Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/3edb47-fd6e-4c59-a7ab-e42a58064a63/1/4OY2EkQB_a9wmt1y9aVCHfcXvr0.roa
File:                     4OY2EkQB_a9wmt1y9aVCHfcXvr0.roa (raw, json)
Hash identifier:          jLCtPqzATE1FJD1QAqVfxe1BoGXcB3hXqfSnt9VHQdA=
Subject key identifier:   E0:E6:36:12:44:01:FD:AF:70:9A:DD:72:F5:A5:42:1D:F7:17:BE:BD
Certificate issuer:       /CN=e10d5c29a3439703d89b5abf03a75d861771bef4
Certificate serial:       018CC56EE285A14DADA319199471EFCA12D1
Authority key identifier: E1:0D:5C:29:A3:43:97:03:D8:9B:5A:BF:03:A7:5D:86:17:71:BE:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4Q1cKaNDlwPYm1q_A6ddhhdxvvQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/3edb47-fd6e-4c59-a7ab-e42a58064a63/1/4OY2EkQB_a9wmt1y9aVCHfcXvr0.roa
Signing time:             Mon 01 Jan 2024 14:30:27 +0000
ROA not before:           Mon 01 Jan 2024 14:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35547
IP address blocks:        188.119.35.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/3edb47-fd6e-4c59-a7ab-e42a58064a63/1/4Q1cKaNDlwPYm1q_A6ddhhdxvvQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/3edb47-fd6e-4c59-a7ab-e42a58064a63/1/4Q1cKaNDlwPYm1q_A6ddhhdxvvQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4Q1cKaNDlwPYm1q_A6ddhhdxvvQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:e2:85:a1:4d:ad:a3:19:19:94:71:ef:ca:12:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e10d5c29a3439703d89b5abf03a75d861771bef4
        Validity
            Not Before: Jan  1 14:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0e636124401fdaf709add72f5a5421df717bebd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:fc:6e:63:f0:ac:41:d0:5e:dd:87:6b:96:77:
                    e9:9a:7e:8e:64:3c:3c:d9:e2:96:c7:58:50:1d:9a:
                    35:32:ac:9f:91:df:cb:7e:bb:a3:68:c3:ca:b0:e7:
                    76:eb:f5:69:52:0c:f3:c8:18:54:47:82:45:fd:99:
                    38:14:b9:db:41:08:e1:79:16:93:2b:b6:0e:c1:28:
                    8d:37:05:63:86:38:a2:6e:49:8c:75:e2:5f:ab:35:
                    1b:30:42:a5:9c:c8:8c:f8:3a:72:4e:e8:e2:b6:1f:
                    a9:48:77:7d:b6:8a:0f:98:e2:2a:92:e8:61:f7:7d:
                    7a:87:a4:3d:d6:7e:d8:9d:99:55:6a:58:05:31:cc:
                    30:bb:0a:90:8e:16:a4:52:a2:e0:18:c1:77:45:44:
                    9f:21:81:28:32:90:fa:b9:91:2b:74:41:aa:2e:54:
                    50:7c:1c:c8:cb:7d:f3:74:74:b3:c2:71:8e:18:2e:
                    e1:6f:56:fb:b9:3d:f7:8b:6c:d0:0b:60:38:d1:59:
                    a1:aa:b1:09:9f:4a:97:12:c5:56:f5:d6:f6:bc:87:
                    f0:ff:e7:4b:a9:2c:9e:b3:a3:31:67:36:33:1d:e8:
                    16:ae:58:dd:94:76:47:26:a9:58:da:e0:20:ee:d8:
                    17:88:33:5f:e3:b6:f9:d3:5f:94:ee:0f:46:53:30:
                    79:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:E6:36:12:44:01:FD:AF:70:9A:DD:72:F5:A5:42:1D:F7:17:BE:BD
            X509v3 Authority Key Identifier:
                keyid:E1:0D:5C:29:A3:43:97:03:D8:9B:5A:BF:03:A7:5D:86:17:71:BE:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4Q1cKaNDlwPYm1q_A6ddhhdxvvQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/3edb47-fd6e-4c59-a7ab-e42a58064a63/1/4OY2EkQB_a9wmt1y9aVCHfcXvr0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/3edb47-fd6e-4c59-a7ab-e42a58064a63/1/4Q1cKaNDlwPYm1q_A6ddhhdxvvQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.119.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:af:df:30:b4:f0:34:18:e4:38:fb:6d:d2:2b:2f:99:12:a5:
         59:94:45:28:8f:9e:09:e7:d8:38:c5:2b:68:3b:91:30:9e:df:
         99:6b:86:3a:3f:0f:a2:88:a9:97:e8:f8:12:00:19:5b:c9:36:
         b7:5c:c8:30:b7:2c:17:ca:39:36:43:f4:7c:12:a5:3d:67:df:
         df:e2:20:e5:42:1c:b6:ed:1a:f6:15:b1:be:1a:0f:04:7a:ac:
         84:38:00:cb:c4:2c:16:25:ec:9f:ca:4b:a2:e5:2e:4d:05:e5:
         8b:47:c1:90:b1:13:dd:f9:93:93:8d:a9:01:cc:7d:a3:0e:fc:
         ff:7b:4b:93:eb:f8:3f:c2:ed:f5:b0:46:bb:a7:a0:b0:55:aa:
         77:45:90:24:fd:f5:20:4b:aa:d0:dc:12:21:d0:5a:5c:b1:e9:
         4a:82:0b:70:ad:e4:42:70:85:65:b3:68:dd:a9:84:65:f5:e0:
         27:51:27:38:b4:6a:64:a8:b6:ba:66:ff:2b:34:84:2f:db:79:
         16:7f:1a:53:a2:d9:92:13:87:04:b8:ff:be:95:7e:4f:b9:5d:
         f6:8f:c9:82:38:77:bd:f2:5e:68:9a:24:8c:41:19:46:59:9e:
         0f:ce:a8:3d:ae:6a:7a:23:73:95:2d:2b:cd:8b:e7:91:6f:95:
         10:f9:f9:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbuKFoU2toxkZlHHvyhLRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxMGQ1YzI5YTM0Mzk3MDNkODliNWFiZjAzYTc1ZDg2MTc3
MWJlZjQwHhcNMjQwMTAxMTQzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGU2MzYxMjQ0MDFmZGFmNzA5YWRkNzJmNWE1NDIxZGY3MTdiZWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh/xuY/CsQdBe3Ydrlnfpmn6OZDw8
2eKWx1hQHZo1Mqyfkd/LfrujaMPKsOd26/VpUgzzyBhUR4JF/Zk4FLnbQQjheRaT
K7YOwSiNNwVjhjiibkmMdeJfqzUbMEKlnMiM+DpyTujith+pSHd9tooPmOIqkuhh
9316h6Q91n7YnZlValgFMcwwuwqQjhakUqLgGMF3RUSfIYEoMpD6uZErdEGqLlRQ
fBzIy33zdHSzwnGOGC7hb1b7uT33i2zQC2A40VmhqrEJn0qXEsVW9db2vIfw/+dL
qSyes6MxZzYzHegWrljdlHZHJqlY2uAg7tgXiDNf47b501+U7g9GUzB5/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFODmNhJEAf2vcJrdcvWlQh33F769MB8GA1UdIwQY
MBaAFOENXCmjQ5cD2JtavwOnXYYXcb70MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFExY0thTkRsd1BZbTFxX0E2ZGRoaGR4dnZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8zZWRiNDctZmQ2ZS00YzU5LWE3YWIt
ZTQyYTU4MDY0YTYzLzEvNE9ZMkVrUUJfYTl3bXQxeTlhVkNIZmNYdnIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8zZWRiNDctZmQ2ZS00YzU5LWE3YWItZTQyYTU4MDY0YTYz
LzEvNFExY0thTkRsd1BZbTFxX0E2ZGRoaGR4dnZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvHcjMA0G
CSqGSIb3DQEBCwUAA4IBAQAvr98wtPA0GOQ4+23SKy+ZEqVZlEUoj54J59g4xSto
O5Ewnt+Za4Y6Pw+iiKmX6PgSABlbyTa3XMgwtywXyjk2Q/R8EqU9Z9/f4iDlQhy2
7Rr2FbG+Gg8EeqyEOADLxCwWJeyfykui5S5NBeWLR8GQsRPd+ZOTjakBzH2jDvz/
e0uT6/g/wu31sEa7p6CwVap3RZAk/fUgS6rQ3BIh0FpcselKggtwreRCcIVls2jd
qYRl9eAnUSc4tGpkqLa6Zv8rNIQv23kWfxpTotmSE4cEuP++lX5PuV32j8mCOHe9
8l5omiSMQRlGWZ4Pzqg9rmp6I3OVLSvNi+eRb5UQ+fl5
-----END CERTIFICATE-----