Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/P455vlH-1EHHFP9vyAlW6puC1J0.roa
File:                     P455vlH-1EHHFP9vyAlW6puC1J0.roa (raw, json)
Hash identifier:          b7Z72owur0mv9vyH4qLCYZiHLlEhN6nyunE+Mrm8hrM=
Subject key identifier:   3F:8E:79:BE:51:FE:D4:41:C7:14:FF:6F:C8:09:56:EA:9B:82:D4:9D
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018CCA2A7DC4E879ACE90EBEA06EA7A11485
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/P455vlH-1EHHFP9vyAlW6puC1J0.roa
Signing time:             Tue 02 Jan 2024 12:33:51 +0000
ROA not before:           Tue 02 Jan 2024 12:33:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     146943
IP address blocks:        194.87.204.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:52:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:7d:c4:e8:79:ac:e9:0e:be:a0:6e:a7:a1:14:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 12:33:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f8e79be51fed441c714ff6fc80956ea9b82d49d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f2:ff:9d:71:23:de:fc:07:00:ec:78:e7:27:
                    09:38:4a:d0:10:26:38:9b:f3:a6:c2:67:a4:39:e7:
                    0c:67:99:cd:1f:53:cf:f9:29:b2:40:28:b5:1b:b8:
                    42:a1:b7:ea:af:d3:2b:81:14:9a:8a:10:9c:a1:8b:
                    7d:d2:ab:d2:73:c5:5e:ad:6a:b9:f4:aa:c1:f9:d2:
                    f2:c9:93:f3:a1:17:2b:85:bc:63:76:72:80:48:9e:
                    88:bf:be:1f:17:41:44:64:81:1f:1a:18:2c:63:62:
                    af:a8:07:3b:53:ac:4b:dc:63:52:c5:9e:12:87:d2:
                    22:48:07:fd:46:37:8b:94:7b:1b:3b:37:33:8a:02:
                    d1:7a:dd:d2:43:b6:da:2b:72:43:98:f2:66:14:c5:
                    dc:7f:b5:75:34:24:e8:db:92:c8:52:2b:2f:50:36:
                    9e:2c:e5:f7:fd:48:40:39:d6:07:18:8a:db:c6:8e:
                    1b:fa:cb:b1:9c:6e:9d:32:d5:22:9a:09:bf:82:b5:
                    c3:c7:98:60:07:86:79:c1:9e:4c:c9:e0:d8:e6:a4:
                    35:77:07:06:a3:f6:ac:86:26:6c:f5:ae:5b:aa:f5:
                    cf:b6:36:22:67:ae:6b:9d:f9:35:2c:64:f9:c6:fd:
                    a9:75:bf:6c:a1:a1:ce:3f:b3:6c:ae:eb:e2:21:05:
                    3f:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:8E:79:BE:51:FE:D4:41:C7:14:FF:6F:C8:09:56:EA:9B:82:D4:9D
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/P455vlH-1EHHFP9vyAlW6puC1J0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:51:15:23:95:77:4f:43:7e:6a:ff:d1:40:67:a6:4c:41:54:
         3f:6c:ca:49:c0:3b:19:65:b1:9f:55:fe:0e:a6:73:70:18:86:
         8e:6c:4b:7b:d6:f3:fe:f8:be:74:7b:f0:62:18:86:5a:a0:d8:
         bd:7b:5d:c8:a8:d3:f0:30:89:b8:d2:72:ec:f9:ed:16:1d:4a:
         69:b3:80:8b:d1:f3:8d:77:3f:7b:42:a0:7e:f9:f3:e3:64:c1:
         37:ce:18:67:b1:f1:36:ba:c0:a1:1c:05:0a:b7:98:f2:f5:ee:
         70:fb:c5:39:f6:7a:cf:71:f1:9c:8b:8b:57:60:34:64:8c:08:
         21:9f:5b:27:0e:f6:c1:4e:e3:2b:00:c8:ca:64:3d:9d:d4:55:
         c0:a3:d6:55:a4:11:14:f5:0c:45:82:4c:10:eb:73:a1:d4:6c:
         5a:2f:8e:95:1c:bd:0c:53:be:e9:a2:8c:b1:a3:20:32:68:fe:
         dc:90:23:5e:eb:ed:c0:50:86:ab:74:89:ed:b5:a3:c6:06:32:
         88:ad:e9:14:b7:27:61:f8:d6:8d:60:79:53:cf:29:73:37:45:
         70:e7:bf:eb:3a:07:30:c0:2f:38:69:02:4f:f9:3b:55:0f:bb:
         6a:93:85:38:8a:f5:46:90:17:ee:71:8e:ff:65:f2:3c:aa:d2:
         51:98:de:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKn3E6Hms6Q6+oG6noRSFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMTAyMTIzMzUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjhlNzliZTUxZmVkNDQxYzcxNGZmNmZjODA5NTZlYTliODJkNDlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPL/nXEj3vwHAOx45ycJOErQECY4
m/OmwmekOecMZ5nNH1PP+SmyQCi1G7hCobfqr9MrgRSaihCcoYt90qvSc8VerWq5
9KrB+dLyyZPzoRcrhbxjdnKASJ6Iv74fF0FEZIEfGhgsY2KvqAc7U6xL3GNSxZ4S
h9IiSAf9RjeLlHsbOzczigLRet3SQ7baK3JDmPJmFMXcf7V1NCTo25LIUisvUDae
LOX3/UhAOdYHGIrbxo4b+suxnG6dMtUimgm/grXDx5hgB4Z5wZ5MyeDY5qQ1dwcG
o/ashiZs9a5bqvXPtjYiZ65rnfk1LGT5xv2pdb9soaHOP7NsruviIQU/tQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD+Oeb5R/tRBxxT/b8gJVuqbgtSdMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvUDQ1NXZsSC0xRUhIRlA5dnlBbFc2cHVDMUowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlfMMA0G
CSqGSIb3DQEBCwUAA4IBAQCDURUjlXdPQ35q/9FAZ6ZMQVQ/bMpJwDsZZbGfVf4O
pnNwGIaObEt71vP++L50e/BiGIZaoNi9e13IqNPwMIm40nLs+e0WHUpps4CL0fON
dz97QqB++fPjZME3zhhnsfE2usChHAUKt5jy9e5w+8U59nrPcfGci4tXYDRkjAgh
n1snDvbBTuMrAMjKZD2d1FXAo9ZVpBEU9QxFgkwQ63Oh1GxaL46VHL0MU77pooyx
oyAyaP7ckCNe6+3AUIardInttaPGBjKIrekUtydh+NaNYHlTzylzN0Vw57/rOgcw
wC84aQJP+TtVD7tqk4U4ivVGkBfucY7/ZfI8qtJRmN5K
-----END CERTIFICATE-----