Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/roYj9idYBNsR6CPumgOfzJiuQvw.roa
File:                     roYj9idYBNsR6CPumgOfzJiuQvw.roa (raw, json)
Hash identifier:          3N2Q0/3mYWDgUKyf8zr5+qUMAzgaIhqdFhHNtOG6jpI=
Subject key identifier:   AE:86:23:F6:27:58:04:DB:11:E8:23:EE:9A:03:9F:CC:98:AE:42:FC
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018CCA2A83A2D44BE258BC0B7F6FFBB34734
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/roYj9idYBNsR6CPumgOfzJiuQvw.roa
Signing time:             Tue 02 Jan 2024 12:33:52 +0000
ROA not before:           Tue 02 Jan 2024 12:33:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202372
IP address blocks:        195.58.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:83:a2:d4:4b:e2:58:bc:0b:7f:6f:fb:b3:47:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 12:33:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae8623f6275804db11e823ee9a039fcc98ae42fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:6a:0f:a4:9a:a4:66:6d:3a:51:1e:45:e9:ee:
                    4b:34:dd:dc:35:b9:bf:d3:72:e8:5a:a6:63:a7:ed:
                    72:ad:4c:c1:95:44:11:e9:64:8d:f2:53:ae:52:9e:
                    85:ff:74:d4:39:95:5a:9c:37:42:4b:6b:df:97:3f:
                    1b:a6:27:56:13:04:66:1e:5d:e7:10:8a:e3:ee:c0:
                    ed:b4:fc:50:95:88:89:d5:89:74:f5:77:b8:92:ee:
                    9e:d2:8b:1e:13:50:6f:73:21:6a:94:10:b2:1b:44:
                    92:19:29:5a:47:f5:28:de:19:c2:b5:5d:b3:14:67:
                    fd:86:16:e5:8e:21:32:12:08:85:dd:f3:09:8a:5b:
                    54:76:08:1c:85:f2:81:b5:6c:46:21:61:0c:7e:7a:
                    da:6d:7a:d7:09:bf:65:5a:39:7b:b6:5b:6a:84:f0:
                    4e:8f:f5:13:ff:8f:76:9e:d8:9a:8a:6a:45:82:c8:
                    a3:f8:c3:86:ab:74:00:12:88:52:9f:8a:a5:ab:34:
                    9d:f9:84:16:8d:9e:4b:63:cc:5a:20:dc:8e:9a:b5:
                    8f:36:45:45:12:e4:b8:61:b3:c3:68:85:27:7c:3c:
                    b4:74:ad:51:c6:b0:1f:6c:1e:8c:b1:15:bd:3f:1b:
                    8d:1c:5a:d1:40:75:55:a5:b3:e5:6c:d4:1d:d2:92:
                    27:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:86:23:F6:27:58:04:DB:11:E8:23:EE:9A:03:9F:CC:98:AE:42:FC
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/roYj9idYBNsR6CPumgOfzJiuQvw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.58.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:7b:af:ab:ae:4b:6a:6f:4a:63:ee:74:12:e0:06:18:9f:86:
         cb:c9:0f:f4:13:22:fe:10:e3:6b:6e:8a:08:30:11:87:5e:fc:
         90:67:a6:ce:d7:4d:ea:bd:0d:08:56:1a:00:d2:78:05:87:03:
         61:b1:cd:56:3f:8a:94:3f:9f:cf:82:ec:f7:49:8f:2f:1c:c4:
         68:6b:f4:96:f1:a6:24:7e:ba:dc:4e:0e:ab:72:ac:bc:8c:a7:
         41:9b:1b:a3:0a:62:d2:45:d9:a4:77:b1:84:65:c6:1d:22:75:
         8d:71:97:32:93:bf:09:63:49:73:c7:bf:d9:35:44:d1:7d:f4:
         65:5c:3f:e2:fb:0b:20:76:94:aa:50:7d:da:c0:3a:2c:e6:94:
         dc:8d:f1:6c:47:10:68:47:05:1d:ca:d4:5c:ae:3f:00:39:a5:
         7d:15:9d:38:c3:be:04:78:4e:03:d7:4e:96:a3:16:86:45:3e:
         75:14:40:e2:2f:a1:1b:fd:74:a4:fd:0e:f7:2f:ce:bd:27:7a:
         b4:93:2e:68:f8:b7:ab:0c:58:64:18:f5:d8:4c:ae:5c:04:79:
         8a:d2:3d:ed:8a:51:6a:0a:7b:94:1a:04:8f:81:ed:13:1f:cb:
         99:33:4d:1a:30:1f:84:ec:ec:c9:34:f2:b1:51:34:94:ce:06:
         26:d6:96:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKoOi1EviWLwLf2/7s0c0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMTAyMTIzMzUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTg2MjNmNjI3NTgwNGRiMTFlODIzZWU5YTAzOWZjYzk4YWU0MmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGoPpJqkZm06UR5F6e5LNN3cNbm/
03LoWqZjp+1yrUzBlUQR6WSN8lOuUp6F/3TUOZVanDdCS2vflz8bpidWEwRmHl3n
EIrj7sDttPxQlYiJ1Yl09Xe4ku6e0oseE1BvcyFqlBCyG0SSGSlaR/Uo3hnCtV2z
FGf9hhbljiEyEgiF3fMJiltUdggchfKBtWxGIWEMfnrabXrXCb9lWjl7tltqhPBO
j/UT/492ntiaimpFgsij+MOGq3QAEohSn4qlqzSd+YQWjZ5LY8xaINyOmrWPNkVF
EuS4YbPDaIUnfDy0dK1RxrAfbB6MsRW9PxuNHFrRQHVVpbPlbNQd0pInUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK6GI/YnWATbEegj7poDn8yYrkL8MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvcm9ZajlpZFlCTnNSNkNQdW1nT2Z6Sml1UXZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwzo9MA0G
CSqGSIb3DQEBCwUAA4IBAQAPe6+rrktqb0pj7nQS4AYYn4bLyQ/0EyL+EONrbooI
MBGHXvyQZ6bO103qvQ0IVhoA0ngFhwNhsc1WP4qUP5/Pguz3SY8vHMRoa/SW8aYk
frrcTg6rcqy8jKdBmxujCmLSRdmkd7GEZcYdInWNcZcyk78JY0lzx7/ZNUTRffRl
XD/i+wsgdpSqUH3awDos5pTcjfFsRxBoRwUdytRcrj8AOaV9FZ04w74EeE4D106W
oxaGRT51FEDiL6Eb/XSk/Q73L869J3q0ky5o+LerDFhkGPXYTK5cBHmK0j3tilFq
CnuUGgSPge0TH8uZM00aMB+E7OzJNPKxUTSUzgYm1paj
-----END CERTIFICATE-----