Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/DhBsSCHgwkZZ09doz1g0kY7yBLE.roa
File:                     DhBsSCHgwkZZ09doz1g0kY7yBLE.roa (raw, json)
Hash identifier:          j+L0nmHqcLzjZqsH+Df+srQyHB5UadinUmOK2++sGLk=
Subject key identifier:   0E:10:6C:48:21:E0:C2:46:59:D3:D7:68:CF:58:34:91:8E:F2:04:B1
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01915A4FB9453FBF99E4CA8419E8DB1841A9
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/DhBsSCHgwkZZ09doz1g0kY7yBLE.roa
Signing time:             Fri 16 Aug 2024 08:30:59 +0000
ROA not before:           Fri 16 Aug 2024 08:30:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198231
IP address blocks:        194.87.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:5a:4f:b9:45:3f:bf:99:e4:ca:84:19:e8:db:18:41:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Aug 16 08:30:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e106c4821e0c24659d3d768cf5834918ef204b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:6e:4c:5a:c3:a2:ef:4b:0e:b4:9b:44:cd:f2:
                    2d:d3:63:0f:5c:a4:11:40:69:04:77:0d:83:e2:2a:
                    43:2a:78:81:4e:ea:29:36:c8:73:ec:7d:7e:6b:3c:
                    42:5c:52:c5:78:3c:d7:ae:47:fc:45:af:27:39:db:
                    e4:39:16:5f:7b:72:2c:dd:73:62:49:a0:9b:aa:6c:
                    d6:a8:42:35:ac:2f:33:52:7c:ce:7d:a8:5d:ce:e0:
                    ab:b3:06:0e:0e:d8:3b:4b:af:7b:3d:eb:c2:a7:0e:
                    e4:b1:4c:89:d4:e2:6b:fe:b5:6f:2f:9e:ca:e8:ea:
                    2b:4d:17:11:9f:9c:85:1c:c1:a3:b1:46:93:fd:8f:
                    3d:13:43:3d:fc:06:94:9b:8c:dc:43:16:5c:91:82:
                    2d:9b:12:41:d9:6e:38:a8:f1:d9:d3:23:f4:c1:80:
                    95:82:7d:58:d8:ef:f9:21:61:01:0a:82:05:55:8a:
                    3f:11:53:45:a4:a7:10:bc:fd:a0:5a:30:ef:b8:17:
                    a7:18:12:a2:3f:57:64:96:57:7e:ad:7e:29:c1:06:
                    99:5a:44:08:08:14:57:74:f7:de:98:db:48:b2:5f:
                    1a:e7:7c:3f:69:6f:37:9b:aa:8e:46:cf:d7:28:7c:
                    d0:d4:85:2b:e4:5f:8d:93:f9:0c:8e:bb:96:5c:3f:
                    0d:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:10:6C:48:21:E0:C2:46:59:D3:D7:68:CF:58:34:91:8E:F2:04:B1
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/DhBsSCHgwkZZ09doz1g0kY7yBLE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:6f:f1:a3:b3:6d:9b:6a:95:aa:74:4d:e3:e3:82:b2:0f:b3:
         d6:b0:69:f1:fd:b2:59:06:36:ee:e3:62:94:01:95:64:d1:c5:
         56:1b:ea:5d:cb:ff:c5:34:b1:99:94:92:ca:10:b9:12:24:c2:
         52:88:c4:08:6b:71:dc:d2:2e:d1:00:43:d3:c7:38:d0:26:61:
         f6:cc:e2:f9:33:ba:4a:f2:10:81:24:a0:f3:84:87:c0:90:3d:
         d0:58:61:20:26:dd:ce:e5:43:d6:5c:5e:91:c8:dd:0e:ac:3a:
         2b:d6:9f:f6:a3:f7:e2:79:e1:f5:c8:9d:01:b4:af:71:e9:07:
         3f:dc:0e:79:aa:48:80:c7:57:d3:36:f6:83:03:3b:0f:ff:bd:
         83:60:3a:5c:f1:34:81:64:8e:21:68:8e:a8:11:17:8a:62:8d:
         f0:5c:ed:1f:a3:57:87:e8:88:e3:2f:0b:42:30:2f:57:d8:fe:
         5d:c4:49:97:6c:c3:38:19:db:6f:5b:85:8d:87:ac:d6:d4:e0:
         12:06:32:c6:7c:eb:50:50:47:ad:d5:fa:f9:9d:05:e1:1c:7f:
         5a:fe:04:55:8f:9d:ff:d2:3b:cf:be:fc:96:2a:71:c4:d1:91:
         f8:77:25:7c:fe:12:aa:02:6d:d9:c6:50:20:92:cb:94:d6:c6:
         a7:31:7f:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFaT7lFP7+Z5MqEGejbGEGpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwODE2MDgzMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTEwNmM0ODIxZTBjMjQ2NTlkM2Q3NjhjZjU4MzQ5MThlZjIwNGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlm5MWsOi70sOtJtEzfIt02MPXKQR
QGkEdw2D4ipDKniBTuopNshz7H1+azxCXFLFeDzXrkf8Ra8nOdvkORZfe3Is3XNi
SaCbqmzWqEI1rC8zUnzOfahdzuCrswYODtg7S697PevCpw7ksUyJ1OJr/rVvL57K
6OorTRcRn5yFHMGjsUaT/Y89E0M9/AaUm4zcQxZckYItmxJB2W44qPHZ0yP0wYCV
gn1Y2O/5IWEBCoIFVYo/EVNFpKcQvP2gWjDvuBenGBKiP1dklld+rX4pwQaZWkQI
CBRXdPfemNtIsl8a53w/aW83m6qORs/XKHzQ1IUr5F+Nk/kMjruWXD8NzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA4QbEgh4MJGWdPXaM9YNJGO8gSxMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvRGhCc1NDSGd3a1paMDlkb3oxZzBrWTd5QkxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlc0MA0G
CSqGSIb3DQEBCwUAA4IBAQB6b/Gjs22bapWqdE3j44KyD7PWsGnx/bJZBjbu42KU
AZVk0cVWG+pdy//FNLGZlJLKELkSJMJSiMQIa3Hc0i7RAEPTxzjQJmH2zOL5M7pK
8hCBJKDzhIfAkD3QWGEgJt3O5UPWXF6RyN0OrDor1p/2o/fieeH1yJ0BtK9x6Qc/
3A55qkiAx1fTNvaDAzsP/72DYDpc8TSBZI4haI6oEReKYo3wXO0fo1eH6IjjLwtC
MC9X2P5dxEmXbMM4GdtvW4WNh6zW1OASBjLGfOtQUEet1fr5nQXhHH9a/gRVj53/
0jvPvvyWKnHE0ZH4dyV8/hKqAm3ZxlAgksuU1sanMX/e
-----END CERTIFICATE-----