Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/y6TsgKEqkBEgYosV3kqvX3o2iPs.roa
File:                     y6TsgKEqkBEgYosV3kqvX3o2iPs.roa (raw, json)
Hash identifier:          +hTZohSTP+M0pluR0XPijoUFML55m3Bc/7vqa7TA+hM=
Subject key identifier:   CB:A4:EC:80:A1:2A:90:11:20:62:8B:15:DE:4A:AF:5F:7A:36:88:FB
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018D3C0EAF666E99CA4799C793E8FDF445E4
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/y6TsgKEqkBEgYosV3kqvX3o2iPs.roa
Signing time:             Wed 24 Jan 2024 15:20:11 +0000
ROA not before:           Wed 24 Jan 2024 15:20:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49862
IP address blocks:        194.103.21.0/24 maxlen: 24
                          2a01:280:3c0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3c:0e:af:66:6e:99:ca:47:99:c7:93:e8:fd:f4:45:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan 24 15:20:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cba4ec80a12a901120628b15de4aaf5f7a3688fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:bd:57:cf:1b:4c:f9:21:f6:41:70:3d:db:b7:
                    dd:5b:da:f3:6a:e1:12:4b:3f:e5:83:87:d6:4f:66:
                    76:67:8b:72:ce:d6:6e:e3:ed:22:09:6f:44:6a:d0:
                    12:eb:f0:67:39:b1:49:f1:69:6f:d7:95:7e:5b:c7:
                    9c:d3:49:4e:78:ec:d8:e0:a6:48:42:f3:bc:a6:39:
                    12:61:f4:18:4e:18:1a:be:63:b8:53:00:e1:5a:c4:
                    9e:00:bc:47:8c:f4:0b:3c:74:0c:9e:a1:c9:48:c2:
                    1a:79:f6:bb:f5:9a:3f:c7:be:b9:5b:5b:bd:04:7d:
                    df:28:3c:6f:61:06:5a:d9:2a:15:81:04:49:a3:79:
                    9b:01:e4:5d:23:68:61:6b:ce:12:e9:d7:ea:3d:76:
                    e7:5c:b0:41:24:27:4d:8e:a2:99:a2:0a:88:4d:2b:
                    32:d8:15:a0:92:23:37:08:52:7d:06:93:6a:e7:f5:
                    0f:40:b4:35:0b:93:4e:47:af:63:d1:cc:4a:25:fb:
                    18:f2:78:0f:7e:e8:05:84:13:34:15:c2:24:ce:08:
                    34:b7:95:5d:19:e5:ab:c5:bb:f1:97:10:0c:0e:b4:
                    62:cd:2c:1a:90:6e:16:6c:e9:6d:e8:64:72:f6:79:
                    b8:e6:29:a0:80:84:1e:a2:e2:40:82:c8:16:79:88:
                    43:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:A4:EC:80:A1:2A:90:11:20:62:8B:15:DE:4A:AF:5F:7A:36:88:FB
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/y6TsgKEqkBEgYosV3kqvX3o2iPs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.103.21.0/24
                IPv6:
                  2a01:280:3c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         72:33:df:6d:25:84:d5:45:b0:52:1d:01:19:cf:27:0f:09:ee:
         92:6f:15:c2:66:cf:c9:ab:ab:03:7c:d4:4e:3d:f0:6b:36:dc:
         4f:61:82:ee:7a:79:46:a3:80:61:ae:bd:96:37:3c:6c:3b:db:
         4f:39:63:a4:46:93:cb:28:f0:72:b1:79:07:99:95:0d:ad:4d:
         e2:ff:ce:b6:18:00:58:1d:42:b5:e4:d5:72:da:35:f8:39:be:
         3b:03:05:a0:b7:37:a1:7f:7f:b3:d8:0a:d3:3b:66:86:c6:5b:
         9e:94:9f:cb:24:cd:2a:ba:d5:82:a7:ce:26:6b:13:28:6f:f3:
         df:0b:1f:33:0c:b1:8e:90:19:47:e3:b6:c5:af:e4:c9:59:34:
         77:51:78:c6:e5:bb:33:e3:d5:7d:fd:7a:f8:77:4d:27:d1:f7:
         bd:fa:16:3e:6f:08:97:88:68:f7:96:50:db:cd:a7:bf:ed:f0:
         37:c1:76:10:e4:f0:8f:f3:1d:39:e9:4c:61:57:9c:61:95:0c:
         28:1c:54:56:c3:db:5f:6c:de:7b:e6:58:11:c1:4c:67:61:65:
         8b:63:98:54:f0:1c:d7:da:e1:d2:8b:60:22:0a:0b:34:42:f7:
         08:3c:88:84:08:ad:00:bb:c2:a5:77:e1:55:73:00:eb:70:eb:
         38:bd:57:af
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY08Dq9mbpnKR5nHk+j99EXkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwMTI0MTUyMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmE0ZWM4MGExMmE5MDExMjA2MjhiMTVkZTRhYWY1ZjdhMzY4OGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg71XzxtM+SH2QXA927fdW9rzauES
Sz/lg4fWT2Z2Z4tyztZu4+0iCW9EatAS6/BnObFJ8Wlv15V+W8ec00lOeOzY4KZI
QvO8pjkSYfQYThgavmO4UwDhWsSeALxHjPQLPHQMnqHJSMIaefa79Zo/x765W1u9
BH3fKDxvYQZa2SoVgQRJo3mbAeRdI2hha84S6dfqPXbnXLBBJCdNjqKZogqITSsy
2BWgkiM3CFJ9BpNq5/UPQLQ1C5NOR69j0cxKJfsY8ngPfugFhBM0FcIkzgg0t5Vd
GeWrxbvxlxAMDrRizSwakG4WbOlt6GRy9nm45imggIQeouJAgsgWeYhDRwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMuk7IChKpARIGKLFd5Kr196Noj7MB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEveTZUc2dLRXFrQkVnWW9zVjNrcXZYM28yaVBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwmcVMA8E
AgACMAkDBwAqAQKAA8AwDQYJKoZIhvcNAQELBQADggEBAHIz320lhNVFsFIdARnP
Jw8J7pJvFcJmz8mrqwN81E498Gs23E9hgu56eUajgGGuvZY3PGw72085Y6RGk8so
8HKxeQeZlQ2tTeL/zrYYAFgdQrXk1XLaNfg5vjsDBaC3N6F/f7PYCtM7ZobGW56U
n8skzSq61YKnziZrEyhv898LHzMMsY6QGUfjtsWv5MlZNHdReMbluzPj1X39evh3
TSfR9736Fj5vCJeIaPeWUNvNp7/t8DfBdhDk8I/zHTnpTGFXnGGVDCgcVFbD219s
3nvmWBHBTGdhZYtjmFTwHNfa4dKLYCIKCzRC9wg8iIQIrQC7wqV34VVzAOtw6zi9
V68=
-----END CERTIFICATE-----