Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/5C3oTn_wj8b-AVdfrsg8G2kGe-c.roa
File:                     5C3oTn_wj8b-AVdfrsg8G2kGe-c.roa (raw, json)
Hash identifier:          /LBKlLwbIBKbacLS2ikVYr4ZVEVlpEDZNyP+x24c9v0=
Subject key identifier:   E4:2D:E8:4E:7F:F0:8F:C6:FE:01:57:5F:AE:C8:3C:1B:69:06:7B:E7
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019428250354E3A1D6E7934EB80D4B112BDE
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/5C3oTn_wj8b-AVdfrsg8G2kGe-c.roa
Signing time:             Thu 02 Jan 2025 17:51:41 +0000
ROA not before:           Thu 02 Jan 2025 17:51:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207633
IP address blocks:        194.87.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 16:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:03:54:e3:a1:d6:e7:93:4e:b8:0d:4b:11:2b:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 17:51:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e42de84e7ff08fc6fe01575faec83c1b69067be7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:b0:73:77:98:fc:d3:ef:16:15:19:ea:8f:2e:
                    ae:a6:c7:2c:44:89:3d:0b:e7:60:db:96:ef:92:a0:
                    f4:0d:ea:30:c9:ac:80:76:e1:ca:ec:a3:04:1f:21:
                    be:d1:b8:e5:14:81:13:5e:3c:c0:a0:3c:fc:51:a1:
                    16:56:32:19:ef:88:bb:8a:be:ca:52:e5:5b:75:b7:
                    77:79:e3:b5:ae:33:f3:cb:16:3d:90:53:9f:9e:ca:
                    43:97:2e:46:94:e9:a1:24:08:80:38:6e:f4:1f:1a:
                    e2:7f:b2:e8:c9:47:ab:2d:15:81:e6:c8:e0:c2:3d:
                    74:f0:71:6c:60:c6:c8:cc:b2:91:c0:d2:32:da:a5:
                    af:24:69:ae:62:dc:ee:02:e0:62:1a:aa:7d:f7:a2:
                    62:85:8f:bd:40:26:92:71:df:3f:65:45:a5:37:3a:
                    09:f9:d5:c8:f3:e2:24:8b:b4:21:0d:c0:c5:24:82:
                    a3:b2:14:58:b6:8e:28:fe:f3:80:0c:1c:58:2c:09:
                    30:32:b3:c3:da:fa:0e:fa:b3:20:df:93:46:7a:5f:
                    4c:1e:37:3a:f2:9b:48:05:cb:7a:8e:a1:a2:a3:33:
                    c1:52:f5:c7:8c:88:4b:c6:f3:f6:cf:d1:72:77:47:
                    1b:25:f6:5e:4e:06:2d:9d:63:bb:49:9e:39:33:48:
                    6f:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:2D:E8:4E:7F:F0:8F:C6:FE:01:57:5F:AE:C8:3C:1B:69:06:7B:E7
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/5C3oTn_wj8b-AVdfrsg8G2kGe-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:91:27:bd:d5:b2:a2:7d:48:b8:de:0e:9a:f7:9e:ad:12:e4:
         63:a2:97:2a:87:38:b4:c4:b8:b5:d7:5f:68:fe:07:e6:09:f5:
         89:c9:74:47:44:9d:07:c7:0d:b1:ba:3a:f9:a7:3f:bf:3d:bb:
         cd:55:12:fe:9c:4d:a6:5a:84:3d:16:6b:32:f4:0b:69:20:0a:
         c6:a2:05:29:92:a1:bf:e2:26:2e:b8:f5:93:0b:1c:e6:c8:06:
         80:d5:d4:2f:6f:f6:27:d2:c6:02:d1:c0:cf:86:42:5f:73:46:
         b4:fc:e6:6e:ba:b6:8f:d2:1b:b2:c9:b4:4a:15:fc:20:24:9b:
         bb:37:9e:d2:c2:fd:4b:34:ae:e0:0b:9c:8f:bf:03:b4:b7:3e:
         2b:34:04:6a:a0:04:82:4d:12:33:14:29:94:88:b1:f8:6c:2f:
         14:ae:29:de:88:bf:26:ea:c5:bc:0a:3c:d8:2b:3e:da:b7:91:
         b0:50:85:a2:3f:2b:24:7a:6e:5a:87:65:82:8e:6a:67:99:46:
         cf:92:15:11:6d:e8:34:e0:eb:aa:bc:00:7a:e0:4a:31:b3:a2:
         20:74:c3:45:75:56:f1:16:ae:4e:40:a7:30:66:c2:d2:6c:c7:
         7a:7c:5c:37:7f:09:3d:c1:0b:da:6e:a1:b5:c1:7a:e8:84:ae:
         7e:6b:ff:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJQNU46HW55NOuA1LESveMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDJkZTg0ZTdmZjA4ZmM2ZmUwMTU3NWZhZWM4M2MxYjY5MDY3YmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8rBzd5j80+8WFRnqjy6upscsRIk9
C+dg25bvkqD0DeowyayAduHK7KMEHyG+0bjlFIETXjzAoDz8UaEWVjIZ74i7ir7K
UuVbdbd3eeO1rjPzyxY9kFOfnspDly5GlOmhJAiAOG70Hxrif7LoyUerLRWB5sjg
wj108HFsYMbIzLKRwNIy2qWvJGmuYtzuAuBiGqp996JihY+9QCaScd8/ZUWlNzoJ
+dXI8+Iki7QhDcDFJIKjshRYto4o/vOADBxYLAkwMrPD2voO+rMg35NGel9MHjc6
8ptIBct6jqGiozPBUvXHjIhLxvP2z9Fyd0cbJfZeTgYtnWO7SZ45M0hvMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOQt6E5/8I/G/gFXX67IPBtpBnvnMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvNUMzb1RuX3dqOGItQVZkZnJzZzhHMmtHZS1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwle8MA0G
CSqGSIb3DQEBCwUAA4IBAQCRkSe91bKifUi43g6a956tEuRjopcqhzi0xLi1119o
/gfmCfWJyXRHRJ0Hxw2xujr5pz+/PbvNVRL+nE2mWoQ9Fmsy9AtpIArGogUpkqG/
4iYuuPWTCxzmyAaA1dQvb/Yn0sYC0cDPhkJfc0a0/OZuuraP0huyybRKFfwgJJu7
N57Swv1LNK7gC5yPvwO0tz4rNARqoASCTRIzFCmUiLH4bC8UrineiL8m6sW8CjzY
Kz7at5GwUIWiPyskem5ah2WCjmpnmUbPkhURbeg04OuqvAB64Eoxs6IgdMNFdVbx
Fq5OQKcwZsLSbMd6fFw3fwk9wQvabqG1wXrohK5+a/9s
-----END CERTIFICATE-----