Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/_Yr6Gvwwv5f6mbI2EXkEPdCzzww.roa
File:                     _Yr6Gvwwv5f6mbI2EXkEPdCzzww.roa (raw, json)
Hash identifier:          SB10i08NKKRSXvz/qz8X9/xqTjnEaXC5GSAxtgGs0ZY=
Subject key identifier:   FD:8A:FA:1A:FC:30:BF:97:FA:99:B2:36:11:79:04:3D:D0:B3:CF:0C
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       01901070ED36F4ABEA084E57722C850E86A5
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/_Yr6Gvwwv5f6mbI2EXkEPdCzzww.roa
Signing time:             Thu 13 Jun 2024 07:12:34 +0000
ROA not before:           Thu 13 Jun 2024 07:12:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        193.235.207.0/24 maxlen: 24
                          194.103.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 12:59:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:10:70:ed:36:f4:ab:ea:08:4e:57:72:2c:85:0e:86:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jun 13 07:12:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd8afa1afc30bf97fa99b2361179043dd0b3cf0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:19:f2:1a:be:0d:db:28:7c:87:60:7a:00:c0:
                    e3:b1:08:c1:94:31:34:d0:4a:03:94:d2:4a:f4:4c:
                    74:7f:ea:56:0b:57:ea:0a:48:a1:19:2a:fa:bc:51:
                    24:51:0b:a5:ee:b1:b2:94:fa:a1:3c:50:92:7f:73:
                    8f:92:37:a7:68:3d:36:bf:6d:4b:37:d6:d4:af:49:
                    da:ac:b4:b6:3e:03:76:73:18:b0:30:eb:04:50:25:
                    c4:d2:2a:79:a1:81:fd:8b:b9:f3:67:1b:67:db:fc:
                    6b:df:6a:f9:41:87:3c:32:43:73:50:6e:a8:d0:30:
                    5e:e6:7e:49:dc:44:c1:27:d3:c3:62:85:9a:f7:58:
                    fc:fd:e8:a3:39:6b:aa:15:61:60:a8:c4:c6:21:34:
                    d1:7e:3c:13:6e:18:7e:bc:6b:1d:0b:d0:9e:e6:7a:
                    99:82:a4:d9:72:60:66:59:42:62:92:ad:4d:71:f1:
                    76:84:f2:36:e6:9c:83:c3:10:f2:d8:5d:f7:5a:81:
                    3a:23:12:a5:45:78:0f:c7:34:75:d9:cc:83:96:18:
                    0d:64:b0:dd:a9:aa:63:7b:87:3f:28:44:7e:3a:a6:
                    2c:1f:a6:04:d8:27:60:f0:e6:b6:12:07:d1:c5:ac:
                    c2:9b:f0:00:37:60:25:c1:4f:8b:8c:c7:a2:e6:10:
                    c1:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:8A:FA:1A:FC:30:BF:97:FA:99:B2:36:11:79:04:3D:D0:B3:CF:0C
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/_Yr6Gvwwv5f6mbI2EXkEPdCzzww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.235.207.0/24
                  194.103.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:79:22:9e:97:60:1f:fe:b3:16:81:ca:64:c3:cc:cf:58:0e:
         cd:31:68:e2:52:ef:9e:1f:57:f5:3a:32:8f:c3:5e:c6:ac:d4:
         77:34:f7:8a:18:0f:c1:56:e2:f5:04:54:18:2e:80:96:58:04:
         1a:e2:69:a5:ed:0a:25:c6:5f:03:79:b2:05:04:2c:9d:52:47:
         d5:24:7c:ce:4a:43:08:81:58:a3:b5:df:be:6f:4d:d6:53:90:
         f4:cd:8f:9f:04:e8:04:8e:0c:47:b1:b3:14:1a:76:25:0b:a1:
         e9:f7:07:0f:29:86:22:92:f0:04:9b:ed:4d:b1:c8:1f:90:94:
         dc:df:66:1e:79:24:07:d5:62:23:4a:14:a5:c8:1e:62:51:4b:
         eb:04:cb:94:09:cc:1b:28:22:ac:d1:17:dc:fe:18:bb:2d:16:
         02:92:6d:f6:42:8f:5c:86:89:36:c5:4f:93:64:e6:43:c2:4c:
         09:d3:85:38:68:1c:4b:ba:4b:44:f9:e2:dd:25:eb:9b:5e:03:
         9f:9e:84:52:71:15:4b:ce:59:c6:7c:a1:c2:f0:23:bd:55:2e:
         53:80:12:70:d2:58:c3:fa:18:e3:05:79:d7:20:8c:6c:b9:58:
         ad:ca:bd:f3:d8:f5:bd:81:74:c9:e8:4b:61:cb:a2:30:02:6d:
         d8:d2:77:75
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZAQcO029KvqCE5XciyFDoalMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwNjEzMDcxMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDhhZmExYWZjMzBiZjk3ZmE5OWIyMzYxMTc5MDQzZGQwYjNjZjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhnyGr4N2yh8h2B6AMDjsQjBlDE0
0EoDlNJK9Ex0f+pWC1fqCkihGSr6vFEkUQul7rGylPqhPFCSf3OPkjenaD02v21L
N9bUr0narLS2PgN2cxiwMOsEUCXE0ip5oYH9i7nzZxtn2/xr32r5QYc8MkNzUG6o
0DBe5n5J3ETBJ9PDYoWa91j8/eijOWuqFWFgqMTGITTRfjwTbhh+vGsdC9Ce5nqZ
gqTZcmBmWUJikq1NcfF2hPI25pyDwxDy2F33WoE6IxKlRXgPxzR12cyDlhgNZLDd
qapje4c/KER+OqYsH6YE2Cdg8Oa2EgfRxazCm/AAN2AlwU+LjMei5hDBSQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP2K+hr8ML+X+pmyNhF5BD3Qs88MMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvX1lyNkd2d3d2NWY2bWJJMkVYa0VQZEN6end3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwevPAwQA
wmcqMA0GCSqGSIb3DQEBCwUAA4IBAQAFeSKel2Af/rMWgcpkw8zPWA7NMWjiUu+e
H1f1OjKPw17GrNR3NPeKGA/BVuL1BFQYLoCWWAQa4mml7Qolxl8DebIFBCydUkfV
JHzOSkMIgVijtd++b03WU5D0zY+fBOgEjgxHsbMUGnYlC6Hp9wcPKYYikvAEm+1N
scgfkJTc32YeeSQH1WIjShSlyB5iUUvrBMuUCcwbKCKs0Rfc/hi7LRYCkm32Qo9c
hok2xU+TZOZDwkwJ04U4aBxLuktE+eLdJeubXgOfnoRScRVLzlnGfKHC8CO9VS5T
gBJw0ljD+hjjBXnXIIxsuVityr3z2PW9gXTJ6Ethy6IwAm3Y0nd1
-----END CERTIFICATE-----