Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/hinkoem61dWk2jFFiIi6W06Tf1A.roa
File:                     hinkoem61dWk2jFFiIi6W06Tf1A.roa (raw, json)
Hash identifier:          BFdEX+InwoVNDIAg6J7a8ilK4leMP7r/2cbphIRMaPI=
Subject key identifier:   86:29:E4:A1:E9:BA:D5:D5:A4:DA:31:45:88:88:BA:5B:4E:93:7F:50
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       0194282519A33D535DD59C5653CAE3567E36
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/hinkoem61dWk2jFFiIi6W06Tf1A.roa
Signing time:             Thu 02 Jan 2025 17:51:47 +0000
ROA not before:           Thu 02 Jan 2025 17:51:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     266169
IP address blocks:        194.87.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 14:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:19:a3:3d:53:5d:d5:9c:56:53:ca:e3:56:7e:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 17:51:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8629e4a1e9bad5d5a4da31458888ba5b4e937f50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:e9:8b:ee:dd:af:65:26:d7:3b:32:0e:fe:d9:
                    cb:b5:eb:c1:cf:c4:89:bd:d8:f7:8b:d0:a3:2a:4f:
                    85:79:79:bb:1f:55:bd:4c:88:a1:18:0e:1c:e4:9e:
                    85:23:16:52:a3:ea:8f:d7:7d:a8:a0:89:90:af:66:
                    bc:65:50:5d:3d:d4:71:3a:ef:40:7a:a0:80:ac:bd:
                    6b:30:c6:7c:ef:cc:25:ab:c7:18:42:40:b9:84:0b:
                    98:01:4f:b9:78:0e:f2:7d:23:cf:e0:95:ea:eb:81:
                    bb:a5:a8:07:82:42:9a:d8:9c:e2:22:32:7c:22:97:
                    16:eb:08:a3:1b:e4:69:f5:e7:ba:1c:47:ca:e7:78:
                    a6:8b:b8:95:94:a5:5e:42:38:43:c9:9a:6f:16:8d:
                    71:0a:4f:3f:4e:a5:b7:65:32:b5:88:e0:91:c4:55:
                    e6:f5:f5:10:da:b1:1f:40:ce:c8:59:10:49:71:2a:
                    03:2b:06:20:02:ce:e7:33:5a:61:bf:ee:3a:42:96:
                    00:41:ab:d1:de:e2:50:54:65:b1:b3:03:f4:f6:62:
                    4c:0f:a1:ba:28:3e:61:37:d3:af:af:2e:56:a2:11:
                    d1:fc:4d:65:1c:e0:5e:89:9d:8e:cb:76:ed:6c:77:
                    7f:76:98:33:ca:5d:ba:78:e1:26:ef:8a:8a:aa:d7:
                    61:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:29:E4:A1:E9:BA:D5:D5:A4:DA:31:45:88:88:BA:5B:4E:93:7F:50
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/hinkoem61dWk2jFFiIi6W06Tf1A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:7f:37:0f:2d:fc:0d:3f:95:0e:42:b2:04:c2:28:3d:f3:8c:
         f8:2e:18:0f:39:f4:82:9a:8a:d0:db:5e:f8:67:58:94:ff:a9:
         ec:b0:65:4e:69:24:22:92:9b:fd:90:68:72:a8:fc:d8:e6:33:
         72:58:6f:e3:50:63:de:cb:87:66:1f:6d:e5:2f:70:69:2c:4a:
         c0:4c:48:00:59:a0:c5:a2:8c:73:c8:44:88:20:d6:27:94:0b:
         19:21:bb:2e:ad:d2:26:ac:aa:4b:ce:79:c8:87:26:e3:45:05:
         fa:a9:c7:80:27:a8:11:6b:13:ad:73:44:28:d1:08:04:26:7f:
         7e:22:89:bf:ba:d1:55:07:3b:36:9c:11:70:87:d2:9a:2f:05:
         3d:4f:f1:ab:f9:db:95:bd:cd:df:95:2d:ff:61:b4:51:04:a6:
         58:9b:e5:ac:67:c0:65:24:cc:c2:0b:27:ef:ec:5d:9a:73:a0:
         55:1d:57:6f:fd:d5:1a:9b:f4:fd:29:5b:ae:6a:8f:04:d0:c1:
         4a:5f:3c:69:f9:cb:94:93:06:55:ba:72:3f:9c:dc:47:23:a1:
         6d:99:f6:38:51:48:1c:85:fa:9d:cc:4b:d7:85:07:a5:fe:32:
         7b:ab:be:59:a5:a1:33:42:b5:f9:f7:a9:ff:40:fd:31:62:64:
         30:a6:30:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJRmjPVNd1ZxWU8rjVn42MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjUwMTAyMTc1MTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjI5ZTRhMWU5YmFkNWQ1YTRkYTMxNDU4ODg4YmE1YjRlOTM3ZjUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1emL7t2vZSbXOzIO/tnLtevBz8SJ
vdj3i9CjKk+FeXm7H1W9TIihGA4c5J6FIxZSo+qP132ooImQr2a8ZVBdPdRxOu9A
eqCArL1rMMZ878wlq8cYQkC5hAuYAU+5eA7yfSPP4JXq64G7pagHgkKa2JziIjJ8
IpcW6wijG+Rp9ee6HEfK53imi7iVlKVeQjhDyZpvFo1xCk8/TqW3ZTK1iOCRxFXm
9fUQ2rEfQM7IWRBJcSoDKwYgAs7nM1phv+46QpYAQavR3uJQVGWxswP09mJMD6G6
KD5hN9Ovry5WohHR/E1lHOBeiZ2Oy3btbHd/dpgzyl26eOEm74qKqtdhLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIYp5KHputXVpNoxRYiIultOk39QMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvaGlua29lbTYxZFdrMmpGRmlJaTZXMDZUZjFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlekMA0G
CSqGSIb3DQEBCwUAA4IBAQAYfzcPLfwNP5UOQrIEwig984z4LhgPOfSCmorQ2174
Z1iU/6nssGVOaSQikpv9kGhyqPzY5jNyWG/jUGPey4dmH23lL3BpLErATEgAWaDF
ooxzyESIINYnlAsZIbsurdImrKpLznnIhybjRQX6qceAJ6gRaxOtc0Qo0QgEJn9+
Iom/utFVBzs2nBFwh9KaLwU9T/Gr+duVvc3flS3/YbRRBKZYm+WsZ8BlJMzCCyfv
7F2ac6BVHVdv/dUam/T9KVuuao8E0MFKXzxp+cuUkwZVunI/nNxHI6FtmfY4UUgc
hfqdzEvXhQel/jJ7q75ZpaEzQrX596n/QP0xYmQwpjCP
-----END CERTIFICATE-----