Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/wSb0kjbokl7H8V48AuRfGYiUjrQ.roa
File:                     wSb0kjbokl7H8V48AuRfGYiUjrQ.roa (raw, json)
Hash identifier:          1tAsP/aWnzxt8mWVHIDXbxVrgC60EeLCtBVbV56c0w8=
Subject key identifier:   C1:26:F4:92:36:E8:92:5E:C7:F1:5E:3C:02:E4:5F:19:88:94:8E:B4
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019330597965C701ED57A1D485FB286F0522
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/wSb0kjbokl7H8V48AuRfGYiUjrQ.roa
Signing time:             Fri 15 Nov 2024 15:03:10 +0000
ROA not before:           Fri 15 Nov 2024 15:03:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212384
IP address blocks:        194.87.139.0/24 maxlen: 24
                          195.58.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:30:59:79:65:c7:01:ed:57:a1:d4:85:fb:28:6f:05:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Nov 15 15:03:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c126f49236e8925ec7f15e3c02e45f1988948eb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:c4:87:f6:84:d6:7b:8a:c3:88:6f:28:75:ae:
                    56:aa:2a:14:22:07:81:65:36:49:07:00:5d:62:2b:
                    8f:27:7f:66:10:87:b5:64:4a:c1:f4:ff:35:fd:f3:
                    02:be:5e:8b:21:86:e9:3b:f3:20:d0:d3:79:6b:e4:
                    cf:29:1a:00:8e:eb:fb:fe:ac:ce:80:25:09:9a:30:
                    cf:5e:a8:51:95:13:31:13:ed:a0:99:8c:cf:80:1d:
                    bb:5f:27:81:9f:62:31:76:73:c5:5f:a9:7f:46:f9:
                    ed:6b:7c:8c:e1:25:75:41:0a:6c:bc:95:92:36:00:
                    5c:8b:0a:b3:0b:06:c4:3d:03:ce:ce:e1:74:e1:ac:
                    fd:9a:93:9b:52:68:8d:91:9b:b9:f2:b5:b1:80:7f:
                    08:19:d8:6c:ca:df:f6:9c:a0:20:72:44:66:83:1e:
                    3a:98:6e:a4:7c:35:4c:ce:f8:f2:b6:d6:9a:8b:60:
                    ab:04:b4:fd:31:14:cb:8a:83:1a:a8:45:61:f4:11:
                    00:c1:23:bb:8c:ad:e1:49:e1:ff:0c:2c:24:78:74:
                    31:62:e9:da:d8:e2:f5:db:30:13:d2:34:fa:0c:72:
                    85:ba:f1:4a:37:36:a1:df:45:02:c5:79:a3:da:8d:
                    4d:9a:95:98:77:8b:26:d0:04:96:00:34:bf:3d:4d:
                    1c:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:26:F4:92:36:E8:92:5E:C7:F1:5E:3C:02:E4:5F:19:88:94:8E:B4
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/wSb0kjbokl7H8V48AuRfGYiUjrQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.139.0/24
                  195.58.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:f1:57:e3:db:40:24:d5:cf:67:32:5a:f6:d2:8f:bc:e8:bd:
         dc:6a:34:a7:61:50:3a:07:f3:b5:e8:72:54:72:06:8c:45:57:
         7f:bb:86:cf:0e:d8:cd:e7:bc:b3:a9:27:1b:aa:ab:98:a4:9e:
         3e:75:54:ac:14:5c:18:96:36:63:cb:f3:75:77:59:c0:db:12:
         b2:87:df:0d:28:6c:f1:f0:68:6e:3e:93:68:42:38:fa:05:f2:
         04:f7:25:02:6b:12:45:49:96:d7:05:ef:5e:0c:3e:67:f2:e2:
         fa:42:e3:e1:d7:94:0b:52:e8:df:9a:27:ff:de:65:4c:7a:af:
         8c:ca:91:2b:dd:36:af:60:71:5c:36:b1:e0:e0:00:19:6e:fa:
         17:6a:d0:d2:db:56:e1:67:ae:0f:dc:64:7d:2d:47:20:ad:33:
         fd:14:0b:db:94:5a:a5:70:0a:d0:e1:9a:13:a3:94:77:c3:d5:
         0f:fe:79:f2:0b:54:1e:59:bf:1f:aa:a1:61:4b:3c:bb:a7:8a:
         90:b4:00:42:b5:72:3d:2b:51:f4:73:ac:71:21:fa:b8:ca:41:
         f8:52:9e:4a:23:60:e0:48:14:9a:02:f9:6e:0e:ce:e7:e1:14:
         bd:92:60:23:1d:2d:65:74:cf:95:e9:a8:1f:a0:7a:42:af:4d:
         ec:0e:00:5b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZMwWXllxwHtV6HUhfsobwUiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMTE1MTUwMzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTI2ZjQ5MjM2ZTg5MjVlYzdmMTVlM2MwMmU0NWYxOTg4OTQ4ZWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoMSH9oTWe4rDiG8oda5WqioUIgeB
ZTZJBwBdYiuPJ39mEIe1ZErB9P81/fMCvl6LIYbpO/Mg0NN5a+TPKRoAjuv7/qzO
gCUJmjDPXqhRlRMxE+2gmYzPgB27XyeBn2IxdnPFX6l/Rvnta3yM4SV1QQpsvJWS
NgBciwqzCwbEPQPOzuF04az9mpObUmiNkZu58rWxgH8IGdhsyt/2nKAgckRmgx46
mG6kfDVMzvjyttaai2CrBLT9MRTLioMaqEVh9BEAwSO7jK3hSeH/DCwkeHQxYuna
2OL12zAT0jT6DHKFuvFKNzah30UCxXmj2o1NmpWYd4sm0ASWADS/PU0cNQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMEm9JI26JJex/FePALkXxmIlI60MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvd1NiMGtqYm9rbDdIOFY0OEF1UmZHWWlVanJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwleLAwQA
wzo5MA0GCSqGSIb3DQEBCwUAA4IBAQA08Vfj20Ak1c9nMlr20o+86L3cajSnYVA6
B/O16HJUcgaMRVd/u4bPDtjN57yzqScbqquYpJ4+dVSsFFwYljZjy/N1d1nA2xKy
h98NKGzx8GhuPpNoQjj6BfIE9yUCaxJFSZbXBe9eDD5n8uL6QuPh15QLUujfmif/
3mVMeq+MypEr3TavYHFcNrHg4AAZbvoXatDS21bhZ64P3GR9LUcgrTP9FAvblFql
cArQ4ZoTo5R3w9UP/nnyC1QeWb8fqqFhSzy7p4qQtABCtXI9K1H0c6xxIfq4ykH4
Up5KI2DgSBSaAvluDs7n4RS9kmAjHS1ldM+V6agfoHpCr03sDgBb
-----END CERTIFICATE-----