Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/pzMn44imb5-yoDlIdW04WUo2v24.roa
File:                     pzMn44imb5-yoDlIdW04WUo2v24.roa (raw, json)
Hash identifier:          vgZ0TZkqquNI2xtD8ApszOs2hgUjJEiSckb4zqtxF28=
Subject key identifier:   A7:33:27:E3:88:A6:6F:9F:B2:A0:39:48:75:6D:38:59:4A:36:BF:6E
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018CC802E08965A2C19FFB9205EB815AB692
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/pzMn44imb5-yoDlIdW04WUo2v24.roa
Signing time:             Tue 02 Jan 2024 02:31:20 +0000
ROA not before:           Tue 02 Jan 2024 02:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15830
IP address blocks:        192.176.176.0/21 maxlen: 24
                          192.71.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:e0:89:65:a2:c1:9f:fb:92:05:eb:81:5a:b6:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 02:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a73327e388a66f9fb2a03948756d38594a36bf6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:27:38:d2:18:a9:55:31:f5:db:25:1f:78:dd:
                    59:af:aa:90:dd:f1:52:6e:5e:13:1a:bf:a3:89:6b:
                    b2:4c:61:8c:24:2f:32:2c:fc:e4:3b:36:72:9c:6c:
                    c9:5c:40:b5:c0:e5:e2:c9:5e:33:4b:1a:fe:57:20:
                    62:33:51:85:78:54:f2:b8:2b:2e:1b:a1:3d:02:63:
                    88:ac:b1:35:da:8a:b3:a5:32:92:c4:b0:9e:29:0b:
                    10:0a:4d:de:40:af:95:ba:ff:a6:d8:78:13:8a:70:
                    2f:e6:d8:78:0f:7f:60:40:2b:86:7a:d0:4f:0a:76:
                    77:d6:d5:f1:d8:2b:ca:c4:b8:02:44:0b:79:d0:a3:
                    cd:6c:d2:64:3b:bf:0a:59:57:74:e4:80:57:d9:dc:
                    29:13:4a:f1:13:de:3b:12:64:6d:7c:7c:28:4b:b0:
                    9a:0f:33:64:65:60:59:99:4d:ac:ec:ed:7e:38:71:
                    18:d4:73:b3:31:33:f1:49:46:17:46:cd:1b:42:29:
                    c3:fe:23:66:b2:bc:bc:20:31:ee:87:bd:b6:6b:9d:
                    41:3a:c4:3b:1c:3c:5d:9a:d5:dc:6f:6a:b1:cf:f1:
                    1f:a6:31:af:d8:db:9c:68:6b:eb:5d:06:4b:5c:bb:
                    6f:5d:61:f0:4b:8a:75:88:55:66:94:7e:b0:d6:27:
                    42:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:33:27:E3:88:A6:6F:9F:B2:A0:39:48:75:6D:38:59:4A:36:BF:6E
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/pzMn44imb5-yoDlIdW04WUo2v24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.71.155.0/24
                  192.176.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         4b:26:ca:ae:54:d4:af:44:6b:39:53:2c:78:8c:6d:25:65:02:
         42:2d:54:d7:ff:09:3b:f0:89:10:c1:b9:78:61:2b:02:70:6d:
         9a:c0:e2:8f:72:44:7f:d0:a1:0c:b9:1f:00:c1:b4:0a:2d:6c:
         90:65:70:e8:5c:ed:0c:71:56:2d:71:1e:eb:f4:ca:2c:5c:ef:
         6c:0b:59:ad:cf:ac:c4:15:fa:2f:f9:84:5b:52:78:39:43:a5:
         af:45:4e:fd:ff:20:f8:cd:ec:f2:36:13:b4:f9:f5:43:60:ac:
         9f:60:b5:cb:48:cd:56:32:56:d3:f4:c5:dd:8f:06:60:b9:19:
         af:eb:32:36:d1:d8:74:8b:1f:72:7b:bb:b1:d2:32:36:b8:2b:
         d9:f1:6c:ba:23:6d:f8:91:a9:94:f1:a8:91:75:0b:a3:68:20:
         55:8d:db:05:6c:fc:92:bf:f8:bf:00:d8:32:28:cd:0e:23:5a:
         0e:62:0a:c7:77:ef:33:44:1d:4d:ac:4a:93:b6:cb:7e:c8:a6:
         c8:c5:18:76:99:63:05:ed:37:b7:c8:ff:dd:31:ad:53:f5:de:
         b3:36:8d:e6:a6:e6:6b:c0:9f:3a:34:9e:e7:4f:d8:dc:97:79:
         eb:b6:8d:80:38:22:f9:06:a2:d7:f2:b2:3b:da:10:09:39:84:
         96:3a:24:b7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAuCJZaLBn/uSBeuBWraSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwMTAyMDIzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzMzMjdlMzg4YTY2ZjlmYjJhMDM5NDg3NTZkMzg1OTRhMzZiZjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhSc40hipVTH12yUfeN1Zr6qQ3fFS
bl4TGr+jiWuyTGGMJC8yLPzkOzZynGzJXEC1wOXiyV4zSxr+VyBiM1GFeFTyuCsu
G6E9AmOIrLE12oqzpTKSxLCeKQsQCk3eQK+Vuv+m2HgTinAv5th4D39gQCuGetBP
CnZ31tXx2CvKxLgCRAt50KPNbNJkO78KWVd05IBX2dwpE0rxE947EmRtfHwoS7Ca
DzNkZWBZmU2s7O1+OHEY1HOzMTPxSUYXRs0bQinD/iNmsry8IDHuh722a51BOsQ7
HDxdmtXcb2qxz/EfpjGv2NucaGvrXQZLXLtvXWHwS4p1iFVmlH6w1idCCwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKczJ+OIpm+fsqA5SHVtOFlKNr9uMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvcHpNbjQ0aW1iNS15b0RsSWRXMDRXVW8ydjI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwEebAwQD
wLCwMA0GCSqGSIb3DQEBCwUAA4IBAQBLJsquVNSvRGs5Uyx4jG0lZQJCLVTX/wk7
8IkQwbl4YSsCcG2awOKPckR/0KEMuR8AwbQKLWyQZXDoXO0McVYtcR7r9MosXO9s
C1mtz6zEFfov+YRbUng5Q6WvRU79/yD4zezyNhO0+fVDYKyfYLXLSM1WMlbT9MXd
jwZguRmv6zI20dh0ix9ye7ux0jI2uCvZ8Wy6I234kamU8aiRdQujaCBVjdsFbPyS
v/i/ANgyKM0OI1oOYgrHd+8zRB1NrEqTtst+yKbIxRh2mWMF7Te3yP/dMa1T9d6z
No3mpuZrwJ86NJ7nT9jcl3nrto2AOCL5BqLX8rI72hAJOYSWOiS3
-----END CERTIFICATE-----