Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/X1CTse1YeSwUCfyqLBVsyxCCI4Q.roa
File:                     X1CTse1YeSwUCfyqLBVsyxCCI4Q.roa (raw, json)
Hash identifier:          ZgLN1rPbE347unKEzG3QtBI2zYJcYrirb+6hal1Opgo=
Subject key identifier:   5F:50:93:B1:ED:58:79:2C:14:09:FC:AA:2C:15:6C:CB:10:82:23:84
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018CC8030070C1B046990331A502E20C99E6
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/X1CTse1YeSwUCfyqLBVsyxCCI4Q.roa
Signing time:             Tue 02 Jan 2024 02:31:29 +0000
ROA not before:           Tue 02 Jan 2024 02:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203038
IP address blocks:        193.182.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:03:00:70:c1:b0:46:99:03:31:a5:02:e2:0c:99:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 02:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f5093b1ed58792c1409fcaa2c156ccb10822384
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:60:cf:6e:b4:cc:18:b6:e9:a7:5b:ca:07:be:
                    d5:76:fe:0c:b0:da:30:53:05:e2:b8:10:b4:b4:77:
                    a2:5c:46:e4:34:57:04:39:c2:50:bb:07:3d:e4:9b:
                    e2:b2:c8:56:51:dd:3e:55:d1:d3:4e:17:df:13:d3:
                    5e:27:df:50:05:f0:50:52:4e:29:00:6f:8b:38:ca:
                    7a:51:8e:e3:9b:af:27:d8:1c:a3:22:7f:14:fe:c2:
                    6a:11:02:26:d3:41:c2:68:4a:d8:59:0f:3e:42:26:
                    f9:d0:f8:c5:63:69:dc:05:29:9d:f1:8a:0e:1b:ff:
                    1a:52:7e:9b:7e:85:09:55:28:ff:f3:5f:a9:57:15:
                    6a:63:d9:a3:16:a0:06:6b:d8:ac:86:5c:05:17:c2:
                    35:de:ee:9b:79:f7:0b:86:70:ed:b9:5f:b7:3d:b5:
                    3c:6f:ae:3a:9e:58:ca:fe:8f:07:8e:46:79:a0:8c:
                    51:98:03:65:63:08:7b:1f:3b:53:61:4b:36:ed:96:
                    b0:27:07:c1:aa:4d:5e:e3:3f:54:57:8c:c1:98:d0:
                    f5:a1:33:ea:7b:e5:45:f8:3b:42:44:d4:5b:f4:c2:
                    0a:3f:09:92:5d:9e:fd:7e:86:b9:33:2e:ba:0a:ae:
                    cc:f1:21:d6:b1:32:6e:2a:bb:eb:e3:f0:d8:8d:0b:
                    5e:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:50:93:B1:ED:58:79:2C:14:09:FC:AA:2C:15:6C:CB:10:82:23:84
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/X1CTse1YeSwUCfyqLBVsyxCCI4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.182.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:2d:1c:4b:27:43:47:0d:33:68:53:f4:ad:0f:84:6a:11:69:
         ae:bb:30:30:de:b6:9f:22:9c:c6:37:44:3f:06:28:a8:40:73:
         58:37:8a:e7:88:b4:c8:12:a1:bb:8c:56:93:3c:36:95:9e:63:
         5a:04:b5:9d:90:b0:00:f9:3a:26:7c:af:72:41:e8:25:da:38:
         4f:8e:70:7d:53:71:2d:16:da:00:98:ff:d1:52:19:23:1b:1a:
         cf:38:49:d3:01:34:97:1a:2d:55:f5:9f:00:66:0b:03:72:38:
         97:22:c6:7a:15:71:47:1c:0a:4b:a1:d2:04:b9:9b:eb:0b:3f:
         08:21:7c:8a:9a:f7:b5:fe:c8:f1:89:a6:a9:ca:e0:4e:79:27:
         29:e4:59:1c:0d:f0:c4:c5:46:4e:58:da:ff:f1:29:78:1d:1b:
         4b:82:c4:44:9b:5e:30:69:fe:b6:81:13:9f:32:13:5d:17:f7:
         e6:99:66:d4:e4:32:b3:d3:94:6e:a7:c5:be:6b:b4:78:05:59:
         c8:6a:b4:74:30:07:68:de:63:f2:1d:88:84:d5:c3:e0:ee:8a:
         0d:75:0d:f3:e5:3e:9e:eb:75:7a:9b:63:c0:e8:91:22:b1:f5:
         70:6e:9a:e4:8f:6b:e9:42:d6:4b:ed:c1:0d:93:47:f3:54:89:
         a6:ab:5e:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAwBwwbBGmQMxpQLiDJnmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwMTAyMDIzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjUwOTNiMWVkNTg3OTJjMTQwOWZjYWEyYzE1NmNjYjEwODIyMzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGDPbrTMGLbpp1vKB77Vdv4MsNow
UwXiuBC0tHeiXEbkNFcEOcJQuwc95JvisshWUd0+VdHTThffE9NeJ99QBfBQUk4p
AG+LOMp6UY7jm68n2ByjIn8U/sJqEQIm00HCaErYWQ8+Qib50PjFY2ncBSmd8YoO
G/8aUn6bfoUJVSj/81+pVxVqY9mjFqAGa9ishlwFF8I13u6befcLhnDtuV+3PbU8
b646nljK/o8HjkZ5oIxRmANlYwh7HztTYUs27ZawJwfBqk1e4z9UV4zBmND1oTPq
e+VF+DtCRNRb9MIKPwmSXZ79foa5My66Cq7M8SHWsTJuKrvr4/DYjQtehQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF9Qk7HtWHksFAn8qiwVbMsQgiOEMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvWDFDVHNlMVllU3dVQ2Z5cUxCVnN5eENDSTRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbY9MA0G
CSqGSIb3DQEBCwUAA4IBAQBTLRxLJ0NHDTNoU/StD4RqEWmuuzAw3rafIpzGN0Q/
BiioQHNYN4rniLTIEqG7jFaTPDaVnmNaBLWdkLAA+TomfK9yQegl2jhPjnB9U3Et
FtoAmP/RUhkjGxrPOEnTATSXGi1V9Z8AZgsDcjiXIsZ6FXFHHApLodIEuZvrCz8I
IXyKmve1/sjxiaapyuBOeScp5FkcDfDExUZOWNr/8Sl4HRtLgsREm14waf62gROf
MhNdF/fmmWbU5DKz05Rup8W+a7R4BVnIarR0MAdo3mPyHYiE1cPg7ooNdQ3z5T6e
63V6m2PA6JEisfVwbprkj2vpQtZL7cENk0fzVImmq16j
-----END CERTIFICATE-----