Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/fzP7coxscFqn-coe5c0wC05jSDU.roa
File:                     fzP7coxscFqn-coe5c0wC05jSDU.roa (raw, json)
Hash identifier:          QtD0a8Hkt5C98O/T+9/g3EZ7PanrhyMEdpaOoSsM+cY=
Subject key identifier:   7F:33:FB:72:8C:6C:70:5A:A7:F9:CA:1E:E5:CD:30:0B:4E:63:48:35
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018CCA2A7F62D20CE733D05DDC6EC26FC6A4
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/fzP7coxscFqn-coe5c0wC05jSDU.roa
Signing time:             Tue 02 Jan 2024 12:33:51 +0000
ROA not before:           Tue 02 Jan 2024 12:33:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197715
IP address blocks:        194.87.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:7f:62:d2:0c:e7:33:d0:5d:dc:6e:c2:6f:c6:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 12:33:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f33fb728c6c705aa7f9ca1ee5cd300b4e634835
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:e6:5d:b9:34:65:a9:36:9d:5f:56:f3:a0:7f:
                    07:29:12:2f:f6:39:b2:db:bd:49:da:d6:a8:77:5c:
                    c1:ab:e9:44:09:01:3b:19:71:64:71:98:27:29:d6:
                    76:fe:5c:2d:c6:f6:47:dc:c0:8a:8a:46:af:62:73:
                    c5:8a:18:7f:10:64:e5:14:cc:22:64:bb:22:dd:b8:
                    d3:23:fa:3a:04:55:e4:65:f0:64:08:c6:86:e5:0b:
                    0f:f1:d3:70:79:53:04:3e:6c:7a:9c:de:ef:06:15:
                    0b:c6:c0:06:e4:34:ae:53:23:df:a0:92:9d:e0:e6:
                    ae:b4:ef:43:0a:ec:49:52:61:15:0b:f3:60:56:b9:
                    5e:51:32:9f:79:49:5d:fb:3e:09:0a:7f:3b:17:7f:
                    e5:95:b3:05:b9:f5:09:9a:07:43:50:2f:f2:ad:4d:
                    db:57:ca:07:d1:1b:21:96:79:6e:9a:d8:6c:11:30:
                    f3:0b:0d:df:29:12:b9:dd:3c:39:f6:50:57:b3:bf:
                    b9:09:45:f4:ed:a0:a2:c0:32:b6:50:93:ef:e7:a9:
                    f8:c0:54:a2:c2:ac:a0:fc:56:ea:9e:53:72:57:ef:
                    5d:b2:52:c9:60:d4:f8:c1:2b:0c:16:48:3e:ae:31:
                    37:ba:f7:15:ba:25:04:c8:07:9e:0a:a2:33:82:c7:
                    a3:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:33:FB:72:8C:6C:70:5A:A7:F9:CA:1E:E5:CD:30:0B:4E:63:48:35
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/fzP7coxscFqn-coe5c0wC05jSDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:a3:20:b6:bc:be:be:24:10:71:f4:09:1f:bb:56:1a:8f:ed:
         67:43:97:6a:b1:34:2f:a4:10:bc:25:ce:9a:60:8c:2d:82:a0:
         3e:b4:c7:e1:ba:9e:52:d7:20:7d:df:bf:db:c1:bd:06:30:bc:
         52:59:35:9d:0b:0e:9d:69:a7:1e:ca:da:7d:16:ac:62:94:46:
         2e:fc:4a:0c:82:3e:b1:bc:6d:c9:59:d2:a7:3b:a3:44:0a:8e:
         bc:88:9a:db:81:3a:3a:c9:96:d5:ef:4e:ce:de:04:80:67:b1:
         72:ac:84:87:fc:77:1f:45:50:a2:dd:59:7e:d9:a8:2e:a0:06:
         51:8b:1b:81:54:0f:43:f3:dd:87:5e:c0:97:65:6f:66:a8:c1:
         88:f1:6c:f9:b3:58:16:9c:34:26:e4:fc:85:a5:25:a6:92:3f:
         a3:8b:09:ed:79:fb:c2:81:8a:82:14:70:f6:cb:2d:e2:29:15:
         3a:12:64:dc:46:ad:f4:44:a3:82:93:61:c5:ca:3d:36:e1:da:
         24:ff:78:11:a2:48:a4:84:ad:30:db:92:13:e5:b7:85:d1:91:
         10:8d:7f:c5:75:66:5b:d5:1c:a3:90:2b:52:dc:9f:6b:1a:8f:
         c6:13:1a:cd:20:6e:91:3f:15:18:3e:67:87:fd:24:e0:da:43:
         da:bd:d2:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKn9i0gznM9Bd3G7Cb8akMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMTAyMTIzMzUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjMzZmI3MjhjNmM3MDVhYTdmOWNhMWVlNWNkMzAwYjRlNjM0ODM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2OZduTRlqTadX1bzoH8HKRIv9jmy
271J2taod1zBq+lECQE7GXFkcZgnKdZ2/lwtxvZH3MCKikavYnPFihh/EGTlFMwi
ZLsi3bjTI/o6BFXkZfBkCMaG5QsP8dNweVMEPmx6nN7vBhULxsAG5DSuUyPfoJKd
4OautO9DCuxJUmEVC/NgVrleUTKfeUld+z4JCn87F3/llbMFufUJmgdDUC/yrU3b
V8oH0RshlnlumthsETDzCw3fKRK53Tw59lBXs7+5CUX07aCiwDK2UJPv56n4wFSi
wqyg/FbqnlNyV+9dslLJYNT4wSsMFkg+rjE3uvcVuiUEyAeeCqIzgsejUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH8z+3KMbHBap/nKHuXNMAtOY0g1MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvZnpQN2NveHNjRnFuLWNvZTVjMHdDMDVqU0RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwleBMA0G
CSqGSIb3DQEBCwUAA4IBAQBooyC2vL6+JBBx9Akfu1Yaj+1nQ5dqsTQvpBC8Jc6a
YIwtgqA+tMfhup5S1yB937/bwb0GMLxSWTWdCw6daaceytp9FqxilEYu/EoMgj6x
vG3JWdKnO6NECo68iJrbgTo6yZbV707O3gSAZ7FyrISH/HcfRVCi3Vl+2aguoAZR
ixuBVA9D892HXsCXZW9mqMGI8Wz5s1gWnDQm5PyFpSWmkj+jiwntefvCgYqCFHD2
yy3iKRU6EmTcRq30RKOCk2HFyj024dok/3gRokikhK0w25IT5beF0ZEQjX/FdWZb
1RyjkCtS3J9rGo/GExrNIG6RPxUYPmeH/STg2kPavdJz
-----END CERTIFICATE-----