Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/VUxrZ2JKJPN5z-8cZ3VICfm3Ri8.roa
File:                     VUxrZ2JKJPN5z-8cZ3VICfm3Ri8.roa (raw, json)
Hash identifier:          3zNWWEEGkzlXJLpR37I1U29UF8rTR7lHPhH/ch3n04o=
Subject key identifier:   55:4C:6B:67:62:4A:24:F3:79:CF:EF:1C:67:75:48:09:F9:B7:46:2F
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018CC80304F16CE4208926D9BF018D514CCF
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/VUxrZ2JKJPN5z-8cZ3VICfm3Ri8.roa
Signing time:             Tue 02 Jan 2024 02:31:30 +0000
ROA not before:           Tue 02 Jan 2024 02:31:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208583
IP address blocks:        193.181.177.0/24 maxlen: 24
                          192.165.198.0/24 maxlen: 24
                          193.235.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:03:04:f1:6c:e4:20:89:26:d9:bf:01:8d:51:4c:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 02:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=554c6b67624a24f379cfef1c67754809f9b7462f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:00:70:03:bf:68:ac:19:10:7e:b2:82:0b:b6:
                    7f:00:15:38:d2:21:f4:d0:3f:d8:19:a4:4a:db:8f:
                    68:9c:86:03:0f:b4:ab:b0:94:23:58:c7:a4:35:05:
                    b6:c6:83:45:8a:da:dd:ba:b0:ef:28:95:af:e1:26:
                    83:ab:ec:c1:ec:07:a7:cd:c3:24:9e:ee:9c:a3:40:
                    15:94:bf:c9:74:9b:8a:9b:a8:0d:8f:a5:14:6d:2f:
                    fb:3b:02:81:8f:0d:01:95:b2:a3:81:5f:ee:99:79:
                    2f:b4:bc:da:91:a1:9b:8c:f8:bf:a7:db:94:32:f8:
                    99:f4:ae:d1:45:43:5a:71:03:5c:03:0b:fd:25:5a:
                    45:24:b7:62:38:c9:dd:4e:4c:ca:55:ca:2b:f1:be:
                    85:53:2f:c4:ad:ef:c1:03:f6:35:12:a4:d2:7a:4e:
                    fe:19:1f:0c:d5:46:35:d5:9a:c8:ef:a3:d8:b7:d0:
                    50:5b:48:7a:e1:fb:e7:ec:3b:f8:fe:98:d3:3d:62:
                    70:f3:f1:e9:25:69:dd:51:c2:c4:0c:1e:a0:ff:20:
                    aa:96:ff:6f:81:99:5a:36:26:8f:73:07:76:31:b7:
                    3e:7b:2e:cf:ff:ca:c3:d5:1f:07:a7:00:9d:39:21:
                    d9:d6:c3:18:52:cb:ea:b4:8c:92:b8:34:1b:3d:92:
                    d3:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:4C:6B:67:62:4A:24:F3:79:CF:EF:1C:67:75:48:09:F9:B7:46:2F
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/VUxrZ2JKJPN5z-8cZ3VICfm3Ri8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.165.198.0/24
                  193.181.177.0/24
                  193.235.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:26:6e:bc:bf:26:b9:c7:c5:77:91:d0:30:e7:56:64:59:e1:
         ad:3d:a5:5e:90:eb:e7:1b:10:2b:06:32:70:f8:d7:f3:b7:8e:
         e7:68:67:25:0c:66:39:1b:30:43:96:91:d5:84:92:05:17:9b:
         ef:4e:c3:3f:c7:2d:c9:bc:37:c2:1e:ad:02:24:a7:3c:47:36:
         50:c8:f0:1d:70:f8:bd:75:e8:0f:99:47:29:db:c2:53:d6:f2:
         74:b9:75:dc:e8:97:9f:25:72:39:92:f6:32:bf:f2:33:ed:c8:
         40:14:c2:ab:f5:4f:0a:dc:fe:d5:f9:65:86:2a:a2:40:06:2e:
         1a:15:1d:cf:6e:4f:73:4b:7f:b7:49:41:08:ed:54:7b:86:f5:
         f0:e1:3b:93:ee:c6:e5:43:ae:01:c6:06:ab:62:c1:13:46:a0:
         12:dc:cd:20:b1:75:ca:22:26:ef:62:46:07:2b:97:e0:dc:29:
         21:95:b5:cb:74:69:a5:b2:8a:b1:fa:78:29:38:f5:8a:d5:04:
         18:e8:ea:d7:d1:ff:37:fa:6c:5e:a0:a5:1d:e7:9c:8e:3f:c4:
         0d:ad:66:19:0b:0b:df:83:a9:c3:2a:02:58:da:96:2e:6c:4a:
         4b:12:82:d0:a6:1e:9a:25:57:91:c9:5d:5d:cf:35:32:5d:8a:
         48:b1:d6:94
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzIAwTxbOQgiSbZvwGNUUzPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwMTAyMDIzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTRjNmI2NzYyNGEyNGYzNzljZmVmMWM2Nzc1NDgwOWY5Yjc0NjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmABwA79orBkQfrKCC7Z/ABU40iH0
0D/YGaRK249onIYDD7SrsJQjWMekNQW2xoNFitrdurDvKJWv4SaDq+zB7AenzcMk
nu6co0AVlL/JdJuKm6gNj6UUbS/7OwKBjw0BlbKjgV/umXkvtLzakaGbjPi/p9uU
MviZ9K7RRUNacQNcAwv9JVpFJLdiOMndTkzKVcor8b6FUy/Ere/BA/Y1EqTSek7+
GR8M1UY11ZrI76PYt9BQW0h64fvn7Dv4/pjTPWJw8/HpJWndUcLEDB6g/yCqlv9v
gZlaNiaPcwd2Mbc+ey7P/8rD1R8HpwCdOSHZ1sMYUsvqtIySuDQbPZLTAwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFVMa2diSiTzec/vHGd1SAn5t0YvMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvVlV4cloySktKUE41ei04Y1ozVklDZm0zUmk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwKXGAwQA
wbWxAwQAwevBMA0GCSqGSIb3DQEBCwUAA4IBAQCyJm68vya5x8V3kdAw51ZkWeGt
PaVekOvnGxArBjJw+Nfzt47naGclDGY5GzBDlpHVhJIFF5vvTsM/xy3JvDfCHq0C
JKc8RzZQyPAdcPi9degPmUcp28JT1vJ0uXXc6JefJXI5kvYyv/Iz7chAFMKr9U8K
3P7V+WWGKqJABi4aFR3Pbk9zS3+3SUEI7VR7hvXw4TuT7sblQ64BxgarYsETRqAS
3M0gsXXKIibvYkYHK5fg3CkhlbXLdGmlsoqx+ngpOPWK1QQY6OrX0f83+mxeoKUd
55yOP8QNrWYZCwvfg6nDKgJY2pYubEpLEoLQph6aJVeRyV1dzzUyXYpIsdaU
-----END CERTIFICATE-----