Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/hWAlpMn5kH9TISz4h4zFTOZniPw.roa
File:                     hWAlpMn5kH9TISz4h4zFTOZniPw.roa (raw, json)
Hash identifier:          7/as3BAdNR5bnQb1xc9U6rNSiHfSxM9jxiioGCVrkSs=
Subject key identifier:   85:60:25:A4:C9:F9:90:7F:53:21:2C:F8:87:8C:C5:4C:E6:67:88:FC
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       0194274859F6A777F7438F79A8EE50636573
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/hWAlpMn5kH9TISz4h4zFTOZniPw.roa
Signing time:             Thu 02 Jan 2025 13:50:40 +0000
ROA not before:           Thu 02 Jan 2025 13:50:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47708
IP address blocks:        192.121.194.0/24 maxlen: 24
                          192.165.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:59:f6:a7:77:f7:43:8f:79:a8:ee:50:63:65:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 13:50:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=856025a4c9f9907f53212cf8878cc54ce66788fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:ad:bc:0a:28:d3:f9:10:10:37:5c:43:19:11:
                    ab:e6:da:c0:13:2a:19:db:6f:7f:cd:f6:da:7f:30:
                    d0:ac:5f:4a:de:06:e6:1e:d3:10:24:79:55:60:cc:
                    5e:48:95:ab:6b:8c:f8:a3:64:fd:0b:ac:d5:a0:fd:
                    0e:ba:47:46:79:69:fc:5b:2d:7c:12:f1:3c:40:a8:
                    29:85:2c:ed:4a:05:16:2c:6c:e1:50:a1:fe:04:18:
                    de:c1:9f:84:9b:7e:98:31:76:01:c2:a2:cd:a2:16:
                    b1:6d:f6:2f:10:e5:09:01:5c:94:a2:99:9b:73:2e:
                    83:5f:88:37:da:3c:0e:d1:b6:8b:f6:2b:05:20:0e:
                    05:70:1d:ab:68:4a:35:37:8b:24:4d:87:89:80:7b:
                    9e:8d:8f:ed:4f:57:f5:63:e6:cf:23:42:62:d9:22:
                    27:7a:a3:f7:67:a8:8e:a6:30:13:12:74:3d:1c:8c:
                    6b:66:35:5f:06:39:91:0d:20:88:5c:1b:55:d9:c6:
                    e0:28:27:cf:7f:ff:3d:39:29:c6:e0:8c:47:a1:73:
                    cb:21:92:58:a7:0b:f9:80:44:69:e4:0e:59:dd:13:
                    7c:89:47:e2:c4:63:8c:dd:66:0b:da:35:91:5d:db:
                    cf:13:d0:17:d5:ca:bc:0e:2f:6e:e0:f3:99:9b:c5:
                    99:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:60:25:A4:C9:F9:90:7F:53:21:2C:F8:87:8C:C5:4C:E6:67:88:FC
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/hWAlpMn5kH9TISz4h4zFTOZniPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.121.194.0/24
                  192.165.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:13:da:ed:38:41:4d:aa:77:1b:02:7b:45:18:b3:74:82:c8:
         7f:0c:09:71:2b:37:b7:8d:d2:b4:90:1f:39:bb:37:d3:4f:84:
         21:06:f9:c8:6f:9e:c9:ac:e0:34:59:97:ed:df:c0:01:49:fb:
         81:08:f1:be:ac:83:e4:f4:01:11:5a:f4:7f:7e:1b:33:11:ba:
         bd:c5:cf:6e:47:85:87:7b:72:fe:e5:30:03:f9:6c:ae:d1:d5:
         8d:48:0b:42:33:3f:ae:3d:4c:0e:5e:ad:06:d3:ae:53:56:0a:
         ef:bf:9a:db:61:1f:f2:68:94:10:fb:84:70:6e:86:94:a8:ae:
         2a:2c:43:a5:9b:ae:37:b2:45:c5:1d:6c:c1:66:88:6b:57:f1:
         ae:6d:07:a0:c0:e4:57:a0:20:54:14:ff:af:95:98:86:82:f9:
         ef:82:74:27:41:ae:55:8a:cd:d6:2d:ea:95:be:c6:9b:a1:db:
         13:63:c8:cd:9e:e5:a9:97:37:fb:6f:7c:ad:8a:80:9c:3a:c1:
         61:61:91:65:8b:9e:b9:ee:16:ad:8c:dd:56:73:91:fd:a6:cf:
         a0:18:bd:bc:6b:d6:5c:19:3c:4a:85:68:b5:5d:42:0d:47:f9:
         25:6a:b5:2e:2d:83:77:d9:61:0c:80:f9:b8:da:54:f4:96:3c:
         f7:cb:54:0f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnSFn2p3f3Q495qO5QY2VzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwMTAyMTM1MDQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTYwMjVhNGM5Zjk5MDdmNTMyMTJjZjg4NzhjYzU0Y2U2Njc4OGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4q28CijT+RAQN1xDGRGr5trAEyoZ
229/zfbafzDQrF9K3gbmHtMQJHlVYMxeSJWra4z4o2T9C6zVoP0OukdGeWn8Wy18
EvE8QKgphSztSgUWLGzhUKH+BBjewZ+Em36YMXYBwqLNohaxbfYvEOUJAVyUopmb
cy6DX4g32jwO0baL9isFIA4FcB2raEo1N4skTYeJgHuejY/tT1f1Y+bPI0Ji2SIn
eqP3Z6iOpjATEnQ9HIxrZjVfBjmRDSCIXBtV2cbgKCfPf/89OSnG4IxHoXPLIZJY
pwv5gERp5A5Z3RN8iUfixGOM3WYL2jWRXdvPE9AX1cq8Di9u4POZm8WZFwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIVgJaTJ+ZB/UyEs+IeMxUzmZ4j8MB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvaFdBbHBNbjVrSDlUSVN6NGg0ekZUT1puaVB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwHnCAwQA
wKUIMA0GCSqGSIb3DQEBCwUAA4IBAQCnE9rtOEFNqncbAntFGLN0gsh/DAlxKze3
jdK0kB85uzfTT4QhBvnIb57JrOA0WZft38ABSfuBCPG+rIPk9AERWvR/fhszEbq9
xc9uR4WHe3L+5TAD+Wyu0dWNSAtCMz+uPUwOXq0G065TVgrvv5rbYR/yaJQQ+4Rw
boaUqK4qLEOlm643skXFHWzBZohrV/GubQegwORXoCBUFP+vlZiGgvnvgnQnQa5V
is3WLeqVvsabodsTY8jNnuWplzf7b3ytioCcOsFhYZFli5657hatjN1Wc5H9ps+g
GL28a9ZcGTxKhWi1XUINR/klarUuLYN32WEMgPm42lT0ljz3y1QP
-----END CERTIFICATE-----