Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/pnTuDor5TDQSA5lZ4uZaNrJ5pHA.roa
File:                     pnTuDor5TDQSA5lZ4uZaNrJ5pHA.roa (raw, json)
Hash identifier:          uNhhSOG668qaaDj6soR+Za8/8qQLbMkoLbRY4x/gIiM=
Subject key identifier:   A6:74:EE:0E:8A:F9:4C:34:12:03:99:59:E2:E6:5A:36:B2:79:A4:70
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018EAE1BB31879D833F32D1B9F16E620408B
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/pnTuDor5TDQSA5lZ4uZaNrJ5pHA.roa
Signing time:             Fri 05 Apr 2024 11:53:54 +0000
ROA not before:           Fri 05 Apr 2024 11:53:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     55154
IP address blocks:        212.193.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ae:1b:b3:18:79:d8:33:f3:2d:1b:9f:16:e6:20:40:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Apr  5 11:53:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a674ee0e8af94c3412039959e2e65a36b279a470
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:3c:26:21:21:0a:ca:21:4f:ce:a1:7c:fa:18:
                    c5:ae:d9:7c:17:47:82:6e:57:e9:44:19:d2:42:69:
                    4e:5e:7c:d2:d3:bc:c6:77:55:ba:b0:6a:fd:96:89:
                    78:00:02:f2:6f:e2:49:63:bd:e4:9e:a9:e4:d4:1b:
                    74:13:b0:0b:6a:ee:09:9f:12:ee:e5:7e:a4:e9:50:
                    3c:a9:92:9a:d3:1f:76:a4:83:99:d8:d9:d1:86:d6:
                    06:9f:86:80:f1:28:82:85:9e:58:de:70:c0:17:57:
                    39:95:0a:b6:37:1e:95:ff:16:14:22:91:9d:5a:9e:
                    3b:23:89:2a:cf:66:f7:15:05:64:9a:0f:38:5a:29:
                    a1:87:8c:3f:cc:25:19:3c:36:57:9f:5b:06:5d:16:
                    b1:0a:49:61:67:82:aa:98:f7:26:a7:24:78:9c:ba:
                    dd:91:f0:dd:f1:75:fd:91:51:24:c2:bf:a1:c7:65:
                    36:a6:67:2f:a7:3e:ae:b6:11:a8:e9:6d:07:ea:1d:
                    61:61:85:ee:65:20:90:46:37:61:12:7f:3c:1a:ad:
                    c8:54:16:76:62:18:02:61:fa:d1:ac:a6:75:4c:c1:
                    89:6d:8e:ea:b2:fc:ae:58:31:19:ba:2e:90:0e:5a:
                    4c:f5:cf:de:bc:a4:a1:e1:b4:a3:a9:62:ec:aa:c9:
                    c8:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:74:EE:0E:8A:F9:4C:34:12:03:99:59:E2:E6:5A:36:B2:79:A4:70
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/pnTuDor5TDQSA5lZ4uZaNrJ5pHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.193.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:12:c5:21:41:f7:d4:0b:c9:42:02:6a:e0:7f:40:a7:da:00:
         fe:5b:47:21:82:04:9d:6a:bd:b4:06:1f:2b:07:32:04:4d:07:
         78:b0:28:a2:d9:e0:5c:f6:44:47:17:e7:a4:ee:1c:47:f9:e9:
         f1:a7:85:53:0c:4e:fd:69:70:06:fe:89:d1:19:20:fe:70:98:
         b7:77:c6:9f:41:fa:1b:d5:f9:c0:61:51:aa:9d:7f:44:3f:92:
         50:e9:59:f9:fc:5d:56:8d:36:74:c8:69:9c:31:3e:0e:c5:73:
         fc:6d:52:bb:d9:43:45:f7:06:d6:b3:03:cc:ab:6a:36:d0:77:
         ed:a6:d0:2e:0d:63:fa:bb:8c:c4:84:a7:82:94:b8:56:8a:6f:
         bd:1b:79:d4:82:aa:69:ce:09:bb:b8:12:9e:80:38:ca:68:bd:
         21:c9:06:32:ea:c6:c5:84:2e:ad:47:b6:b8:a3:1f:16:76:50:
         88:bf:8f:71:8e:33:99:ea:eb:0f:d5:5f:9a:dd:12:7f:85:ca:
         c6:3a:ff:14:23:f1:25:4a:0d:4d:16:32:1a:9c:cf:c4:c6:6d:
         33:a4:61:79:f9:d1:d7:07:70:d1:83:03:38:64:6e:54:80:99:
         04:81:a9:e1:99:6e:16:78:35:21:db:bf:12:73:01:37:69:19:
         3e:38:7a:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6uG7MYedgz8y0bnxbmIECLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwNDA1MTE1MzU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjc0ZWUwZThhZjk0YzM0MTIwMzk5NTllMmU2NWEzNmIyNzlhNDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqDwmISEKyiFPzqF8+hjFrtl8F0eC
blfpRBnSQmlOXnzS07zGd1W6sGr9lol4AALyb+JJY73knqnk1Bt0E7ALau4JnxLu
5X6k6VA8qZKa0x92pIOZ2NnRhtYGn4aA8SiChZ5Y3nDAF1c5lQq2Nx6V/xYUIpGd
Wp47I4kqz2b3FQVkmg84Wimhh4w/zCUZPDZXn1sGXRaxCklhZ4KqmPcmpyR4nLrd
kfDd8XX9kVEkwr+hx2U2pmcvpz6uthGo6W0H6h1hYYXuZSCQRjdhEn88Gq3IVBZ2
YhgCYfrRrKZ1TMGJbY7qsvyuWDEZui6QDlpM9c/evKSh4bSjqWLsqsnIBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKZ07g6K+Uw0EgOZWeLmWjayeaRwMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvcG5UdURvcjVURFFTQTVsWjR1WmFOcko1cEhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1MEAMA0G
CSqGSIb3DQEBCwUAA4IBAQAREsUhQffUC8lCAmrgf0Cn2gD+W0chggSdar20Bh8r
BzIETQd4sCii2eBc9kRHF+ek7hxH+enxp4VTDE79aXAG/onRGSD+cJi3d8afQfob
1fnAYVGqnX9EP5JQ6Vn5/F1WjTZ0yGmcMT4OxXP8bVK72UNF9wbWswPMq2o20Hft
ptAuDWP6u4zEhKeClLhWim+9G3nUgqppzgm7uBKegDjKaL0hyQYy6sbFhC6tR7a4
ox8WdlCIv49xjjOZ6usP1V+a3RJ/hcrGOv8UI/ElSg1NFjIanM/Exm0zpGF5+dHX
B3DRgwM4ZG5UgJkEganhmW4WeDUh278ScwE3aRk+OHpT
-----END CERTIFICATE-----