Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/J2ZYcoobnQ3LhvWjtKFgcZei8hw.roa
File:                     J2ZYcoobnQ3LhvWjtKFgcZei8hw.roa (raw, json)
Hash identifier:          TRHh4ZimIOSSVAmub0EyNig+INGNwaj8HMqJVSmuztM=
Subject key identifier:   27:66:58:72:8A:1B:9D:0D:CB:86:F5:A3:B4:A1:60:71:97:A2:F2:1C
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018CCA2A85C771B8F1DC4EEBBEFB9CF67756
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/J2ZYcoobnQ3LhvWjtKFgcZei8hw.roa
Signing time:             Tue 02 Jan 2024 12:33:53 +0000
ROA not before:           Tue 02 Jan 2024 12:33:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204721
IP address blocks:        212.192.220.0/24 maxlen: 24
                          194.87.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:85:c7:71:b8:f1:dc:4e:eb:be:fb:9c:f6:77:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 12:33:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=276658728a1b9d0dcb86f5a3b4a1607197a2f21c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:98:50:fd:16:f2:92:48:7e:cd:12:fc:ce:07:
                    94:4b:4f:01:a0:fc:f5:12:1b:92:4f:24:9c:7d:20:
                    0f:90:d9:82:49:5b:24:e6:8f:aa:1f:3b:a4:e0:1c:
                    33:5e:1b:47:e8:d6:b2:52:de:41:86:09:e4:f0:9c:
                    12:ba:2a:03:96:22:3a:ce:7f:93:cb:cb:ff:59:9b:
                    b0:c5:a0:30:58:1f:1a:71:be:26:ec:23:d9:90:d1:
                    2b:79:4b:b0:90:76:4b:da:74:c6:46:0c:26:1a:4f:
                    b7:93:a8:76:e3:6e:5b:ee:00:1d:41:b7:c4:4e:53:
                    4e:20:a5:f1:c8:21:8c:61:7d:63:ca:09:4d:69:2a:
                    e5:38:6d:ca:a2:4d:fc:ee:c2:07:bc:ea:77:a0:ef:
                    8e:a0:fb:4f:b2:84:ee:06:4e:41:40:a5:a6:63:54:
                    4b:e0:96:13:89:96:bb:ad:e4:cd:c8:c7:8e:5a:ac:
                    48:49:92:01:4c:04:36:22:44:3c:41:01:54:3d:ea:
                    ab:6a:67:49:73:e9:94:c2:0c:c5:9e:4b:44:5d:8b:
                    4c:bf:f6:51:2d:86:e8:0d:2e:0f:a3:9d:b9:73:83:
                    5f:50:b4:ae:50:a1:47:1e:4b:60:27:08:d2:2d:19:
                    00:35:24:d9:15:93:41:3b:03:1e:ac:89:1b:ef:52:
                    97:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:66:58:72:8A:1B:9D:0D:CB:86:F5:A3:B4:A1:60:71:97:A2:F2:1C
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/J2ZYcoobnQ3LhvWjtKFgcZei8hw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.75.0/24
                  212.192.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:1b:d8:49:84:fd:1f:cb:94:77:e6:6c:da:ab:0d:f8:24:2b:
         3f:68:a6:7b:76:38:06:e2:73:74:0e:f7:95:92:98:ca:4b:25:
         20:b2:e9:55:40:98:0d:39:12:40:d1:3a:c9:91:0c:f9:a7:8a:
         28:8e:91:a3:e6:00:96:36:8b:62:c4:25:eb:75:26:e3:7f:bc:
         3e:1b:a4:62:16:35:f7:fd:a0:36:60:5c:b1:99:ec:38:82:21:
         0b:16:20:1a:e3:e7:12:b9:b9:77:e3:8b:ec:b3:0f:7e:48:d7:
         f1:41:a4:8a:c7:c7:b8:8b:85:d1:f0:9b:74:a1:c7:1c:2f:ad:
         e0:57:96:38:50:1f:07:f2:f2:1a:01:a0:cb:ae:5d:fa:d9:b3:
         3f:fa:ab:f9:32:f4:5f:b4:ea:20:21:8f:cc:36:34:8b:6f:e0:
         85:a2:35:7d:5b:07:64:70:55:44:a7:a6:09:04:1c:15:32:2e:
         fc:63:3c:33:c2:71:b2:71:91:a6:15:d3:d9:a2:17:9c:2d:72:
         cd:75:ad:1b:ab:d0:f8:0b:e4:25:01:d5:a8:52:51:e3:ca:52:
         1e:4c:5e:32:24:68:10:ba:5c:2b:b4:bd:2f:80:a0:00:1e:b9:
         1e:c7:a6:07:79:4d:8b:09:fc:2f:bf:e1:47:16:84:9b:dd:06:
         8a:0a:e2:ee
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKoXHcbjx3E7rvvuc9ndWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMTAyMTIzMzUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzY2NTg3MjhhMWI5ZDBkY2I4NmY1YTNiNGExNjA3MTk3YTJmMjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvphQ/Rbykkh+zRL8zgeUS08BoPz1
EhuSTyScfSAPkNmCSVsk5o+qHzuk4BwzXhtH6NayUt5Bhgnk8JwSuioDliI6zn+T
y8v/WZuwxaAwWB8acb4m7CPZkNEreUuwkHZL2nTGRgwmGk+3k6h2425b7gAdQbfE
TlNOIKXxyCGMYX1jyglNaSrlOG3Kok387sIHvOp3oO+OoPtPsoTuBk5BQKWmY1RL
4JYTiZa7reTNyMeOWqxISZIBTAQ2IkQ8QQFUPeqramdJc+mUwgzFnktEXYtMv/ZR
LYboDS4Po525c4NfULSuUKFHHktgJwjSLRkANSTZFZNBOwMerIkb71KXbwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCdmWHKKG50Ny4b1o7ShYHGXovIcMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvSjJaWWNvb2JuUTNMaHZXanRLRmdjWmVpOGh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwldLAwQA
1MDcMA0GCSqGSIb3DQEBCwUAA4IBAQB+G9hJhP0fy5R35mzaqw34JCs/aKZ7djgG
4nN0DveVkpjKSyUgsulVQJgNORJA0TrJkQz5p4oojpGj5gCWNotixCXrdSbjf7w+
G6RiFjX3/aA2YFyxmew4giELFiAa4+cSubl344vssw9+SNfxQaSKx8e4i4XR8Jt0
occcL63gV5Y4UB8H8vIaAaDLrl362bM/+qv5MvRftOogIY/MNjSLb+CFojV9Wwdk
cFVEp6YJBBwVMi78YzwzwnGycZGmFdPZohecLXLNda0bq9D4C+QlAdWoUlHjylIe
TF4yJGgQulwrtL0vgKAAHrkex6YHeU2LCfwvv+FHFoSb3QaKCuLu
-----END CERTIFICATE-----