Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/OymKczOgLkKKFu6NtWKNz_9dIoM.roa
File:                     OymKczOgLkKKFu6NtWKNz_9dIoM.roa (raw, json)
Hash identifier:          ASFHRiHauERf02jqsjzMX6rKuwz4E27cAGjnciIeVp4=
Subject key identifier:   3B:29:8A:73:33:A0:2E:42:8A:16:EE:8D:B5:62:8D:CF:FF:5D:22:83
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018F7CA875D12C1E96CAB60532CECAB5A3F2
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/OymKczOgLkKKFu6NtWKNz_9dIoM.roa
Signing time:             Wed 15 May 2024 14:29:25 +0000
ROA not before:           Wed 15 May 2024 14:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205220
IP address blocks:        212.192.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:7c:a8:75:d1:2c:1e:96:ca:b6:05:32:ce:ca:b5:a3:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: May 15 14:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b298a7333a02e428a16ee8db5628dcfff5d2283
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:c6:fa:4b:4b:33:f5:b1:89:4e:c4:cd:ff:c2:
                    40:02:31:cc:2f:a8:8c:11:e3:08:3f:27:a2:06:07:
                    e1:42:4a:94:66:1a:35:39:1d:e4:89:66:de:b9:ab:
                    98:a9:b3:c6:5c:25:ed:a7:78:fb:00:6c:b0:bd:7b:
                    e9:eb:8a:4d:2b:24:da:9f:49:4d:ce:70:e0:41:23:
                    d9:e2:39:e9:2f:e1:3e:54:40:b1:e1:47:0b:4c:83:
                    3d:5b:6a:d3:5a:55:5b:89:b4:9c:45:92:6a:ab:68:
                    7f:72:bb:4b:a9:a6:a8:82:41:f2:41:2f:43:e4:3d:
                    6d:f2:ac:1c:a0:72:ec:d8:15:2d:87:5a:16:80:d6:
                    da:aa:d7:2e:a9:f2:e6:d5:a8:e2:d7:b2:35:70:a3:
                    57:5c:aa:78:fd:ff:0b:04:e9:0e:9e:83:64:bf:a9:
                    96:6f:ac:e5:9d:0b:94:4f:18:06:f4:f0:a6:d6:64:
                    8e:cc:e0:e0:7c:b2:11:eb:45:44:1f:03:13:21:d6:
                    75:f7:cb:71:e1:ae:2f:37:25:c1:5c:82:f3:6e:4a:
                    0d:08:c2:7b:49:44:af:64:82:c4:35:1f:66:77:f7:
                    bd:4d:9c:2b:a4:e8:59:e0:5b:0f:4f:e3:75:c9:cc:
                    83:11:56:ad:7e:95:76:77:e7:00:e1:f8:c7:5f:8d:
                    30:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:29:8A:73:33:A0:2E:42:8A:16:EE:8D:B5:62:8D:CF:FF:5D:22:83
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/OymKczOgLkKKFu6NtWKNz_9dIoM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.192.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:de:ab:95:ee:09:eb:48:2b:0a:b2:09:c2:61:02:65:13:34:
         60:79:92:14:f6:b1:48:ef:8e:71:29:3d:2e:61:b1:90:05:30:
         ce:c8:6c:c3:74:b7:81:b5:12:b9:b3:2d:26:e4:07:0b:2c:aa:
         b8:bb:70:0a:23:d4:45:31:7a:29:c3:a4:21:0e:75:f3:aa:1e:
         4d:ea:1e:f6:6d:72:ca:af:73:1a:50:c7:21:8e:3d:0b:eb:e8:
         df:45:cf:85:e9:d8:76:4d:f9:67:c9:da:d7:cd:38:19:97:db:
         79:ce:70:52:8f:e0:93:4e:5c:14:35:bd:4a:d3:ae:33:d3:b8:
         fc:de:48:3d:2a:08:60:02:5f:24:9d:1d:00:fc:60:61:c8:fe:
         90:aa:fb:53:5a:98:99:98:34:e3:d7:7d:e4:29:8b:cf:ab:83:
         22:c7:64:6b:88:ef:e9:f8:ec:96:81:77:5f:a4:62:5b:75:ce:
         33:49:01:2f:bf:d9:78:ae:30:e7:d6:f8:9c:30:96:97:da:8b:
         51:2d:c7:7a:94:87:8c:3e:10:cb:09:7e:cb:23:88:96:2b:cd:
         60:96:05:43:ff:b1:ce:10:3b:24:c8:e3:45:04:34:cc:5b:59:
         53:e2:5d:78:9c:38:d2:67:e1:3c:fb:cb:ab:c4:61:a6:f6:e2:
         c0:23:1c:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY98qHXRLB6WyrYFMs7KtaPyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwNTE1MTQyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjI5OGE3MzMzYTAyZTQyOGExNmVlOGRiNTYyOGRjZmZmNWQyMjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6sb6S0sz9bGJTsTN/8JAAjHML6iM
EeMIPyeiBgfhQkqUZho1OR3kiWbeuauYqbPGXCXtp3j7AGywvXvp64pNKyTan0lN
znDgQSPZ4jnpL+E+VECx4UcLTIM9W2rTWlVbibScRZJqq2h/crtLqaaogkHyQS9D
5D1t8qwcoHLs2BUth1oWgNbaqtcuqfLm1aji17I1cKNXXKp4/f8LBOkOnoNkv6mW
b6zlnQuUTxgG9PCm1mSOzODgfLIR60VEHwMTIdZ198tx4a4vNyXBXILzbkoNCMJ7
SUSvZILENR9md/e9TZwrpOhZ4FsPT+N1ycyDEVatfpV2d+cA4fjHX40wXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDspinMzoC5CihbujbVijc//XSKDMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvT3ltS2N6T2dMa0tLRnU2TnRXS056XzlkSW9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1MDUMA0G
CSqGSIb3DQEBCwUAA4IBAQAq3quV7gnrSCsKsgnCYQJlEzRgeZIU9rFI745xKT0u
YbGQBTDOyGzDdLeBtRK5sy0m5AcLLKq4u3AKI9RFMXopw6QhDnXzqh5N6h72bXLK
r3MaUMchjj0L6+jfRc+F6dh2TflnydrXzTgZl9t5znBSj+CTTlwUNb1K064z07j8
3kg9KghgAl8knR0A/GBhyP6QqvtTWpiZmDTj133kKYvPq4Mix2RriO/p+OyWgXdf
pGJbdc4zSQEvv9l4rjDn1vicMJaX2otRLcd6lIeMPhDLCX7LI4iWK81glgVD/7HO
EDskyONFBDTMW1lT4l14nDjSZ+E8+8urxGGm9uLAIxyX
-----END CERTIFICATE-----