Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/tam6eu91ErY-YrbBuBbCj_AwbT4.roa
File:                     tam6eu91ErY-YrbBuBbCj_AwbT4.roa (raw, json)
Hash identifier:          /2Juc87QyVgpbi9haee5QyZiireQcky8igfmYhLcIfw=
Subject key identifier:   B5:A9:BA:7A:EF:75:12:B6:3E:62:B6:C1:B8:16:C2:8F:F0:30:6D:3E
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018CCA2A8A7E02CAB768622CE40237930F7F
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/tam6eu91ErY-YrbBuBbCj_AwbT4.roa
Signing time:             Tue 02 Jan 2024 12:33:54 +0000
ROA not before:           Tue 02 Jan 2024 12:33:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208046
IP address blocks:        194.87.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:8a:7e:02:ca:b7:68:62:2c:e4:02:37:93:0f:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 12:33:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5a9ba7aef7512b63e62b6c1b816c28ff0306d3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:fa:7a:84:35:91:09:41:a1:b8:e8:4c:4a:be:
                    8f:4a:fa:19:00:30:85:1d:eb:10:64:1b:82:9c:c9:
                    62:a2:f9:0a:94:c1:03:17:e7:4e:e7:af:b6:98:fa:
                    f1:8d:2e:3d:59:37:73:13:85:20:e4:75:57:75:0e:
                    2b:37:21:00:1d:f1:fb:36:11:f6:5d:19:bb:7e:b9:
                    31:ae:34:b7:45:67:6c:dd:2f:91:80:45:63:9a:a9:
                    4f:68:95:00:47:14:17:64:75:4f:bd:fa:55:bb:62:
                    93:a7:be:72:0c:82:6e:2a:f2:8a:4a:b1:be:ee:b0:
                    c4:83:03:f3:46:dc:b9:01:91:38:3a:77:b2:fc:56:
                    c0:8e:5f:99:4c:0a:b4:9f:70:ba:78:39:1b:13:31:
                    07:22:c3:18:cd:71:5c:ed:b3:97:78:fc:f9:48:22:
                    78:8e:42:ed:1c:a1:24:cc:16:d7:13:6e:4c:c3:1c:
                    41:7a:aa:d7:e5:7a:63:6d:32:61:02:22:22:14:7f:
                    93:96:46:57:6e:b7:fe:15:a3:34:ab:64:ce:c6:a7:
                    e8:f7:90:0b:2e:41:63:34:42:f7:ad:62:fa:0d:dc:
                    c8:61:53:2c:3e:bf:23:8d:a6:23:81:00:c2:2b:72:
                    ff:0d:50:99:ad:60:1b:ef:2e:b5:67:87:8b:ea:d2:
                    63:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:A9:BA:7A:EF:75:12:B6:3E:62:B6:C1:B8:16:C2:8F:F0:30:6D:3E
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/tam6eu91ErY-YrbBuBbCj_AwbT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:bc:42:11:5e:4a:ed:88:c5:ce:6f:59:12:36:90:d8:4d:a2:
         f6:62:04:4e:f1:d2:29:2e:ff:08:84:4c:1e:f1:05:c3:fc:1a:
         03:b9:e6:ac:66:ef:af:a1:bc:fe:f9:9b:a0:be:29:74:14:72:
         ac:72:94:c4:de:40:a8:c4:e6:d7:66:76:34:a4:fd:b7:f0:9c:
         b3:85:9a:14:90:f3:9f:75:a0:e6:b9:f2:63:4a:5b:c4:b4:ae:
         f8:6f:5c:9f:9e:b7:c3:38:79:7d:78:64:b1:db:8c:1d:60:bd:
         b3:68:52:b5:e8:57:af:4d:03:b4:e5:7a:2f:61:9e:10:3e:cd:
         ca:6e:f0:6d:c4:23:f5:f0:8b:7a:11:26:96:62:38:bb:36:1c:
         eb:38:75:3a:45:4e:a5:f7:b3:5f:94:1d:a9:40:e6:e1:f0:48:
         17:fb:d2:bd:03:38:56:9f:7c:10:78:36:3e:09:2b:ab:4a:fa:
         fb:59:d0:2a:16:a5:43:de:dc:5a:9e:0d:fd:e6:41:7c:d4:c3:
         c8:f6:7b:52:ad:d7:e3:00:fe:78:90:18:09:57:77:6a:87:28:
         5d:d1:25:6b:dd:94:9b:4b:4d:75:dd:61:77:01:14:93:5b:b4:
         a5:36:7d:61:1d:c4:15:ca:fe:6d:91:7c:29:04:e3:57:3b:8d:
         7e:40:0f:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKop+Asq3aGIs5AI3kw9/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMTAyMTIzMzU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWE5YmE3YWVmNzUxMmI2M2U2MmI2YzFiODE2YzI4ZmYwMzA2ZDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxvp6hDWRCUGhuOhMSr6PSvoZADCF
HesQZBuCnMliovkKlMEDF+dO56+2mPrxjS49WTdzE4Ug5HVXdQ4rNyEAHfH7NhH2
XRm7frkxrjS3RWds3S+RgEVjmqlPaJUARxQXZHVPvfpVu2KTp75yDIJuKvKKSrG+
7rDEgwPzRty5AZE4Oney/FbAjl+ZTAq0n3C6eDkbEzEHIsMYzXFc7bOXePz5SCJ4
jkLtHKEkzBbXE25MwxxBeqrX5XpjbTJhAiIiFH+TlkZXbrf+FaM0q2TOxqfo95AL
LkFjNEL3rWL6DdzIYVMsPr8jjaYjgQDCK3L/DVCZrWAb7y61Z4eL6tJjWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLWpunrvdRK2PmK2wbgWwo/wMG0+MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvdGFtNmV1OTFFclktWXJiQnVCYkNqX0F3YlQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlcOMA0G
CSqGSIb3DQEBCwUAA4IBAQAxvEIRXkrtiMXOb1kSNpDYTaL2YgRO8dIpLv8IhEwe
8QXD/BoDueasZu+vobz++Zugvil0FHKscpTE3kCoxObXZnY0pP238JyzhZoUkPOf
daDmufJjSlvEtK74b1yfnrfDOHl9eGSx24wdYL2zaFK16FevTQO05XovYZ4QPs3K
bvBtxCP18It6ESaWYji7NhzrOHU6RU6l97NflB2pQObh8EgX+9K9AzhWn3wQeDY+
CSurSvr7WdAqFqVD3txang395kF81MPI9ntSrdfjAP54kBgJV3dqhyhd0SVr3ZSb
S0113WF3ARSTW7SlNn1hHcQVyv5tkXwpBONXO41+QA+t
-----END CERTIFICATE-----