Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/MbKIrDz_pJepdffMYXxNJYNFRDI.roa
File:                     MbKIrDz_pJepdffMYXxNJYNFRDI.roa (raw, json)
Hash identifier:          q6o/mo93G1mZ4uiuLWzqoDuVFQdmrqwahLEFO0a3sNg=
Subject key identifier:   31:B2:88:AC:3C:FF:A4:97:A9:75:F7:CC:61:7C:4D:25:83:45:44:32
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01932E0DB37BD1BD52BB21A521FAFC72424D
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/MbKIrDz_pJepdffMYXxNJYNFRDI.roa
Signing time:             Fri 15 Nov 2024 04:21:10 +0000
ROA not before:           Fri 15 Nov 2024 04:21:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202656
IP address blocks:        193.124.7.0/24 maxlen: 24
                          194.87.52.0/24 maxlen: 24
                          212.193.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:2e:0d:b3:7b:d1:bd:52:bb:21:a5:21:fa:fc:72:42:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Nov 15 04:21:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=31b288ac3cffa497a975f7cc617c4d2583454432
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:8a:1e:cd:a0:c1:37:e2:2f:34:0d:f3:0c:b1:
                    95:80:4a:73:35:3c:69:0c:ef:3d:4e:68:53:93:53:
                    d1:fd:e6:86:45:3c:db:fc:e0:12:cd:ee:4f:1a:52:
                    2b:01:cf:23:35:b0:7a:8e:93:07:ad:fa:01:91:bf:
                    a8:a9:f1:97:2c:a1:aa:04:9e:1e:7b:22:6b:eb:9a:
                    96:44:ba:da:b8:1e:1f:28:f1:71:ae:45:25:57:e6:
                    23:73:2f:01:08:5f:6d:c7:54:2c:39:7b:5c:93:26:
                    eb:e9:69:df:8d:79:42:87:dd:98:f0:8b:91:dd:c2:
                    c8:7b:73:41:a7:08:db:41:b2:5c:b8:cf:83:c3:34:
                    5c:6a:b7:fd:80:19:84:e3:dd:86:78:b0:c8:ab:90:
                    22:f0:cb:71:c5:74:0f:c2:6c:5a:f0:c4:f1:be:9c:
                    09:25:bf:b3:2f:6f:ac:0f:a5:ff:b8:f1:35:e6:9e:
                    ae:2d:40:6a:30:26:09:fa:5e:96:40:9f:96:e7:62:
                    12:61:75:7f:1a:8d:cc:c8:c4:f0:0a:53:ac:af:05:
                    f4:ef:dd:47:85:44:97:17:ab:fb:3b:ab:a0:2e:27:
                    36:67:d2:8e:49:71:c5:15:11:46:2a:fe:98:f5:aa:
                    29:8c:1d:a6:e1:a3:61:5d:fe:55:11:8f:97:f0:3e:
                    84:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:B2:88:AC:3C:FF:A4:97:A9:75:F7:CC:61:7C:4D:25:83:45:44:32
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/MbKIrDz_pJepdffMYXxNJYNFRDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.7.0/24
                  194.87.52.0/24
                  212.193.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:94:dc:2a:d8:d8:15:94:0e:e4:8d:35:f7:87:5e:92:52:08:
         0b:c0:8b:14:36:5b:4f:43:44:2e:7a:a8:2a:eb:e4:6f:b3:e2:
         23:cf:0f:ac:22:56:8a:74:50:01:5d:4f:58:10:c8:0b:a7:96:
         10:56:29:1b:5e:97:ed:c3:33:df:e5:81:4c:92:d1:70:f5:bd:
         63:07:c4:b2:e6:df:c0:89:a6:f5:2f:9b:ff:16:a1:6b:1c:89:
         2d:3d:f0:a0:4f:04:0f:d4:8b:0d:e4:c9:07:23:ed:1c:12:a6:
         2c:61:3c:df:49:31:b6:10:55:a4:d4:bc:9b:0b:2a:54:eb:09:
         14:c1:3a:9a:d1:25:aa:c3:27:64:92:63:f4:36:8f:36:2c:cd:
         f2:56:8f:f2:45:f9:50:6c:9d:fa:1d:b0:36:a4:5c:55:bb:35:
         9f:96:dc:d1:95:80:b2:f0:e3:60:1b:54:19:7e:e8:08:f3:c6:
         e8:cf:d6:35:c4:54:11:dd:58:d1:38:71:bd:db:39:f6:55:f6:
         40:f1:ee:4c:56:11:6f:34:05:a0:a6:3b:c0:2e:38:d1:7a:34:
         57:15:af:0a:c8:6e:91:1f:60:47:0f:38:55:c8:c7:d3:df:e5:
         ba:46:30:39:7d:0a:c8:a7:a4:39:d0:d0:18:7f:68:a8:2d:0c:
         c3:0d:28:bc
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZMuDbN70b1SuyGlIfr8ckJNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMTE1MDQyMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWIyODhhYzNjZmZhNDk3YTk3NWY3Y2M2MTdjNGQyNTgzNDU0NDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwIoezaDBN+IvNA3zDLGVgEpzNTxp
DO89TmhTk1PR/eaGRTzb/OASze5PGlIrAc8jNbB6jpMHrfoBkb+oqfGXLKGqBJ4e
eyJr65qWRLrauB4fKPFxrkUlV+Yjcy8BCF9tx1QsOXtckybr6WnfjXlCh92Y8IuR
3cLIe3NBpwjbQbJcuM+DwzRcarf9gBmE492GeLDIq5Ai8MtxxXQPwmxa8MTxvpwJ
Jb+zL2+sD6X/uPE15p6uLUBqMCYJ+l6WQJ+W52ISYXV/Go3MyMTwClOsrwX0791H
hUSXF6v7O6ugLic2Z9KOSXHFFRFGKv6Y9aopjB2m4aNhXf5VEY+X8D6EYQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDGyiKw8/6SXqXX3zGF8TSWDRUQyMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvTWJLSXJEel9wSmVwZGZmTVlYeE5KWU5GUkRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwXwHAwQA
wlc0AwQA1MELMA0GCSqGSIb3DQEBCwUAA4IBAQAdlNwq2NgVlA7kjTX3h16SUggL
wIsUNltPQ0Queqgq6+Rvs+Ijzw+sIlaKdFABXU9YEMgLp5YQVikbXpftwzPf5YFM
ktFw9b1jB8Sy5t/Aiab1L5v/FqFrHIktPfCgTwQP1IsN5MkHI+0cEqYsYTzfSTG2
EFWk1LybCypU6wkUwTqa0SWqwydkkmP0No82LM3yVo/yRflQbJ36HbA2pFxVuzWf
ltzRlYCy8ONgG1QZfugI88boz9Y1xFQR3VjROHG92zn2VfZA8e5MVhFvNAWgpjvA
LjjRejRXFa8KyG6RH2BHDzhVyMfT3+W6RjA5fQrIp6Q50NAYf2ioLQzDDSi8
-----END CERTIFICATE-----