Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/fAGy_nqzc9_31NMdQJ9_sX-v4js.roa
File:                     fAGy_nqzc9_31NMdQJ9_sX-v4js.roa (raw, json)
Hash identifier:          cfduU3Rn8IzT3X2I1SstfT+qGAU3y4Rg43poLbN3u58=
Subject key identifier:   7C:01:B2:FE:7A:B3:73:DF:F7:D4:D3:1D:40:9F:7F:B1:7F:AF:E2:3B
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       01956FA44C652EC8850298DECD45D6B64A7C
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/fAGy_nqzc9_31NMdQJ9_sX-v4js.roa
Signing time:             Fri 07 Mar 2025 08:06:33 +0000
ROA not before:           Fri 07 Mar 2025 08:06:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199950
IP address blocks:        192.121.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:6f:a4:4c:65:2e:c8:85:02:98:de:cd:45:d6:b6:4a:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Mar  7 08:06:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7c01b2fe7ab373dff7d4d31d409f7fb17fafe23b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:a2:0a:1e:c0:5d:90:1d:93:7b:ff:8e:d1:35:
                    65:6c:44:c5:c0:61:4d:15:0a:b0:96:3e:0f:8d:12:
                    43:d8:ad:64:98:50:b1:88:f1:03:57:da:8d:f3:8f:
                    fa:ac:60:ce:61:3e:3c:da:85:04:6d:d1:eb:6c:fe:
                    30:43:07:93:40:14:f9:32:b6:f9:eb:d2:5a:40:ba:
                    14:d8:52:49:97:3d:71:53:c3:68:83:78:20:44:2c:
                    00:3c:3c:04:54:ea:f7:9a:55:92:c9:50:b5:cf:d7:
                    69:44:75:65:6c:0c:9a:bb:bc:32:45:8e:14:5d:8f:
                    33:c2:30:56:bd:a7:db:35:9f:ee:dd:00:dc:fc:2b:
                    01:3d:83:81:42:db:22:48:d1:f0:3e:a7:a2:4e:b1:
                    61:c1:ac:72:03:9c:12:5c:e8:a1:3e:31:d8:6b:0f:
                    d5:7e:9c:c3:94:8d:ca:90:3b:10:0e:24:cb:b3:85:
                    37:82:d3:54:08:aa:de:6d:87:30:37:06:7c:1e:39:
                    30:8b:09:a4:a4:e2:04:bd:5f:c5:38:e6:10:74:db:
                    55:3a:7c:71:8f:74:a2:b9:38:45:85:94:ac:2d:05:
                    48:e4:1e:30:a3:db:dc:ce:14:be:ae:ba:1d:90:33:
                    e9:de:e3:fd:f7:f3:de:8a:85:fd:9d:1c:db:14:d9:
                    d1:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:01:B2:FE:7A:B3:73:DF:F7:D4:D3:1D:40:9F:7F:B1:7F:AF:E2:3B
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/fAGy_nqzc9_31NMdQJ9_sX-v4js.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.121.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:4d:14:26:34:50:b3:77:60:f6:17:0a:83:5c:3a:e3:37:b2:
         73:f3:f0:f6:86:10:52:85:dd:a7:0b:11:a9:03:b7:0a:63:d7:
         bd:ac:13:ec:fa:64:e1:5f:7c:60:8e:00:8f:26:79:88:76:5a:
         ee:b7:de:37:a1:48:a4:59:54:72:a4:e1:08:c3:1e:a5:c2:9a:
         88:a0:4c:4e:34:ee:3b:16:d2:d6:2d:ff:b6:19:1b:d9:60:c7:
         79:f3:be:bc:24:60:04:65:52:20:26:a7:ae:75:26:cc:4e:7f:
         fc:5a:ac:f7:a8:76:af:b9:83:db:c2:2b:17:28:d4:04:db:2b:
         e3:a8:38:6c:35:05:ed:ff:87:2f:f6:6f:02:d7:9c:49:53:ee:
         c4:c3:f1:0f:1a:51:f5:09:2b:53:bc:20:b3:92:f9:8f:86:2a:
         bc:83:32:8b:cf:f1:e3:0a:b2:1d:78:f2:26:61:2a:cd:6e:d4:
         8d:96:85:c6:f1:88:ec:55:55:85:b7:0e:33:a5:00:14:0c:18:
         7d:77:f6:99:88:99:96:2e:65:8e:3c:d5:ba:13:c1:51:dc:9b:
         a8:1b:23:63:a6:a6:a5:b7:89:46:51:3b:6c:ae:02:59:52:61:
         f5:29:4a:0e:ea:94:b8:17:bd:7a:1b:42:e0:4f:cf:14:03:86:
         35:7c:24:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVvpExlLsiFApjezUXWtkp8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwMzA3MDgwNjMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzAxYjJmZTdhYjM3M2RmZjdkNGQzMWQ0MDlmN2ZiMTdmYWZlMjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtqIKHsBdkB2Te/+O0TVlbETFwGFN
FQqwlj4PjRJD2K1kmFCxiPEDV9qN84/6rGDOYT482oUEbdHrbP4wQweTQBT5Mrb5
69JaQLoU2FJJlz1xU8Nog3ggRCwAPDwEVOr3mlWSyVC1z9dpRHVlbAyau7wyRY4U
XY8zwjBWvafbNZ/u3QDc/CsBPYOBQtsiSNHwPqeiTrFhwaxyA5wSXOihPjHYaw/V
fpzDlI3KkDsQDiTLs4U3gtNUCKrebYcwNwZ8HjkwiwmkpOIEvV/FOOYQdNtVOnxx
j3SiuThFhZSsLQVI5B4wo9vczhS+rrodkDPp3uP99/PeioX9nRzbFNnRZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHwBsv56s3Pf99TTHUCff7F/r+I7MB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvZkFHeV9ucXpjOV8zMU5NZFFKOV9zWC12NGpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwHlsMA0G
CSqGSIb3DQEBCwUAA4IBAQAQTRQmNFCzd2D2FwqDXDrjN7Jz8/D2hhBShd2nCxGp
A7cKY9e9rBPs+mThX3xgjgCPJnmIdlrut943oUikWVRypOEIwx6lwpqIoExONO47
FtLWLf+2GRvZYMd58768JGAEZVIgJqeudSbMTn/8Wqz3qHavuYPbwisXKNQE2yvj
qDhsNQXt/4cv9m8C15xJU+7Ew/EPGlH1CStTvCCzkvmPhiq8gzKLz/HjCrIdePIm
YSrNbtSNloXG8YjsVVWFtw4zpQAUDBh9d/aZiJmWLmWOPNW6E8FR3JuoGyNjpqal
t4lGUTtsrgJZUmH1KUoO6pS4F716G0LgT88UA4Y1fCSL
-----END CERTIFICATE-----