Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/2P1-3rgiQ48PqVJXeVnU1VBueko.roa
File:                     2P1-3rgiQ48PqVJXeVnU1VBueko.roa (raw, json)
Hash identifier:          4653bTeYcH5woNta7rM1Of4a8twm4eEwlejvb1VVjzs=
Subject key identifier:   D8:FD:7E:DE:B8:22:43:8F:0F:A9:52:57:79:59:D4:D5:50:6E:7A:4A
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018D694D176C4EFD8BB962CEE0CB227A5CA4
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/2P1-3rgiQ48PqVJXeVnU1VBueko.roa
Signing time:             Fri 02 Feb 2024 10:11:16 +0000
ROA not before:           Fri 02 Feb 2024 10:11:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42689
IP address blocks:        194.87.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:69:4d:17:6c:4e:fd:8b:b9:62:ce:e0:cb:22:7a:5c:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Feb  2 10:11:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d8fd7edeb822438f0fa952577959d4d5506e7a4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:c4:c4:50:3f:ce:91:82:ce:dc:bc:28:5a:f3:
                    cd:44:58:df:cd:c9:0a:72:60:91:2e:f9:7e:5d:c9:
                    f6:1e:bb:fd:d0:88:dc:18:19:6a:a5:3f:6a:a8:30:
                    20:2a:b7:59:fa:9d:b5:59:89:bd:33:46:61:3b:44:
                    ab:66:67:cc:31:ce:55:69:fc:ea:82:ec:ae:af:22:
                    9d:80:d6:64:c1:63:a9:c5:4f:e5:49:ab:3a:96:7c:
                    f4:e7:c1:bb:9b:f9:8e:c5:02:0f:cd:e5:8d:c0:fb:
                    05:a7:33:51:d9:31:83:df:04:cb:84:fb:88:80:1d:
                    b2:62:b8:70:6b:69:41:dd:76:e2:f2:ce:81:6f:2c:
                    79:12:67:e5:53:d9:54:a4:69:62:5e:5a:9b:7f:02:
                    c0:d1:7b:9e:88:e3:25:e2:a2:18:44:4d:83:b2:fe:
                    8e:19:b1:f1:a5:21:90:d4:75:c2:2a:b4:77:b6:91:
                    ad:2c:09:ef:31:2f:75:51:88:51:57:cb:52:8c:b3:
                    2d:c0:69:5f:dc:bf:71:e9:f7:4a:73:67:5e:52:af:
                    cf:09:1c:66:14:fe:7c:fa:76:42:3a:e3:ed:41:d8:
                    c1:09:dd:96:11:47:95:e8:6d:ca:a2:7a:24:0b:ec:
                    30:86:15:03:a2:88:d4:f1:6f:a0:00:8e:c1:39:1d:
                    38:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:FD:7E:DE:B8:22:43:8F:0F:A9:52:57:79:59:D4:D5:50:6E:7A:4A
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/2P1-3rgiQ48PqVJXeVnU1VBueko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:67:95:e0:6e:50:69:81:2f:55:11:e4:2c:84:de:6b:74:f1:
         b6:ca:59:42:0c:34:65:b0:99:08:0b:aa:9a:20:36:ae:e1:26:
         37:e0:00:86:bd:11:73:a1:9e:84:e5:f2:4c:55:1f:6f:f4:b4:
         ab:ea:72:c5:34:7c:37:e4:5d:93:c7:be:f6:fe:6e:0c:77:89:
         7a:b4:6e:94:c0:e2:d6:0c:d2:0c:b7:12:99:21:d5:a6:b6:5d:
         e9:06:06:f0:9a:54:1c:5a:a8:67:5b:7c:b4:e4:a7:d7:51:e7:
         66:4a:b8:49:bb:e1:2c:d5:86:96:25:85:7c:35:39:9f:9f:6d:
         e3:58:f4:b8:e2:f0:39:d1:34:ae:46:82:50:cd:70:90:0f:e3:
         53:f4:c2:45:d6:52:06:31:07:02:25:c4:0b:05:70:09:d8:05:
         c2:bd:57:d6:03:56:af:7f:e3:63:27:cd:e7:e6:3c:88:97:17:
         73:ee:30:c0:73:f5:97:c8:f9:af:d3:89:c6:a5:5f:56:45:23:
         3c:4f:1a:16:90:aa:41:fe:b0:57:3d:b0:e0:03:ae:e7:bd:94:
         a9:ea:99:17:35:7d:01:1d:49:4b:fa:01:60:c1:2f:5c:d7:63:
         bf:8d:26:58:d2:6a:bf:8c:11:eb:db:1d:d0:64:34:53:d4:f7:
         60:e3:b6:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1pTRdsTv2LuWLO4MsielykMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMjAyMTAxMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGZkN2VkZWI4MjI0MzhmMGZhOTUyNTc3OTU5ZDRkNTUwNmU3YTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmsTEUD/OkYLO3LwoWvPNRFjfzckK
cmCRLvl+Xcn2Hrv90IjcGBlqpT9qqDAgKrdZ+p21WYm9M0ZhO0SrZmfMMc5Vafzq
guyuryKdgNZkwWOpxU/lSas6lnz058G7m/mOxQIPzeWNwPsFpzNR2TGD3wTLhPuI
gB2yYrhwa2lB3Xbi8s6Bbyx5EmflU9lUpGliXlqbfwLA0XueiOMl4qIYRE2Dsv6O
GbHxpSGQ1HXCKrR3tpGtLAnvMS91UYhRV8tSjLMtwGlf3L9x6fdKc2deUq/PCRxm
FP58+nZCOuPtQdjBCd2WEUeV6G3KonokC+wwhhUDoojU8W+gAI7BOR04swIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNj9ft64IkOPD6lSV3lZ1NVQbnpKMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvMlAxLTNyZ2lRNDhQcVZKWGVWblUxVkJ1ZWtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwleHMA0G
CSqGSIb3DQEBCwUAA4IBAQB5Z5XgblBpgS9VEeQshN5rdPG2yllCDDRlsJkIC6qa
IDau4SY34ACGvRFzoZ6E5fJMVR9v9LSr6nLFNHw35F2Tx772/m4Md4l6tG6UwOLW
DNIMtxKZIdWmtl3pBgbwmlQcWqhnW3y05KfXUedmSrhJu+Es1YaWJYV8NTmfn23j
WPS44vA50TSuRoJQzXCQD+NT9MJF1lIGMQcCJcQLBXAJ2AXCvVfWA1avf+NjJ83n
5jyIlxdz7jDAc/WXyPmv04nGpV9WRSM8TxoWkKpB/rBXPbDgA67nvZSp6pkXNX0B
HUlL+gFgwS9c12O/jSZY0mq/jBHr2x3QZDRT1Pdg47aY
-----END CERTIFICATE-----