Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/B_SclRJF3bD6tpSM9Jnfz3QF5Xg.roa
File:                     B_SclRJF3bD6tpSM9Jnfz3QF5Xg.roa (raw, json)
Hash identifier:          f8bzZ7ilgMThvvVTQQyYPRrpqnMOfq5BWKKzG7bsVIM=
Subject key identifier:   07:F4:9C:95:12:45:DD:B0:FA:B6:94:8C:F4:99:DF:CF:74:05:E5:78
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018CCA2A818F8DF403535B98F2ACE7F224EA
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/B_SclRJF3bD6tpSM9Jnfz3QF5Xg.roa
Signing time:             Tue 02 Jan 2024 12:33:52 +0000
ROA not before:           Tue 02 Jan 2024 12:33:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199785
IP address blocks:        212.192.31.0/24 maxlen: 24
                          194.87.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:81:8f:8d:f4:03:53:5b:98:f2:ac:e7:f2:24:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 12:33:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07f49c951245ddb0fab6948cf499dfcf7405e578
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:64:41:8f:65:5c:6c:77:57:b1:ff:75:82:28:
                    69:0a:e6:7a:90:d2:5a:1a:13:a4:0a:98:9f:15:2d:
                    77:1c:2e:f2:e7:4b:75:a7:39:52:51:8e:37:21:f5:
                    9a:15:9c:c5:6d:a2:93:de:44:e5:9d:b2:32:da:69:
                    e1:6f:3c:45:2e:ec:8f:0f:63:b7:c7:81:3e:b8:a7:
                    ab:c8:ae:a6:40:c7:26:7a:ea:17:cc:e4:ef:d6:4c:
                    cd:49:f4:d7:15:cd:95:1d:59:b9:74:8c:e3:01:92:
                    d9:2e:51:a6:76:3f:27:15:10:cf:ab:f2:a6:0e:8d:
                    a4:55:99:f9:79:27:5a:5a:36:e1:d1:ba:e2:7c:47:
                    3b:c7:a1:7e:a5:88:9c:9f:a4:a3:00:d3:75:01:e0:
                    a6:5a:e2:ea:43:c1:51:41:e8:cb:df:ad:5b:e8:02:
                    51:77:d2:54:b5:d5:e1:50:f3:fc:bf:dc:41:f9:01:
                    5e:69:22:09:c9:5c:fa:dd:a1:b1:5a:86:95:b4:3b:
                    16:b0:49:57:a4:7d:cb:5d:2f:da:71:22:7d:4e:f7:
                    b7:63:77:93:14:0d:c3:61:30:7b:ec:fc:f4:19:41:
                    ae:4b:54:b0:ca:d1:33:52:58:ae:28:a2:2c:60:6f:
                    24:87:45:30:d0:c4:bc:f7:35:cf:52:37:ef:e1:a0:
                    71:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:F4:9C:95:12:45:DD:B0:FA:B6:94:8C:F4:99:DF:CF:74:05:E5:78
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/B_SclRJF3bD6tpSM9Jnfz3QF5Xg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.199.0/24
                  212.192.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:6e:86:5b:96:da:2b:b3:eb:05:e6:7f:01:aa:6a:72:ca:2e:
         7b:bb:57:47:2c:bd:64:c9:07:21:f9:e2:4e:d9:e7:38:c1:1b:
         81:a1:35:ef:ea:c8:3d:d4:44:46:75:2b:f8:cd:88:b1:4e:0f:
         74:28:13:28:3c:35:bf:12:30:78:11:69:db:a1:0c:85:fb:39:
         85:f4:3d:fb:75:da:12:56:fb:90:29:1e:7e:d8:9a:d2:da:13:
         89:79:7b:b8:69:da:98:dc:6f:d8:22:3f:e5:d5:c4:7c:6c:05:
         aa:ef:6d:0a:6e:9c:4a:ec:8c:77:25:30:64:72:05:27:05:87:
         d4:89:1c:ef:dd:67:d4:3d:7a:2a:1f:7f:86:0a:1e:23:b5:54:
         d5:83:40:0c:4d:cf:64:68:d2:3e:c4:6f:23:94:0f:bb:1d:28:
         dc:bb:fa:df:b1:f0:55:6c:89:ba:2f:62:76:d2:9e:e3:6b:35:
         99:56:56:96:4b:5b:e3:8e:58:70:5a:a3:2d:4d:86:8c:89:09:
         0c:1a:4f:dc:a5:66:95:5a:ad:e7:46:23:b9:f5:87:c4:8a:af:
         cd:64:1d:08:c6:3a:67:05:ee:2d:67:77:21:53:b3:0b:a9:e8:
         19:5c:1d:75:73:06:b6:6a:90:39:46:10:29:82:b8:b3:f2:29:
         ed:80:14:54
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKoGPjfQDU1uY8qzn8iTqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMTAyMTIzMzUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2Y0OWM5NTEyNDVkZGIwZmFiNjk0OGNmNDk5ZGZjZjc0MDVlNTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGRBj2VcbHdXsf91gihpCuZ6kNJa
GhOkCpifFS13HC7y50t1pzlSUY43IfWaFZzFbaKT3kTlnbIy2mnhbzxFLuyPD2O3
x4E+uKeryK6mQMcmeuoXzOTv1kzNSfTXFc2VHVm5dIzjAZLZLlGmdj8nFRDPq/Km
Do2kVZn5eSdaWjbh0brifEc7x6F+pYicn6SjANN1AeCmWuLqQ8FRQejL361b6AJR
d9JUtdXhUPP8v9xB+QFeaSIJyVz63aGxWoaVtDsWsElXpH3LXS/acSJ9Tve3Y3eT
FA3DYTB77Pz0GUGuS1SwytEzUliuKKIsYG8kh0Uw0MS89zXPUjfv4aBxvQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAf0nJUSRd2w+raUjPSZ3890BeV4MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvQl9TY2xSSkYzYkQ2dHBTTTlKbmZ6M1FGNVhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwlfHAwQA
1MAfMA0GCSqGSIb3DQEBCwUAA4IBAQA3boZbltors+sF5n8Bqmpyyi57u1dHLL1k
yQch+eJO2ec4wRuBoTXv6sg91ERGdSv4zYixTg90KBMoPDW/EjB4EWnboQyF+zmF
9D37ddoSVvuQKR5+2JrS2hOJeXu4adqY3G/YIj/l1cR8bAWq720KbpxK7Ix3JTBk
cgUnBYfUiRzv3WfUPXoqH3+GCh4jtVTVg0AMTc9kaNI+xG8jlA+7HSjcu/rfsfBV
bIm6L2J20p7jazWZVlaWS1vjjlhwWqMtTYaMiQkMGk/cpWaVWq3nRiO59YfEiq/N
ZB0IxjpnBe4tZ3chU7MLqegZXB11cwa2apA5RhApgriz8intgBRU
-----END CERTIFICATE-----