Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ZaVpMXyn6A_tNus5UOTI_wUqR4c.roa
File:                     ZaVpMXyn6A_tNus5UOTI_wUqR4c.roa (raw, json)
Hash identifier:          sxvLofZX9WLurP1361WqX6OrgDkwXgEQ0vty3LaHQDk=
Subject key identifier:   65:A5:69:31:7C:A7:E8:0F:ED:36:EB:39:50:E4:C8:FF:05:2A:47:87
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018CC802FBD8BDA205FB12F1908EB2F25B6A
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ZaVpMXyn6A_tNus5UOTI_wUqR4c.roa
Signing time:             Tue 02 Jan 2024 02:31:27 +0000
ROA not before:           Tue 02 Jan 2024 02:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199438
IP address blocks:        194.14.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:fb:d8:bd:a2:05:fb:12:f1:90:8e:b2:f2:5b:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 02:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65a569317ca7e80fed36eb3950e4c8ff052a4787
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:d8:38:9d:12:a7:5e:dc:bb:77:cf:81:70:3c:
                    28:3f:aa:17:a1:63:b9:a6:cd:5f:68:61:50:6b:95:
                    70:c0:a7:41:36:f2:2c:62:30:93:32:2c:5b:6d:fd:
                    b8:5c:fb:f2:85:a5:20:2a:c3:78:f9:63:45:3a:df:
                    70:e9:46:d4:f6:bb:0b:e8:f7:64:72:39:9a:69:99:
                    61:4a:12:90:22:67:cd:a1:bc:bc:2c:43:16:bc:46:
                    9d:78:cb:0e:7e:14:c0:96:d5:06:e0:c7:8d:37:0e:
                    81:c4:51:01:57:2a:36:39:d3:3b:f4:6b:f3:b7:ab:
                    75:e1:83:39:dc:dc:90:f0:28:55:df:83:99:16:44:
                    1e:b4:64:2e:7e:1c:ed:2e:69:ef:ad:16:5f:d5:80:
                    c0:05:73:a4:a5:0b:03:ae:85:12:93:7f:34:af:ad:
                    d7:4b:b2:08:b6:a5:77:03:ac:c6:87:26:90:74:97:
                    bd:53:c3:60:90:f1:c9:9e:2b:23:69:de:3c:ab:c1:
                    d6:17:7b:de:00:17:98:0d:53:f7:e4:71:82:78:90:
                    98:71:a3:58:4c:0e:12:4e:25:e8:1b:60:88:4e:a7:
                    75:f1:df:b8:93:5c:34:60:46:64:c2:53:37:8c:70:
                    89:c2:86:a2:f9:f6:aa:fb:4e:09:7e:31:15:d2:f2:
                    37:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:A5:69:31:7C:A7:E8:0F:ED:36:EB:39:50:E4:C8:FF:05:2A:47:87
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ZaVpMXyn6A_tNus5UOTI_wUqR4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.14.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:0f:e6:0c:80:62:38:a8:e6:9e:29:ae:13:9d:ca:35:6e:6e:
         d4:6e:d4:81:f1:02:90:8b:ba:4e:61:68:17:4e:86:5d:77:98:
         4f:93:8b:59:d8:41:d5:51:04:ca:87:54:55:72:76:ca:51:21:
         26:87:bb:8f:0b:46:c5:53:72:7f:26:e5:2b:cd:a4:55:ed:5b:
         24:e3:98:6a:97:92:a6:04:fc:d9:8d:43:0f:c7:4a:60:d3:9d:
         5c:e6:90:37:1f:89:9a:8a:7c:b0:85:1e:ec:d2:bd:43:91:b6:
         54:76:d0:48:8f:b2:a5:31:fc:03:d1:4f:74:d4:0f:39:e0:70:
         2f:ba:98:37:e3:1a:bc:b3:e0:e4:c7:36:23:04:af:4e:cd:e1:
         7a:a4:87:21:20:56:64:fe:94:3d:b3:6e:d3:3e:80:e1:f1:70:
         6c:68:c7:ed:09:cb:52:ec:47:69:09:03:36:35:7a:bd:44:e3:
         7d:58:46:fc:d5:aa:cf:b7:08:4b:aa:c7:14:90:82:c7:29:94:
         f6:14:aa:14:e0:89:85:20:f4:38:88:62:a5:e5:04:26:e8:7d:
         ce:c0:2c:53:74:b0:2c:27:85:f3:12:36:5d:3b:a9:21:84:24:
         c6:28:06:31:73:1e:8b:4b:76:6c:d0:52:b3:0c:8a:cd:50:aa:
         92:fe:d7:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAvvYvaIF+xLxkI6y8ltqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwMTAyMDIzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWE1NjkzMTdjYTdlODBmZWQzNmViMzk1MGU0YzhmZjA1MmE0Nzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA19g4nRKnXty7d8+BcDwoP6oXoWO5
ps1faGFQa5VwwKdBNvIsYjCTMixbbf24XPvyhaUgKsN4+WNFOt9w6UbU9rsL6Pdk
cjmaaZlhShKQImfNoby8LEMWvEadeMsOfhTAltUG4MeNNw6BxFEBVyo2OdM79Gvz
t6t14YM53NyQ8ChV34OZFkQetGQufhztLmnvrRZf1YDABXOkpQsDroUSk380r63X
S7IItqV3A6zGhyaQdJe9U8NgkPHJnisjad48q8HWF3veABeYDVP35HGCeJCYcaNY
TA4STiXoG2CITqd18d+4k1w0YEZkwlM3jHCJwoai+faq+04JfjEV0vI3MwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGWlaTF8p+gP7TbrOVDkyP8FKkeHMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvWmFWcE1YeW42QV90TnVzNVVPVElfd1VxUjRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwg7bMA0G
CSqGSIb3DQEBCwUAA4IBAQBvD+YMgGI4qOaeKa4Tnco1bm7UbtSB8QKQi7pOYWgX
ToZdd5hPk4tZ2EHVUQTKh1RVcnbKUSEmh7uPC0bFU3J/JuUrzaRV7Vsk45hql5Km
BPzZjUMPx0pg051c5pA3H4mainywhR7s0r1DkbZUdtBIj7KlMfwD0U901A854HAv
upg34xq8s+DkxzYjBK9OzeF6pIchIFZk/pQ9s27TPoDh8XBsaMftCctS7EdpCQM2
NXq9RON9WEb81arPtwhLqscUkILHKZT2FKoU4ImFIPQ4iGKl5QQm6H3OwCxTdLAs
J4XzEjZdO6khhCTGKAYxcx6LS3Zs0FKzDIrNUKqS/tcK
-----END CERTIFICATE-----