Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/JeEuWzjT2-fGhdO_Flgp6fzhKjw.roa
File:                     JeEuWzjT2-fGhdO_Flgp6fzhKjw.roa (raw, json)
Hash identifier:          YusWU4Omo3hAMaIxoiVXijWQAEwa25Z8o35sRN63+DE=
Subject key identifier:   25:E1:2E:5B:38:D3:DB:E7:C6:85:D3:BF:16:58:29:E9:FC:E1:2A:3C
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018D687C5A72F25B79ABC3C2EE1C09065D0F
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/JeEuWzjT2-fGhdO_Flgp6fzhKjw.roa
Signing time:             Fri 02 Feb 2024 06:23:16 +0000
ROA not before:           Fri 02 Feb 2024 06:23:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49981
IP address blocks:        195.133.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 02:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:68:7c:5a:72:f2:5b:79:ab:c3:c2:ee:1c:09:06:5d:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Feb  2 06:23:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25e12e5b38d3dbe7c685d3bf165829e9fce12a3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:bf:e6:3c:83:43:82:fd:72:e5:8b:6c:7a:6f:
                    50:00:aa:c6:51:d0:8b:b4:81:62:0e:7d:e7:04:ff:
                    23:e3:44:fd:83:93:a8:57:3e:ee:ad:e7:1d:90:c8:
                    4a:74:0b:11:21:c1:7a:de:8f:4f:67:9e:fa:51:1a:
                    af:00:9f:d5:07:12:d7:db:33:a5:b6:a0:57:da:aa:
                    42:26:1f:35:42:38:c2:19:ce:d4:a8:11:ed:f6:36:
                    9e:b7:53:83:f5:30:62:3e:d5:c5:f5:22:ae:3b:6e:
                    da:56:07:f5:d1:aa:5e:a8:4d:49:f3:fc:dc:30:1f:
                    4c:06:5a:be:e5:86:cf:51:30:5c:57:00:a6:a9:3e:
                    53:f8:65:7d:0c:ce:f3:29:6f:f5:4b:e1:85:ed:ec:
                    ce:a0:07:e2:8f:7d:2b:94:8a:7f:4f:d9:f7:d1:77:
                    94:5c:ed:46:7d:2d:2b:c7:8a:27:45:fb:f4:b5:67:
                    4d:d9:08:bc:24:94:99:e6:71:44:00:70:50:1f:62:
                    7a:3c:06:45:ce:40:df:33:56:0a:5f:c7:cc:1d:66:
                    d2:45:0a:ef:cb:e4:58:6a:0f:d4:6c:fe:0e:3f:fb:
                    07:eb:c2:2a:9f:f4:5b:2b:02:d6:15:02:39:26:91:
                    7c:55:e3:b8:d4:f8:18:69:8d:44:9c:83:d4:e6:de:
                    a3:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:E1:2E:5B:38:D3:DB:E7:C6:85:D3:BF:16:58:29:E9:FC:E1:2A:3C
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/JeEuWzjT2-fGhdO_Flgp6fzhKjw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.133.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:56:6f:ab:69:12:e7:91:94:27:29:77:c5:74:39:df:c7:63:
         d1:e3:7a:58:db:8c:75:8f:01:38:51:fc:a4:f7:35:56:8f:a8:
         a0:05:d1:ba:6d:60:57:fd:85:e7:21:7f:e1:7a:29:7a:98:19:
         5a:a1:ac:d9:90:df:6c:3c:fb:3b:5a:ae:88:13:94:c6:7a:52:
         b9:19:17:f1:76:22:b6:e2:25:57:75:2e:e3:a3:c8:0f:b8:14:
         b5:df:aa:28:fc:79:40:28:c8:f3:69:31:1a:69:e7:cb:82:96:
         f6:68:ea:ce:05:13:0c:4c:7a:ae:35:1a:0e:d8:55:dd:16:f0:
         c8:09:a6:9d:ae:68:ee:11:2a:a9:36:d4:76:bc:b6:cc:d5:1a:
         b3:5e:8e:47:06:12:6c:45:a8:90:cf:6e:78:9c:c8:32:ea:bd:
         d3:db:0f:07:33:cc:d3:8c:30:c9:76:1b:07:cf:99:f5:b5:23:
         22:76:4d:41:73:5f:79:82:3b:30:28:5f:ad:9f:38:ca:8c:2c:
         9d:df:ec:40:3b:c4:02:0f:34:96:4c:f3:fb:96:d4:5c:ff:b6:
         69:cc:c7:64:10:eb:cb:bf:4e:7a:6a:c0:2c:5c:55:de:83:97:
         d1:10:69:1e:27:b1:9c:38:f8:de:9b:c2:23:cf:6d:90:81:90:
         85:4e:05:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1ofFpy8lt5q8PC7hwJBl0PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMjAyMDYyMzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWUxMmU1YjM4ZDNkYmU3YzY4NWQzYmYxNjU4MjllOWZjZTEyYTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApr/mPINDgv1y5Ytsem9QAKrGUdCL
tIFiDn3nBP8j40T9g5OoVz7urecdkMhKdAsRIcF63o9PZ576URqvAJ/VBxLX2zOl
tqBX2qpCJh81QjjCGc7UqBHt9jaet1OD9TBiPtXF9SKuO27aVgf10apeqE1J8/zc
MB9MBlq+5YbPUTBcVwCmqT5T+GV9DM7zKW/1S+GF7ezOoAfij30rlIp/T9n30XeU
XO1GfS0rx4onRfv0tWdN2Qi8JJSZ5nFEAHBQH2J6PAZFzkDfM1YKX8fMHWbSRQrv
y+RYag/UbP4OP/sH68Iqn/RbKwLWFQI5JpF8VeO41PgYaY1EnIPU5t6jCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCXhLls409vnxoXTvxZYKen84So8MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvSmVFdVd6alQyLWZHaGRPX0ZsZ3A2ZnpoS2p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4UkMA0G
CSqGSIb3DQEBCwUAA4IBAQBAVm+raRLnkZQnKXfFdDnfx2PR43pY24x1jwE4Ufyk
9zVWj6igBdG6bWBX/YXnIX/heil6mBlaoazZkN9sPPs7Wq6IE5TGelK5GRfxdiK2
4iVXdS7jo8gPuBS136oo/HlAKMjzaTEaaefLgpb2aOrOBRMMTHquNRoO2FXdFvDI
CaadrmjuESqpNtR2vLbM1RqzXo5HBhJsRaiQz254nMgy6r3T2w8HM8zTjDDJdhsH
z5n1tSMidk1Bc195gjswKF+tnzjKjCyd3+xAO8QCDzSWTPP7ltRc/7ZpzMdkEOvL
v056asAsXFXeg5fREGkeJ7GcOPjem8Ijz22QgZCFTgX9
-----END CERTIFICATE-----