Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/gqy-vRCgiFn5ZNSrQykiU8g128c.roa
File:                     gqy-vRCgiFn5ZNSrQykiU8g128c.roa (raw, json)
Hash identifier:          tO5UZG6HE9Qff9dtaZ4yGAYPYFPPx7a0wjPgEhw/uqM=
Subject key identifier:   82:AC:BE:BD:10:A0:88:59:F9:64:D4:AB:43:29:22:53:C8:35:DB:C7
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018CCA2A908910EE681075AF07EFD33FC185
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/gqy-vRCgiFn5ZNSrQykiU8g128c.roa
Signing time:             Tue 02 Jan 2024 12:33:56 +0000
ROA not before:           Tue 02 Jan 2024 12:33:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211439
IP address blocks:        194.87.212.0/24 maxlen: 24
                          62.76.229.0/24 maxlen: 24
                          194.87.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:90:89:10:ee:68:10:75:af:07:ef:d3:3f:c1:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 12:33:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82acbebd10a08859f964d4ab43292253c835dbc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:3a:56:c0:3f:88:c8:b6:53:12:44:86:2b:b6:
                    a9:12:31:be:74:8d:ec:5f:af:2d:46:80:ab:91:6b:
                    ab:c0:d1:f5:0b:e4:f7:27:47:ce:57:0d:58:1a:1d:
                    36:36:ae:94:fd:ea:85:d9:78:98:65:a4:24:39:46:
                    7a:d6:3c:02:0f:82:b5:03:b3:20:4f:39:78:25:bd:
                    8e:cd:68:7b:1e:62:d2:b4:af:ec:1f:9d:0e:b7:44:
                    0a:8c:f7:7a:16:0a:83:42:b3:24:d9:bd:be:87:f5:
                    f6:88:1a:92:96:a2:c7:83:6e:64:01:48:88:97:70:
                    c2:ad:6b:19:4c:9a:1a:e6:92:eb:90:02:c5:d8:0e:
                    4f:43:f4:8e:3b:3d:2b:20:cd:66:7e:d8:b1:30:35:
                    78:33:19:5e:dc:dd:23:1a:cc:f4:e7:25:cd:a7:85:
                    b7:c1:0b:87:48:11:54:9c:5d:3e:dd:31:ce:07:ad:
                    f1:a5:cb:f3:51:0e:b9:81:b5:e6:05:2e:3d:6e:cf:
                    1f:35:5f:b5:c0:cf:85:36:f9:aa:a1:91:56:1e:2f:
                    eb:d8:ed:1f:b1:7d:f6:b6:79:26:03:79:4f:fd:36:
                    40:28:5f:5b:a9:bd:5b:34:7a:e3:2b:25:f6:31:00:
                    9a:a8:33:75:3b:2b:b3:f6:b1:28:2c:bf:6f:2d:cd:
                    dc:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:AC:BE:BD:10:A0:88:59:F9:64:D4:AB:43:29:22:53:C8:35:DB:C7
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/gqy-vRCgiFn5ZNSrQykiU8g128c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.76.229.0/24
                  194.87.137.0/24
                  194.87.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:ec:82:a2:70:43:51:82:43:9d:89:05:53:82:fe:64:ae:15:
         64:c3:0c:46:3a:32:fa:33:90:87:ea:c2:f4:99:7f:38:bf:63:
         3f:90:70:a3:6a:75:ad:43:ab:5a:f9:4b:05:39:43:7d:f9:4e:
         36:c5:c9:1b:8e:58:d5:1e:77:53:a0:48:cc:a4:95:89:e1:07:
         41:9c:3b:3c:f7:90:0a:51:30:cd:dc:9a:3e:e8:71:8d:f9:21:
         ab:d9:a3:90:86:5c:9a:2c:ec:dd:2a:c4:55:93:20:da:c1:64:
         a3:86:41:63:4c:58:4a:ec:90:1b:b1:4b:9c:08:6c:13:9a:1b:
         b4:9d:35:79:4e:ea:21:2a:82:44:41:97:44:51:6b:e1:a6:1b:
         bc:a7:f3:01:1a:f0:c3:7f:dc:5d:90:c3:f7:cd:f5:d2:b1:20:
         b8:68:fe:1b:30:09:fb:71:fc:d7:df:d4:72:32:1e:12:ea:2a:
         67:7b:a4:de:33:e0:85:97:b1:6e:b3:33:f3:17:73:02:a9:1f:
         21:1d:9f:81:4b:59:46:46:2f:87:79:5e:15:6d:b8:f7:7c:33:
         68:f2:97:30:63:ca:07:ce:03:c1:2b:57:db:a1:eb:c3:3d:45:
         9d:a6:b4:cc:c4:69:60:aa:b7:d9:10:cd:b2:09:bd:34:4d:60:
         42:9a:f1:96
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzKKpCJEO5oEHWvB+/TP8GFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMTAyMTIzMzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmFjYmViZDEwYTA4ODU5Zjk2NGQ0YWI0MzI5MjI1M2M4MzVkYmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkTpWwD+IyLZTEkSGK7apEjG+dI3s
X68tRoCrkWurwNH1C+T3J0fOVw1YGh02Nq6U/eqF2XiYZaQkOUZ61jwCD4K1A7Mg
Tzl4Jb2OzWh7HmLStK/sH50Ot0QKjPd6FgqDQrMk2b2+h/X2iBqSlqLHg25kAUiI
l3DCrWsZTJoa5pLrkALF2A5PQ/SOOz0rIM1mftixMDV4Mxle3N0jGsz05yXNp4W3
wQuHSBFUnF0+3THOB63xpcvzUQ65gbXmBS49bs8fNV+1wM+FNvmqoZFWHi/r2O0f
sX32tnkmA3lP/TZAKF9bqb1bNHrjKyX2MQCaqDN1Oyuz9rEoLL9vLc3cOwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIKsvr0QoIhZ+WTUq0MpIlPINdvHMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvZ3F5LXZSQ2dpRm41Wk5TclF5a2lVOGcxMjhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAPkzlAwQA
wleJAwQAwlfUMA0GCSqGSIb3DQEBCwUAA4IBAQBn7IKicENRgkOdiQVTgv5krhVk
wwxGOjL6M5CH6sL0mX84v2M/kHCjanWtQ6ta+UsFOUN9+U42xckbjljVHndToEjM
pJWJ4QdBnDs895AKUTDN3Jo+6HGN+SGr2aOQhlyaLOzdKsRVkyDawWSjhkFjTFhK
7JAbsUucCGwTmhu0nTV5TuohKoJEQZdEUWvhphu8p/MBGvDDf9xdkMP3zfXSsSC4
aP4bMAn7cfzX39RyMh4S6ipne6TeM+CFl7FuszPzF3MCqR8hHZ+BS1lGRi+HeV4V
bbj3fDNo8pcwY8oHzgPBK1fboevDPUWdprTMxGlgqrfZEM2yCb00TWBCmvGW
-----END CERTIFICATE-----