Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/nT21BlgG2-Poudu2bObtqtFshcA.roa
File:                     nT21BlgG2-Poudu2bObtqtFshcA.roa (raw, json)
Hash identifier:          dLRFDp5g0fEuY1S/e27NZVYSxh/4Dh5Otuu5MSQ1mqI=
Subject key identifier:   9D:3D:B5:06:58:06:DB:E3:E8:B9:DB:B6:6C:E6:ED:AA:D1:6C:85:C0
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019091896451A1C3E012C1D8AE2909E06B74
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/nT21BlgG2-Poudu2bObtqtFshcA.roa
Signing time:             Mon 08 Jul 2024 08:50:18 +0000
ROA not before:           Mon 08 Jul 2024 08:50:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48314
IP address blocks:        192.124.178.0/24 maxlen: 24
                          195.133.54.0/24 maxlen: 24
                          195.133.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:91:89:64:51:a1:c3:e0:12:c1:d8:ae:29:09:e0:6b:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jul  8 08:50:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d3db5065806dbe3e8b9dbb66ce6edaad16c85c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:b3:35:12:ae:d8:2e:13:c0:f1:7d:76:13:ce:
                    50:07:4b:65:63:7f:14:47:70:20:32:0b:90:4b:db:
                    9e:e9:7a:22:f9:62:b8:6f:c2:ca:b2:45:e9:a9:3e:
                    54:41:79:e4:b9:50:2e:04:5f:bc:08:cb:1b:b7:bb:
                    f0:1d:0f:2a:27:a8:31:5d:c8:c1:f7:42:20:f4:e1:
                    d8:16:90:12:c2:29:95:6b:bc:bd:e8:f0:05:55:c4:
                    33:44:ab:4e:e0:bc:6f:89:bc:d9:27:6d:92:03:b8:
                    56:b8:fe:60:3c:76:34:72:63:8d:a6:74:77:46:a7:
                    a9:b8:c8:da:30:c6:12:20:92:f2:7e:40:4b:28:76:
                    bd:4f:af:01:2c:87:f0:43:f3:25:3c:49:4b:6a:38:
                    b0:42:bd:ff:df:8e:5a:0f:54:66:14:51:1f:26:77:
                    53:e7:92:e6:be:2c:21:a0:05:cf:2b:fb:f0:36:47:
                    b6:5b:76:ae:ba:56:04:76:f5:98:a8:61:19:02:d1:
                    51:46:ba:80:d6:34:41:22:9a:6f:2a:a9:06:6d:d2:
                    41:24:fa:91:71:60:af:93:95:81:da:23:17:16:1b:
                    cc:95:53:6d:d9:bb:ba:ce:bb:63:0d:e4:ce:73:47:
                    5f:e0:92:fa:2d:cb:c0:c7:92:af:c2:cb:d7:c9:e1:
                    60:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:3D:B5:06:58:06:DB:E3:E8:B9:DB:B6:6C:E6:ED:AA:D1:6C:85:C0
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/nT21BlgG2-Poudu2bObtqtFshcA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.178.0/24
                  195.133.54.0/24
                  195.133.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:d9:45:72:c1:bf:60:c7:68:ed:f1:6b:78:c6:5b:21:87:85:
         9d:b8:89:3e:b4:16:60:76:0c:c8:6b:48:40:da:ea:fb:f1:fd:
         e3:66:aa:8b:31:4a:26:ba:49:a9:3b:af:92:d8:1f:d2:cd:3e:
         1e:97:c6:6c:34:ca:4a:da:3c:7e:ee:bd:f2:c5:b7:e2:38:05:
         30:d0:91:c0:1f:08:05:ce:e6:68:2b:69:53:a8:f3:93:b1:ad:
         a3:1e:e9:04:7c:be:3d:ff:18:f5:dd:cd:21:85:e8:7e:01:8e:
         09:08:e3:5c:93:fa:ea:f8:7e:fc:d0:8d:46:cb:6d:fd:f1:20:
         3e:90:d4:f9:db:e4:10:45:28:b6:ef:42:87:e1:9d:50:33:74:
         15:00:b1:0a:d1:89:33:51:ea:97:ca:4a:02:f4:39:e3:26:81:
         4c:8b:ec:ab:1f:c3:a2:3e:ae:d8:67:13:fd:ce:4d:b0:9d:b0:
         67:84:55:79:72:6f:c3:97:f2:d1:7a:65:27:f0:43:ac:05:c6:
         5c:dc:dd:6d:59:c3:85:27:3b:71:aa:cc:42:fe:fc:d1:e0:b8:
         24:74:3a:a9:23:4b:1f:dc:4d:84:30:5c:86:43:a9:4b:0e:8c:
         84:df:d8:be:88:e5:dd:6c:44:93:3f:fc:9a:bc:89:6d:4b:9f:
         23:25:cb:6e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZCRiWRRocPgEsHYrikJ4Gt0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwNzA4MDg1MDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDNkYjUwNjU4MDZkYmUzZThiOWRiYjY2Y2U2ZWRhYWQxNmM4NWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmbM1Eq7YLhPA8X12E85QB0tlY38U
R3AgMguQS9ue6Xoi+WK4b8LKskXpqT5UQXnkuVAuBF+8CMsbt7vwHQ8qJ6gxXcjB
90Ig9OHYFpASwimVa7y96PAFVcQzRKtO4LxvibzZJ22SA7hWuP5gPHY0cmONpnR3
RqepuMjaMMYSIJLyfkBLKHa9T68BLIfwQ/MlPElLajiwQr3/345aD1RmFFEfJndT
55LmviwhoAXPK/vwNke2W3auulYEdvWYqGEZAtFRRrqA1jRBIppvKqkGbdJBJPqR
cWCvk5WB2iMXFhvMlVNt2bu6zrtjDeTOc0df4JL6LcvAx5KvwsvXyeFgCwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJ09tQZYBtvj6Lnbtmzm7arRbIXAMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvblQyMUJsZ0cyLVBvdWR1MmJPYnRxdEZzaGNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwHyyAwQA
w4U2AwQAw4VKMA0GCSqGSIb3DQEBCwUAA4IBAQBa2UVywb9gx2jt8Wt4xlshh4Wd
uIk+tBZgdgzIa0hA2ur78f3jZqqLMUomukmpO6+S2B/SzT4el8ZsNMpK2jx+7r3y
xbfiOAUw0JHAHwgFzuZoK2lTqPOTsa2jHukEfL49/xj13c0hheh+AY4JCONck/rq
+H780I1Gy2398SA+kNT52+QQRSi270KH4Z1QM3QVALEK0YkzUeqXykoC9DnjJoFM
i+yrH8OiPq7YZxP9zk2wnbBnhFV5cm/Dl/LRemUn8EOsBcZc3N1tWcOFJztxqsxC
/vzR4LgkdDqpI0sf3E2EMFyGQ6lLDoyE39i+iOXdbESTP/yavIltS58jJctu
-----END CERTIFICATE-----