Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/d8YFz6vQsQGGxi2LnahAySSGjaA.roa
File:                     d8YFz6vQsQGGxi2LnahAySSGjaA.roa (raw, json)
Hash identifier:          OGtSgVb1B9iaS8/m4Jy54qNcCrUxfUsKvHzuh7W7pTg=
Subject key identifier:   77:C6:05:CF:AB:D0:B1:01:86:C6:2D:8B:9D:A8:40:C9:24:86:8D:A0
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       01942748766907D7A9392DF22B2E5DAF18CC
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/d8YFz6vQsQGGxi2LnahAySSGjaA.roa
Signing time:             Thu 02 Jan 2025 13:50:47 +0000
ROA not before:           Thu 02 Jan 2025 13:50:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206013
IP address blocks:        193.180.104.0/21 maxlen: 24
                          193.180.112.0/23 maxlen: 24
                          193.180.114.0/24 maxlen: 24
                          194.14.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:76:69:07:d7:a9:39:2d:f2:2b:2e:5d:af:18:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 13:50:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=77c605cfabd0b10186c62d8b9da840c924868da0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:7a:5b:cd:6a:1a:c2:9d:2a:f7:d7:f2:d3:1c:
                    31:00:f5:9c:8c:26:d7:d3:c8:e2:c5:1e:65:72:02:
                    2c:f7:64:37:8f:1d:55:ec:a8:7f:90:a3:ba:45:c6:
                    e0:e4:cc:e6:d9:c0:90:33:17:3c:f3:e3:9e:6b:90:
                    0b:33:18:94:e9:e6:b9:1d:6c:d4:9c:16:a1:1a:73:
                    bf:c7:6c:dd:53:62:f2:9f:be:91:e1:cf:26:b5:a3:
                    11:7b:5c:60:e4:de:80:48:2d:fc:9b:33:63:86:cf:
                    3b:a1:76:fe:19:a9:48:2c:7a:6c:df:f6:80:e5:28:
                    4e:ad:91:2b:85:06:3c:09:46:94:1b:b4:37:9a:89:
                    ab:eb:64:0a:b5:23:37:17:41:39:81:9a:15:30:cd:
                    dc:d8:c1:9b:96:30:ec:e3:18:d6:72:56:f7:3c:be:
                    d2:05:43:8a:d8:2a:1d:d0:79:65:93:e1:05:6c:b8:
                    9d:3f:a3:c7:35:17:ca:12:f1:39:42:59:45:67:f9:
                    74:e2:6d:ef:49:cb:e4:2c:ff:d2:2a:27:38:9a:e3:
                    de:37:4c:b4:18:73:c8:5d:b3:76:84:60:95:df:28:
                    4a:75:38:e3:5c:7d:a4:91:64:60:ef:aa:40:46:20:
                    d1:17:63:b5:2d:f0:bd:ad:5c:9e:3f:b8:f4:1e:f6:
                    64:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:C6:05:CF:AB:D0:B1:01:86:C6:2D:8B:9D:A8:40:C9:24:86:8D:A0
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/d8YFz6vQsQGGxi2LnahAySSGjaA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.180.104.0-193.180.114.255
                  194.14.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:a0:3f:11:b8:57:66:fe:02:10:18:c5:59:0e:9f:e1:93:b7:
         80:dc:e3:f9:31:9e:f2:d9:3e:a6:02:ef:cf:91:44:00:47:58:
         41:b4:e1:42:fd:63:ff:3a:0e:a6:03:9b:e1:0f:64:81:1a:84:
         06:b2:b4:51:94:5f:c9:15:21:84:43:2d:53:65:fd:c0:1d:f9:
         96:1e:41:f7:84:86:07:63:67:9f:5c:50:7c:b4:ac:72:f7:71:
         73:44:94:f5:d8:c7:b3:1b:66:10:dc:4e:a7:71:7e:b9:75:ad:
         e7:a0:6e:ff:4a:56:74:2f:11:32:54:66:91:c4:6f:a8:7c:46:
         10:40:d0:97:8d:a7:74:bf:53:5d:2a:17:5d:6f:ec:14:2f:b9:
         67:27:4b:fa:30:6f:3e:35:0e:a4:e4:bc:a2:f6:f6:e2:da:c9:
         c3:e2:b0:11:5d:5b:3f:71:a1:8d:36:68:d4:e3:93:64:bd:e4:
         1a:09:2e:9c:b5:9a:98:26:23:90:a5:80:2a:7e:2d:22:26:4a:
         95:5e:fd:4c:ec:55:d2:7e:29:ce:da:6a:d9:98:76:1b:35:b9:
         58:a9:5a:d0:d5:e5:0b:6a:68:c9:67:42:8b:26:83:cd:83:95:
         b8:41:a2:fc:de:09:97:10:d3:f6:62:79:41:ae:3d:c2:2f:e7:
         9f:65:90:bc
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQnSHZpB9epOS3yKy5drxjMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwMTAyMTM1MDQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2M2MDVjZmFiZDBiMTAxODZjNjJkOGI5ZGE4NDBjOTI0ODY4ZGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXpbzWoawp0q99fy0xwxAPWcjCbX
08jixR5lcgIs92Q3jx1V7Kh/kKO6Rcbg5Mzm2cCQMxc88+Oea5ALMxiU6ea5HWzU
nBahGnO/x2zdU2Lyn76R4c8mtaMRe1xg5N6ASC38mzNjhs87oXb+GalILHps3/aA
5ShOrZErhQY8CUaUG7Q3momr62QKtSM3F0E5gZoVMM3c2MGbljDs4xjWclb3PL7S
BUOK2Cod0Hllk+EFbLidP6PHNRfKEvE5QllFZ/l04m3vScvkLP/SKic4muPeN0y0
GHPIXbN2hGCV3yhKdTjjXH2kkWRg76pARiDRF2O1LfC9rVyeP7j0HvZkJQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFHfGBc+r0LEBhsYti52oQMkkho2gMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvZDhZRno2dlFzUUdHeGkyTG5haEF5U1NHamFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAPBtGgD
BADBtHIDBADCDiEwDQYJKoZIhvcNAQELBQADggEBAGygPxG4V2b+AhAYxVkOn+GT
t4Dc4/kxnvLZPqYC78+RRABHWEG04UL9Y/86DqYDm+EPZIEahAaytFGUX8kVIYRD
LVNl/cAd+ZYeQfeEhgdjZ59cUHy0rHL3cXNElPXYx7MbZhDcTqdxfrl1reegbv9K
VnQvETJUZpHEb6h8RhBA0JeNp3S/U10qF11v7BQvuWcnS/owbz41DqTkvKL29uLa
ycPisBFdWz9xoY02aNTjk2S95BoJLpy1mpgmI5ClgCp+LSImSpVe/UzsVdJ+Kc7a
atmYdhs1uVipWtDV5QtqaMlnQosmg82DlbhBovzeCZcQ0/ZieUGuPcIv559lkLw=
-----END CERTIFICATE-----