Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/6DeOlfzkuWcA1Vqqe747sVNs_oo.roa
File:                     6DeOlfzkuWcA1Vqqe747sVNs_oo.roa (raw, json)
Hash identifier:          aOfqqvIdQp2n76fu1MBqnyxr/94VasR2SC0pvdhb+xE=
Subject key identifier:   E8:37:8E:95:FC:E4:B9:67:00:D5:5A:AA:7B:BE:3B:B1:53:6C:FE:8A
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01932E115CCBB7A6C1148C929505C9E6A856
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/6DeOlfzkuWcA1Vqqe747sVNs_oo.roa
Signing time:             Fri 15 Nov 2024 04:25:10 +0000
ROA not before:           Fri 15 Nov 2024 04:25:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212667
IP address blocks:        195.133.86.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:2e:11:5c:cb:b7:a6:c1:14:8c:92:95:05:c9:e6:a8:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Nov 15 04:25:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8378e95fce4b96700d55aaa7bbe3bb1536cfe8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:9b:62:43:37:a8:2b:2b:23:71:fe:0a:e2:d0:
                    eb:40:70:1b:97:a1:80:b3:f3:4d:5f:a8:b3:34:21:
                    63:ee:ca:b8:b9:29:20:59:18:5b:d3:fa:81:ee:96:
                    85:e5:1a:92:4a:21:2a:8e:ba:a5:7a:63:8d:ca:1b:
                    99:4f:47:32:e4:92:89:52:0a:9e:a6:4b:a1:02:33:
                    f4:2e:3a:15:47:7d:3c:9e:36:a1:9b:19:85:7b:bf:
                    a6:76:1b:e2:31:b2:bd:13:48:2f:62:28:cf:db:1b:
                    8b:12:b7:cf:40:39:6d:81:4c:23:a2:3d:94:7e:d0:
                    8e:a9:67:07:5d:0d:62:b4:88:12:18:f5:07:be:20:
                    a1:9c:03:e1:61:37:83:9f:20:b8:90:ee:c7:1b:2e:
                    79:52:42:b6:4d:6c:ef:db:61:a5:1d:ac:6d:6d:f2:
                    31:9c:77:60:cb:7f:2b:22:ee:bb:7f:b0:e6:83:ed:
                    63:98:7a:c8:c2:43:95:05:cc:cd:e5:d0:68:ab:be:
                    73:24:84:e6:86:a0:e4:92:32:d8:3d:49:94:a5:12:
                    b4:57:d0:db:95:e6:09:09:67:19:79:e8:45:40:39:
                    e9:c6:47:23:d6:4c:e0:9f:4b:03:4e:7d:63:77:c7:
                    90:45:36:56:f2:d2:d2:c0:65:63:07:98:f7:48:a3:
                    bb:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:37:8E:95:FC:E4:B9:67:00:D5:5A:AA:7B:BE:3B:B1:53:6C:FE:8A
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/6DeOlfzkuWcA1Vqqe747sVNs_oo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.133.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:2c:51:e0:34:63:c5:6a:12:f4:b1:59:e7:12:7d:42:da:62:
         c6:da:b4:2d:5e:f2:bc:a3:f3:cb:31:af:6f:f6:7e:3d:f5:18:
         55:44:41:39:54:fe:9b:02:31:73:1d:5a:a2:1c:f9:ce:ba:88:
         b0:66:4d:25:58:d6:07:a3:55:8e:23:72:1d:9c:42:2f:1b:94:
         5f:e1:90:cb:ce:4e:b2:d7:94:5b:ed:a3:fc:d4:4f:00:51:0e:
         89:77:1b:72:f2:e9:06:31:65:39:83:86:ae:9f:85:5c:fb:f5:
         f2:2a:63:f6:75:1f:39:7e:f1:27:ec:be:d1:85:f1:6b:47:72:
         c6:93:0c:22:e6:da:25:a3:b3:93:94:b8:9a:c7:f5:38:3e:5a:
         01:66:24:33:1b:7e:5d:39:16:0f:04:a7:07:8e:4e:0c:24:9d:
         5d:6b:44:d6:92:48:5c:dc:f8:6b:25:0b:07:5e:2e:00:2a:81:
         11:89:70:d3:dc:a5:84:79:5b:ca:3a:37:95:b7:c6:3a:c5:67:
         16:49:87:c5:8b:84:0f:bd:8a:8d:73:68:fe:be:69:25:cd:00:
         e6:26:a7:63:27:f6:26:3c:20:be:19:e5:9a:30:84:48:e2:60:
         70:70:12:f1:eb:c1:75:92:d1:bd:59:87:6e:5c:e6:86:09:ac:
         a6:ac:15:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMuEVzLt6bBFIySlQXJ5qhWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMTE1MDQyNTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODM3OGU5NWZjZTRiOTY3MDBkNTVhYWE3YmJlM2JiMTUzNmNmZThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvptiQzeoKysjcf4K4tDrQHAbl6GA
s/NNX6izNCFj7sq4uSkgWRhb0/qB7paF5RqSSiEqjrqlemONyhuZT0cy5JKJUgqe
pkuhAjP0LjoVR308njahmxmFe7+mdhviMbK9E0gvYijP2xuLErfPQDltgUwjoj2U
ftCOqWcHXQ1itIgSGPUHviChnAPhYTeDnyC4kO7HGy55UkK2TWzv22GlHaxtbfIx
nHdgy38rIu67f7Dmg+1jmHrIwkOVBczN5dBoq75zJITmhqDkkjLYPUmUpRK0V9Db
leYJCWcZeehFQDnpxkcj1kzgn0sDTn1jd8eQRTZW8tLSwGVjB5j3SKO7RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOg3jpX85LlnANVaqnu+O7FTbP6KMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvNkRlT2xmemt1V2NBMVZxcWU3NDdzVk5zX29vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4VWMA0G
CSqGSIb3DQEBCwUAA4IBAQCLLFHgNGPFahL0sVnnEn1C2mLG2rQtXvK8o/PLMa9v
9n499RhVREE5VP6bAjFzHVqiHPnOuoiwZk0lWNYHo1WOI3IdnEIvG5Rf4ZDLzk6y
15Rb7aP81E8AUQ6Jdxty8ukGMWU5g4aun4Vc+/XyKmP2dR85fvEn7L7RhfFrR3LG
kwwi5tolo7OTlLiax/U4PloBZiQzG35dORYPBKcHjk4MJJ1da0TWkkhc3PhrJQsH
Xi4AKoERiXDT3KWEeVvKOjeVt8Y6xWcWSYfFi4QPvYqNc2j+vmklzQDmJqdjJ/Ym
PCC+GeWaMIRI4mBwcBLx68F1ktG9WYduXOaGCaymrBVn
-----END CERTIFICATE-----