Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Inrm1KN0-sv9idTO-Vnh9mpGUGE.roa
File:                     Inrm1KN0-sv9idTO-Vnh9mpGUGE.roa (raw, json)
Hash identifier:          WkSrH8lr4qe1EUlL2tbeio9rDzEN6x+1f+8mIFeEwIQ=
Subject key identifier:   22:7A:E6:D4:A3:74:FA:CB:FD:89:D4:CE:F9:59:E1:F6:6A:46:50:61
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018CCA2A7A488DFC4E369BC5990F2E17D6B3
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Inrm1KN0-sv9idTO-Vnh9mpGUGE.roa
Signing time:             Tue 02 Jan 2024 12:33:50 +0000
ROA not before:           Tue 02 Jan 2024 12:33:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50053
IP address blocks:        194.87.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:7a:48:8d:fc:4e:36:9b:c5:99:0f:2e:17:d6:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 12:33:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=227ae6d4a374facbfd89d4cef959e1f66a465061
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:a2:2c:e4:24:78:9f:fc:be:9d:cf:fe:b3:39:
                    9a:4d:a1:c7:b7:83:ce:3e:3b:fc:5e:42:01:e9:5c:
                    4e:d3:02:4f:07:66:60:e6:f9:82:be:17:cd:ca:98:
                    b9:c8:99:d3:00:15:c4:14:ae:b0:b0:39:5f:a7:1e:
                    d1:56:a8:7a:58:c9:1d:a7:fa:c0:fa:4a:f8:4e:c3:
                    43:ca:4d:21:bb:dd:0f:95:86:37:d0:98:9b:aa:fe:
                    1b:fa:dd:b0:d4:f0:1b:b6:84:12:be:63:08:2f:62:
                    c8:8f:a9:2f:63:7c:54:58:51:99:6d:af:26:b4:2e:
                    ec:a3:f1:04:07:6a:e4:33:04:57:20:b2:35:55:b2:
                    93:e0:f7:77:aa:b9:2f:eb:2e:f7:ff:5b:0b:fe:50:
                    c2:b3:8b:2d:30:20:81:f8:9f:a8:52:14:71:02:b8:
                    30:e0:73:c6:e5:a2:7e:48:77:94:1b:0c:85:e4:ff:
                    4d:63:b8:30:58:91:64:eb:5e:18:8c:23:8f:93:87:
                    ce:5f:cb:5c:17:0b:8c:63:82:a4:54:85:8f:3e:ed:
                    cb:d0:03:51:e1:94:14:96:36:f9:6b:d6:86:20:86:
                    ba:52:ec:d5:68:2e:f5:d7:ac:45:53:73:1d:1f:26:
                    ee:d3:ce:20:f3:7a:71:9e:e3:3b:dd:d3:1d:ba:1c:
                    a2:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:7A:E6:D4:A3:74:FA:CB:FD:89:D4:CE:F9:59:E1:F6:6A:46:50:61
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/Inrm1KN0-sv9idTO-Vnh9mpGUGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:3a:c4:be:76:b8:ff:48:3b:c0:5e:d2:55:dd:ad:02:6d:92:
         0d:b8:72:9b:f0:38:b4:1c:11:9b:2a:77:cd:58:6b:66:fc:7d:
         0c:b5:fe:31:82:62:ed:75:71:7a:2a:ae:0f:7f:d2:87:53:17:
         eb:db:7f:79:98:2f:f5:d4:59:19:c4:d8:2d:e9:5d:e8:18:6c:
         25:86:10:ed:5d:b8:91:eb:7b:e9:fa:9d:b6:19:41:89:bc:03:
         1f:5c:23:eb:c7:e9:57:ea:b4:09:69:b1:e3:53:29:b4:3a:94:
         55:96:0c:45:51:91:f9:d9:af:04:bf:29:7e:06:76:e5:d6:b3:
         0b:4e:9c:52:73:4b:e2:cc:60:4b:3f:02:2a:f4:1f:ee:2c:ab:
         a7:18:53:ed:da:c6:81:61:f3:d5:b7:9b:1a:69:a7:69:c1:4d:
         60:65:93:df:d3:82:43:3b:ed:c3:e9:b3:8d:9f:b1:1c:fb:c5:
         22:aa:ce:96:3a:06:67:b1:e7:5c:65:7a:ee:6b:13:72:35:ac:
         df:0d:ff:26:6e:5b:89:c8:86:64:ed:a3:41:28:fa:0e:25:7a:
         6a:ca:d5:cc:da:83:1d:ff:41:80:37:34:fc:99:57:18:ee:38:
         18:1c:b6:a4:5c:fc:6a:db:7f:aa:43:f4:19:f8:46:c9:34:ae:
         37:0d:f1:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKnpIjfxONpvFmQ8uF9azMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMTAyMTIzMzUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjdhZTZkNGEzNzRmYWNiZmQ4OWQ0Y2VmOTU5ZTFmNjZhNDY1MDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkaIs5CR4n/y+nc/+szmaTaHHt4PO
Pjv8XkIB6VxO0wJPB2Zg5vmCvhfNypi5yJnTABXEFK6wsDlfpx7RVqh6WMkdp/rA
+kr4TsNDyk0hu90PlYY30Jibqv4b+t2w1PAbtoQSvmMIL2LIj6kvY3xUWFGZba8m
tC7so/EEB2rkMwRXILI1VbKT4Pd3qrkv6y73/1sL/lDCs4stMCCB+J+oUhRxArgw
4HPG5aJ+SHeUGwyF5P9NY7gwWJFk614YjCOPk4fOX8tcFwuMY4KkVIWPPu3L0ANR
4ZQUljb5a9aGIIa6UuzVaC7116xFU3MdHybu084g83pxnuM73dMduhyiIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCJ65tSjdPrL/YnUzvlZ4fZqRlBhMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvSW5ybTFLTjAtc3Y5aWRUTy1Wbmg5bXBHVUdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlclMA0G
CSqGSIb3DQEBCwUAA4IBAQASOsS+drj/SDvAXtJV3a0CbZINuHKb8Di0HBGbKnfN
WGtm/H0Mtf4xgmLtdXF6Kq4Pf9KHUxfr2395mC/11FkZxNgt6V3oGGwlhhDtXbiR
63vp+p22GUGJvAMfXCPrx+lX6rQJabHjUym0OpRVlgxFUZH52a8Evyl+Bnbl1rML
TpxSc0vizGBLPwIq9B/uLKunGFPt2saBYfPVt5saaadpwU1gZZPf04JDO+3D6bON
n7Ec+8Uiqs6WOgZnsedcZXruaxNyNazfDf8mbluJyIZk7aNBKPoOJXpqytXM2oMd
/0GANzT8mVcY7jgYHLakXPxq23+qQ/QZ+EbJNK43DfGy
-----END CERTIFICATE-----