Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/R2q9WUczjLbeFfmxuV68jcxtKyw.roa
File:                     R2q9WUczjLbeFfmxuV68jcxtKyw.roa (raw, json)
Hash identifier:          Gt1M5u4BYKJIjadCv5bBJNm5ud+l8Ty7WcI24n/cDmw=
Subject key identifier:   47:6A:BD:59:47:33:8C:B6:DE:15:F9:B1:B9:5E:BC:8D:CC:6D:2B:2C
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019428250E016C88FAE2DEFC8D2618F83326
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/R2q9WUczjLbeFfmxuV68jcxtKyw.roa
Signing time:             Thu 02 Jan 2025 17:51:44 +0000
ROA not before:           Thu 02 Jan 2025 17:51:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212667
IP address blocks:        195.133.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 14:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:0e:01:6c:88:fa:e2:de:fc:8d:26:18:f8:33:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 17:51:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=476abd5947338cb6de15f9b1b95ebc8dcc6d2b2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:16:be:8e:d8:6f:f1:3e:74:3d:cf:a7:5e:05:
                    1c:7e:5b:37:43:56:0a:6a:e8:86:a7:f9:a9:8f:0b:
                    da:48:d0:04:19:27:4c:37:b1:51:b0:9f:50:98:8e:
                    ed:4d:70:67:bb:c2:03:ae:2a:95:6f:ff:61:f0:0e:
                    e4:81:cf:2b:d9:15:45:4e:d0:b6:e2:34:89:bf:a5:
                    cd:67:c2:ee:48:06:4c:ac:5b:92:03:85:6c:14:1c:
                    79:0b:ed:02:ef:2f:43:e6:b2:e3:3c:b7:b4:95:33:
                    48:39:5b:3b:43:b3:6a:a5:8f:b1:44:26:5b:8f:6b:
                    d1:83:67:df:f6:02:48:4b:8a:8e:8d:4a:b2:0f:01:
                    68:d0:35:c4:a5:fe:f5:e1:f8:4e:df:af:97:f8:36:
                    81:28:07:b2:60:32:fc:51:a9:98:97:f5:21:8e:e6:
                    4b:af:82:6d:e9:29:08:5b:06:a2:b0:68:65:8d:ec:
                    18:4d:ad:c8:f4:c6:ca:33:c7:f2:7e:9d:0c:7a:55:
                    ba:36:c7:ca:5c:32:bf:bf:1f:e7:b3:c8:22:60:e9:
                    f9:fe:52:c4:61:57:a7:01:18:c2:43:9b:23:e0:8d:
                    ea:66:9c:ef:2a:5c:ee:93:f5:0f:d1:11:99:ed:c2:
                    ad:64:7e:a6:53:f0:c9:36:4e:98:02:92:90:89:d1:
                    37:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:6A:BD:59:47:33:8C:B6:DE:15:F9:B1:B9:5E:BC:8D:CC:6D:2B:2C
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/R2q9WUczjLbeFfmxuV68jcxtKyw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.133.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:9f:3b:e3:ff:be:1b:52:03:ae:cb:34:ac:9e:00:e9:3d:00:
         bd:b8:21:a4:b3:c9:f6:0d:22:bc:c8:77:63:18:f8:57:ca:ae:
         70:f3:04:1a:69:c1:10:02:ec:c8:81:ec:b0:59:35:b4:c4:72:
         95:ea:2d:ca:04:46:98:23:aa:6b:a9:ab:7b:69:be:83:5c:d5:
         5c:9b:dc:05:33:92:41:88:cd:2e:b3:d4:21:5f:94:2c:eb:3a:
         a6:4c:89:b9:3c:10:65:5a:43:5e:f7:b0:bf:94:2b:c6:32:d9:
         6a:a9:89:83:1a:29:f1:e5:ae:00:b8:e4:56:89:94:f1:c3:33:
         48:57:ae:65:f9:f2:7c:32:eb:31:8c:d3:5a:ff:1d:c0:25:c7:
         8d:5a:c3:f9:60:8f:55:e1:33:88:63:9b:cd:de:1f:88:ab:6b:
         e7:75:61:d8:42:d6:0f:34:4d:36:5c:5f:f8:68:e7:20:79:e6:
         83:16:72:78:d4:ad:9b:e4:cb:ab:31:31:4a:d0:70:5e:3f:27:
         d7:f9:64:2d:62:e6:6e:98:46:9a:a1:83:b5:8e:eb:04:04:f4:
         72:cd:1a:38:85:d1:97:16:98:a2:c3:a4:10:2d:cd:b4:3f:f4:
         2d:da:6c:d5:3e:9e:53:95:d5:4d:a4:8f:22:03:73:cf:d1:87:
         3e:b9:ac:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJQ4BbIj64t78jSYY+DMmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzZhYmQ1OTQ3MzM4Y2I2ZGUxNWY5YjFiOTVlYmM4ZGNjNmQyYjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsBa+jthv8T50Pc+nXgUcfls3Q1YK
auiGp/mpjwvaSNAEGSdMN7FRsJ9QmI7tTXBnu8IDriqVb/9h8A7kgc8r2RVFTtC2
4jSJv6XNZ8LuSAZMrFuSA4VsFBx5C+0C7y9D5rLjPLe0lTNIOVs7Q7NqpY+xRCZb
j2vRg2ff9gJIS4qOjUqyDwFo0DXEpf714fhO36+X+DaBKAeyYDL8UamYl/UhjuZL
r4Jt6SkIWwaisGhljewYTa3I9MbKM8fyfp0MelW6NsfKXDK/vx/ns8giYOn5/lLE
YVenARjCQ5sj4I3qZpzvKlzuk/UP0RGZ7cKtZH6mU/DJNk6YApKQidE3GQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEdqvVlHM4y23hX5sblevI3MbSssMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvUjJxOVdVY3pqTGJlRmZteHVWNjhqY3h0S3l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4VWMA0G
CSqGSIb3DQEBCwUAA4IBAQBenzvj/74bUgOuyzSsngDpPQC9uCGks8n2DSK8yHdj
GPhXyq5w8wQaacEQAuzIgeywWTW0xHKV6i3KBEaYI6prqat7ab6DXNVcm9wFM5JB
iM0us9QhX5Qs6zqmTIm5PBBlWkNe97C/lCvGMtlqqYmDGinx5a4AuORWiZTxwzNI
V65l+fJ8MusxjNNa/x3AJceNWsP5YI9V4TOIY5vN3h+Iq2vndWHYQtYPNE02XF/4
aOcgeeaDFnJ41K2b5MurMTFK0HBePyfX+WQtYuZumEaaoYO1jusEBPRyzRo4hdGX
Fpiiw6QQLc20P/Qt2mzVPp5TldVNpI8iA3PP0Yc+uazW
-----END CERTIFICATE-----