Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/yCFYn7ujIP22ddUDoJNsfzaisx8.roa
File:                     yCFYn7ujIP22ddUDoJNsfzaisx8.roa (raw, json)
Hash identifier:          xV7s2gAOa6SAuvXlrzLvoTGq01vLvmclAF+UaQ++G3w=
Subject key identifier:   C8:21:58:9F:BB:A3:20:FD:B6:75:D5:03:A0:93:6C:7F:36:A2:B3:1F
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018CC80306176A0C41136A4A808D6FD82D69
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/yCFYn7ujIP22ddUDoJNsfzaisx8.roa
Signing time:             Tue 02 Jan 2024 02:31:30 +0000
ROA not before:           Tue 02 Jan 2024 02:31:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208760
IP address blocks:        192.165.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:03:06:17:6a:0c:41:13:6a:4a:80:8d:6f:d8:2d:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 02:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c821589fbba320fdb675d503a0936c7f36a2b31f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:38:c0:56:91:54:51:3a:d0:5d:f7:84:6c:91:
                    9e:32:cd:3c:e2:6c:9d:a9:c5:9e:b1:6f:8a:e8:74:
                    a9:11:35:f8:d3:6b:6d:fe:bd:32:ce:51:48:4e:4c:
                    ea:ac:f2:77:77:a7:6f:64:60:b5:45:cf:01:cf:78:
                    3c:2c:28:8b:c1:65:ff:de:ac:01:30:27:3d:f5:c4:
                    e8:b5:a6:8d:7c:01:28:9c:7d:73:69:09:78:f1:52:
                    82:c0:ac:1d:2a:dc:09:ea:75:76:bb:3e:95:3a:ed:
                    4b:53:43:fe:c6:43:67:64:33:c6:e5:5e:53:46:63:
                    df:fe:cb:0a:d1:9e:aa:b9:0c:ea:e2:d5:74:93:7c:
                    0c:9b:c0:d4:59:bb:e8:38:fa:54:73:63:ad:ec:79:
                    4b:60:65:20:96:6f:6d:89:37:70:e5:85:47:16:b4:
                    09:88:1c:02:58:74:cc:cb:39:52:c3:4a:ad:e6:0d:
                    a3:95:cb:5c:82:ee:12:ba:c0:13:f8:ff:dc:4b:ae:
                    c3:27:d4:32:ab:02:ba:c9:9a:28:38:1a:cd:ba:4c:
                    db:82:ea:4a:c0:a6:b6:1f:31:37:fb:f7:4b:5b:88:
                    8e:9b:89:f0:32:ce:d1:0c:b9:9d:02:0e:c2:6e:ed:
                    56:d3:23:d0:61:f1:20:99:00:06:71:89:58:1e:26:
                    85:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:21:58:9F:BB:A3:20:FD:B6:75:D5:03:A0:93:6C:7F:36:A2:B3:1F
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/yCFYn7ujIP22ddUDoJNsfzaisx8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.165.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:ca:a4:3e:da:c5:e6:83:0b:c7:60:df:6a:54:38:c5:da:e6:
         54:dc:5a:93:a0:ff:86:17:6b:ab:17:04:d3:68:a8:4d:8b:6f:
         52:35:48:fe:46:6f:d6:f4:db:c7:c5:cf:8f:f1:fb:be:7f:44:
         b2:0c:61:50:ab:ca:c8:25:f1:35:c0:67:ae:3e:5a:e5:74:b6:
         6c:1b:e0:a2:f3:a2:9f:50:66:a1:ee:c5:3e:69:89:fb:c6:c3:
         29:66:57:02:89:71:5d:e6:c7:23:5e:34:df:45:9b:ec:45:b7:
         1f:cc:2b:84:a6:a2:79:b1:39:b0:7d:fa:98:b8:0b:b2:ed:ea:
         b7:7a:aa:c5:f9:91:c0:ab:67:a7:10:53:05:4a:96:b8:41:42:
         5b:6d:3d:4a:65:a7:e2:6e:5b:e4:d5:4c:27:5a:5f:48:5e:7c:
         de:ce:df:02:b1:d5:e3:2a:c3:44:19:1b:9d:bc:0c:4c:54:b9:
         b9:8b:83:f3:ed:c1:a7:a8:8d:49:3a:f3:44:00:9f:4b:d5:3e:
         e8:c8:f3:68:03:36:45:69:92:33:fe:7d:67:20:2b:44:c7:02:
         4f:4d:99:59:4b:81:4a:0c:9e:f8:1a:1b:06:65:47:4d:8f:d3:
         91:38:2f:57:7b:57:1b:94:17:3d:13:2e:eb:13:a1:b7:83:f6:
         af:f0:54:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAwYXagxBE2pKgI1v2C1pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwMTAyMDIzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODIxNTg5ZmJiYTMyMGZkYjY3NWQ1MDNhMDkzNmM3ZjM2YTJiMzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnjjAVpFUUTrQXfeEbJGeMs084myd
qcWesW+K6HSpETX402tt/r0yzlFITkzqrPJ3d6dvZGC1Rc8Bz3g8LCiLwWX/3qwB
MCc99cTotaaNfAEonH1zaQl48VKCwKwdKtwJ6nV2uz6VOu1LU0P+xkNnZDPG5V5T
RmPf/ssK0Z6quQzq4tV0k3wMm8DUWbvoOPpUc2Ot7HlLYGUglm9tiTdw5YVHFrQJ
iBwCWHTMyzlSw0qt5g2jlctcgu4SusAT+P/cS67DJ9QyqwK6yZooOBrNukzbgupK
wKa2HzE3+/dLW4iOm4nwMs7RDLmdAg7Cbu1W0yPQYfEgmQAGcYlYHiaFXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMghWJ+7oyD9tnXVA6CTbH82orMfMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEveUNGWW43dWpJUDIyZGRVRG9KTnNmemFpc3g4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwKUKMA0G
CSqGSIb3DQEBCwUAA4IBAQBByqQ+2sXmgwvHYN9qVDjF2uZU3FqToP+GF2urFwTT
aKhNi29SNUj+Rm/W9NvHxc+P8fu+f0SyDGFQq8rIJfE1wGeuPlrldLZsG+Ci86Kf
UGah7sU+aYn7xsMpZlcCiXFd5scjXjTfRZvsRbcfzCuEpqJ5sTmwffqYuAuy7eq3
eqrF+ZHAq2enEFMFSpa4QUJbbT1KZafiblvk1UwnWl9IXnzezt8CsdXjKsNEGRud
vAxMVLm5i4Pz7cGnqI1JOvNEAJ9L1T7oyPNoAzZFaZIz/n1nICtExwJPTZlZS4FK
DJ74GhsGZUdNj9OROC9Xe1cblBc9Ey7rE6G3g/av8FTH
-----END CERTIFICATE-----