Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/gy3XtHXAIVRp_1dUdHG9KcK7F84.roa
File:                     gy3XtHXAIVRp_1dUdHG9KcK7F84.roa (raw, json)
Hash identifier:          fjXxPSra15JwuhWDKKA+9+a+LGhc1DiqpD+5POc8u0c=
Subject key identifier:   83:2D:D7:B4:75:C0:21:54:69:FF:57:54:74:71:BD:29:C2:BB:17:CE
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       01942748391BF4A904E44500E1651307CE99
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/gy3XtHXAIVRp_1dUdHG9KcK7F84.roa
Signing time:             Thu 02 Jan 2025 13:50:32 +0000
ROA not before:           Thu 02 Jan 2025 13:50:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2836
IP address blocks:        192.121.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:39:1b:f4:a9:04:e4:45:00:e1:65:13:07:ce:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 13:50:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=832dd7b475c0215469ff57547471bd29c2bb17ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:16:23:9b:58:66:5c:5c:74:e9:88:a2:d5:57:
                    b5:7e:67:3e:ee:e2:30:50:78:6e:14:62:9c:67:c2:
                    00:4d:6b:06:67:7c:89:09:60:ed:fc:e5:d5:bd:9f:
                    62:6f:8c:45:7b:66:22:1e:bb:f7:6a:99:d3:57:21:
                    81:e5:ec:66:aa:84:73:46:5c:5d:a5:37:8e:14:e6:
                    41:ae:98:d2:67:c8:6f:08:3f:6a:e3:33:cc:41:ed:
                    47:94:46:ef:d1:3d:54:c4:bc:70:2f:d6:4b:78:03:
                    f5:67:98:61:c5:36:25:5b:52:1c:f3:94:88:a0:b0:
                    2b:4c:b3:97:c3:3f:89:54:08:cc:66:7f:e2:a0:50:
                    1d:3c:df:85:c0:58:4b:21:5a:36:75:7d:d5:3b:42:
                    47:83:a9:5d:62:f8:30:e7:52:3d:5f:85:bb:da:dc:
                    25:1f:20:ef:84:64:ea:bc:fc:5c:c0:a5:3a:8f:cd:
                    bf:37:ea:a9:c5:30:ab:77:2f:70:d7:62:f4:c0:6f:
                    f2:dd:04:68:d8:ed:c4:dd:8c:16:c1:e5:b6:f7:c8:
                    8e:0e:6f:39:55:9e:4b:bf:23:3d:75:fd:d3:8e:09:
                    07:28:0a:e9:bf:c7:23:18:13:3b:b8:fe:64:5b:09:
                    c5:8d:f8:5c:f1:5f:11:2b:e9:03:83:a7:ef:fc:4f:
                    c3:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:2D:D7:B4:75:C0:21:54:69:FF:57:54:74:71:BD:29:C2:BB:17:CE
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/gy3XtHXAIVRp_1dUdHG9KcK7F84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.121.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:db:0d:1d:08:94:24:c3:b8:41:c7:d8:69:4f:d7:1a:d7:8e:
         85:d0:63:92:11:af:89:3c:f7:41:04:32:df:73:50:89:d6:83:
         31:1d:bb:05:c1:a2:00:17:e9:f3:aa:3a:82:8b:c6:6f:c5:f0:
         41:af:28:10:b7:2f:b5:e2:fb:34:c4:c8:e0:0c:71:aa:48:27:
         a9:36:bd:ad:19:f5:c8:c6:5f:f9:9d:8f:b3:31:18:af:f1:76:
         5d:2a:79:ac:99:96:d9:8c:b9:0b:bd:de:40:f9:86:88:c6:a7:
         60:fb:99:ea:33:0b:bc:8b:e0:2a:4c:d5:72:83:ad:c5:18:a3:
         c8:76:06:9f:d9:d7:68:bb:53:e7:bc:7f:3c:30:5f:ce:51:5b:
         3b:1a:0c:bf:79:a5:7b:bc:f8:ff:e8:76:39:7a:7f:32:17:8a:
         aa:87:a7:73:13:6a:4d:1f:98:85:6a:19:ad:4b:42:ab:1b:b6:
         ad:ad:3c:30:a7:89:22:6c:36:4a:70:06:cb:a6:76:cf:e9:4f:
         08:b3:70:9e:15:63:e8:21:20:a1:e1:5c:43:c8:06:3b:5e:0c:
         a7:90:03:60:f2:51:63:21:3e:8e:78:56:85:79:6f:26:be:4b:
         8a:31:86:71:3a:bb:07:98:f2:e8:7f:82:ab:65:9f:e4:2d:b0:
         d9:c8:80:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSDkb9KkE5EUA4WUTB86ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwMTAyMTM1MDMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzJkZDdiNDc1YzAyMTU0NjlmZjU3NTQ3NDcxYmQyOWMyYmIxN2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+BYjm1hmXFx06Yii1Ve1fmc+7uIw
UHhuFGKcZ8IATWsGZ3yJCWDt/OXVvZ9ib4xFe2YiHrv3apnTVyGB5exmqoRzRlxd
pTeOFOZBrpjSZ8hvCD9q4zPMQe1HlEbv0T1UxLxwL9ZLeAP1Z5hhxTYlW1Ic85SI
oLArTLOXwz+JVAjMZn/ioFAdPN+FwFhLIVo2dX3VO0JHg6ldYvgw51I9X4W72twl
HyDvhGTqvPxcwKU6j82/N+qpxTCrdy9w12L0wG/y3QRo2O3E3YwWweW298iODm85
VZ5LvyM9df3TjgkHKArpv8cjGBM7uP5kWwnFjfhc8V8RK+kDg6fv/E/DnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIMt17R1wCFUaf9XVHRxvSnCuxfOMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvZ3kzWHRIWEFJVlJwXzFkVWRIRzlLY0s3Rjg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwHlWMA0G
CSqGSIb3DQEBCwUAA4IBAQCF2w0dCJQkw7hBx9hpT9ca146F0GOSEa+JPPdBBDLf
c1CJ1oMxHbsFwaIAF+nzqjqCi8ZvxfBBrygQty+14vs0xMjgDHGqSCepNr2tGfXI
xl/5nY+zMRiv8XZdKnmsmZbZjLkLvd5A+YaIxqdg+5nqMwu8i+AqTNVyg63FGKPI
dgaf2ddou1PnvH88MF/OUVs7Ggy/eaV7vPj/6HY5en8yF4qqh6dzE2pNH5iFahmt
S0KrG7atrTwwp4kibDZKcAbLpnbP6U8Is3CeFWPoISCh4VxDyAY7XgynkANg8lFj
IT6OeFaFeW8mvkuKMYZxOrsHmPLof4KrZZ/kLbDZyIDo
-----END CERTIFICATE-----