a:3d:52:97:eb:31:2c:d5:
                    16:3b:e3:a0:1f:89:f0:01:37:fd:8d:bd:b6:26:fa:
                    e3:cd:38:02:0b:d1:a7:24:ad:b3:94:71:56:64:fc:
                    a5:8f:f0:1b:06:0b:86:15:35:3d:0e:b6:ea:fa:9e:
                    07:f2:ab:1d:e2:fe:9b:bc:c7:4a:1d:d9:7d:24:94:
                    49:b6:6e:84:07:f4:82:f3:f6:58:61:52:2c:85:43:
                    89:46:84:f5:fd:fe:a6:5b:e1:83:c0:91:f8:83:86:
                    95:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:47:DC:F1:FA:14:DE:9E:CE:65:F4:16:A8:D2:A1:C5:4D:DB:B5:AD
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/T0fc8foU3p7OZfQWqNKhxU3bta0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.183.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:9f:5d:fd:18:d6:d4:d5:53:dd:69:47:37:5e:48:9a:2f:16:
         8f:05:c6:b1:3c:8c:c8:c6:b5:b7:fd:54:ac:76:bd:01:6b:4c:
         1e:59:7e:61:7d:9e:23:5f:cf:86:a9:ff:2b:ef:82:da:a1:da:
         29:32:4d:a5:d8:e0:87:ab:6c:51:75:4d:44:e1:0d:b4:bb:82:
         76:6e:e1:ec:37:fa:cd:d3:b0:62:83:75:19:f1:71:41:9a:13:
         9d:02:5a:b0:93:11:21:30:7f:3d:fa:e1:62:b4:9c:1c:e4:10:
         a5:b2:14:14:b3:b3:f0:bc:28:5c:5e:3a:bf:ef:bc:4c:5f:10:
         ba:b5:4f:22:d1:0d:37:28:5e:84:80:5e:29:20:11:1e:b4:a9:
         0f:11:2a:36:e9:dc:4d:e2:fa:b7:16:d0:9d:1f:3a:2e:d9:98:
         35:71:61:c6:c6:1f:77:80:62:6f:c9:a5:a1:5f:6a:75:61:43:
         cf:98:03:cc:1f:80:83:b1:f0:2f:75:75:fc:dd:1c:7b:c6:2f:
         89:3a:35:fe:2e:d6:65:32:45:b7:34:79:82:0c:33:8a:10:d4:
         b6:fd:86:6a:e2:92:b3:73:d8:16:b2:6b:ee:d2:a7:01:8e:eb:
         7c:47:61:d8:8e:56:55:95:3b:75:1b:40:84:4a:1d:a9:80:cf:
         78:bd:8e:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSE06x7YVcdX2xsSPK4vFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwMTAyMTM1MDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjQ3ZGNmMWZhMTRkZTllY2U2NWY0MTZhOGQyYTFjNTRkZGJiNWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCz9DU5UQ/kqqM4gDx4r6Tu+dDLT
yjlRl2GRm0tghwZmdUyHInBpz7tanBXyrvUM1L6tQE93WyBDidiXvTaGUqQ5ptcA
KHMzK8qgDTA3wdMCGem3n4ZYXSPgc51MeMDXRka+2kN7kRgSJ+qOkcsE6UIFdw2J
89bLrIg8WW7ooi4c5O6X2mb5kLJPUwqOYowe+OWjurT2WM5bHkK2Kj1Sl+sxLNUW
O+OgH4nwATf9jb22JvrjzTgCC9GnJK2zlHFWZPylj/AbBguGFTU9Drbq+p4H8qsd
4v6bvMdKHdl9JJRJtm6EB/SC8/ZYYVIshUOJRoT1/f6mW+GDwJH4g4aVswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE9H3PH6FN6ezmX0FqjSocVN27WtMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvVDBmYzhmb1UzcDdPWmZRV3FOS2h4VTNidGEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbd3MA0G
CSqGSIb3DQEBCwUAA4IBAQAln139GNbU1VPdaUc3XkiaLxaPBcaxPIzIxrW3/VSs
dr0Ba0weWX5hfZ4jX8+Gqf8r74LaodopMk2l2OCHq2xRdU1E4Q20u4J2buHsN/rN
07Big3UZ8XFBmhOdAlqwkxEhMH89+uFitJwc5BClshQUs7PwvChcXjq/77xMXxC6
tU8i0Q03KF6EgF4pIBEetKkPESo26dxN4vq3FtCdHzou2Zg1cWHGxh93gGJvyaWh
X2p1YUPPmAPMH4CDsfAvdXX83Rx7xi+JOjX+LtZlMkW3NHmCDDOKENS2/YZq4pKz
c9gWsmvu0qcBjut8R2HYjlZVlTt1G0CESh2pgM94vY4H
-----END CERTIFICATE-----