Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ySOyqFRb-WEL6LHJqCYISJa9sp8.roa
File:                     ySOyqFRb-WEL6LHJqCYISJa9sp8.roa (raw, json)
Hash identifier:          dcb9EvyavKazc12M1V82f/mya2zaogsrMIHEosBCzWE=
Subject key identifier:   C9:23:B2:A8:54:5B:F9:61:0B:E8:B1:C9:A8:26:08:48:96:BD:B2:9F
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       018CC802E17457D7C4D2CB3467E18BA4C483
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ySOyqFRb-WEL6LHJqCYISJa9sp8.roa
Signing time:             Tue 02 Jan 2024 02:31:21 +0000
ROA not before:           Tue 02 Jan 2024 02:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20836
IP address blocks:        192.121.47.0/24 maxlen: 24
                          192.121.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:e1:74:57:d7:c4:d2:cb:34:67:e1:8b:a4:c4:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: Jan  2 02:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c923b2a8545bf9610be8b1c9a826084896bdb29f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:21:09:16:96:7c:4a:77:fd:33:e7:a0:91:ae:
                    28:86:a9:0d:b3:2b:f0:a3:4e:11:62:0c:7c:3d:d1:
                    de:a4:89:02:28:dd:e3:20:95:fa:97:42:76:0c:c5:
                    e4:c1:dc:53:5f:9f:4e:1f:cc:64:25:12:ac:a8:26:
                    4d:dd:30:49:a5:c9:a2:da:87:f2:aa:44:14:95:24:
                    8b:6c:31:f1:46:83:96:15:74:ee:d5:82:8a:93:d5:
                    00:c0:79:fd:38:92:e8:a7:87:02:c1:34:62:e8:73:
                    db:d8:e2:d8:c0:af:3c:6e:74:ca:82:00:ce:6e:f5:
                    4b:57:35:15:39:6b:60:75:68:fc:35:14:68:e4:40:
                    28:c5:a3:d3:c2:af:d9:b3:42:e2:52:3f:8c:4c:62:
                    0e:4b:78:58:2a:67:04:b3:1a:ca:2a:c1:ba:4c:75:
                    9e:e1:0f:eb:af:ba:41:97:2e:e9:5e:36:de:ec:80:
                    79:b8:ad:81:86:8d:2e:04:df:8c:93:dc:83:29:e1:
                    68:f4:a8:54:e2:07:22:0f:7f:6f:55:eb:66:13:c3:
                    bc:28:a5:ac:58:36:81:76:78:04:17:f0:38:0d:c9:
                    30:8d:4f:a8:c3:0c:8d:23:18:de:46:19:fd:9d:f5:
                    29:67:69:91:a8:4f:85:0c:9d:9f:e2:8f:7f:b2:20:
                    f2:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:23:B2:A8:54:5B:F9:61:0B:E8:B1:C9:A8:26:08:48:96:BD:B2:9F
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ySOyqFRb-WEL6LHJqCYISJa9sp8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.121.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c7:c7:39:cc:0b:ed:c8:2f:8f:a3:41:49:03:d1:3e:8c:11:42:
         6d:7c:b8:41:00:b2:b7:57:93:be:d9:cb:0c:9d:cc:2d:a5:ef:
         1f:f2:54:d9:7f:00:b4:7a:e9:1e:b4:35:57:c2:fb:0d:83:6f:
         d5:4f:96:7e:ba:ef:49:2d:c1:e2:aa:dd:cf:de:db:3a:60:4b:
         c6:49:bd:3d:83:10:d0:e5:28:fa:cc:4b:0b:a2:f6:66:e6:59:
         14:08:f7:6a:e2:1f:d5:e4:fa:54:bc:2a:ec:90:6f:f6:d4:c4:
         9b:fe:19:6f:97:f0:b7:77:f1:3c:cb:3b:7f:d3:b2:a5:6f:be:
         18:f2:0a:89:1a:ea:41:51:25:4b:21:9f:a6:9c:9b:7c:9d:a8:
         8c:99:41:33:f6:b3:50:09:19:66:0c:57:0b:ee:2c:0f:1e:36:
         fd:55:a2:63:bc:be:50:73:16:e5:33:67:d7:c4:93:61:e8:b3:
         dc:87:d1:2d:89:3b:44:d7:24:60:b4:31:7d:e6:85:ce:80:39:
         dc:a8:b3:4f:e5:fe:60:b9:93:c4:fd:0f:2a:89:52:e8:ee:c9:
         5c:14:29:90:ec:af:78:c9:cb:f1:0d:0c:fc:c2:a1:94:7c:18:
         c2:9c:71:2d:42:1c:66:ad:f1:e4:e4:d4:6a:20:6c:ad:0a:81:
         15:72:4c:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAuF0V9fE0ss0Z+GLpMSDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjQwMTAyMDIzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTIzYjJhODU0NWJmOTYxMGJlOGIxYzlhODI2MDg0ODk2YmRiMjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhyEJFpZ8Snf9M+egka4ohqkNsyvw
o04RYgx8PdHepIkCKN3jIJX6l0J2DMXkwdxTX59OH8xkJRKsqCZN3TBJpcmi2ofy
qkQUlSSLbDHxRoOWFXTu1YKKk9UAwHn9OJLop4cCwTRi6HPb2OLYwK88bnTKggDO
bvVLVzUVOWtgdWj8NRRo5EAoxaPTwq/Zs0LiUj+MTGIOS3hYKmcEsxrKKsG6THWe
4Q/rr7pBly7pXjbe7IB5uK2Bho0uBN+Mk9yDKeFo9KhU4gciD39vVetmE8O8KKWs
WDaBdngEF/A4DckwjU+owwyNIxjeRhn9nfUpZ2mRqE+FDJ2f4o9/siDymwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMkjsqhUW/lhC+ixyagmCEiWvbKfMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEveVNPeXFGUmItV0VMNkxISnFDWUlTSmE5c3A4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwHkuMA0G
CSqGSIb3DQEBCwUAA4IBAQDHxznMC+3IL4+jQUkD0T6MEUJtfLhBALK3V5O+2csM
ncwtpe8f8lTZfwC0euketDVXwvsNg2/VT5Z+uu9JLcHiqt3P3ts6YEvGSb09gxDQ
5Sj6zEsLovZm5lkUCPdq4h/V5PpUvCrskG/21MSb/hlvl/C3d/E8yzt/07Klb74Y
8gqJGupBUSVLIZ+mnJt8naiMmUEz9rNQCRlmDFcL7iwPHjb9VaJjvL5QcxblM2fX
xJNh6LPch9EtiTtE1yRgtDF95oXOgDncqLNP5f5guZPE/Q8qiVLo7slcFCmQ7K94
ycvxDQz8wqGUfBjCnHEtQhxmrfHk5NRqIGytCoEVckx4
-----END CERTIFICATE-----