Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/tS682tWueQG9AX1Ia_xPG11BUv0.roa
File:                     tS682tWueQG9AX1Ia_xPG11BUv0.roa (raw, json)
Hash identifier:          wVCZzHYz94gE6ByhegThy0Ttq1JpUDkxuwOa5+c6jgE=
Subject key identifier:   B5:2E:BC:DA:D5:AE:79:01:BD:01:7D:48:6B:FC:4F:1B:5D:41:52:FD
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018CC80304A44CE6D3B5370CEA75B19BF68B
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/tS682tWueQG9AX1Ia_xPG11BUv0.roa
Signing time:             Tue 02 Jan 2024 02:31:30 +0000
ROA not before:           Tue 02 Jan 2024 02:31:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208453
IP address blocks:        193.181.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:03:04:a4:4c:e6:d3:b5:37:0c:ea:75:b1:9b:f6:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 02:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b52ebcdad5ae7901bd017d486bfc4f1b5d4152fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:d1:85:68:ba:ab:a7:b9:a0:20:70:8a:c0:b6:
                    75:2c:d5:78:cb:9c:73:8c:64:fd:dc:5a:96:f9:0b:
                    04:41:9e:d3:bf:74:b8:2c:c5:02:e5:27:d2:8b:85:
                    26:91:3a:cb:7a:4f:e9:41:59:57:48:4b:05:f8:13:
                    58:37:e6:dc:fd:56:e1:92:81:ee:a6:6d:13:2e:87:
                    e9:ff:0a:4e:e4:96:59:7b:5b:e2:08:8c:a2:ca:64:
                    7c:28:f8:5a:05:18:1e:41:7e:dd:74:de:67:f7:8c:
                    d3:23:f0:ef:e8:62:f3:b7:1d:fe:4f:4c:37:b2:a1:
                    55:06:f6:8a:89:6f:6d:0f:0d:f3:34:f4:e4:c7:ff:
                    ed:e4:e3:a3:84:52:56:0f:3d:70:20:07:17:6d:58:
                    cc:24:9a:cd:ad:9e:6a:9f:26:0f:80:63:1a:35:33:
                    00:0b:e2:08:fd:94:54:15:26:98:57:e7:78:d8:a4:
                    d0:21:40:19:9f:5f:db:13:64:ec:4e:4d:14:ca:62:
                    48:af:9a:e8:d2:d2:91:36:d2:10:22:5c:fc:53:cd:
                    b3:a2:45:66:9b:9e:ff:bc:98:3b:75:ad:ad:dd:d7:
                    e3:7c:ef:e9:83:b0:b0:64:42:23:8b:26:75:9a:b6:
                    a8:66:5d:16:bb:90:7b:96:fd:e5:d8:4b:e3:e4:60:
                    bd:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:2E:BC:DA:D5:AE:79:01:BD:01:7D:48:6B:FC:4F:1B:5D:41:52:FD
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/tS682tWueQG9AX1Ia_xPG11BUv0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.181.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:6d:d3:13:14:97:90:1e:ec:74:1a:76:e4:87:1f:12:7b:d2:
         b6:75:25:8e:5f:f2:33:ff:3d:f9:01:f0:d0:d5:e3:69:89:3d:
         d0:f0:6d:80:0b:da:77:d5:94:0e:e5:cb:ea:2d:25:63:e7:99:
         e7:e6:44:f0:25:a5:16:dc:35:32:fa:86:85:2d:4e:28:45:c0:
         61:69:3f:70:cd:ae:48:db:c3:75:0e:92:93:f0:ff:56:c3:2e:
         76:ae:ad:1e:be:6d:95:f6:2a:00:fc:e3:b1:bf:d6:48:ab:e2:
         36:b2:45:17:9d:8d:91:e0:e5:b9:01:fb:b5:80:39:b8:ee:88:
         5e:56:68:b2:84:f4:a9:e0:bd:58:9f:ff:44:f6:5f:0e:e6:79:
         d4:d6:f1:bd:1a:a9:26:e9:12:0c:f5:fe:d5:c1:e0:71:20:8b:
         18:7e:03:d8:fa:ea:5a:2f:64:42:49:ae:09:6f:cb:3c:d4:60:
         66:54:c0:20:02:c0:98:88:52:47:c7:d7:8e:0b:e2:c8:1b:ee:
         57:fc:4f:e9:a7:30:db:78:ee:78:96:78:c1:4a:0a:80:49:c8:
         19:85:34:8f:0e:33:75:2a:f5:bb:86:00:7d:05:53:43:0b:6c:
         5d:10:43:8b:91:67:d1:d1:9e:bd:89:c8:9f:4b:9b:a3:cb:fd:
         9d:b0:fb:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAwSkTObTtTcM6nWxm/aLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwMTAyMDIzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTJlYmNkYWQ1YWU3OTAxYmQwMTdkNDg2YmZjNGYxYjVkNDE1MmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAudGFaLqrp7mgIHCKwLZ1LNV4y5xz
jGT93FqW+QsEQZ7Tv3S4LMUC5SfSi4UmkTrLek/pQVlXSEsF+BNYN+bc/VbhkoHu
pm0TLofp/wpO5JZZe1viCIyiymR8KPhaBRgeQX7ddN5n94zTI/Dv6GLztx3+T0w3
sqFVBvaKiW9tDw3zNPTkx//t5OOjhFJWDz1wIAcXbVjMJJrNrZ5qnyYPgGMaNTMA
C+II/ZRUFSaYV+d42KTQIUAZn1/bE2TsTk0UymJIr5ro0tKRNtIQIlz8U82zokVm
m57/vJg7da2t3dfjfO/pg7CwZEIjiyZ1mraoZl0Wu5B7lv3l2Evj5GC94wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLUuvNrVrnkBvQF9SGv8TxtdQVL9MB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvdFM2ODJ0V3VlUUc5QVgxSWFfeFBHMTFCVXYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbUXMA0G
CSqGSIb3DQEBCwUAA4IBAQCGbdMTFJeQHux0Gnbkhx8Se9K2dSWOX/Iz/z35AfDQ
1eNpiT3Q8G2AC9p31ZQO5cvqLSVj55nn5kTwJaUW3DUy+oaFLU4oRcBhaT9wza5I
28N1DpKT8P9Wwy52rq0evm2V9ioA/OOxv9ZIq+I2skUXnY2R4OW5Afu1gDm47ohe
VmiyhPSp4L1Yn/9E9l8O5nnU1vG9Gqkm6RIM9f7VweBxIIsYfgPY+upaL2RCSa4J
b8s81GBmVMAgAsCYiFJHx9eOC+LIG+5X/E/ppzDbeO54lnjBSgqAScgZhTSPDjN1
KvW7hgB9BVNDC2xdEEOLkWfR0Z69icifS5ujy/2dsPuO
-----END CERTIFICATE-----