Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/eAq-jT9AmpgN60vWKMKC9-S3UXE.roa
File:                     eAq-jT9AmpgN60vWKMKC9-S3UXE.roa (raw, json)
Hash identifier:          ScfLcQXEqqrj4/I+LkjNZLMkjzTeSfdGSXWEQCHqL9w=
Subject key identifier:   78:0A:BE:8D:3F:40:9A:98:0D:EB:4B:D6:28:C2:82:F7:E4:B7:51:71
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018DBFA3D6A73C046E90ADBA44D21B4FE93D
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/eAq-jT9AmpgN60vWKMKC9-S3UXE.roa
Signing time:             Mon 19 Feb 2024 04:33:22 +0000
ROA not before:           Mon 19 Feb 2024 04:33:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        194.135.30.0/24 maxlen: 24
                          195.58.35.0/24 maxlen: 24
                          212.192.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:bf:a3:d6:a7:3c:04:6e:90:ad:ba:44:d2:1b:4f:e9:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Feb 19 04:33:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=780abe8d3f409a980deb4bd628c282f7e4b75171
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:41:fa:0c:15:e4:e0:7b:d9:e4:55:5a:3c:39:
                    60:7b:dd:d6:5f:09:8c:a1:cc:d4:cb:53:f7:41:4e:
                    dc:8d:a1:42:e2:8e:84:0e:bb:6a:1d:35:a0:66:b9:
                    3c:6b:95:13:4f:5c:e1:6a:da:19:2c:3b:58:0e:a8:
                    19:a8:49:7b:e5:1a:5f:73:7c:29:fa:ff:56:cf:24:
                    0c:fa:a0:5f:c5:6e:a9:23:e3:55:d1:94:5d:90:7b:
                    2d:d3:cb:e3:0c:8e:4e:6e:83:23:43:89:b2:22:47:
                    f4:d0:e3:c3:36:e7:35:1e:4a:37:53:0a:99:30:80:
                    ad:c9:9d:94:80:b4:22:3d:d4:32:02:99:6c:ab:72:
                    53:cb:88:ae:31:d0:c3:25:ed:77:e7:b1:64:2b:8f:
                    21:13:a4:7e:3c:02:fa:e8:bb:cb:3e:fc:c6:e2:15:
                    30:9f:1e:ac:63:3a:91:95:a8:39:78:06:43:9c:b3:
                    4e:88:a1:3b:4c:57:8d:47:93:6f:bd:9d:1e:3f:e2:
                    eb:d9:17:3a:32:4f:9a:52:c4:0f:34:19:11:c4:00:
                    52:7c:99:20:70:e5:d7:7a:33:b6:92:bc:84:f0:cf:
                    ed:8d:18:f8:18:5d:ec:13:bd:67:2a:f8:ae:9b:05:
                    5e:c8:6b:80:ea:c3:23:52:1e:1b:bb:08:af:d9:85:
                    c5:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:0A:BE:8D:3F:40:9A:98:0D:EB:4B:D6:28:C2:82:F7:E4:B7:51:71
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/eAq-jT9AmpgN60vWKMKC9-S3UXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.135.30.0/24
                  195.58.35.0/24
                  212.192.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:6f:6b:99:5d:a1:39:24:bf:e8:fe:39:bd:7f:16:8b:1e:d3:
         90:dc:00:e8:ed:9a:72:8e:42:b5:af:c1:86:5c:3c:29:c5:38:
         2e:00:44:b0:ae:10:3c:97:04:68:c4:8b:f5:dd:fa:bf:8a:0a:
         2c:53:28:c9:6a:21:a7:b0:4b:67:3d:62:6c:be:0a:47:d3:84:
         75:e5:75:77:e7:1e:dd:0e:9a:38:57:36:92:a3:01:9a:06:aa:
         ef:0d:ac:18:49:4d:f3:dc:9c:8d:8c:d1:56:d8:47:bf:67:0b:
         5c:86:c2:e5:1a:04:e5:e9:7f:e1:df:e8:5f:cb:21:43:db:27:
         9e:d2:ef:aa:bf:c1:9c:ca:32:2e:87:70:4b:6c:56:48:7d:b3:
         4e:4f:d0:63:3a:8e:54:9d:e6:89:7c:0e:17:bb:96:6c:6d:cd:
         c0:ff:b7:a2:bd:ff:2d:52:5c:c5:6f:4a:83:19:3e:97:f2:ae:
         3e:3c:bf:36:dc:f7:3d:37:6c:db:49:cf:79:2d:18:14:12:ff:
         24:ac:93:09:49:57:b0:6c:2c:42:1c:51:f7:4d:24:0f:eb:2c:
         10:86:8e:99:71:2e:c0:53:13:ca:0f:96:99:11:79:36:03:7f:
         9c:ec:fc:12:d4:b5:cd:8b:19:f8:2a:96:49:bb:b4:03:85:f4:
         a4:f4:28:25
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY2/o9anPARukK26RNIbT+k9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMjE5MDQzMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODBhYmU4ZDNmNDA5YTk4MGRlYjRiZDYyOGMyODJmN2U0Yjc1MTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuUH6DBXk4HvZ5FVaPDlge93WXwmM
oczUy1P3QU7cjaFC4o6EDrtqHTWgZrk8a5UTT1zhatoZLDtYDqgZqEl75Rpfc3wp
+v9WzyQM+qBfxW6pI+NV0ZRdkHst08vjDI5OboMjQ4myIkf00OPDNuc1Hko3UwqZ
MICtyZ2UgLQiPdQyAplsq3JTy4iuMdDDJe1357FkK48hE6R+PAL66LvLPvzG4hUw
nx6sYzqRlag5eAZDnLNOiKE7TFeNR5NvvZ0eP+Lr2Rc6Mk+aUsQPNBkRxABSfJkg
cOXXejO2kryE8M/tjRj4GF3sE71nKviumwVeyGuA6sMjUh4buwiv2YXF8QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHgKvo0/QJqYDetL1ijCgvfkt1FxMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvZUFxLWpUOUFtcGdONjB2V0tNS0M5LVMzVVhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwoceAwQA
wzojAwQA1MD+MA0GCSqGSIb3DQEBCwUAA4IBAQAQb2uZXaE5JL/o/jm9fxaLHtOQ
3ADo7ZpyjkK1r8GGXDwpxTguAESwrhA8lwRoxIv13fq/igosUyjJaiGnsEtnPWJs
vgpH04R15XV35x7dDpo4VzaSowGaBqrvDawYSU3z3JyNjNFW2Ee/ZwtchsLlGgTl
6X/h3+hfyyFD2yee0u+qv8GcyjIuh3BLbFZIfbNOT9BjOo5UneaJfA4Xu5Zsbc3A
/7eivf8tUlzFb0qDGT6X8q4+PL823Pc9N2zbSc95LRgUEv8krJMJSVewbCxCHFH3
TSQP6ywQho6ZcS7AUxPKD5aZEXk2A3+c7PwS1LXNixn4KpZJu7QDhfSk9Cgl
-----END CERTIFICATE-----