Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NmJbFEY0iBsBxkTDS0Yhr571r-U.roa
File:                     NmJbFEY0iBsBxkTDS0Yhr571r-U.roa (raw, json)
Hash identifier:          8r+UeX72HxDDN1b1yFyJRSP8R2+FMMbPIalUnnyIZto=
Subject key identifier:   36:62:5B:14:46:34:88:1B:01:C6:44:C3:4B:46:21:AF:9E:F5:AF:E5
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01942824E62A34EFF95F71284AD3A982607F
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NmJbFEY0iBsBxkTDS0Yhr571r-U.roa
Signing time:             Thu 02 Jan 2025 17:51:34 +0000
ROA not before:           Thu 02 Jan 2025 17:51:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     10010
IP address blocks:        194.87.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:e6:2a:34:ef:f9:5f:71:28:4a:d3:a9:82:60:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 17:51:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=36625b144634881b01c644c34b4621af9ef5afe5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:73:e2:94:91:3e:34:87:a8:1f:a0:46:1d:82:
                    ed:31:02:a6:ec:58:d3:04:f2:8f:ee:00:4c:7d:20:
                    43:24:fd:f8:35:26:e1:44:eb:40:8f:a6:b0:ff:e5:
                    bb:b8:c6:9b:43:53:8d:7a:cf:30:c7:03:40:59:f5:
                    b3:af:d6:e9:0d:f6:77:ac:24:32:60:f7:fd:51:12:
                    82:df:a9:e6:97:95:0a:c2:8f:e8:c7:09:c5:ec:34:
                    05:2a:c3:9a:52:e9:2a:65:79:37:dc:bb:76:6c:0f:
                    f5:37:e8:ea:a9:5b:6b:10:b6:ac:1c:a1:9f:b8:8c:
                    7d:fc:58:2b:6e:61:91:ed:5f:25:16:49:3c:a6:ed:
                    94:63:e7:6e:25:df:d8:76:78:e4:cf:fa:97:50:87:
                    29:10:e4:fb:a7:a7:dc:95:f0:84:e6:a7:4d:eb:7c:
                    82:c6:a6:a7:5e:79:74:20:ed:dd:0a:cd:3f:81:aa:
                    51:c1:e1:36:bb:b9:81:08:d9:ff:f9:e7:b5:2b:c0:
                    76:9e:08:d5:60:6c:39:f0:ce:cd:bf:ef:fe:7a:3d:
                    c2:f7:e4:1f:c9:ef:67:d5:9d:94:a0:5a:42:dc:18:
                    5e:f9:cd:c2:b2:4f:ff:50:a4:b5:ab:0c:75:5b:03:
                    2b:65:8a:d6:20:97:1c:93:05:0e:40:fb:b5:c6:bf:
                    ef:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:62:5B:14:46:34:88:1B:01:C6:44:C3:4B:46:21:AF:9E:F5:AF:E5
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NmJbFEY0iBsBxkTDS0Yhr571r-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:ca:b9:fa:f9:25:0d:dd:a8:35:24:d0:6b:de:e5:df:c2:2b:
         3e:8a:e6:47:c1:2d:cd:54:f8:f0:e8:71:6c:59:92:90:60:03:
         ac:b0:c7:f9:b1:b1:33:66:b0:b6:2b:8d:7d:87:5b:35:43:39:
         1a:70:3b:d8:ab:77:30:32:13:16:d6:d6:56:4d:70:de:47:57:
         b0:8b:b0:5e:5a:e7:43:cf:e1:aa:8a:b4:14:aa:56:51:29:fe:
         58:bb:ac:3b:dd:52:89:73:ab:11:3c:2f:5a:20:9d:0b:32:26:
         6f:57:8d:a1:9e:c2:84:a1:56:3d:5d:dc:a2:c2:f3:1e:59:67:
         37:2a:eb:5f:2f:ad:56:02:3e:b2:6c:3c:6c:81:6a:9a:dd:31:
         df:04:5f:9f:9d:4d:a3:c6:65:41:a1:c1:7d:87:3a:1c:85:2f:
         35:7c:f9:06:56:bc:7e:88:b4:d4:0c:1f:3f:18:82:87:a6:4b:
         ee:49:39:05:48:4c:4a:51:14:7b:d7:15:f9:56:a6:61:f2:8e:
         2b:c3:08:29:a6:c4:09:04:85:4c:63:1e:c6:4a:6b:af:46:22:
         38:f8:29:35:69:92:e7:f4:bd:08:e7:98:6b:7f:a3:41:d2:e1:
         de:e1:da:3d:80:70:77:6b:0a:1b:d1:25:9c:b0:cf:c1:95:f9:
         3a:16:91:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJOYqNO/5X3EoStOpgmB/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjYyNWIxNDQ2MzQ4ODFiMDFjNjQ0YzM0YjQ2MjFhZjllZjVhZmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwXPilJE+NIeoH6BGHYLtMQKm7FjT
BPKP7gBMfSBDJP34NSbhROtAj6aw/+W7uMabQ1ONes8wxwNAWfWzr9bpDfZ3rCQy
YPf9URKC36nml5UKwo/oxwnF7DQFKsOaUukqZXk33Lt2bA/1N+jqqVtrELasHKGf
uIx9/FgrbmGR7V8lFkk8pu2UY+duJd/Ydnjkz/qXUIcpEOT7p6fclfCE5qdN63yC
xqanXnl0IO3dCs0/gapRweE2u7mBCNn/+ee1K8B2ngjVYGw58M7Nv+/+ej3C9+Qf
ye9n1Z2UoFpC3Bhe+c3Csk//UKS1qwx1WwMrZYrWIJcckwUOQPu1xr/vFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDZiWxRGNIgbAcZEw0tGIa+e9a/lMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvTm1KYkZFWTBpQnNCeGtURFMwWWhyNTcxci1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlfhMA0G
CSqGSIb3DQEBCwUAA4IBAQB/yrn6+SUN3ag1JNBr3uXfwis+iuZHwS3NVPjw6HFs
WZKQYAOssMf5sbEzZrC2K419h1s1QzkacDvYq3cwMhMW1tZWTXDeR1ewi7BeWudD
z+GqirQUqlZRKf5Yu6w73VKJc6sRPC9aIJ0LMiZvV42hnsKEoVY9XdyiwvMeWWc3
KutfL61WAj6ybDxsgWqa3THfBF+fnU2jxmVBocF9hzochS81fPkGVrx+iLTUDB8/
GIKHpkvuSTkFSExKURR71xX5VqZh8o4rwwgppsQJBIVMYx7GSmuvRiI4+Ck1aZLn
9L0I55hrf6NB0uHe4do9gHB3awob0SWcsM/Blfk6FpGM
-----END CERTIFICATE-----