Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/tcYTmSjUprCVlC8_XtydmL1JdHs.roa
File:                     tcYTmSjUprCVlC8_XtydmL1JdHs.roa (raw, json)
Hash identifier:          J2ZrzwLnTTclWhZfmlf4t0W7/d1L3BmQBmTcnSlVFEo=
Subject key identifier:   B5:C6:13:99:28:D4:A6:B0:95:94:2F:3F:5E:DC:9D:98:BD:49:74:7B
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018D68DC7BD53E91EC440C08FD58F68EAED6
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/tcYTmSjUprCVlC8_XtydmL1JdHs.roa
Signing time:             Fri 02 Feb 2024 08:08:16 +0000
ROA not before:           Fri 02 Feb 2024 08:08:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        212.192.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 06:32:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:68:dc:7b:d5:3e:91:ec:44:0c:08:fd:58:f6:8e:ae:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Feb  2 08:08:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b5c6139928d4a6b095942f3f5edc9d98bd49747b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:90:7e:53:29:fe:16:b0:50:3b:d6:4b:7f:49:
                    d6:e8:4f:f9:69:ea:c0:84:a7:3e:44:e0:4b:e8:64:
                    a8:4d:06:fb:0c:cb:1b:7d:e4:e3:13:3e:08:5b:23:
                    b7:23:aa:b9:0b:8f:3b:96:16:b2:bd:a0:5e:9b:f5:
                    de:5c:22:eb:9a:f5:9a:8b:99:03:5f:4d:70:44:66:
                    88:6b:43:6e:9c:7d:25:e8:cc:13:e8:36:15:0b:75:
                    9e:69:fb:71:2c:22:95:ee:2a:15:e7:75:61:85:31:
                    c6:a5:62:c0:ff:a1:a3:dd:00:fe:d1:79:84:9e:13:
                    cc:ad:60:42:3b:fb:24:35:51:c8:85:a2:f6:90:b3:
                    51:ac:2c:6d:eb:06:9a:61:4a:13:79:17:61:dc:15:
                    71:ca:2b:bb:60:93:89:ee:60:e8:ac:c4:cc:3b:7c:
                    dd:1d:2b:44:0b:8e:0f:36:14:54:ad:e9:3a:bf:ec:
                    ad:df:63:87:f1:0a:e2:78:41:02:c0:27:ed:f3:f5:
                    e3:35:87:e5:bd:8a:fa:43:e8:96:ab:13:a0:e3:9b:
                    80:7b:0f:76:9d:02:bd:00:9b:63:fa:96:6c:d6:5e:
                    81:ba:61:d6:a4:e0:bb:b7:41:d3:05:fb:5b:dd:ba:
                    78:c3:80:4e:df:7b:cc:25:78:cd:16:7b:b5:6e:10:
                    83:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:C6:13:99:28:D4:A6:B0:95:94:2F:3F:5E:DC:9D:98:BD:49:74:7B
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/tcYTmSjUprCVlC8_XtydmL1JdHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.192.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:44:40:8c:d1:05:d2:94:b5:1c:7e:da:8f:77:12:83:69:49:
         27:a8:ec:1f:0d:60:ff:e0:cd:d3:fd:6c:e2:f1:9e:09:02:9f:
         3b:6a:38:22:e8:d5:fa:be:66:01:eb:b3:c8:58:2f:3a:2d:a0:
         ed:cc:59:55:80:90:6a:c4:fc:b5:1d:d2:0e:a6:1d:76:e2:6d:
         bf:8a:15:c3:fe:ba:bf:8c:02:dd:f7:65:57:8e:51:ac:a5:65:
         a8:8e:ed:13:2b:6e:9e:0f:08:7a:dc:fb:56:93:3f:65:0d:e2:
         22:dd:0a:11:54:da:f8:0d:2a:b5:c8:cd:3a:5f:d3:74:0f:01:
         99:64:7f:2b:3f:23:b8:fc:d8:c0:95:60:41:6f:b3:22:73:9c:
         17:d2:c8:d9:73:2b:09:77:16:93:16:16:fb:75:e8:f8:0b:c0:
         63:3c:5a:65:db:89:7f:c8:ca:9d:e8:c7:52:02:40:db:29:ec:
         35:b9:cc:31:74:ef:76:ab:cc:0b:e8:31:54:40:40:b5:e3:4b:
         61:29:72:b7:8b:ea:d0:99:cb:11:d0:d2:43:63:b0:ea:a5:fa:
         1e:36:f7:31:63:80:13:21:d9:72:a2:0e:8a:51:31:8f:d3:3f:
         10:1e:4a:c5:90:88:5f:55:6f:23:32:09:0b:8b:2c:00:45:27:
         8b:c3:a4:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1o3HvVPpHsRAwI/Vj2jq7WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMjAyMDgwODE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWM2MTM5OTI4ZDRhNmIwOTU5NDJmM2Y1ZWRjOWQ5OGJkNDk3NDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZB+Uyn+FrBQO9ZLf0nW6E/5aerA
hKc+ROBL6GSoTQb7DMsbfeTjEz4IWyO3I6q5C487lhayvaBem/XeXCLrmvWai5kD
X01wRGaIa0NunH0l6MwT6DYVC3WeaftxLCKV7ioV53VhhTHGpWLA/6Gj3QD+0XmE
nhPMrWBCO/skNVHIhaL2kLNRrCxt6waaYUoTeRdh3BVxyiu7YJOJ7mDorMTMO3zd
HStEC44PNhRUrek6v+yt32OH8QrieEECwCft8/XjNYflvYr6Q+iWqxOg45uAew92
nQK9AJtj+pZs1l6BumHWpOC7t0HTBftb3bp4w4BO33vMJXjNFnu1bhCDqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLXGE5ko1KawlZQvP17cnZi9SXR7MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvdGNZVG1TalVwckNWbEM4X1h0eWRtTDFKZEhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1MDdMA0G
CSqGSIb3DQEBCwUAA4IBAQCCRECM0QXSlLUcftqPdxKDaUknqOwfDWD/4M3T/Wzi
8Z4JAp87ajgi6NX6vmYB67PIWC86LaDtzFlVgJBqxPy1HdIOph124m2/ihXD/rq/
jALd92VXjlGspWWoju0TK26eDwh63PtWkz9lDeIi3QoRVNr4DSq1yM06X9N0DwGZ
ZH8rPyO4/NjAlWBBb7Mic5wX0sjZcysJdxaTFhb7dej4C8BjPFpl24l/yMqd6MdS
AkDbKew1ucwxdO92q8wL6DFUQEC140thKXK3i+rQmcsR0NJDY7DqpfoeNvcxY4AT
Idlyog6KUTGP0z8QHkrFkIhfVW8jMgkLiywARSeLw6TW
-----END CERTIFICATE-----