Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/sgtMeqor87tXMI3L3hiNY-LM9NE.roa
File:                     sgtMeqor87tXMI3L3hiNY-LM9NE.roa (raw, json)
Hash identifier:          nWVg/R1V2qjFJS9vcmqIvf//fucqXQHrFbi30MKP1Vk=
Subject key identifier:   B2:0B:4C:7A:AA:2B:F3:BB:57:30:8D:CB:DE:18:8D:63:E2:CC:F4:D1
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018F8B41533854FADA257FD42C605C2CF1DD
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/sgtMeqor87tXMI3L3hiNY-LM9NE.roa
Signing time:             Sat 18 May 2024 10:31:05 +0000
ROA not before:           Sat 18 May 2024 10:31:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216475
IP address blocks:        195.133.38.0/24 maxlen: 24
                          195.133.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:52:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:8b:41:53:38:54:fa:da:25:7f:d4:2c:60:5c:2c:f1:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: May 18 10:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b20b4c7aaa2bf3bb57308dcbde188d63e2ccf4d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:c7:c5:fd:0a:9a:63:65:d9:c8:fb:9d:56:ef:
                    fe:d8:4c:b0:88:d6:42:25:3b:84:0b:89:a1:2c:e4:
                    1c:03:d7:35:1b:d0:a2:83:57:a6:9c:d8:48:ad:6c:
                    3a:ce:73:df:56:7a:5c:d6:d0:c3:9b:ef:39:11:85:
                    4a:93:79:02:db:6c:09:7c:a6:df:54:4d:88:1f:a5:
                    e3:fd:f4:11:64:88:99:2d:b8:5a:a7:7e:b0:d2:9a:
                    9a:29:ad:08:a2:de:77:4a:56:6a:91:f2:28:51:cf:
                    b1:45:40:fa:6b:55:fd:5b:aa:79:e4:f5:bb:51:11:
                    d6:2d:8f:e2:62:8b:27:7d:4d:2a:09:f0:52:eb:7a:
                    d5:22:ae:ce:ef:c2:96:d5:f2:4c:d4:8a:1c:0e:07:
                    16:1c:fb:26:cf:eb:fa:72:e8:82:ed:47:5e:f5:07:
                    6f:56:15:4c:fd:ff:d1:69:0b:42:05:a1:f6:a3:ae:
                    91:7a:30:a3:6e:40:04:12:b4:48:89:f3:82:72:d2:
                    b0:3f:9a:10:61:a2:58:e8:5d:ea:8b:26:b9:f8:6f:
                    b4:40:2e:a7:e4:2d:c6:68:af:a2:3e:c1:8a:c1:87:
                    d0:eb:d0:a4:c6:2e:fa:4c:88:23:f6:ea:ab:64:15:
                    fa:85:82:f0:eb:2d:9e:52:5f:7f:e0:b8:d1:c7:f4:
                    5f:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:0B:4C:7A:AA:2B:F3:BB:57:30:8D:CB:DE:18:8D:63:E2:CC:F4:D1
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/sgtMeqor87tXMI3L3hiNY-LM9NE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.133.38.0/24
                  195.133.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:96:23:ae:7f:37:b2:52:79:9d:d9:65:01:f1:36:07:d6:90:
         53:83:b9:05:50:0e:df:87:09:b3:eb:cd:ad:fa:1a:55:ee:20:
         49:b2:ae:05:40:69:5a:ab:d3:bb:ae:19:53:50:fc:1e:e4:79:
         a7:95:65:23:d4:12:06:67:ec:3e:08:36:f1:2c:53:a7:b3:4d:
         1e:9d:21:06:e7:22:c7:b2:be:73:a2:13:b3:29:8f:23:55:b5:
         2f:53:89:25:b5:2e:31:53:87:e8:f2:dc:06:e4:51:fd:0b:05:
         dc:b1:e3:b2:cb:ac:12:1b:51:0f:f5:9a:5e:fa:6e:1d:1a:6f:
         fb:34:86:f7:3b:bd:ac:de:54:49:bb:82:fd:63:6d:24:1b:03:
         68:d2:a5:d7:10:af:f5:cc:41:1d:a4:9c:16:2b:3f:b8:0b:48:
         e4:45:1b:b4:92:53:7d:6f:7e:3e:4f:51:77:6d:4d:45:d2:f5:
         38:e1:91:89:3f:b5:d3:5e:d7:a6:6d:71:dc:2d:ed:84:62:01:
         81:23:d0:3d:12:c5:f3:d7:67:63:fe:79:9a:c5:29:88:b7:48:
         ca:2d:01:c5:5c:ec:51:e1:6d:bb:3f:de:3a:0b:f5:e4:17:a1:
         20:2b:cf:4b:6d:2c:7a:53:0e:5f:4c:72:3f:b9:0f:15:8a:da:
         30:09:b7:45
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY+LQVM4VPraJX/ULGBcLPHdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwNTE4MTAzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjBiNGM3YWFhMmJmM2JiNTczMDhkY2JkZTE4OGQ2M2UyY2NmNGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyMfF/QqaY2XZyPudVu/+2EywiNZC
JTuEC4mhLOQcA9c1G9Cig1emnNhIrWw6znPfVnpc1tDDm+85EYVKk3kC22wJfKbf
VE2IH6Xj/fQRZIiZLbhap36w0pqaKa0Iot53SlZqkfIoUc+xRUD6a1X9W6p55PW7
URHWLY/iYosnfU0qCfBS63rVIq7O78KW1fJM1IocDgcWHPsmz+v6cuiC7Ude9Qdv
VhVM/f/RaQtCBaH2o66RejCjbkAEErRIifOCctKwP5oQYaJY6F3qiya5+G+0QC6n
5C3GaK+iPsGKwYfQ69Ckxi76TIgj9uqrZBX6hYLw6y2eUl9/4LjRx/RfAQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLILTHqqK/O7VzCNy94YjWPizPTRMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvc2d0TWVxb3I4N3RYTUkzTDNoaU5ZLUxNOU5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw4UmAwQA
w4VPMA0GCSqGSIb3DQEBCwUAA4IBAQBrliOufzeyUnmd2WUB8TYH1pBTg7kFUA7f
hwmz682t+hpV7iBJsq4FQGlaq9O7rhlTUPwe5HmnlWUj1BIGZ+w+CDbxLFOns00e
nSEG5yLHsr5zohOzKY8jVbUvU4kltS4xU4fo8twG5FH9CwXcseOyy6wSG1EP9Zpe
+m4dGm/7NIb3O72s3lRJu4L9Y20kGwNo0qXXEK/1zEEdpJwWKz+4C0jkRRu0klN9
b34+T1F3bU1F0vU44ZGJP7XTXtembXHcLe2EYgGBI9A9EsXz12dj/nmaxSmIt0jK
LQHFXOxR4W27P946C/XkF6EgK89LbSx6Uw5fTHI/uQ8VitowCbdF
-----END CERTIFICATE-----