Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/yHswJTKIIkfy_9uB-gQUA1lF4NY.roa
File:                     yHswJTKIIkfy_9uB-gQUA1lF4NY.roa (raw, json)
Hash identifier:          ECR4DiR5vsoARZ3HeFSPHZKGeLJ1giOxKS1YAnb/vX0=
Subject key identifier:   C8:7B:30:25:32:88:22:47:F2:FF:DB:81:FA:04:14:03:59:45:E0:D6
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018CC802E4842074E4091E819546A60B0CF0
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/yHswJTKIIkfy_9uB-gQUA1lF4NY.roa
Signing time:             Tue 02 Jan 2024 02:31:21 +0000
ROA not before:           Tue 02 Jan 2024 02:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29216
IP address blocks:        192.36.148.0/23 maxlen: 23
                          192.36.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:e4:84:20:74:e4:09:1e:81:95:46:a6:0b:0c:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 02:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c87b302532882247f2ffdb81fa0414035945e0d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:4b:6c:9f:f5:af:98:d8:76:3a:3e:45:f9:9f:
                    4e:1a:10:49:20:27:79:37:a9:4d:d9:89:fa:92:30:
                    35:88:c8:ad:ca:29:8d:1c:b5:b7:85:2e:8e:bb:e0:
                    96:fb:fd:1e:e5:ac:46:d2:00:ba:0a:db:5c:4c:a1:
                    e3:e9:10:3e:b9:94:97:f2:5f:79:fa:67:2e:04:c0:
                    ad:56:d6:49:b4:07:f8:47:7c:9d:13:51:f1:17:21:
                    f9:d7:40:13:b5:c9:1e:81:e8:32:49:00:02:db:9e:
                    f2:b6:84:86:f1:c8:44:d1:a3:56:30:1b:c3:8b:36:
                    16:cc:40:ec:f4:61:fe:d9:28:2b:41:0b:52:40:34:
                    cc:59:5b:98:e7:32:83:c5:c5:c8:b0:e0:2a:12:79:
                    59:ce:3f:9a:b9:69:71:be:3f:ed:fc:07:0a:d7:fc:
                    47:46:f7:0e:a5:c4:97:18:a4:20:95:37:8f:ce:ba:
                    11:3c:2a:78:9c:6f:08:fe:30:ec:c9:e9:a8:0f:87:
                    9d:2b:48:b7:f9:10:3b:05:5c:e0:b9:e8:53:dc:93:
                    ca:e9:8d:27:53:5a:96:3b:84:5a:40:ee:f2:f8:81:
                    ea:38:30:1a:7a:f3:57:c3:5a:4d:f0:84:89:38:3a:
                    29:e8:e1:04:8b:00:25:9e:cc:bf:07:a1:15:cf:ae:
                    22:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:7B:30:25:32:88:22:47:F2:FF:DB:81:FA:04:14:03:59:45:E0:D6
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/yHswJTKIIkfy_9uB-gQUA1lF4NY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.36.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         24:56:2a:74:e1:d4:ed:d9:4e:52:af:cf:a7:7e:f8:29:98:0d:
         57:97:55:03:fe:a8:ad:19:e5:c6:ca:e7:31:6c:d3:a5:4a:ea:
         c5:24:0f:ad:41:71:1d:9c:ac:0b:28:b3:6e:7b:f9:54:40:ec:
         12:31:9a:16:64:2f:f5:8b:c8:df:20:f6:8b:d1:66:51:3e:95:
         57:a4:fc:c0:dc:7a:c8:b8:93:74:0f:fe:8c:42:28:44:b3:c8:
         83:be:24:ad:2d:1b:c0:ae:59:ea:cc:e1:99:6e:86:1c:f1:63:
         87:b8:ae:39:76:27:15:c5:35:e3:9e:4f:6e:4e:40:68:52:ba:
         5e:0f:06:b8:c2:15:b6:24:3d:d1:ff:79:61:d0:d0:63:01:19:
         09:f0:5c:46:2d:a8:6b:29:53:7e:ab:d0:a6:0a:8d:60:49:32:
         c2:f2:79:be:a0:92:e6:a0:6b:74:0a:c3:fb:29:9f:89:e6:d5:
         29:f7:36:6d:7b:ca:4c:07:30:e8:5b:86:d5:b3:0d:55:16:a3:
         f9:98:50:5a:6b:01:af:7c:63:77:39:32:c0:9d:ff:1c:a3:c5:
         3f:2d:1e:17:65:60:e8:32:cd:9a:20:b6:21:07:23:fa:b7:23:
         80:ae:2f:3a:2f:5c:55:af:0a:c9:f9:dd:19:a4:34:86:14:54:
         1e:14:4e:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAuSEIHTkCR6BlUamCwzwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwMTAyMDIzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODdiMzAyNTMyODgyMjQ3ZjJmZmRiODFmYTA0MTQwMzU5NDVlMGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl0tsn/WvmNh2Oj5F+Z9OGhBJICd5
N6lN2Yn6kjA1iMityimNHLW3hS6Ou+CW+/0e5axG0gC6CttcTKHj6RA+uZSX8l95
+mcuBMCtVtZJtAf4R3ydE1HxFyH510ATtckegegySQAC257ytoSG8chE0aNWMBvD
izYWzEDs9GH+2SgrQQtSQDTMWVuY5zKDxcXIsOAqEnlZzj+auWlxvj/t/AcK1/xH
RvcOpcSXGKQglTePzroRPCp4nG8I/jDsyemoD4edK0i3+RA7BVzguehT3JPK6Y0n
U1qWO4RaQO7y+IHqODAaevNXw1pN8ISJODop6OEEiwAlnsy/B6EVz64iCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMh7MCUyiCJH8v/bgfoEFANZReDWMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEveUhzd0pUS0lJa2Z5Xzl1Qi1nUVVBMWxGNE5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwCSUMA0G
CSqGSIb3DQEBCwUAA4IBAQAkVip04dTt2U5Sr8+nfvgpmA1Xl1UD/qitGeXGyucx
bNOlSurFJA+tQXEdnKwLKLNue/lUQOwSMZoWZC/1i8jfIPaL0WZRPpVXpPzA3HrI
uJN0D/6MQihEs8iDviStLRvArlnqzOGZboYc8WOHuK45dicVxTXjnk9uTkBoUrpe
Dwa4whW2JD3R/3lh0NBjARkJ8FxGLahrKVN+q9CmCo1gSTLC8nm+oJLmoGt0CsP7
KZ+J5tUp9zZte8pMBzDoW4bVsw1VFqP5mFBaawGvfGN3OTLAnf8co8U/LR4XZWDo
Ms2aILYhByP6tyOAri86L1xVrwrJ+d0ZpDSGFFQeFE5D
-----END CERTIFICATE-----