Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/XD4IlHRo_bUbeS_FppxviGc6s0c.roa
File:                     XD4IlHRo_bUbeS_FppxviGc6s0c.roa (raw, json)
Hash identifier:          w1aQaSLcLYdcKr+KsgC5tWR1Jes4PE5uqDwHtcFVlsk=
Subject key identifier:   5C:3E:08:94:74:68:FD:B5:1B:79:2F:C5:A6:9C:6F:88:67:3A:B3:47
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018CCA2A8E0B6A7C86CEE82D3507DFCE2C39
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/XD4IlHRo_bUbeS_FppxviGc6s0c.roa
Signing time:             Tue 02 Jan 2024 12:33:55 +0000
ROA not before:           Tue 02 Jan 2024 12:33:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210993
IP address blocks:        194.87.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:8e:0b:6a:7c:86:ce:e8:2d:35:07:df:ce:2c:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 12:33:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c3e08947468fdb51b792fc5a69c6f88673ab347
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:a1:7f:db:a9:cf:86:d7:7d:fa:64:fb:1a:05:
                    d2:91:01:5b:cc:52:cb:e0:5f:a2:b3:26:3e:88:41:
                    f9:dd:05:cd:31:54:ce:3e:3b:07:28:df:4d:a0:46:
                    1e:66:bb:7d:77:85:99:63:46:fa:87:49:ce:0a:50:
                    7e:06:60:2f:62:e9:18:c6:8d:82:09:a4:05:83:a4:
                    66:60:60:17:bc:e3:85:77:21:44:58:84:20:85:96:
                    03:80:90:2f:24:60:5f:70:15:c2:3d:1c:dc:ab:cc:
                    ca:f1:7e:f9:29:f3:df:20:0f:84:5e:ad:10:6e:ea:
                    e0:7a:df:b8:1d:58:76:8a:e2:2c:1b:0a:35:15:d6:
                    48:21:f6:a1:2c:22:54:70:4f:f0:93:45:9e:24:59:
                    4e:9d:03:f5:8c:1e:57:e1:cd:a0:41:4d:f0:ce:4a:
                    2b:b8:17:13:82:33:13:03:ae:9d:b2:30:13:ab:30:
                    28:2a:5c:fc:b9:a9:2c:ac:a5:b6:51:4e:d5:62:4d:
                    f6:37:7f:31:85:a8:1c:74:b5:8a:e4:39:e7:c8:cf:
                    4c:9c:19:f3:20:af:26:2b:74:37:23:99:80:b4:61:
                    2b:79:31:e5:0e:8f:59:cf:1c:23:58:5d:fe:69:01:
                    e0:1b:70:53:b8:fe:f8:1f:ce:87:10:ec:7b:1e:75:
                    e1:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:3E:08:94:74:68:FD:B5:1B:79:2F:C5:A6:9C:6F:88:67:3A:B3:47
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/XD4IlHRo_bUbeS_FppxviGc6s0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:c7:29:9b:6e:da:60:84:35:fa:41:fc:f8:15:75:41:6b:43:
         58:1f:04:39:01:62:3a:05:bd:ce:9b:29:fc:d4:0d:a0:05:9a:
         63:a9:e0:c1:0d:dd:37:07:a3:d7:ea:9d:41:b3:9e:3a:3d:e0:
         d2:e1:ff:1f:cd:24:56:c9:19:06:fd:d5:e5:de:7a:1e:6a:01:
         e6:d8:ed:09:5b:36:9f:3a:a2:94:cd:b7:cc:a9:7a:b6:79:da:
         71:33:e0:83:4b:eb:39:99:7c:b3:58:a1:db:05:90:cb:fd:d4:
         94:6a:a5:e7:f6:8b:54:77:24:b7:45:b0:8e:2a:b6:2d:f9:9e:
         0b:03:94:08:dd:2b:90:71:51:c2:e8:f1:14:ae:a4:8f:f3:58:
         10:0d:b6:18:6b:dc:42:69:3a:88:af:d8:e1:a8:d1:66:44:22:
         b5:72:8d:42:8a:59:db:b6:1f:84:3f:ba:bc:d0:72:4f:d0:68:
         2b:f6:db:02:c4:92:29:2c:30:62:c1:5e:50:28:db:08:84:60:
         9f:b9:dd:48:86:79:8f:d9:1e:15:2e:6c:55:22:1a:3f:1c:ba:
         45:9a:9c:4f:2b:2f:ab:92:ef:f0:a0:c3:58:32:6c:d8:c6:72:
         90:da:87:86:77:73:06:2d:ac:1d:c9:e6:fe:a2:01:bf:6e:dc:
         33:e9:e3:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKo4LanyGzugtNQffziw5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMTAyMTIzMzU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzNlMDg5NDc0NjhmZGI1MWI3OTJmYzVhNjljNmY4ODY3M2FiMzQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4qF/26nPhtd9+mT7GgXSkQFbzFLL
4F+isyY+iEH53QXNMVTOPjsHKN9NoEYeZrt9d4WZY0b6h0nOClB+BmAvYukYxo2C
CaQFg6RmYGAXvOOFdyFEWIQghZYDgJAvJGBfcBXCPRzcq8zK8X75KfPfIA+EXq0Q
burget+4HVh2iuIsGwo1FdZIIfahLCJUcE/wk0WeJFlOnQP1jB5X4c2gQU3wzkor
uBcTgjMTA66dsjATqzAoKlz8uaksrKW2UU7VYk32N38xhagcdLWK5DnnyM9MnBnz
IK8mK3Q3I5mAtGEreTHlDo9ZzxwjWF3+aQHgG3BTuP74H86HEOx7HnXhJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFw+CJR0aP21G3kvxaacb4hnOrNHMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvWEQ0SWxIUm9fYlViZVNfRnBweHZpR2M2czBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlfRMA0G
CSqGSIb3DQEBCwUAA4IBAQCNxymbbtpghDX6Qfz4FXVBa0NYHwQ5AWI6Bb3Omyn8
1A2gBZpjqeDBDd03B6PX6p1Bs546PeDS4f8fzSRWyRkG/dXl3noeagHm2O0JWzaf
OqKUzbfMqXq2edpxM+CDS+s5mXyzWKHbBZDL/dSUaqXn9otUdyS3RbCOKrYt+Z4L
A5QI3SuQcVHC6PEUrqSP81gQDbYYa9xCaTqIr9jhqNFmRCK1co1Cilnbth+EP7q8
0HJP0Ggr9tsCxJIpLDBiwV5QKNsIhGCfud1IhnmP2R4VLmxVIho/HLpFmpxPKy+r
ku/woMNYMmzYxnKQ2oeGd3MGLawdyeb+ogG/btwz6eP0
-----END CERTIFICATE-----