Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/i6zOrjN3Kv9CAVJl-8MrlWNjgdk.roa
File:                     i6zOrjN3Kv9CAVJl-8MrlWNjgdk.roa (raw, json)
Hash identifier:          IRJh7KCh11tb3V8cV8ePduEmeJ2JMfX7ped8JvdNgFw=
Subject key identifier:   8B:AC:CE:AE:33:77:2A:FF:42:01:52:65:FB:C3:2B:95:63:63:81:D9
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018F2F1A5F0E7E7D9D618DE66938A5BC1063
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/i6zOrjN3Kv9CAVJl-8MrlWNjgdk.roa
Signing time:             Tue 30 Apr 2024 13:03:28 +0000
ROA not before:           Tue 30 Apr 2024 13:03:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198549
IP address blocks:        192.36.36.0/24 maxlen: 24
                          192.36.214.0/23 maxlen: 24
                          192.71.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:2f:1a:5f:0e:7e:7d:9d:61:8d:e6:69:38:a5:bc:10:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Apr 30 13:03:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8bacceae33772aff42015265fbc32b95636381d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:2a:7d:2f:23:36:12:e6:86:71:32:87:6c:0f:
                    c7:58:ce:d6:9c:b3:78:62:1d:1f:b2:cb:f5:0c:f2:
                    b0:7f:96:ae:3c:c3:6f:60:4f:31:ea:ca:80:b5:79:
                    12:dd:9e:24:70:3a:34:ac:12:0d:47:bc:92:28:cc:
                    63:25:f3:80:a8:76:9d:fe:ce:2e:10:45:90:af:68:
                    32:d0:da:cd:d5:2a:3e:65:e7:3d:5b:75:79:38:d9:
                    bc:88:44:53:8d:68:ad:a0:a6:a3:a8:cc:06:aa:5f:
                    32:3a:07:be:e8:9b:65:93:e7:79:32:29:44:12:9e:
                    6e:93:e5:ca:86:77:0d:28:a8:ff:4e:84:ef:ad:f0:
                    42:fd:bb:97:6f:44:cb:56:8e:15:b3:53:5d:26:3c:
                    9a:a7:83:ea:9f:41:1a:e5:a0:69:0e:17:25:9e:27:
                    49:32:79:84:8f:96:a4:44:97:82:a1:e3:1d:32:42:
                    52:2a:89:f2:e4:eb:80:6d:07:53:c4:85:e6:37:32:
                    f7:b0:0b:f9:70:41:5c:72:30:31:00:16:02:86:09:
                    d9:86:0f:7e:19:b7:61:38:cc:ef:d4:0a:74:4b:bf:
                    20:c9:ce:b3:8d:16:94:e9:09:cd:25:87:5d:1f:6f:
                    1f:48:f8:cc:b7:50:86:84:a5:c0:8f:1a:1c:4b:75:
                    07:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:AC:CE:AE:33:77:2A:FF:42:01:52:65:FB:C3:2B:95:63:63:81:D9
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/i6zOrjN3Kv9CAVJl-8MrlWNjgdk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.36.36.0/24
                  192.36.214.0/23
                  192.71.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:a1:d3:ab:4c:07:5b:bf:14:e8:7e:b5:4e:23:6c:8d:ca:cd:
         59:6c:07:1d:46:d9:59:6b:d1:be:c9:84:b9:da:36:f2:34:86:
         de:34:dc:3e:e8:de:f0:58:a5:0f:91:d7:58:57:3c:cc:06:2a:
         64:08:55:75:31:e4:ff:6c:00:ea:d4:19:c3:d8:b3:cb:34:d4:
         be:9f:1d:6f:cb:96:fa:67:78:af:d0:3d:63:1a:b6:f5:c1:50:
         2b:01:8e:ed:a9:8b:2f:2d:2b:7b:75:af:d4:37:b1:8d:31:d2:
         b3:f2:0b:ec:37:ec:e2:22:14:71:3a:60:d0:3f:92:20:ad:7c:
         d2:06:64:5a:62:f0:e1:28:c3:c5:2a:b3:0c:00:ec:c5:a3:ef:
         cb:0c:fe:aa:10:dc:02:6f:62:dd:74:a2:1b:ab:fa:a1:e9:7c:
         df:fe:52:b1:a6:20:6d:d4:3e:83:3d:f3:1b:27:80:44:1e:6a:
         57:03:e3:b5:ec:90:f1:f6:74:fa:0c:49:09:c5:58:3c:04:4a:
         d0:3a:e2:d8:4f:51:1b:67:e4:53:62:de:0b:f7:dc:db:00:56:
         cb:4c:fb:88:cb:8b:f8:5c:8e:b1:bb:10:0f:d4:30:4f:f6:94:
         54:a7:1e:59:a1:78:48:f0:7d:a5:f8:fb:53:61:0d:46:e1:41:
         e7:66:0d:76
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY8vGl8Ofn2dYY3maTilvBBjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwNDMwMTMwMzI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmFjY2VhZTMzNzcyYWZmNDIwMTUyNjVmYmMzMmI5NTYzNjM4MWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzip9LyM2EuaGcTKHbA/HWM7WnLN4
Yh0fssv1DPKwf5auPMNvYE8x6sqAtXkS3Z4kcDo0rBINR7ySKMxjJfOAqHad/s4u
EEWQr2gy0NrN1So+Zec9W3V5ONm8iERTjWitoKajqMwGql8yOge+6Jtlk+d5MilE
Ep5uk+XKhncNKKj/ToTvrfBC/buXb0TLVo4Vs1NdJjyap4Pqn0Ea5aBpDhclnidJ
MnmEj5akRJeCoeMdMkJSKony5OuAbQdTxIXmNzL3sAv5cEFccjAxABYChgnZhg9+
GbdhOMzv1Ap0S78gyc6zjRaU6QnNJYddH28fSPjMt1CGhKXAjxocS3UHfQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIuszq4zdyr/QgFSZfvDK5VjY4HZMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvaTZ6T3JqTjNLdjlDQVZKbC04TXJsV05qZ2RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwCQkAwQB
wCTWAwQAwEfHMA0GCSqGSIb3DQEBCwUAA4IBAQAOodOrTAdbvxTofrVOI2yNys1Z
bAcdRtlZa9G+yYS52jbyNIbeNNw+6N7wWKUPkddYVzzMBipkCFV1MeT/bADq1BnD
2LPLNNS+nx1vy5b6Z3iv0D1jGrb1wVArAY7tqYsvLSt7da/UN7GNMdKz8gvsN+zi
IhRxOmDQP5IgrXzSBmRaYvDhKMPFKrMMAOzFo+/LDP6qENwCb2LddKIbq/qh6Xzf
/lKxpiBt1D6DPfMbJ4BEHmpXA+O17JDx9nT6DEkJxVg8BErQOuLYT1EbZ+RTYt4L
99zbAFbLTPuIy4v4XI6xuxAP1DBP9pRUpx5ZoXhI8H2l+PtTYQ1G4UHnZg12
-----END CERTIFICATE-----