Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/kVFXlQvauiJ6ls3aQjgILoca67E.roa
File:                     kVFXlQvauiJ6ls3aQjgILoca67E.roa (raw, json)
Hash identifier:          et/GBDlsoeEPtehm5Vdy5DyHJxHt1jU6ep5n87NkfsI=
Subject key identifier:   91:51:57:95:0B:DA:BA:22:7A:96:CD:DA:42:38:08:2E:87:1A:EB:B1
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018F66CFF916734A99537F6410EB7AFB97EA
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/kVFXlQvauiJ6ls3aQjgILoca67E.roa
Signing time:             Sat 11 May 2024 08:40:56 +0000
ROA not before:           Sat 11 May 2024 08:40:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212025
IP address blocks:        193.124.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:66:cf:f9:16:73:4a:99:53:7f:64:10:eb:7a:fb:97:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: May 11 08:40:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=915157950bdaba227a96cdda4238082e871aebb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:f5:29:61:11:7e:e7:d9:2e:fa:da:7d:1b:51:
                    57:d2:73:60:7f:2a:d9:7b:b4:d1:13:5c:ff:34:cd:
                    5c:6b:c7:3f:0d:72:a6:6f:e3:2f:d1:2a:c4:90:49:
                    87:a8:f7:b7:17:da:93:70:6e:2a:84:9b:ac:46:fe:
                    55:cf:1a:43:d4:92:b1:e7:1d:7e:02:c0:c5:cf:04:
                    b8:6b:f5:ab:17:1e:42:bd:3d:aa:6d:42:5b:30:c1:
                    c3:e9:ea:19:00:bc:37:d4:f6:8d:46:96:ff:57:1b:
                    eb:4f:09:41:72:1f:c7:46:96:c1:93:7a:01:72:b9:
                    e1:58:09:a2:54:6a:d2:c1:67:44:5b:eb:97:14:6e:
                    64:b9:61:21:21:d4:f1:08:f3:51:fc:f7:d8:85:96:
                    56:7a:de:00:0f:4f:16:ff:5d:28:e5:71:ff:31:73:
                    93:e6:21:2b:9e:ae:ea:fc:9e:78:e6:53:6d:4a:99:
                    d3:ee:d8:72:86:56:c2:8c:7d:2a:55:b4:56:17:4e:
                    14:71:5f:ef:7e:7f:12:4a:c5:f1:f7:a7:75:17:fb:
                    2c:cc:f9:29:56:1b:e3:55:3a:6f:0b:c9:d2:59:91:
                    93:b5:ec:94:53:84:b7:2f:f0:e2:96:27:7c:ad:74:
                    32:3a:6b:63:55:93:04:c3:3c:27:bf:da:36:79:71:
                    e9:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:51:57:95:0B:DA:BA:22:7A:96:CD:DA:42:38:08:2E:87:1A:EB:B1
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/kVFXlQvauiJ6ls3aQjgILoca67E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:af:45:89:4a:6e:00:9a:45:7f:37:80:3f:36:72:4e:4c:69:
         18:d5:89:98:ef:47:e0:49:06:94:f7:8f:82:30:98:b4:ff:11:
         1c:b2:e9:cd:d3:76:51:de:2e:ed:d2:41:28:4e:ad:37:b7:5f:
         85:87:10:d6:5a:12:42:7a:2b:0f:ae:50:06:a4:86:30:e8:0b:
         54:c5:e6:da:aa:59:44:ba:e1:d5:14:b1:95:03:34:b1:46:7a:
         55:10:1e:06:74:db:b1:fe:c5:95:5a:a2:42:d9:2b:32:94:df:
         33:52:0c:35:7a:94:7f:61:4b:f6:c6:4e:35:5f:40:bf:7f:ca:
         a9:41:6f:e7:86:61:c7:37:4f:80:11:1f:a0:d2:7d:35:d9:90:
         02:c9:b9:b3:70:c3:f6:94:d5:1f:d0:77:6c:62:b0:5b:6a:66:
         7c:e5:a0:be:95:48:a4:a4:fa:0e:6c:2b:5c:56:83:97:71:31:
         90:71:b4:a9:69:dd:6d:fe:c1:62:24:ab:f5:c1:f9:9b:e7:75:
         96:1b:19:68:b4:96:53:41:92:40:2e:4b:7c:8d:af:15:a3:54:
         c2:d6:6c:1b:f4:a0:60:72:a8:e0:c1:bf:10:78:0a:a5:3c:20:
         99:eb:ff:3d:97:27:51:35:1a:ac:ef:77:0c:76:2b:40:34:bc:
         13:ac:b8:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9mz/kWc0qZU39kEOt6+5fqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwNTExMDg0MDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTUxNTc5NTBiZGFiYTIyN2E5NmNkZGE0MjM4MDgyZTg3MWFlYmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwvUpYRF+59ku+tp9G1FX0nNgfyrZ
e7TRE1z/NM1ca8c/DXKmb+Mv0SrEkEmHqPe3F9qTcG4qhJusRv5VzxpD1JKx5x1+
AsDFzwS4a/WrFx5CvT2qbUJbMMHD6eoZALw31PaNRpb/VxvrTwlBch/HRpbBk3oB
crnhWAmiVGrSwWdEW+uXFG5kuWEhIdTxCPNR/PfYhZZWet4AD08W/10o5XH/MXOT
5iErnq7q/J545lNtSpnT7thyhlbCjH0qVbRWF04UcV/vfn8SSsXx96d1F/sszPkp
VhvjVTpvC8nSWZGTteyUU4S3L/Dilid8rXQyOmtjVZMEwzwnv9o2eXHpcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJFRV5UL2roiepbN2kI4CC6HGuuxMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEva1ZGWGxRdmF1aUo2bHMzYVFqZ0lMb2NhNjdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwXzPMA0G
CSqGSIb3DQEBCwUAA4IBAQCTr0WJSm4AmkV/N4A/NnJOTGkY1YmY70fgSQaU94+C
MJi0/xEcsunN03ZR3i7t0kEoTq03t1+FhxDWWhJCeisPrlAGpIYw6AtUxebaqllE
uuHVFLGVAzSxRnpVEB4GdNux/sWVWqJC2SsylN8zUgw1epR/YUv2xk41X0C/f8qp
QW/nhmHHN0+AER+g0n012ZACybmzcMP2lNUf0HdsYrBbamZ85aC+lUikpPoObCtc
VoOXcTGQcbSpad1t/sFiJKv1wfmb53WWGxlotJZTQZJALkt8ja8Vo1TC1mwb9KBg
cqjgwb8QeAqlPCCZ6/89lydRNRqs73cMditANLwTrLhl
-----END CERTIFICATE-----