Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/k2WL9tdnS14JPX3x7xt7ltERSUo.roa
File:                     k2WL9tdnS14JPX3x7xt7ltERSUo.roa (raw, json)
Hash identifier:          5MTi4SLFv3IhT6A68eY+VC2Ueoye9lBLEPs8pmCC1rQ=
Subject key identifier:   93:65:8B:F6:D7:67:4B:5E:09:3D:7D:F1:EF:1B:7B:96:D1:11:49:4A
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018CC802F9569F4EEB3A3D49E93269C2C906
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/k2WL9tdnS14JPX3x7xt7ltERSUo.roa
Signing time:             Tue 02 Jan 2024 02:31:27 +0000
ROA not before:           Tue 02 Jan 2024 02:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197308
IP address blocks:        192.121.252.0/24 maxlen: 24
                          192.36.169.0/24 maxlen: 24
                          192.36.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:f9:56:9f:4e:eb:3a:3d:49:e9:32:69:c2:c9:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 02:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93658bf6d7674b5e093d7df1ef1b7b96d111494a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:32:6f:28:a3:60:7e:b7:3d:5d:95:56:46:23:
                    8e:7d:52:04:be:17:e3:6b:ec:2a:93:7e:ec:fe:89:
                    de:a0:fa:c0:07:87:79:04:5c:b5:76:13:03:cb:80:
                    c5:2d:7e:84:c7:eb:6c:a8:fb:a7:ca:cd:55:a9:ed:
                    b1:bb:32:df:d5:7f:09:8c:4e:b3:a8:29:c5:51:0d:
                    fc:aa:56:e2:89:05:d1:e5:4b:d6:a6:cd:ed:61:c7:
                    76:c4:d6:88:45:a5:59:bb:1d:60:01:d1:0a:e4:ff:
                    99:fc:bc:e1:0b:1a:aa:bb:b0:eb:3b:72:c5:c7:b1:
                    8f:94:eb:f2:39:c2:b3:5f:eb:60:c6:19:92:18:5e:
                    90:95:38:05:64:f4:52:27:87:97:35:50:9a:57:4c:
                    88:83:3d:95:59:ce:1e:f7:35:d8:a7:40:0b:7e:a7:
                    2e:0d:ab:b1:88:43:d5:fc:c3:ff:24:ad:4e:ce:2c:
                    ba:11:f2:b7:6a:36:d6:e8:ff:4b:05:a0:b0:e0:f6:
                    fc:d8:28:13:d1:be:bf:69:50:df:91:36:2d:2e:40:
                    5b:a3:1f:f5:6e:60:db:30:1a:0c:00:30:e3:df:78:
                    dd:d3:9a:37:fd:ad:87:07:da:95:66:1b:b8:76:d7:
                    aa:ed:a4:98:5e:69:5a:e4:ca:ca:19:d8:97:63:4d:
                    14:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:65:8B:F6:D7:67:4B:5E:09:3D:7D:F1:EF:1B:7B:96:D1:11:49:4A
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/k2WL9tdnS14JPX3x7xt7ltERSUo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.36.169.0/24
                  192.36.199.0/24
                  192.121.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:e7:59:d6:1c:56:35:74:6d:d9:ff:59:9c:6c:fa:56:26:74:
         b0:57:37:3d:6e:b9:34:02:7d:2e:41:e6:7f:6f:7e:17:2d:dc:
         27:88:32:d2:e5:6a:70:c8:c2:33:63:ce:be:12:a4:37:cd:20:
         f9:14:b2:ed:80:22:9e:eb:c7:db:72:2a:60:be:d7:ad:b8:20:
         e5:f7:19:a5:6a:75:78:07:c8:38:37:4b:34:5c:b3:38:99:aa:
         b3:39:34:8b:48:04:6f:0d:9b:81:a5:04:d8:99:39:d2:f8:b4:
         e8:ca:76:98:00:7a:c0:ef:88:68:39:74:31:18:e0:39:97:4a:
         3d:56:10:cd:b9:37:cb:41:1b:d3:3f:4c:e7:1d:da:5b:c8:d5:
         bb:0e:63:74:31:f5:85:f5:ac:ee:75:f1:45:a7:d3:5d:f5:63:
         1d:11:78:de:dc:c2:c4:5b:fb:4c:48:e3:a4:04:b1:1c:9d:8b:
         8b:14:45:30:57:13:75:ef:84:4c:a2:5c:bd:39:32:7f:f8:e6:
         1f:f0:f5:71:5b:fb:45:fa:c1:aa:9e:98:35:7c:94:80:1e:ae:
         8d:51:5a:a7:06:02:f4:50:a9:6d:65:53:df:0e:92:53:67:4a:
         5b:08:0d:ef:35:b8:c5:dd:9f:b7:60:6d:3d:05:7c:c1:f2:fa:
         67:4a:1c:f5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzIAvlWn07rOj1J6TJpwskGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwMTAyMDIzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzY1OGJmNmQ3Njc0YjVlMDkzZDdkZjFlZjFiN2I5NmQxMTE0OTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhzJvKKNgfrc9XZVWRiOOfVIEvhfj
a+wqk37s/oneoPrAB4d5BFy1dhMDy4DFLX6Ex+tsqPunys1Vqe2xuzLf1X8JjE6z
qCnFUQ38qlbiiQXR5UvWps3tYcd2xNaIRaVZux1gAdEK5P+Z/LzhCxqqu7DrO3LF
x7GPlOvyOcKzX+tgxhmSGF6QlTgFZPRSJ4eXNVCaV0yIgz2VWc4e9zXYp0ALfqcu
DauxiEPV/MP/JK1Oziy6EfK3ajbW6P9LBaCw4Pb82CgT0b6/aVDfkTYtLkBbox/1
bmDbMBoMADDj33jd05o3/a2HB9qVZhu4dteq7aSYXmla5MrKGdiXY00UaQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJNli/bXZ0teCT198e8be5bREUlKMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvazJXTDl0ZG5TMTRKUFgzeDd4dDdsdEVSU1VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwCSpAwQA
wCTHAwQAwHn8MA0GCSqGSIb3DQEBCwUAA4IBAQA951nWHFY1dG3Z/1mcbPpWJnSw
Vzc9brk0An0uQeZ/b34XLdwniDLS5WpwyMIzY86+EqQ3zSD5FLLtgCKe68fbcipg
vtetuCDl9xmlanV4B8g4N0s0XLM4maqzOTSLSARvDZuBpQTYmTnS+LToynaYAHrA
74hoOXQxGOA5l0o9VhDNuTfLQRvTP0znHdpbyNW7DmN0MfWF9azudfFFp9Nd9WMd
EXje3MLEW/tMSOOkBLEcnYuLFEUwVxN174RMoly9OTJ/+OYf8PVxW/tF+sGqnpg1
fJSAHq6NUVqnBgL0UKltZVPfDpJTZ0pbCA3vNbjF3Z+3YG09BXzB8vpnShz1
-----END CERTIFICATE-----