Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/tm2wB1MpEsLVxc3tyqlJOmSr_X8.roa
File:                     tm2wB1MpEsLVxc3tyqlJOmSr_X8.roa (raw, json)
Hash identifier:          iKy+WeVqAhkDBDCdEZzm5EPDpmXSmdtza25G9KsokjA=
Subject key identifier:   B6:6D:B0:07:53:29:12:C2:D5:C5:CD:ED:CA:A9:49:3A:64:AB:FD:7F
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       01942748727414AA2F1715AFF9734A1FB3BC
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/tm2wB1MpEsLVxc3tyqlJOmSr_X8.roa
Signing time:             Thu 02 Jan 2025 13:50:46 +0000
ROA not before:           Thu 02 Jan 2025 13:50:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204334
IP address blocks:        193.180.188.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:72:74:14:aa:2f:17:15:af:f9:73:4a:1f:b3:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 13:50:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b66db007532912c2d5c5cdedcaa9493a64abfd7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:e9:56:f6:45:db:04:da:7f:42:ae:df:85:7d:
                    26:54:bb:b7:ca:54:aa:0f:8f:3c:48:01:24:5e:11:
                    0c:ae:4e:20:6c:ce:7b:f5:b5:2a:26:99:f2:44:94:
                    71:a9:df:74:10:cf:08:b2:cc:2e:5d:9c:fd:e4:16:
                    34:cf:d5:73:3b:66:02:a8:22:fa:b2:be:7f:aa:b9:
                    ab:3c:af:ab:bf:6a:7d:bf:ce:31:51:21:06:2e:4b:
                    f5:0d:0e:dd:46:83:52:80:00:e2:64:fb:37:9b:1a:
                    08:bf:2b:99:63:b8:9d:e7:85:c4:0e:4e:3f:c1:00:
                    a0:67:32:c5:c1:61:74:2a:cb:f7:48:2d:55:da:b1:
                    e3:0d:bb:8c:3b:2e:2a:69:47:5e:6d:f6:d7:f1:b0:
                    ff:81:27:fb:ab:79:9e:34:50:ea:eb:09:ee:e5:81:
                    ba:c8:b3:33:ad:11:46:4b:6a:18:15:9d:53:d8:44:
                    02:ca:e5:ad:41:96:22:bd:e2:42:a1:6b:b1:14:8a:
                    70:03:d9:42:a5:94:97:6d:02:8c:5f:86:93:3e:69:
                    5b:5e:d5:9e:f8:d4:bc:59:bd:25:55:d8:4d:2e:b0:
                    c0:39:e6:6f:06:df:23:b0:88:4c:d9:82:71:6f:9c:
                    c5:2c:1e:61:34:bc:3f:08:15:2d:1d:b3:1b:2b:e6:
                    70:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:6D:B0:07:53:29:12:C2:D5:C5:CD:ED:CA:A9:49:3A:64:AB:FD:7F
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/tm2wB1MpEsLVxc3tyqlJOmSr_X8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.180.188.0/23

    Signature Algorithm: sha256WithRSAEncryption
         83:04:60:0d:91:dd:2f:1f:ef:a2:98:8c:3c:99:ab:24:60:03:
         b8:15:f9:da:a3:77:47:de:5a:f5:ce:83:af:78:de:c1:1a:bd:
         07:d9:92:1f:ca:2a:19:a9:d2:3d:b8:17:60:88:cb:53:37:42:
         7e:1e:db:25:5f:e5:b8:32:92:3b:cf:a8:e7:5f:2e:6b:a5:c4:
         ef:2c:40:09:e9:46:21:e3:1c:f5:59:a9:93:5c:97:af:a4:6d:
         f2:6a:b4:49:26:8a:41:62:09:e2:47:4e:f5:f3:41:a1:a2:c7:
         3e:50:e0:af:ce:04:73:bd:2b:bd:1e:4e:ee:41:0b:7f:20:1c:
         e8:0f:cf:5e:28:f6:ed:af:48:83:ca:32:00:a9:bb:1c:3b:ef:
         a0:6a:dd:63:f3:f0:84:a9:ac:b6:51:76:f2:68:8d:12:21:00:
         28:88:ee:e0:e0:72:94:74:53:8a:0a:83:9d:41:85:4c:41:19:
         75:f3:47:e7:d2:b8:08:da:91:ff:d4:32:a1:05:1a:82:d9:06:
         52:1d:fb:7c:20:84:9a:d4:39:cd:b2:d1:e8:5e:fd:05:cb:e0:
         8c:4d:8a:ea:cb:45:e6:2b:e0:08:bd:e7:ba:ab:db:f0:13:58:
         89:81:3a:02:69:e4:bd:59:da:63:99:9f:5a:a9:02:a2:68:81:
         66:b3:5b:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSHJ0FKovFxWv+XNKH7O8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwMTAyMTM1MDQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjZkYjAwNzUzMjkxMmMyZDVjNWNkZWRjYWE5NDkzYTY0YWJmZDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuelW9kXbBNp/Qq7fhX0mVLu3ylSq
D488SAEkXhEMrk4gbM579bUqJpnyRJRxqd90EM8IsswuXZz95BY0z9VzO2YCqCL6
sr5/qrmrPK+rv2p9v84xUSEGLkv1DQ7dRoNSgADiZPs3mxoIvyuZY7id54XEDk4/
wQCgZzLFwWF0Ksv3SC1V2rHjDbuMOy4qaUdebfbX8bD/gSf7q3meNFDq6wnu5YG6
yLMzrRFGS2oYFZ1T2EQCyuWtQZYiveJCoWuxFIpwA9lCpZSXbQKMX4aTPmlbXtWe
+NS8Wb0lVdhNLrDAOeZvBt8jsIhM2YJxb5zFLB5hNLw/CBUtHbMbK+ZwkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLZtsAdTKRLC1cXN7cqpSTpkq/1/MB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvdG0yd0IxTXBFc0xWeGMzdHlxbEpPbVNyX1g4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwbS8MA0G
CSqGSIb3DQEBCwUAA4IBAQCDBGANkd0vH++imIw8maskYAO4Ffnao3dH3lr1zoOv
eN7BGr0H2ZIfyioZqdI9uBdgiMtTN0J+HtslX+W4MpI7z6jnXy5rpcTvLEAJ6UYh
4xz1WamTXJevpG3yarRJJopBYgniR07180Ghosc+UOCvzgRzvSu9Hk7uQQt/IBzo
D89eKPbtr0iDyjIAqbscO++gat1j8/CEqay2UXbyaI0SIQAoiO7g4HKUdFOKCoOd
QYVMQRl180fn0rgI2pH/1DKhBRqC2QZSHft8IISa1DnNstHoXv0Fy+CMTYrqy0Xm
K+AIvee6q9vwE1iJgToCaeS9WdpjmZ9aqQKiaIFms1sq
-----END CERTIFICATE-----