Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/2J1am-PlOZ8uPDKiJlg3nhuP1xQ.roa
File:                     2J1am-PlOZ8uPDKiJlg3nhuP1xQ.roa (raw, json)
Hash identifier:          4P2cCHAQvB3bwK3zpBL95Wg3iqD5WBia6jxwLrF3oug=
Subject key identifier:   D8:9D:5A:9B:E3:E5:39:9F:2E:3C:32:A2:26:58:37:9E:1B:8F:D7:14
Certificate issuer:       /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial:       0196C88794424CA3B717841F5E4E4D7AD344
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/2J1am-PlOZ8uPDKiJlg3nhuP1xQ.roa
Signing time:             Tue 13 May 2025 07:24:10 +0000
ROA not before:           Tue 13 May 2025 07:24:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213540
IP address blocks:        194.68.165.0/24 maxlen: 24
                          194.132.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 16 May 2025 01:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c8:87:94:42:4c:a3:b7:17:84:1f:5e:4e:4d:7a:d3:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
        Validity
            Not Before: May 13 07:24:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d89d5a9be3e5399f2e3c32a22658379e1b8fd714
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:25:0a:6a:a1:db:44:48:d9:02:20:40:3b:f1:
                    94:fc:46:3d:97:22:c1:b9:62:16:5d:a7:3f:99:32:
                    e0:a7:84:fb:6d:32:d6:6b:0c:a8:75:12:f2:1d:4a:
                    13:37:7e:68:07:57:57:ba:a4:69:1c:32:44:c1:16:
                    c3:93:5f:ee:c1:a5:c8:91:24:92:18:bb:84:e4:46:
                    c3:23:bc:cd:7a:85:98:db:62:74:9f:9d:cd:6b:15:
                    71:cb:68:b9:0c:0c:1c:83:87:22:06:1a:66:1e:5f:
                    6b:43:f4:5f:76:56:9e:a7:d0:78:16:14:25:2b:bc:
                    5e:87:f0:b5:0a:59:8c:f0:2a:ff:14:18:cb:52:03:
                    5c:9a:38:48:37:6d:84:3a:f8:bd:ec:38:07:98:d2:
                    d2:6c:a4:03:d8:2d:85:a1:5f:b0:78:5d:85:32:d9:
                    2e:f3:5c:b7:51:79:ab:8c:4e:08:5d:df:23:91:52:
                    37:4f:af:87:9d:31:ee:f4:16:f2:00:ab:0e:b0:6c:
                    30:c7:30:1c:eb:37:47:a5:98:5c:c0:87:af:b5:1c:
                    fb:12:4f:a2:a0:91:e7:7f:a1:ad:90:65:98:4e:c7:
                    a5:f5:1f:35:83:43:a7:31:b8:af:b2:e4:cb:0b:a6:
                    4a:0e:de:03:f8:a1:4c:4a:90:54:5a:d2:08:ac:88:
                    12:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:9D:5A:9B:E3:E5:39:9F:2E:3C:32:A2:26:58:37:9E:1B:8F:D7:14
            X509v3 Authority Key Identifier:
                keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/2J1am-PlOZ8uPDKiJlg3nhuP1xQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.68.165.0/24
                  194.132.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:99:78:59:ea:f2:2d:e5:31:69:30:d1:25:32:d2:86:19:24:
         5e:83:b3:b0:d4:be:41:ec:9e:17:8e:bf:a5:8f:0a:d6:d9:59:
         77:67:eb:71:d2:9a:b0:ba:87:2a:05:70:dd:d5:15:8b:aa:ba:
         ec:11:9d:24:59:c9:9a:70:f1:1d:f7:b8:fd:8d:94:49:08:d8:
         bf:82:45:1f:f8:19:7b:1f:33:52:95:b6:6a:7a:a0:d0:be:40:
         c0:56:1c:28:80:3c:0a:74:0d:d5:ad:ac:ee:64:26:97:2f:8a:
         66:83:5a:6b:08:46:49:66:6a:43:67:9c:fc:67:0f:c9:52:be:
         0c:f0:d3:ed:f8:21:7b:a4:f0:16:4e:4f:92:2f:5b:b3:c3:fa:
         06:55:a2:d2:f1:56:46:90:f2:ed:e2:82:1e:f0:ee:56:68:96:
         75:c0:76:2e:fb:59:6f:7e:79:64:7e:cc:eb:18:08:56:0e:49:
         1d:91:a4:ef:29:96:9c:96:7b:ce:fc:a9:27:f6:8b:ab:29:d6:
         1f:0a:1d:36:a6:7b:3a:64:a2:93:d5:3c:19:2f:70:3f:0d:42:
         2a:5f:c1:a8:f9:77:46:7e:b8:63:b5:c4:21:15:a5:ff:29:3c:
         7c:f3:21:bc:cd:6f:92:82:54:b2:8f:9c:f7:7f:08:cf:29:b1:
         ca:d2:5c:8f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbIh5RCTKO3F4QfXk5NetNEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwNTEzMDcyNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODlkNWE5YmUzZTUzOTlmMmUzYzMyYTIyNjU4Mzc5ZTFiOGZkNzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3CUKaqHbREjZAiBAO/GU/EY9lyLB
uWIWXac/mTLgp4T7bTLWawyodRLyHUoTN35oB1dXuqRpHDJEwRbDk1/uwaXIkSSS
GLuE5EbDI7zNeoWY22J0n53NaxVxy2i5DAwcg4ciBhpmHl9rQ/Rfdlaep9B4FhQl
K7xeh/C1ClmM8Cr/FBjLUgNcmjhIN22EOvi97DgHmNLSbKQD2C2FoV+weF2FMtku
81y3UXmrjE4IXd8jkVI3T6+HnTHu9BbyAKsOsGwwxzAc6zdHpZhcwIevtRz7Ek+i
oJHnf6GtkGWYTsel9R81g0OnMbivsuTLC6ZKDt4D+KFMSpBUWtIIrIgS6QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNidWpvj5TmfLjwyoiZYN54bj9cUMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvMkoxYW0tUGxPWjh1UERLaUpsZzNuaHVQMXhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwkSlAwQA
woQJMA0GCSqGSIb3DQEBCwUAA4IBAQA4mXhZ6vIt5TFpMNElMtKGGSReg7Ow1L5B
7J4Xjr+ljwrW2Vl3Z+tx0pqwuocqBXDd1RWLqrrsEZ0kWcmacPEd97j9jZRJCNi/
gkUf+Bl7HzNSlbZqeqDQvkDAVhwogDwKdA3VrazuZCaXL4pmg1prCEZJZmpDZ5z8
Zw/JUr4M8NPt+CF7pPAWTk+SL1uzw/oGVaLS8VZGkPLt4oIe8O5WaJZ1wHYu+1lv
fnlkfszrGAhWDkkdkaTvKZaclnvO/Kkn9ourKdYfCh02pns6ZKKT1TwZL3A/DUIq
X8Go+XdGfrhjtcQhFaX/KTx88yG8zW+SglSyj5z3fwjPKbHK0lyP
-----END CERTIFICATE-----