Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/aKSGBhdqCloC5GyVaHRrCLOyYcg.roa
File:                     aKSGBhdqCloC5GyVaHRrCLOyYcg.roa (raw, json)
Hash identifier:          IWYbLSqqv8szPBP9GPTCY7vk4jBUS+XsqLbMO4/qAqg=
Subject key identifier:   68:A4:86:06:17:6A:0A:5A:02:E4:6C:95:68:74:6B:08:B3:B2:61:C8
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018CC802E25A4CD658ABD63813C144237DCB
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/aKSGBhdqCloC5GyVaHRrCLOyYcg.roa
Signing time:             Tue 02 Jan 2024 02:31:21 +0000
ROA not before:           Tue 02 Jan 2024 02:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24851
IP address blocks:        192.71.211.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:e2:5a:4c:d6:58:ab:d6:38:13:c1:44:23:7d:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 02:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68a48606176a0a5a02e46c9568746b08b3b261c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:e4:c7:0b:23:be:37:08:ff:2f:43:8e:3f:2c:
                    90:e4:19:23:83:72:23:f6:6a:ed:9f:87:27:2f:d2:
                    4f:be:f0:a6:0a:c1:2b:82:1e:5b:8b:df:be:38:ac:
                    34:e9:d6:f0:a2:5f:3e:ab:68:41:b1:7d:6b:df:9d:
                    11:7e:ee:22:24:a7:39:62:45:af:ba:8e:c2:1c:ce:
                    45:2a:90:17:05:40:bf:0c:bb:75:49:9c:1f:62:4b:
                    08:4b:58:4c:7f:72:30:80:ba:38:9f:16:2c:01:ff:
                    6d:6c:44:eb:b5:4e:5f:ad:35:01:02:d1:4c:96:7f:
                    8b:4d:72:2c:cd:d2:ed:92:1d:32:da:83:8f:51:ad:
                    bd:19:7d:0d:a5:6a:2e:24:e9:17:9e:13:43:17:9d:
                    a5:ed:36:c9:9f:13:b6:b4:19:b2:ee:c1:ff:0e:20:
                    6f:2c:bc:d1:0a:1c:0c:e8:bb:31:c6:7a:dc:a8:29:
                    dd:8a:39:99:da:65:37:f5:f4:99:2d:6c:25:45:a8:
                    e3:b7:3c:55:81:96:81:eb:3c:85:26:e2:d6:01:62:
                    b9:53:e3:31:82:f2:60:2a:cc:7d:04:1f:ec:8e:3b:
                    8e:ef:68:41:df:ef:78:81:31:33:37:51:a4:b9:03:
                    07:bd:80:0b:17:a3:e5:77:f1:06:e1:9d:f6:c2:66:
                    4c:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:A4:86:06:17:6A:0A:5A:02:E4:6C:95:68:74:6B:08:B3:B2:61:C8
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/aKSGBhdqCloC5GyVaHRrCLOyYcg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.71.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:e2:db:fc:6b:bc:5a:e2:67:3c:20:41:aa:e3:6b:c1:c2:77:
         b1:a2:1f:1d:16:91:68:d0:94:26:8b:05:a3:71:13:b5:cf:e2:
         ef:2a:9f:2a:d2:a8:4b:9f:06:15:85:ca:01:e1:2d:36:91:85:
         e1:03:86:3a:95:dc:8c:d4:15:13:fe:a7:da:80:ea:50:32:43:
         d8:3a:c8:0e:ac:13:ad:10:70:b4:60:93:e8:e5:fb:96:4f:51:
         29:86:3c:b2:be:17:66:83:9d:bb:dd:f1:52:e9:83:e4:3d:6a:
         13:e3:af:91:67:44:37:a5:f8:0f:f5:de:6c:74:83:3e:a7:e4:
         50:bb:6c:4d:33:b5:9e:ee:e8:3c:1b:5e:93:a0:98:05:dd:fe:
         77:d5:fa:d0:b3:bd:94:2e:55:92:50:a5:40:f7:9a:ed:46:f9:
         54:6d:04:15:a2:08:2a:df:82:39:02:d7:1f:46:e2:f6:c5:5b:
         5c:4e:9a:1b:c1:22:24:2f:a4:14:c7:6e:7d:e6:4d:71:aa:cc:
         4f:58:5a:50:be:4f:3a:e6:ea:dc:84:3d:75:c0:35:a6:45:b4:
         04:28:47:10:be:dc:03:01:f0:66:85:71:57:bf:b1:4e:66:3d:
         07:1e:a9:57:1a:7a:b5:b6:df:bf:26:f5:89:8f:7e:da:f4:24:
         63:8c:16:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAuJaTNZYq9Y4E8FEI33LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwMTAyMDIzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGE0ODYwNjE3NmEwYTVhMDJlNDZjOTU2ODc0NmIwOGIzYjI2MWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjuTHCyO+Nwj/L0OOPyyQ5Bkjg3Ij
9mrtn4cnL9JPvvCmCsErgh5bi9++OKw06dbwol8+q2hBsX1r350Rfu4iJKc5YkWv
uo7CHM5FKpAXBUC/DLt1SZwfYksIS1hMf3IwgLo4nxYsAf9tbETrtU5frTUBAtFM
ln+LTXIszdLtkh0y2oOPUa29GX0NpWouJOkXnhNDF52l7TbJnxO2tBmy7sH/DiBv
LLzRChwM6LsxxnrcqCndijmZ2mU39fSZLWwlRajjtzxVgZaB6zyFJuLWAWK5U+Mx
gvJgKsx9BB/sjjuO72hB3+94gTEzN1GkuQMHvYALF6Pld/EG4Z32wmZMrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGikhgYXagpaAuRslWh0awizsmHIMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvYUtTR0JoZHFDbG9DNUd5VmFIUnJDTE95WWNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwEfTMA0G
CSqGSIb3DQEBCwUAA4IBAQAC4tv8a7xa4mc8IEGq42vBwnexoh8dFpFo0JQmiwWj
cRO1z+LvKp8q0qhLnwYVhcoB4S02kYXhA4Y6ldyM1BUT/qfagOpQMkPYOsgOrBOt
EHC0YJPo5fuWT1Ephjyyvhdmg5273fFS6YPkPWoT46+RZ0Q3pfgP9d5sdIM+p+RQ
u2xNM7We7ug8G16ToJgF3f531frQs72ULlWSUKVA95rtRvlUbQQVoggq34I5Atcf
RuL2xVtcTpobwSIkL6QUx2595k1xqsxPWFpQvk865urchD11wDWmRbQEKEcQvtwD
AfBmhXFXv7FOZj0HHqlXGnq1tt+/JvWJj37a9CRjjBa1
-----END CERTIFICATE-----