Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/ftiGAm6h96eAetI20CE7ED94rBo.roa
File:                     ftiGAm6h96eAetI20CE7ED94rBo.roa (raw, json)
Hash identifier:          mNXiacpRbbEyXT3z4IN/PcyyItLVgWHu5tSOZwLktx0=
Subject key identifier:   7E:D8:86:02:6E:A1:F7:A7:80:7A:D2:36:D0:21:3B:10:3F:78:AC:1A
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       01942824E455AC7ADB9531C8164F400C316F
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/ftiGAm6h96eAetI20CE7ED94rBo.roa
Signing time:             Thu 02 Jan 2025 17:51:33 +0000
ROA not before:           Thu 02 Jan 2025 17:51:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2118
IP address blocks:        194.87.222.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 14:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:e4:55:ac:7a:db:95:31:c8:16:4f:40:0c:31:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 17:51:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7ed886026ea1f7a7807ad236d0213b103f78ac1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:ed:7f:4c:d0:d2:11:0e:10:78:cd:ab:01:c1:
                    3a:bf:2d:37:64:fa:06:e7:8d:a7:ee:b2:d0:7c:39:
                    c3:c4:6a:d9:b4:04:0c:7d:00:ac:00:88:5a:08:56:
                    26:e1:50:99:83:e2:8c:a8:1e:91:4b:4d:50:67:6c:
                    05:f7:e5:c9:59:21:1f:7d:c9:71:00:c8:1a:af:de:
                    92:4a:cb:c5:d4:c7:de:27:be:64:4b:36:ec:f6:e9:
                    2b:02:76:70:4c:a8:11:02:5b:d0:77:70:e4:8a:bd:
                    7f:0a:5d:95:89:52:40:b5:69:a1:7e:c8:84:15:f9:
                    32:0a:cc:6c:ac:1c:ea:40:e0:59:63:fd:0e:f4:f3:
                    e2:b6:41:2d:b6:01:6b:f5:58:de:3c:4c:88:5e:aa:
                    2a:5e:78:b6:3d:d6:6b:9f:b8:10:63:dc:6e:33:5e:
                    43:b6:e0:92:6b:8a:8b:86:1f:c4:e2:ec:0d:cc:f8:
                    27:8b:43:90:d3:c6:99:2f:e4:3a:d9:e5:69:6a:1f:
                    71:6d:88:dd:11:90:72:8c:9e:3f:2e:7f:6a:64:92:
                    6c:36:7d:92:e5:28:9a:49:e9:3f:20:5b:14:e4:2f:
                    71:2b:3f:5f:de:24:25:6d:5f:95:04:29:4f:94:c6:
                    96:db:4a:1d:8f:d4:7a:56:39:4b:85:aa:1f:d3:2f:
                    7b:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:D8:86:02:6E:A1:F7:A7:80:7A:D2:36:D0:21:3B:10:3F:78:AC:1A
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/ftiGAm6h96eAetI20CE7ED94rBo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.222.0/23

    Signature Algorithm: sha256WithRSAEncryption
         09:1f:db:ce:7d:e1:db:02:48:5c:a8:e7:62:4b:ee:e8:a7:6b:
         65:7a:b0:c1:4b:cf:38:7f:7d:c4:09:8e:eb:e0:d9:d5:5d:4a:
         4b:d2:4d:c6:18:af:8c:42:5e:df:8c:f0:1a:cf:30:ee:fc:3f:
         4d:15:09:32:03:99:8f:7a:f1:70:69:60:5e:18:cc:ad:9a:70:
         97:c6:1a:e8:f4:15:db:90:65:52:99:e3:11:72:cd:4d:ba:5d:
         0e:78:6a:c8:4f:ea:e5:7d:53:23:2e:08:e0:56:40:1c:18:ea:
         72:e9:8a:e0:9d:94:89:01:6c:6d:91:f5:a3:c7:0a:c7:0c:c3:
         a3:5e:34:7a:53:99:6c:06:9b:a1:15:92:d1:e1:42:fb:02:25:
         e2:28:e7:7e:a4:5b:ec:68:4c:57:d9:f1:d8:d7:ed:86:25:fa:
         6f:a3:d8:f7:71:f1:93:48:24:32:d2:ec:7f:e5:97:9b:9c:e2:
         25:ca:df:47:ff:00:cb:2a:d5:43:68:a6:3c:75:c1:78:b6:81:
         fe:54:89:3f:e3:ad:b1:9a:08:f3:ce:15:da:5d:4e:03:05:a4:
         ba:b8:44:aa:8f:0a:89:07:ad:36:03:9c:76:e6:78:e3:bf:9d:
         44:ad:77:f0:8d:54:44:e0:61:56:00:5b:6b:c3:42:18:1e:5f:
         13:01:9a:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJORVrHrblTHIFk9ADDFvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWQ4ODYwMjZlYTFmN2E3ODA3YWQyMzZkMDIxM2IxMDNmNzhhYzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwO1/TNDSEQ4QeM2rAcE6vy03ZPoG
542n7rLQfDnDxGrZtAQMfQCsAIhaCFYm4VCZg+KMqB6RS01QZ2wF9+XJWSEffclx
AMgar96SSsvF1MfeJ75kSzbs9ukrAnZwTKgRAlvQd3Dkir1/Cl2ViVJAtWmhfsiE
FfkyCsxsrBzqQOBZY/0O9PPitkEttgFr9VjePEyIXqoqXni2PdZrn7gQY9xuM15D
tuCSa4qLhh/E4uwNzPgni0OQ08aZL+Q62eVpah9xbYjdEZByjJ4/Ln9qZJJsNn2S
5SiaSek/IFsU5C9xKz9f3iQlbV+VBClPlMaW20odj9R6VjlLhaof0y97MQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH7YhgJuofengHrSNtAhOxA/eKwaMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvZnRpR0FtNmg5NmVBZXRJMjBDRTdFRDk0ckJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwlfeMA0G
CSqGSIb3DQEBCwUAA4IBAQAJH9vOfeHbAkhcqOdiS+7op2tlerDBS884f33ECY7r
4NnVXUpL0k3GGK+MQl7fjPAazzDu/D9NFQkyA5mPevFwaWBeGMytmnCXxhro9BXb
kGVSmeMRcs1Nul0OeGrIT+rlfVMjLgjgVkAcGOpy6YrgnZSJAWxtkfWjxwrHDMOj
XjR6U5lsBpuhFZLR4UL7AiXiKOd+pFvsaExX2fHY1+2GJfpvo9j3cfGTSCQy0ux/
5ZebnOIlyt9H/wDLKtVDaKY8dcF4toH+VIk/462xmgjzzhXaXU4DBaS6uESqjwqJ
B602A5x25njjv51ErXfwjVRE4GFWAFtrw0IYHl8TAZo7
-----END CERTIFICATE-----