Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/VfxVQj7Vslr61bk3z88omvtvaUk.roa
File:                     VfxVQj7Vslr61bk3z88omvtvaUk.roa (raw, json)
Hash identifier:          3uSSPsU7eAhGapLNy//UUmXq6jFTv3wGnS59nA92eTo=
Subject key identifier:   55:FC:55:42:3E:D5:B2:5A:FA:D5:B9:37:CF:CF:28:9A:FB:6F:69:49
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018E414CA2CC104EF336C3F91D067B9AF109
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/VfxVQj7Vslr61bk3z88omvtvaUk.roa
Signing time:             Fri 15 Mar 2024 08:48:45 +0000
ROA not before:           Fri 15 Mar 2024 08:48:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199545
IP address blocks:        192.121.118.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:41:4c:a2:cc:10:4e:f3:36:c3:f9:1d:06:7b:9a:f1:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Mar 15 08:48:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55fc55423ed5b25afad5b937cfcf289afb6f6949
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:3d:4a:d4:6a:98:e0:0f:de:a2:8e:0a:e2:c6:
                    b7:b4:17:f7:75:3d:a0:98:34:56:de:b0:a5:da:19:
                    c9:cb:0e:20:94:2b:a6:3f:03:df:29:fc:69:c1:e9:
                    2d:ae:53:be:30:13:91:13:26:6f:25:17:2c:77:bc:
                    da:6b:e9:96:a5:45:ad:7c:dc:b5:53:53:ee:02:98:
                    48:58:30:c1:b9:14:1d:40:16:22:9d:62:00:a2:cb:
                    e3:20:f4:48:a3:da:81:c4:01:9b:85:d0:3a:99:5b:
                    c5:6c:b7:fe:9f:0c:43:db:31:58:30:09:f9:98:58:
                    46:a6:76:8c:32:29:db:5d:64:dd:a7:73:57:f2:ad:
                    d2:17:b1:f5:e7:8f:e8:f8:35:a1:56:61:d5:84:5a:
                    82:ff:8d:25:cd:1a:5e:46:03:c4:e6:83:a8:a1:05:
                    a4:41:8a:11:d0:95:11:44:7f:c6:aa:20:08:8e:aa:
                    f3:b0:6e:12:5c:68:db:ea:a9:5c:82:39:e3:62:69:
                    5a:50:9b:f8:fa:f6:de:fa:b0:70:cf:8b:c9:8a:d6:
                    1c:13:51:8d:a8:d9:e9:e7:d9:80:f9:34:43:67:78:
                    c1:1a:f1:3f:ab:c7:59:cd:7b:f9:8b:69:9e:3d:17:
                    8b:5f:86:3c:ee:e0:1b:ac:e3:2d:43:79:19:19:20:
                    dd:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:FC:55:42:3E:D5:B2:5A:FA:D5:B9:37:CF:CF:28:9A:FB:6F:69:49
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/VfxVQj7Vslr61bk3z88omvtvaUk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.121.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         39:fe:80:d8:77:45:72:92:2a:07:5d:0a:64:b9:f9:cf:a6:2d:
         c5:45:32:89:97:62:6f:74:d6:96:dc:f6:6a:4b:0f:70:d3:03:
         56:ed:d7:74:b1:a9:47:8f:df:8d:d5:68:f4:47:c5:7e:67:e7:
         5d:48:28:9e:ed:35:b5:57:e6:af:0a:8f:4a:c7:54:fc:bd:39:
         64:e2:3f:01:90:41:77:f3:f9:35:05:74:ba:85:11:9b:e5:0f:
         10:a4:8d:2e:ca:b5:a1:bc:7a:45:f1:a7:c7:c7:9f:6b:2a:b5:
         38:cd:51:53:0c:fe:5e:0f:e8:48:20:d7:1f:94:e9:24:af:bb:
         ff:6e:c6:f4:6a:ba:3b:61:6c:ca:08:7f:cb:53:db:96:bd:90:
         bf:d4:32:c2:ac:45:97:0e:a4:0a:ba:5d:7a:28:2d:4b:83:c2:
         f5:4e:46:95:bb:58:88:e1:ad:f1:b5:da:31:bd:d1:d4:9e:34:
         ee:8b:e8:09:92:8b:a9:7c:7e:03:23:98:05:b0:d6:8d:f0:e6:
         f4:a4:7e:f4:73:b4:7e:ed:72:a8:ac:6d:f3:37:00:4c:ad:2e:
         bb:a9:ab:ba:3d:3c:d5:e0:bf:f7:b6:55:a4:87:f8:81:c3:54:
         66:05:92:66:ef:e5:47:99:ea:66:c6:05:61:8a:da:58:34:01:
         f2:1b:f9:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5BTKLMEE7zNsP5HQZ7mvEJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwMzE1MDg0ODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWZjNTU0MjNlZDViMjVhZmFkNWI5MzdjZmNmMjg5YWZiNmY2OTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgj1K1GqY4A/eoo4K4sa3tBf3dT2g
mDRW3rCl2hnJyw4glCumPwPfKfxpwektrlO+MBOREyZvJRcsd7zaa+mWpUWtfNy1
U1PuAphIWDDBuRQdQBYinWIAosvjIPRIo9qBxAGbhdA6mVvFbLf+nwxD2zFYMAn5
mFhGpnaMMinbXWTdp3NX8q3SF7H154/o+DWhVmHVhFqC/40lzRpeRgPE5oOooQWk
QYoR0JURRH/GqiAIjqrzsG4SXGjb6qlcgjnjYmlaUJv4+vbe+rBwz4vJitYcE1GN
qNnp59mA+TRDZ3jBGvE/q8dZzXv5i2mePReLX4Y87uAbrOMtQ3kZGSDdAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFX8VUI+1bJa+tW5N8/PKJr7b2lJMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvVmZ4VlFqN1ZzbHI2MWJrM3o4OG9tdnR2YVVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwHl2MA0G
CSqGSIb3DQEBCwUAA4IBAQA5/oDYd0VykioHXQpkufnPpi3FRTKJl2JvdNaW3PZq
Sw9w0wNW7dd0salHj9+N1Wj0R8V+Z+ddSCie7TW1V+avCo9Kx1T8vTlk4j8BkEF3
8/k1BXS6hRGb5Q8QpI0uyrWhvHpF8afHx59rKrU4zVFTDP5eD+hIINcflOkkr7v/
bsb0aro7YWzKCH/LU9uWvZC/1DLCrEWXDqQKul16KC1Lg8L1TkaVu1iI4a3xtdox
vdHUnjTui+gJkoupfH4DI5gFsNaN8Ob0pH70c7R+7XKorG3zNwBMrS67qau6PTzV
4L/3tlWkh/iBw1RmBZJm7+VHmepmxgVhitpYNAHyG/nM
-----END CERTIFICATE-----