Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/hSivZTHovJKGcE8I0Fo6M7OCql0.roa
File:                     hSivZTHovJKGcE8I0Fo6M7OCql0.roa (raw, json)
Hash identifier:          ABqkxdvcrG40qIj47FgpCbq65VapZi/nvjWJHLTWF2Q=
Subject key identifier:   85:28:AF:65:31:E8:BC:92:86:70:4F:08:D0:5A:3A:33:B3:82:AA:5D
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018CCA2A800111DE5044345B09929330E2BE
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/hSivZTHovJKGcE8I0Fo6M7OCql0.roa
Signing time:             Tue 02 Jan 2024 12:33:52 +0000
ROA not before:           Tue 02 Jan 2024 12:33:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198981
IP address blocks:        194.87.228.0/24 maxlen: 24
                          212.192.250.0/24 maxlen: 24
                          212.192.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:80:01:11:de:50:44:34:5b:09:92:93:30:e2:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 12:33:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8528af6531e8bc9286704f08d05a3a33b382aa5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:c8:f1:2b:9f:eb:fa:71:4a:5a:39:a1:7c:4c:
                    12:ca:78:f4:d3:eb:d5:05:61:a4:24:94:c0:8e:15:
                    a7:56:2e:e9:c8:2b:d9:09:4c:70:2d:72:cb:de:0f:
                    07:6c:d8:34:93:34:a4:46:0f:09:a9:31:fe:8d:20:
                    48:ee:20:7b:f0:f7:89:93:1a:e3:d2:cd:0e:a6:ef:
                    0b:19:44:16:f7:f9:67:3d:cc:83:9c:e8:39:b2:6c:
                    1f:c4:e3:e0:57:da:0a:cb:d5:e2:13:ce:64:56:13:
                    2c:51:dc:a0:4f:9b:9e:71:25:7b:9b:29:e6:50:61:
                    40:09:7d:7f:8e:8e:d2:5b:44:35:95:a6:ec:59:76:
                    5d:ec:76:67:28:11:53:ff:e4:72:57:aa:3b:29:48:
                    0b:93:7a:15:fa:9a:ee:49:a5:af:f1:48:47:d5:5d:
                    92:2f:a3:ee:10:1e:80:c6:cc:71:1a:75:7c:fd:9e:
                    28:3c:b7:0c:e0:f7:30:09:1e:ed:a1:38:ae:b6:83:
                    0c:54:cb:d2:3b:b9:16:8f:74:51:8d:b6:12:fb:f1:
                    86:62:a6:0e:db:c3:a4:b0:01:39:bf:a0:49:53:dd:
                    f1:a4:53:9a:6b:7f:52:91:4f:a4:51:01:6e:65:33:
                    74:61:dd:d6:0a:c0:48:86:0b:7f:4b:3b:97:5c:8b:
                    07:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:28:AF:65:31:E8:BC:92:86:70:4F:08:D0:5A:3A:33:B3:82:AA:5D
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/hSivZTHovJKGcE8I0Fo6M7OCql0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.228.0/24
                  212.192.250.0/24
                  212.192.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:a1:1c:f0:6a:30:08:eb:48:42:dc:96:77:52:bd:f1:68:e5:
         b8:ae:b6:f4:83:84:a1:a7:69:c7:66:a5:af:5b:cc:88:21:4b:
         13:fc:0d:5d:ad:de:df:b2:39:e9:01:0c:78:6f:6a:e2:f2:96:
         c4:b0:af:ec:a5:85:4d:8c:39:ee:c3:64:f5:65:69:7b:45:80:
         5c:40:cc:bd:7d:09:54:8f:1b:8c:92:21:f9:8b:62:b8:c4:fc:
         03:1c:d2:19:79:7b:00:5e:ad:20:77:01:0f:4a:e2:e6:c7:e0:
         f1:b1:95:9d:2a:50:23:42:03:4c:54:d7:4f:88:61:70:c8:c9:
         e3:e2:f7:13:b1:74:92:1a:45:9d:5b:c3:2d:05:ad:bc:10:71:
         2f:56:ef:30:91:02:a0:53:0f:13:42:23:e5:a1:22:77:9c:d7:
         36:6c:27:45:07:27:b6:0c:76:92:d1:6a:86:fc:61:c9:f0:15:
         a3:26:3d:55:06:ef:d1:0e:67:8b:5e:af:8f:38:e7:11:d9:b9:
         18:1d:2e:ee:4a:51:fb:a8:93:a3:da:b6:c6:76:09:6b:51:bf:
         b7:9d:30:57:32:e6:61:4f:b5:75:a6:f6:f4:06:b0:aa:d5:44:
         cc:11:aa:e3:cd:90:a9:fc:d5:a6:ad:bf:04:18:c2:8a:9d:ce:
         b2:9b:e3:49
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzKKoABEd5QRDRbCZKTMOK+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMTAyMTIzMzUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTI4YWY2NTMxZThiYzkyODY3MDRmMDhkMDVhM2EzM2IzODJhYTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnsjxK5/r+nFKWjmhfEwSynj00+vV
BWGkJJTAjhWnVi7pyCvZCUxwLXLL3g8HbNg0kzSkRg8JqTH+jSBI7iB78PeJkxrj
0s0Opu8LGUQW9/lnPcyDnOg5smwfxOPgV9oKy9XiE85kVhMsUdygT5uecSV7mynm
UGFACX1/jo7SW0Q1labsWXZd7HZnKBFT/+RyV6o7KUgLk3oV+pruSaWv8UhH1V2S
L6PuEB6AxsxxGnV8/Z4oPLcM4PcwCR7toTiutoMMVMvSO7kWj3RRjbYS+/GGYqYO
28OksAE5v6BJU93xpFOaa39SkU+kUQFuZTN0Yd3WCsBIhgt/SzuXXIsH6QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIUor2Ux6LyShnBPCNBaOjOzgqpdMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvaFNpdlpUSG92SktHY0U4STBGbzZNN09DcWwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwlfkAwQA
1MD6AwQA1MD/MA0GCSqGSIb3DQEBCwUAA4IBAQB/oRzwajAI60hC3JZ3Ur3xaOW4
rrb0g4Shp2nHZqWvW8yIIUsT/A1drd7fsjnpAQx4b2ri8pbEsK/spYVNjDnuw2T1
ZWl7RYBcQMy9fQlUjxuMkiH5i2K4xPwDHNIZeXsAXq0gdwEPSuLmx+DxsZWdKlAj
QgNMVNdPiGFwyMnj4vcTsXSSGkWdW8MtBa28EHEvVu8wkQKgUw8TQiPloSJ3nNc2
bCdFBye2DHaS0WqG/GHJ8BWjJj1VBu/RDmeLXq+POOcR2bkYHS7uSlH7qJOj2rbG
dglrUb+3nTBXMuZhT7V1pvb0BrCq1UTMEarjzZCp/NWmrb8EGMKKnc6ym+NJ
-----END CERTIFICATE-----