Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/EZJmXdF24BxjXkXEgJ7XulqBbGg.roa
File:                     EZJmXdF24BxjXkXEgJ7XulqBbGg.roa (raw, json)
Hash identifier:          7MmMpKZJJ6iNbFpDNYT5NX75nUDQshSyYdBCn1eSMXg=
Subject key identifier:   11:92:66:5D:D1:76:E0:1C:63:5E:45:C4:80:9E:D7:BA:5A:81:6C:68
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018CCA2A7184D3F44BA4D29CDAF950EB4DBE
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/EZJmXdF24BxjXkXEgJ7XulqBbGg.roa
Signing time:             Tue 02 Jan 2024 12:33:48 +0000
ROA not before:           Tue 02 Jan 2024 12:33:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24961
IP address blocks:        194.87.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:71:84:d3:f4:4b:a4:d2:9c:da:f9:50:eb:4d:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 12:33:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1192665dd176e01c635e45c4809ed7ba5a816c68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:90:ff:bd:6f:99:0d:dd:e8:24:ec:c6:5c:13:
                    07:20:04:4f:1c:61:47:d1:4e:a0:a0:5e:30:7f:b6:
                    dd:34:94:2c:50:37:05:b2:73:76:90:03:86:4f:9a:
                    ff:43:55:6a:53:06:5b:15:cb:64:d8:31:3f:ee:77:
                    cc:a4:0d:b8:09:4d:bc:6f:6c:ef:34:ee:d4:f6:f6:
                    9a:51:3d:f7:27:ca:4f:55:eb:1a:68:7c:f7:2e:17:
                    08:67:36:56:b4:74:b7:49:9e:53:4d:1b:dc:16:61:
                    c0:4f:39:aa:93:17:ec:42:69:d9:4a:e8:2d:38:4d:
                    11:32:d8:aa:3d:0b:fc:5d:4a:37:1c:79:9e:39:75:
                    10:ac:f4:72:af:8b:23:6b:4e:b1:c9:c4:56:88:8f:
                    59:4d:6c:60:fe:45:5d:47:6e:9b:a4:b4:3f:d6:f5:
                    e7:16:2e:18:02:06:9e:3b:d9:90:a5:3a:64:50:0f:
                    1f:92:84:3c:e1:a5:56:ce:22:07:50:77:3a:5b:67:
                    01:9a:f3:91:28:49:24:5e:36:ac:df:c1:ae:43:16:
                    13:71:1c:58:fc:07:7f:3e:00:a8:1f:95:01:da:27:
                    f1:4f:22:5e:f7:38:6c:8c:bf:3d:df:f5:ff:98:51:
                    fa:39:40:42:f8:39:3c:83:4a:8d:6b:71:40:27:54:
                    34:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:92:66:5D:D1:76:E0:1C:63:5E:45:C4:80:9E:D7:BA:5A:81:6C:68
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/EZJmXdF24BxjXkXEgJ7XulqBbGg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:41:ec:23:a9:33:41:4e:af:65:df:23:4f:4c:12:63:01:c1:
         82:0e:70:a4:07:59:17:d0:78:bc:6f:73:7c:e1:0b:2c:f9:4b:
         b0:d9:ee:86:58:d0:fe:d9:2f:95:24:75:05:e3:4e:33:e1:b7:
         43:4c:44:44:44:f0:08:9f:a4:ba:f5:e9:fc:be:cd:10:79:35:
         7c:9a:a8:51:b5:cb:c4:15:68:94:b6:00:b9:42:bf:c6:e1:3d:
         45:49:22:dd:a2:5c:8d:15:0d:0e:52:4d:2d:45:31:e2:e1:33:
         4a:15:c0:38:73:d4:8d:d7:ff:e0:43:22:ad:5e:d4:83:04:9d:
         0f:5a:db:4b:c0:92:68:0c:61:73:c0:48:87:c3:5a:ad:8f:97:
         da:bb:60:e8:9d:d1:6c:d4:7b:88:cd:00:a9:45:96:be:f0:ba:
         a5:77:ed:35:48:f2:b8:08:f5:63:05:d1:2e:33:6a:34:eb:f5:
         a4:c0:26:78:de:37:23:a4:6e:7a:01:84:cc:91:c5:7f:eb:18:
         8b:ac:43:fa:2f:3e:a0:22:fc:c7:c8:d1:35:9b:d8:a2:8f:90:
         1c:d5:18:fd:6d:63:ee:40:ae:14:36:76:84:f3:11:8a:ea:78:
         80:39:ce:2f:a9:8d:d9:6c:2b:f8:5e:a9:e0:67:e0:32:67:64:
         35:4f:16:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKnGE0/RLpNKc2vlQ602+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMTAyMTIzMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTkyNjY1ZGQxNzZlMDFjNjM1ZTQ1YzQ4MDllZDdiYTVhODE2YzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5D/vW+ZDd3oJOzGXBMHIARPHGFH
0U6goF4wf7bdNJQsUDcFsnN2kAOGT5r/Q1VqUwZbFctk2DE/7nfMpA24CU28b2zv
NO7U9vaaUT33J8pPVesaaHz3LhcIZzZWtHS3SZ5TTRvcFmHATzmqkxfsQmnZSugt
OE0RMtiqPQv8XUo3HHmeOXUQrPRyr4sja06xycRWiI9ZTWxg/kVdR26bpLQ/1vXn
Fi4YAgaeO9mQpTpkUA8fkoQ84aVWziIHUHc6W2cBmvORKEkkXjas38GuQxYTcRxY
/Ad/PgCoH5UB2ifxTyJe9zhsjL893/X/mFH6OUBC+Dk8g0qNa3FAJ1Q03QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBGSZl3RduAcY15FxICe17pagWxoMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvRVpKbVhkRjI0QnhqWGtYRWdKN1h1bHFCYkdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlcEMA0G
CSqGSIb3DQEBCwUAA4IBAQBkQewjqTNBTq9l3yNPTBJjAcGCDnCkB1kX0Hi8b3N8
4Qss+Uuw2e6GWND+2S+VJHUF404z4bdDTERERPAIn6S69en8vs0QeTV8mqhRtcvE
FWiUtgC5Qr/G4T1FSSLdolyNFQ0OUk0tRTHi4TNKFcA4c9SN1//gQyKtXtSDBJ0P
WttLwJJoDGFzwEiHw1qtj5fau2DondFs1HuIzQCpRZa+8Lqld+01SPK4CPVjBdEu
M2o06/WkwCZ43jcjpG56AYTMkcV/6xiLrEP6Lz6gIvzHyNE1m9iij5Ac1Rj9bWPu
QK4UNnaE8xGK6niAOc4vqY3ZbCv4XqngZ+AyZ2Q1TxZr
-----END CERTIFICATE-----