Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/cqW4Nw9pw8mM3Z0wrKSEDU7xs9E.roa
File:                     cqW4Nw9pw8mM3Z0wrKSEDU7xs9E.roa (raw, json)
Hash identifier:          6l+QJde3mXuI4yYvjHmIx/BXn4/mpHQNJyHwCTUzdw8=
Subject key identifier:   72:A5:B8:37:0F:69:C3:C9:8C:DD:9D:30:AC:A4:84:0D:4E:F1:B3:D1
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       019427487801857AE2F6EE9FA73D7A718BDE
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/cqW4Nw9pw8mM3Z0wrKSEDU7xs9E.roa
Signing time:             Thu 02 Jan 2025 13:50:48 +0000
ROA not before:           Thu 02 Jan 2025 13:50:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206941
IP address blocks:        193.235.58.0/24 maxlen: 24
                          194.14.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:78:01:85:7a:e2:f6:ee:9f:a7:3d:7a:71:8b:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 13:50:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=72a5b8370f69c3c98cdd9d30aca4840d4ef1b3d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:3f:e7:54:77:e0:99:30:ee:78:c2:f6:0b:eb:
                    27:f3:8f:c9:81:da:db:c5:f1:bc:c0:11:ff:fb:8c:
                    bb:db:78:ab:db:cd:14:96:12:b5:f0:44:75:6d:fe:
                    17:c4:4b:77:e5:b5:be:20:2f:bf:16:d5:4b:59:98:
                    fc:9b:79:f5:cf:91:7f:cb:31:5c:74:27:11:e0:49:
                    48:b7:9c:eb:12:74:b0:9d:e3:67:8f:40:37:63:a2:
                    78:76:94:34:1c:f3:aa:69:32:ae:aa:a5:5f:a9:28:
                    62:70:d2:a8:2e:b9:23:41:10:fc:9d:97:da:97:1e:
                    ad:ca:4b:db:95:79:43:fd:22:75:46:51:c5:68:67:
                    0a:13:8c:95:23:0a:a1:91:1c:93:a9:ca:8f:bf:93:
                    b4:1c:64:a5:08:7a:5a:78:85:e8:32:06:a4:7d:50:
                    c1:2e:7f:e3:11:55:24:58:c7:d4:19:14:ff:82:73:
                    c7:58:06:43:7f:e3:7d:34:8e:93:f0:ee:ed:cf:3b:
                    0f:af:cc:5e:cc:c2:da:88:fd:f8:8b:95:31:b9:ea:
                    8e:04:27:97:49:75:58:b4:05:dc:4c:be:14:54:6f:
                    2e:07:f4:b8:4d:41:4c:35:45:1b:72:4b:cd:10:fd:
                    f1:8e:fd:8d:a9:36:e2:05:9e:76:1c:00:db:99:b5:
                    b6:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:A5:B8:37:0F:69:C3:C9:8C:DD:9D:30:AC:A4:84:0D:4E:F1:B3:D1
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/cqW4Nw9pw8mM3Z0wrKSEDU7xs9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.235.58.0/24
                  194.14.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c4:ac:72:09:6d:81:b8:02:d4:42:3b:6e:8a:ff:69:c3:15:03:
         72:50:2a:4a:8d:b6:a6:76:a9:e2:bd:21:89:bb:7e:6f:8b:f9:
         69:f1:2f:ab:f6:63:02:23:dd:ad:35:f0:79:a8:5c:9b:d2:c3:
         0a:cd:bb:3b:d0:55:d0:11:6e:81:ea:4d:71:83:40:01:ce:41:
         d6:fb:6a:57:74:13:62:aa:b0:fb:1e:e5:ad:cf:a5:ed:d6:c1:
         43:76:79:aa:2f:31:3c:b7:74:f0:d3:15:51:24:16:ae:fc:63:
         5c:c4:00:37:dc:d9:53:da:6d:6b:5b:fc:5e:4a:12:4b:f7:c4:
         f8:fd:e7:5a:6e:a1:3b:c7:90:d4:21:e2:a5:95:fa:48:02:93:
         04:98:1e:70:ef:57:06:6e:ba:08:e9:22:be:ee:de:55:13:e6:
         1e:fa:f2:9b:8a:6d:1c:a1:04:d8:01:a8:96:41:82:8b:30:2c:
         c8:8a:fe:54:4c:49:7a:90:f6:f5:3a:ec:b3:0a:3a:09:17:a7:
         19:f8:bc:f1:a7:f9:e5:80:21:5c:2a:2d:07:35:c4:9c:51:82:
         d8:95:d0:ca:24:a2:55:95:72:bb:65:2b:dd:1e:26:1b:9a:64:
         d2:08:79:b9:a4:41:c8:32:92:cd:9e:88:05:a7:9b:b2:ab:de:
         84:31:22:cb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnSHgBhXri9u6fpz16cYveMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwMTAyMTM1MDQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmE1YjgzNzBmNjljM2M5OGNkZDlkMzBhY2E0ODQwZDRlZjFiM2QxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxT/nVHfgmTDueML2C+sn84/Jgdrb
xfG8wBH/+4y723ir280UlhK18ER1bf4XxEt35bW+IC+/FtVLWZj8m3n1z5F/yzFc
dCcR4ElIt5zrEnSwneNnj0A3Y6J4dpQ0HPOqaTKuqqVfqShicNKoLrkjQRD8nZfa
lx6tykvblXlD/SJ1RlHFaGcKE4yVIwqhkRyTqcqPv5O0HGSlCHpaeIXoMgakfVDB
Ln/jEVUkWMfUGRT/gnPHWAZDf+N9NI6T8O7tzzsPr8xezMLaiP34i5UxueqOBCeX
SXVYtAXcTL4UVG8uB/S4TUFMNUUbckvNEP3xjv2NqTbiBZ52HADbmbW2jQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHKluDcPacPJjN2dMKykhA1O8bPRMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvY3FXNE53OXB3OG1NM1owd3JLU0VEVTd4czlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwes6AwQA
wg7SMA0GCSqGSIb3DQEBCwUAA4IBAQDErHIJbYG4AtRCO26K/2nDFQNyUCpKjbam
dqnivSGJu35vi/lp8S+r9mMCI92tNfB5qFyb0sMKzbs70FXQEW6B6k1xg0ABzkHW
+2pXdBNiqrD7HuWtz6Xt1sFDdnmqLzE8t3Tw0xVRJBau/GNcxAA33NlT2m1rW/xe
ShJL98T4/edabqE7x5DUIeKllfpIApMEmB5w71cGbroI6SK+7t5VE+Ye+vKbim0c
oQTYAaiWQYKLMCzIiv5UTEl6kPb1OuyzCjoJF6cZ+Lzxp/nlgCFcKi0HNcScUYLY
ldDKJKJVlXK7ZSvdHiYbmmTSCHm5pEHIMpLNnogFp5uyq96EMSLL
-----END CERTIFICATE-----