Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/dfXgkNRmPsWjIXnnGYYy-Aj0kjU.roa
File:                     dfXgkNRmPsWjIXnnGYYy-Aj0kjU.roa (raw, json)
Hash identifier:          MJAJjaHQTNbyqICzO6vRjlgunWxxMAz6/DtTRI78QeQ=
Subject key identifier:   75:F5:E0:90:D4:66:3E:C5:A3:21:79:E7:19:86:32:F8:08:F4:92:35
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       01916FF3EE428897A646B5E5E68B84441B96
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/dfXgkNRmPsWjIXnnGYYy-Aj0kjU.roa
Signing time:             Tue 20 Aug 2024 13:22:22 +0000
ROA not before:           Tue 20 Aug 2024 13:22:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47708
IP address blocks:        192.121.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:6f:f3:ee:42:88:97:a6:46:b5:e5:e6:8b:84:44:1b:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Aug 20 13:22:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75f5e090d4663ec5a32179e7198632f808f49235
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:06:d6:8c:dc:a9:9c:32:c3:9b:60:f1:40:5b:
                    39:8d:c1:82:72:fc:3c:9b:92:a4:9c:35:3c:68:e9:
                    8e:70:ff:b7:1d:65:a6:aa:e9:92:47:d1:ed:bf:c1:
                    8e:fe:b5:00:0b:d2:9b:42:f0:c6:49:03:10:85:65:
                    c8:a9:cd:82:ed:c2:57:b2:99:69:49:5a:6e:11:c7:
                    ce:ae:96:ff:1f:de:23:b5:5c:45:04:18:66:e2:25:
                    c5:ae:dd:85:bf:a7:34:3c:a0:48:6c:56:d7:9e:65:
                    03:15:52:58:ef:ec:c7:2b:62:48:7d:1e:55:eb:41:
                    83:5d:42:00:85:f2:1d:8e:09:cb:c4:98:b2:df:ee:
                    6e:f1:90:7a:d2:2c:e0:19:ea:1f:1e:a3:f1:af:ec:
                    7b:72:c2:5d:49:e0:48:6d:61:f5:46:11:7b:e5:7c:
                    bf:06:5b:0b:bb:97:d2:50:de:0d:5f:01:28:f4:79:
                    98:10:73:b1:7c:d3:b3:8b:74:88:60:93:77:0d:cb:
                    76:d1:e4:51:48:ed:9a:3a:08:a5:cf:e9:4c:26:73:
                    0b:c5:6b:50:7a:3f:6f:43:14:19:ba:d8:ae:20:4a:
                    c0:66:88:3c:97:c2:10:89:16:a4:3d:5f:2c:5d:21:
                    ae:56:a0:6e:6a:d5:a8:0e:af:5b:72:1b:e5:4e:25:
                    3d:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:F5:E0:90:D4:66:3E:C5:A3:21:79:E7:19:86:32:F8:08:F4:92:35
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/dfXgkNRmPsWjIXnnGYYy-Aj0kjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.121.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:ca:9a:14:93:5d:41:a6:6e:eb:ae:ca:ae:ce:f3:83:58:fb:
         29:f7:cc:47:01:ef:83:13:d8:1c:0b:26:e3:08:18:5d:b4:3a:
         fb:dc:18:9e:fe:59:55:9e:7d:fe:a9:3b:f7:70:e7:0c:f0:ba:
         b7:69:bb:26:6d:46:57:14:26:e5:4a:9b:2d:fb:0c:b2:0f:a4:
         46:76:fc:cf:8c:48:de:78:e7:93:d4:21:67:5a:98:34:6a:b5:
         2c:e1:48:d8:be:49:c8:2f:a8:61:76:36:5e:de:db:a7:6f:f2:
         2d:41:ec:48:09:1a:7b:ce:23:d4:dc:2d:3a:dd:21:87:a5:f8:
         78:98:1a:15:cd:8e:08:fa:f2:a2:c5:64:6f:fb:51:bc:09:70:
         c5:b2:8d:fc:72:07:89:74:48:07:a9:28:69:1f:5d:da:6d:fe:
         82:f4:b9:f5:01:39:19:e7:c6:7a:d0:ce:71:cf:92:c3:ff:7e:
         29:f0:c9:7e:c6:80:86:77:9b:6f:af:0a:fd:4e:5a:88:81:2e:
         13:9d:83:07:04:bb:86:93:14:8e:96:2e:d4:90:a1:98:9c:b4:
         52:9d:b6:76:09:61:33:e1:e5:2d:48:7d:84:a4:e1:11:ac:be:
         79:f6:a6:a1:62:bb:8a:f2:1c:34:a5:40:49:46:29:89:87:38:
         fc:11:ef:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFv8+5CiJemRrXl5ouERBuWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwODIwMTMyMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWY1ZTA5MGQ0NjYzZWM1YTMyMTc5ZTcxOTg2MzJmODA4ZjQ5MjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzQbWjNypnDLDm2DxQFs5jcGCcvw8
m5KknDU8aOmOcP+3HWWmqumSR9Htv8GO/rUAC9KbQvDGSQMQhWXIqc2C7cJXsplp
SVpuEcfOrpb/H94jtVxFBBhm4iXFrt2Fv6c0PKBIbFbXnmUDFVJY7+zHK2JIfR5V
60GDXUIAhfIdjgnLxJiy3+5u8ZB60izgGeofHqPxr+x7csJdSeBIbWH1RhF75Xy/
BlsLu5fSUN4NXwEo9HmYEHOxfNOzi3SIYJN3Dct20eRRSO2aOgilz+lMJnMLxWtQ
ej9vQxQZutiuIErAZog8l8IQiRakPV8sXSGuVqBuatWoDq9bchvlTiU9fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHX14JDUZj7FoyF55xmGMvgI9JI1MB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvZGZYZ2tOUm1Qc1dqSVhubkdZWXktQWowa2pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwHnCMA0G
CSqGSIb3DQEBCwUAA4IBAQAtypoUk11Bpm7rrsquzvODWPsp98xHAe+DE9gcCybj
CBhdtDr73Bie/llVnn3+qTv3cOcM8Lq3absmbUZXFCblSpst+wyyD6RGdvzPjEje
eOeT1CFnWpg0arUs4UjYvknIL6hhdjZe3tunb/ItQexICRp7ziPU3C063SGHpfh4
mBoVzY4I+vKixWRv+1G8CXDFso38cgeJdEgHqShpH13abf6C9Ln1ATkZ58Z60M5x
z5LD/34p8Ml+xoCGd5tvrwr9TlqIgS4TnYMHBLuGkxSOli7UkKGYnLRSnbZ2CWEz
4eUtSH2EpOERrL559qahYruK8hw0pUBJRimJhzj8Ee9m
-----END CERTIFICATE-----