Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/EZOGsopTLNxHHweQrNzHQMHE5qs.roa
File:                     EZOGsopTLNxHHweQrNzHQMHE5qs.roa (raw, json)
Hash identifier:          ND047Xo809aDgpmUEv6F9f9sjQo+7tFfZ2FOky73uTY=
Subject key identifier:   11:93:86:B2:8A:53:2C:DC:47:1F:07:90:AC:DC:C7:40:C1:C4:E6:AB
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018D72904FA00C138B53E11ADCE7C79D6784
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/EZOGsopTLNxHHweQrNzHQMHE5qs.roa
Signing time:             Sun 04 Feb 2024 05:21:16 +0000
ROA not before:           Sun 04 Feb 2024 05:21:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212042
IP address blocks:        195.133.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:72:90:4f:a0:0c:13:8b:53:e1:1a:dc:e7:c7:9d:67:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Feb  4 05:21:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=119386b28a532cdc471f0790acdcc740c1c4e6ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:ff:1b:97:bd:84:f4:e7:8b:99:ca:56:08:1f:
                    68:8d:68:a9:8d:a6:71:8a:be:b3:cd:fe:be:1f:b0:
                    45:2f:ba:1e:a3:8c:0a:fa:f1:02:ae:4d:6b:a7:77:
                    b7:1e:49:4e:5f:41:14:84:bd:52:25:53:46:9c:80:
                    69:f0:95:7c:45:b3:0b:bc:12:fe:45:f1:90:71:43:
                    e4:dd:18:21:40:ee:54:16:3d:3e:ea:0c:0e:2d:d7:
                    4b:25:c4:4f:9d:e3:ef:58:21:f6:42:c1:c7:6c:10:
                    0e:b6:3f:6b:d7:86:32:db:e1:8d:9b:5f:ec:97:e5:
                    0c:d1:98:cb:82:47:7a:ff:ef:5b:53:b1:e1:6f:5a:
                    cb:81:ff:21:85:07:b5:22:43:4c:a6:08:a5:05:da:
                    37:60:8b:9f:9e:ed:b8:f2:f4:fd:c0:80:a1:86:5c:
                    87:eb:2e:55:d3:0d:87:c4:8b:a9:8c:85:6a:89:c5:
                    2b:61:25:4e:cc:05:59:71:34:38:05:7c:7c:ef:3d:
                    11:2b:31:83:1c:2f:7a:21:16:dc:1f:67:0d:73:90:
                    dd:65:fe:f9:8d:30:73:87:0c:58:1d:b7:a0:92:77:
                    a7:b6:12:09:83:87:2f:92:eb:c2:99:e8:00:43:ac:
                    19:d9:77:2e:96:b2:e1:f2:17:19:bb:b7:98:01:fa:
                    98:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:93:86:B2:8A:53:2C:DC:47:1F:07:90:AC:DC:C7:40:C1:C4:E6:AB
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/EZOGsopTLNxHHweQrNzHQMHE5qs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.133.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:db:8a:e3:75:ea:7b:02:86:5c:f0:25:1c:8d:27:bc:17:30:
         12:0b:1e:8a:da:ba:2f:9f:09:84:7f:87:08:a2:82:c5:94:cb:
         a5:05:31:c0:df:5f:8b:34:b6:72:33:d0:02:e9:1b:16:3c:0c:
         4b:0a:ba:52:27:93:b9:fd:f4:23:f7:dc:61:d0:ef:88:ce:52:
         a9:f6:13:04:bc:94:89:fc:c5:2c:92:64:fb:bb:b5:c7:90:05:
         56:de:03:b9:07:df:77:ad:48:55:87:0e:33:52:0c:6c:52:22:
         69:e6:d6:d8:d3:f8:bd:16:a1:8f:06:dd:01:b3:26:b7:d2:5d:
         b4:1b:e1:a0:f1:7d:74:30:e2:7d:ca:9e:c3:ee:02:e2:36:6d:
         29:60:e6:91:1b:09:aa:b3:b1:06:70:b5:e2:c4:e2:92:ae:6c:
         9f:0b:c5:b7:7f:5b:a5:3f:b9:e6:21:76:f8:de:c1:94:16:57:
         8c:a2:28:5f:4c:de:ef:c5:50:44:42:7f:15:33:72:29:24:41:
         9c:36:bc:05:0f:a5:ca:0b:8d:c2:6a:cb:65:7c:23:70:c5:d9:
         c9:e7:cf:2c:92:23:74:c8:a1:7b:d1:f1:ea:7c:f2:43:1d:d7:
         94:3a:86:a4:4f:c6:16:07:8d:15:61:92:7f:f1:05:3c:ef:36:
         30:b5:44:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1ykE+gDBOLU+Ea3OfHnWeEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMjA0MDUyMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTkzODZiMjhhNTMyY2RjNDcxZjA3OTBhY2RjYzc0MGMxYzRlNmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnP8bl72E9OeLmcpWCB9ojWipjaZx
ir6zzf6+H7BFL7oeo4wK+vECrk1rp3e3HklOX0EUhL1SJVNGnIBp8JV8RbMLvBL+
RfGQcUPk3RghQO5UFj0+6gwOLddLJcRPnePvWCH2QsHHbBAOtj9r14Yy2+GNm1/s
l+UM0ZjLgkd6/+9bU7Hhb1rLgf8hhQe1IkNMpgilBdo3YIufnu248vT9wIChhlyH
6y5V0w2HxIupjIVqicUrYSVOzAVZcTQ4BXx87z0RKzGDHC96IRbcH2cNc5DdZf75
jTBzhwxYHbegknenthIJg4cvkuvCmegAQ6wZ2XculrLh8hcZu7eYAfqYYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBGThrKKUyzcRx8HkKzcx0DBxOarMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvRVpPR3NvcFRMTnhISHdlUXJOekhRTUhFNXFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4UlMA0G
CSqGSIb3DQEBCwUAA4IBAQCV24rjdep7AoZc8CUcjSe8FzASCx6K2rovnwmEf4cI
ooLFlMulBTHA31+LNLZyM9AC6RsWPAxLCrpSJ5O5/fQj99xh0O+IzlKp9hMEvJSJ
/MUskmT7u7XHkAVW3gO5B993rUhVhw4zUgxsUiJp5tbY0/i9FqGPBt0Bsya30l20
G+Gg8X10MOJ9yp7D7gLiNm0pYOaRGwmqs7EGcLXixOKSrmyfC8W3f1ulP7nmIXb4
3sGUFleMoihfTN7vxVBEQn8VM3IpJEGcNrwFD6XKC43CastlfCNwxdnJ588skiN0
yKF70fHqfPJDHdeUOoakT8YWB40VYZJ/8QU87zYwtUR7
-----END CERTIFICATE-----