Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/h9VZelluU51-tmiUl_ONGGFNZys.roa
File:                     h9VZelluU51-tmiUl_ONGGFNZys.roa (raw, json)
Hash identifier:          dEB8Zqeta3q0TvFx+Eug9icPPD84RQKv8RvnupZudYg=
Subject key identifier:   87:D5:59:7A:59:6E:53:9D:7E:B6:68:94:97:F3:8D:18:61:4D:67:2B
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       019256979BC0EE1EC50E40F8AE36942F0DF8
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/h9VZelluU51-tmiUl_ONGGFNZys.roa
Signing time:             Fri 04 Oct 2024 08:13:49 +0000
ROA not before:           Fri 04 Oct 2024 08:13:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214686
IP address blocks:        193.181.64.0/24 maxlen: 24
                          193.181.126.0/24 maxlen: 24
                          193.181.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:56:97:9b:c0:ee:1e:c5:0e:40:f8:ae:36:94:2f:0d:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Oct  4 08:13:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87d5597a596e539d7eb6689497f38d18614d672b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:0b:bc:8a:37:fc:92:94:f8:c0:1b:d2:3a:08:
                    f3:33:c4:2b:21:b7:d1:f0:a0:4e:ff:52:bc:32:9f:
                    81:ff:d0:d4:90:3b:23:68:ac:dd:3a:ba:b9:a1:3a:
                    a2:99:34:47:d2:f0:cd:e5:6a:6e:94:df:ae:f1:71:
                    58:6c:71:20:7b:e3:b0:cb:98:18:c3:aa:16:1b:dc:
                    79:74:3e:22:90:9a:18:1f:ef:1b:15:99:63:60:e4:
                    95:8b:c8:a8:34:5e:b7:e7:e4:46:cb:d1:ee:ac:ef:
                    d2:3e:0e:b9:96:ed:94:4b:8e:a5:ca:03:5e:fe:a5:
                    8d:ab:42:23:38:61:0b:f5:c5:6c:e4:c3:03:55:b7:
                    55:c9:7d:37:7b:78:a4:61:af:10:e5:63:3c:a3:19:
                    c3:b9:bf:c1:65:74:01:45:b0:1f:05:71:05:65:b0:
                    d3:e4:7f:2e:81:a1:4d:a5:3d:77:9d:c1:97:a9:6b:
                    4f:66:79:5f:9f:ff:25:53:87:a4:2d:cd:80:0d:f3:
                    86:fc:b2:cb:ca:f6:1c:cc:82:98:75:eb:30:99:e9:
                    eb:32:12:da:08:5e:0f:a5:90:f6:0a:54:c9:f4:e9:
                    92:dc:42:6f:29:9a:58:60:bb:84:2e:fc:92:f1:05:
                    9f:27:96:67:13:0a:ce:27:a1:8f:02:d1:7d:be:37:
                    9b:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:D5:59:7A:59:6E:53:9D:7E:B6:68:94:97:F3:8D:18:61:4D:67:2B
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/h9VZelluU51-tmiUl_ONGGFNZys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.181.64.0/24
                  193.181.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6c:70:0c:6c:51:8e:58:8b:9f:a8:f2:bc:e0:ac:a8:b6:d7:4d:
         dd:21:da:c0:5e:18:97:5e:73:29:52:c4:7c:ab:50:ea:ee:ce:
         8e:df:88:ee:1a:3d:cd:28:1e:33:3e:68:2c:26:8e:d6:86:a8:
         99:6f:e0:a9:3b:20:d0:6b:95:54:70:13:8c:58:97:44:db:4c:
         78:c2:48:55:f3:d4:7d:6c:38:b9:f0:be:d0:6b:3d:b0:d2:05:
         5e:5a:08:82:f4:54:c2:a3:63:7a:59:74:51:d1:e7:23:48:73:
         e7:2d:fa:2e:d2:9b:4c:3c:0f:c9:ca:a9:f9:33:c3:35:c6:9d:
         10:62:c8:ee:48:0b:54:47:0d:e0:ab:99:c7:be:aa:21:65:a1:
         f7:c7:94:e2:7b:d1:45:48:7a:1d:ac:80:a9:14:9e:45:9f:fc:
         70:77:80:eb:e2:71:c0:bc:73:fa:a7:54:c6:db:f2:30:69:c0:
         8b:12:cb:c2:1f:17:50:4b:46:91:02:e0:5d:60:d5:35:34:ae:
         33:f7:3d:0f:39:62:de:e5:20:f7:0f:63:1f:40:86:75:1a:0c:
         a7:a6:95:d8:21:69:49:d6:a0:8d:6c:af:20:02:a8:d6:b1:f6:
         ee:4d:9f:bc:0d:ee:60:35:cd:90:bd:ae:4a:5a:b8:25:6e:ec:
         64:a0:62:7d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZJWl5vA7h7FDkD4rjaULw34MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQxMDA0MDgxMzQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2Q1NTk3YTU5NmU1MzlkN2ViNjY4OTQ5N2YzOGQxODYxNGQ2NzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnwu8ijf8kpT4wBvSOgjzM8QrIbfR
8KBO/1K8Mp+B/9DUkDsjaKzdOrq5oTqimTRH0vDN5WpulN+u8XFYbHEge+Owy5gY
w6oWG9x5dD4ikJoYH+8bFZljYOSVi8ioNF635+RGy9HurO/SPg65lu2US46lygNe
/qWNq0IjOGEL9cVs5MMDVbdVyX03e3ikYa8Q5WM8oxnDub/BZXQBRbAfBXEFZbDT
5H8ugaFNpT13ncGXqWtPZnlfn/8lU4ekLc2ADfOG/LLLyvYczIKYdeswmenrMhLa
CF4PpZD2ClTJ9OmS3EJvKZpYYLuELvyS8QWfJ5ZnEwrOJ6GPAtF9vjebNwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIfVWXpZblOdfrZolJfzjRhhTWcrMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvaDlWWmVsbHVVNTEtdG1pVWxfT05HR0ZOWnlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwbVAAwQB
wbV+MA0GCSqGSIb3DQEBCwUAA4IBAQBscAxsUY5Yi5+o8rzgrKi2103dIdrAXhiX
XnMpUsR8q1Dq7s6O34juGj3NKB4zPmgsJo7WhqiZb+CpOyDQa5VUcBOMWJdE20x4
wkhV89R9bDi58L7Qaz2w0gVeWgiC9FTCo2N6WXRR0ecjSHPnLfou0ptMPA/Jyqn5
M8M1xp0QYsjuSAtURw3gq5nHvqohZaH3x5Tie9FFSHodrICpFJ5Fn/xwd4Dr4nHA
vHP6p1TG2/IwacCLEsvCHxdQS0aRAuBdYNU1NK4z9z0POWLe5SD3D2MfQIZ1Ggyn
ppXYIWlJ1qCNbK8gAqjWsfbuTZ+8De5gNc2Qva5KWrglbuxkoGJ9
-----END CERTIFICATE-----