Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/epOkrD8zCs3MfMd19DEKZJvW6io.roa
File:                     epOkrD8zCs3MfMd19DEKZJvW6io.roa (raw, json)
Hash identifier:          ApZ+pT8gXowAN7oVbJYhbi1fydmYl0uVvYnBTY2Hmo8=
Subject key identifier:   7A:93:A4:AC:3F:33:0A:CD:CC:7C:C7:75:F4:31:0A:64:9B:D6:EA:2A
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018CC802E5B85C673F479A2EAD3E7DE413E2
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/epOkrD8zCs3MfMd19DEKZJvW6io.roa
Signing time:             Tue 02 Jan 2024 02:31:22 +0000
ROA not before:           Tue 02 Jan 2024 02:31:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31800
IP address blocks:        194.68.45.0/24 maxlen: 24
                          194.14.236.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:e5:b8:5c:67:3f:47:9a:2e:ad:3e:7d:e4:13:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 02:31:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a93a4ac3f330acdcc7cc775f4310a649bd6ea2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:e4:cb:ee:b9:28:cf:4b:06:f2:2f:5c:f0:95:
                    14:d8:d3:5e:f0:4d:e7:43:82:92:e9:bc:a2:4b:99:
                    ef:7c:f8:57:a1:73:fd:02:e6:54:a6:d7:1d:73:5a:
                    d9:a0:d4:ad:ae:3f:cf:e9:24:82:5c:c5:c4:d5:dd:
                    2a:48:23:f7:0d:67:ca:bb:7d:16:ef:00:ca:3a:74:
                    cf:09:fe:34:72:4f:a5:5f:26:e2:57:42:1b:e7:1b:
                    90:34:3d:e5:8c:6a:f5:bf:10:e0:cc:d6:79:1b:9e:
                    52:fc:41:c1:98:83:14:56:2d:14:d1:b7:15:52:2e:
                    83:20:bc:3a:13:d6:7c:cc:df:9f:24:89:1f:59:7e:
                    08:68:0c:b8:05:d8:c4:78:4d:d4:68:d3:8d:c9:36:
                    b0:e6:bb:5a:ca:90:65:4d:07:a7:91:50:b6:c9:fe:
                    09:b3:5c:86:85:47:33:06:ad:61:98:b4:ae:d8:7e:
                    27:86:6c:e3:b8:f2:02:e3:cb:e2:85:f5:5b:47:f5:
                    e7:ab:50:8c:30:fd:ef:3b:cb:87:c1:c6:e8:43:96:
                    45:33:e9:9b:a8:5f:3b:4f:d7:cf:c4:30:04:bb:ad:
                    50:13:ba:42:14:f9:70:c0:02:04:c4:74:be:14:35:
                    11:34:ae:d5:57:85:7b:f5:dd:ef:2f:57:6f:a0:8c:
                    37:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:93:A4:AC:3F:33:0A:CD:CC:7C:C7:75:F4:31:0A:64:9B:D6:EA:2A
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/epOkrD8zCs3MfMd19DEKZJvW6io.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.14.236.0/24
                  194.68.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:9b:8a:92:7a:ab:5c:21:23:49:5b:8c:a5:dc:17:dc:b0:ed:
         a4:9f:37:e8:84:94:dc:68:da:99:f9:fe:cd:97:db:30:ae:88:
         25:ea:a9:fa:fc:4f:e5:ef:c7:7b:1d:dc:d1:ae:eb:af:e4:c3:
         e5:9a:e0:13:e3:f2:af:ea:71:a1:3b:b9:d4:59:8c:a8:e1:6a:
         a2:9e:fb:ed:4f:56:55:0f:24:49:8b:3b:43:43:97:4c:c9:30:
         d7:f6:ac:d4:76:24:ee:d8:91:64:e6:8b:00:ea:bd:13:10:c1:
         33:7c:f0:2f:5a:87:ec:d1:97:5c:89:35:56:34:09:ac:75:18:
         7d:b8:46:1d:88:8e:a1:ed:09:d8:9f:39:c7:27:00:fb:17:66:
         6e:be:cb:a6:f5:89:59:87:10:20:34:21:ee:b7:a8:1c:8b:67:
         25:f1:e1:94:e9:be:6e:14:79:e8:1c:b4:76:b2:5d:1e:72:71:
         83:01:34:71:76:3e:b2:cd:f6:d1:26:03:e9:ed:f0:d6:9a:7e:
         ce:c9:ae:89:da:60:de:bc:76:95:bc:95:ce:20:07:79:20:99:
         f2:4b:23:df:38:1d:58:a3:ee:35:ca:c0:34:22:44:ea:f9:2f:
         ef:bc:d0:9f:bb:c3:88:45:a0:10:d4:d3:8c:40:55:62:69:6c:
         7c:ea:e1:c1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAuW4XGc/R5ourT595BPiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwMTAyMDIzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTkzYTRhYzNmMzMwYWNkY2M3Y2M3NzVmNDMxMGE2NDliZDZlYTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg+TL7rkoz0sG8i9c8JUU2NNe8E3n
Q4KS6byiS5nvfPhXoXP9AuZUptcdc1rZoNStrj/P6SSCXMXE1d0qSCP3DWfKu30W
7wDKOnTPCf40ck+lXybiV0Ib5xuQND3ljGr1vxDgzNZ5G55S/EHBmIMUVi0U0bcV
Ui6DILw6E9Z8zN+fJIkfWX4IaAy4BdjEeE3UaNONyTaw5rtaypBlTQenkVC2yf4J
s1yGhUczBq1hmLSu2H4nhmzjuPIC48vihfVbR/Xnq1CMMP3vO8uHwcboQ5ZFM+mb
qF87T9fPxDAEu61QE7pCFPlwwAIExHS+FDURNK7VV4V79d3vL1dvoIw3KQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHqTpKw/MwrNzHzHdfQxCmSb1uoqMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvZXBPa3JEOHpDczNNZk1kMTlERUtaSnZXNmlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwg7sAwQA
wkQtMA0GCSqGSIb3DQEBCwUAA4IBAQCam4qSeqtcISNJW4yl3BfcsO2knzfohJTc
aNqZ+f7Nl9swrogl6qn6/E/l78d7HdzRruuv5MPlmuAT4/Kv6nGhO7nUWYyo4Wqi
nvvtT1ZVDyRJiztDQ5dMyTDX9qzUdiTu2JFk5osA6r0TEMEzfPAvWofs0ZdciTVW
NAmsdRh9uEYdiI6h7QnYnznHJwD7F2Zuvsum9YlZhxAgNCHut6gci2cl8eGU6b5u
FHnoHLR2sl0ecnGDATRxdj6yzfbRJgPp7fDWmn7Oya6J2mDevHaVvJXOIAd5IJny
SyPfOB1Yo+41ysA0IkTq+S/vvNCfu8OIRaAQ1NOMQFViaWx86uHB
-----END CERTIFICATE-----