Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/cIi8SWWYGo53kmASfiUXUI6nQxo.roa
File:                     cIi8SWWYGo53kmASfiUXUI6nQxo.roa (raw, json)
Hash identifier:          zhCmNjh0mEDiCNo9hCcvfi80tWT/ThevRLkZTI8txxk=
Subject key identifier:   70:88:BC:49:65:98:1A:8E:77:92:60:12:7E:25:17:50:8E:A7:43:1A
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018DB2D297F3AB4D56384280E098B6571AEA
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/cIi8SWWYGo53kmASfiUXUI6nQxo.roa
Signing time:             Fri 16 Feb 2024 16:49:22 +0000
ROA not before:           Fri 16 Feb 2024 16:49:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41798
IP address blocks:        193.124.93.0/24 maxlen: 24
                          194.58.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:b2:d2:97:f3:ab:4d:56:38:42:80:e0:98:b6:57:1a:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Feb 16 16:49:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7088bc4965981a8e779260127e2517508ea7431a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:65:fa:5d:41:43:99:8e:4a:c8:e4:9a:91:60:
                    d4:44:09:f9:c1:a7:47:9a:a0:30:97:19:81:e6:43:
                    10:3a:9d:2d:18:7a:6a:7b:ba:1e:e0:bc:69:f9:bd:
                    ed:d9:e3:13:15:41:d4:98:7c:8b:dd:4c:54:f5:5c:
                    c5:0a:a9:b7:a4:03:ae:c3:4c:e3:ac:65:49:44:3f:
                    34:88:e1:58:9d:c5:bf:62:0a:95:82:2a:29:39:c9:
                    e6:e7:f0:3d:9c:dc:23:13:a3:4c:c1:10:71:c5:02:
                    13:6b:32:67:f1:d2:32:3c:cc:9a:af:b2:5b:9b:17:
                    98:39:13:77:96:b9:3e:07:3b:2b:02:ed:ca:4a:a7:
                    14:65:7f:fd:d0:0e:8e:b2:0d:2b:20:7d:c2:b8:7e:
                    e1:e6:53:21:08:ed:5a:b3:26:09:f5:26:16:88:73:
                    53:41:d5:28:32:b4:a8:0d:56:f1:a1:46:28:89:e5:
                    df:4f:d6:52:2f:61:29:08:8d:ea:61:8a:1d:a7:6a:
                    a3:f9:e2:8c:18:02:a7:98:ee:f5:b7:39:19:bc:4c:
                    f2:e7:12:a7:93:bf:45:4c:9e:bd:82:d9:6d:26:c7:
                    c5:57:0a:cd:36:55:b8:0b:44:1b:ef:71:04:da:a1:
                    d0:b7:bd:b2:77:04:eb:f1:ae:ac:74:c0:b3:4b:6d:
                    07:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:88:BC:49:65:98:1A:8E:77:92:60:12:7E:25:17:50:8E:A7:43:1A
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/cIi8SWWYGo53kmASfiUXUI6nQxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.93.0/24
                  194.58.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:a7:34:a9:2b:65:a4:37:a8:12:7c:ea:17:39:4c:11:1d:a8:
         07:f8:e4:7a:a7:64:f1:36:94:a0:88:27:9f:c1:69:02:c8:f7:
         4f:cc:56:56:f8:bc:5d:cb:ec:68:5e:c6:60:8d:f7:c4:ea:68:
         5b:3f:c5:81:b6:bf:ea:c1:76:90:6b:8f:02:d6:b4:fd:d4:a6:
         39:e0:6c:4c:64:9e:16:16:93:91:b6:72:a2:4f:ae:45:8f:9a:
         86:a3:b6:04:57:ae:39:d7:26:10:0f:5a:92:b5:18:a7:8a:d0:
         32:10:9b:fe:87:95:68:bf:13:2f:e3:63:9f:51:d3:78:06:1d:
         fe:c9:f7:c4:d3:aa:8e:91:dd:c5:79:b8:60:ce:88:cc:e0:08:
         a7:14:58:33:bb:b8:da:eb:26:38:a8:af:64:f0:49:dd:cf:2c:
         46:65:4d:9a:98:0d:f4:02:41:24:73:d6:30:d6:aa:14:0d:61:
         2c:44:f6:c5:52:73:98:de:bc:8d:31:c5:95:fb:7b:d7:53:55:
         67:db:d3:04:7f:2d:6e:1b:de:4f:5a:8e:15:16:a9:4f:ee:11:
         12:3d:1d:7e:75:d1:c2:77:86:8e:9a:91:25:c4:07:ad:ba:3f:
         a8:85:86:e5:3a:9f:03:7f:de:4d:1b:0c:76:42:26:24:80:01:
         51:6a:b7:1e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY2y0pfzq01WOEKA4Ji2VxrqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMjE2MTY0OTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDg4YmM0OTY1OTgxYThlNzc5MjYwMTI3ZTI1MTc1MDhlYTc0MzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgGX6XUFDmY5KyOSakWDURAn5wadH
mqAwlxmB5kMQOp0tGHpqe7oe4Lxp+b3t2eMTFUHUmHyL3UxU9VzFCqm3pAOuw0zj
rGVJRD80iOFYncW/YgqVgiopOcnm5/A9nNwjE6NMwRBxxQITazJn8dIyPMyar7Jb
mxeYORN3lrk+BzsrAu3KSqcUZX/90A6Osg0rIH3CuH7h5lMhCO1asyYJ9SYWiHNT
QdUoMrSoDVbxoUYoieXfT9ZSL2EpCI3qYYodp2qj+eKMGAKnmO71tzkZvEzy5xKn
k79FTJ69gtltJsfFVwrNNlW4C0Qb73EE2qHQt72ydwTr8a6sdMCzS20HlQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHCIvEllmBqOd5JgEn4lF1COp0MaMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvY0lpOFNXV1lHbzUza21BU2ZpVVhVSTZuUXhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwXxdAwQA
wjoqMA0GCSqGSIb3DQEBCwUAA4IBAQBmpzSpK2WkN6gSfOoXOUwRHagH+OR6p2Tx
NpSgiCefwWkCyPdPzFZW+Lxdy+xoXsZgjffE6mhbP8WBtr/qwXaQa48C1rT91KY5
4GxMZJ4WFpORtnKiT65Fj5qGo7YEV6451yYQD1qStRinitAyEJv+h5VovxMv42Of
UdN4Bh3+yffE06qOkd3FebhgzojM4AinFFgzu7ja6yY4qK9k8EndzyxGZU2amA30
AkEkc9Yw1qoUDWEsRPbFUnOY3ryNMcWV+3vXU1Vn29MEfy1uG95PWo4VFqlP7hES
PR1+ddHCd4aOmpElxAetuj+ohYblOp8Df95NGwx2QiYkgAFRarce
-----END CERTIFICATE-----