Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/p3j4d7EN7rDZiNLKgGxCrP802jo.roa
File:                     p3j4d7EN7rDZiNLKgGxCrP802jo.roa (raw, json)
Hash identifier:          7FdkPqi5mYojSW+i81Swo2BRIuKy4/SBN+6JsrhNjL8=
Subject key identifier:   A7:78:F8:77:B1:0D:EE:B0:D9:88:D2:CA:80:6C:42:AC:FF:34:DA:3A
Certificate issuer:       /CN=352ae33b11b36a319ba81347d852480d8e74c87d
Certificate serial:       0194266B8683DA0EAAD14DB74E82086BC3C9
Authority key identifier: 35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/p3j4d7EN7rDZiNLKgGxCrP802jo.roa
Signing time:             Thu 02 Jan 2025 09:49:28 +0000
ROA not before:           Thu 02 Jan 2025 09:49:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205888
IP address blocks:        188.85.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:86:83:da:0e:aa:d1:4d:b7:4e:82:08:6b:c3:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=352ae33b11b36a319ba81347d852480d8e74c87d
        Validity
            Not Before: Jan  2 09:49:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a778f877b10deeb0d988d2ca806c42acff34da3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:89:28:a3:1c:30:99:11:47:42:c8:3a:b0:52:
                    7e:0d:4e:88:fb:34:24:be:20:28:a9:b9:1c:d1:71:
                    eb:11:43:6e:14:8b:a5:a0:79:7f:8b:90:5c:d4:71:
                    b8:ae:d1:cf:aa:cd:77:b6:55:6f:a6:7f:09:9b:d4:
                    68:89:2a:5e:da:cb:8c:5a:80:bc:dc:00:28:60:38:
                    4e:91:1e:b8:c8:7f:4e:39:90:d3:19:27:e3:6a:4a:
                    00:09:51:cf:73:4a:e1:e4:24:e3:19:40:ee:9b:cd:
                    9d:52:93:41:61:fb:2b:6f:de:e3:63:13:8b:f4:5c:
                    da:02:88:ff:28:33:0b:9a:7e:fe:04:16:6e:a7:b6:
                    2d:61:2e:50:be:e1:d5:fa:5d:85:cf:a1:1c:11:93:
                    39:3f:d1:1b:d3:42:74:42:e4:9d:41:ad:e5:33:c0:
                    f0:04:63:1b:16:4e:0f:29:92:4f:8f:2c:57:31:1e:
                    6b:07:f0:b2:f7:b0:43:c2:d9:62:ed:46:df:f0:24:
                    fe:83:24:30:de:42:d9:68:ab:ae:47:e2:e6:27:66:
                    14:bd:19:b7:9b:c4:87:5e:4c:b5:80:23:8f:f0:8f:
                    6e:04:1e:d0:ed:48:45:a7:c1:96:d2:8a:8e:0d:02:
                    f7:a6:ca:ba:0e:bb:5a:4d:71:af:a5:fa:b2:2a:a7:
                    f7:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:78:F8:77:B1:0D:EE:B0:D9:88:D2:CA:80:6C:42:AC:FF:34:DA:3A
            X509v3 Authority Key Identifier:
                keyid:35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/p3j4d7EN7rDZiNLKgGxCrP802jo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.85.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:2c:ae:a3:7b:e7:0a:02:29:33:63:b4:6b:f9:54:22:b9:2a:
         4d:c8:ed:70:0f:98:1c:4d:5a:2b:e8:0d:e8:52:fd:80:0f:98:
         b9:59:78:54:90:26:e9:bd:2b:a7:43:a6:8b:e1:87:04:f5:97:
         4e:9f:db:2a:7b:2c:c1:21:cb:d8:02:b7:22:d5:9a:fe:10:1c:
         e7:52:fe:5d:82:fb:b6:8b:2e:ed:63:56:3b:fe:f0:8d:75:8d:
         ea:90:5a:7f:db:98:a3:6e:1f:8e:ff:79:14:9d:4d:f2:47:6e:
         6e:3c:a9:04:9a:e5:a1:09:9f:f1:13:5d:59:c6:fd:5f:fd:d8:
         0a:c2:d6:76:b7:e3:72:9b:0e:6f:a8:a2:36:17:8b:cc:7b:6a:
         8c:f2:d9:d6:8d:f4:2f:fc:00:19:41:2d:3e:30:8c:f2:44:f1:
         ef:97:8c:9a:b1:ec:5d:ec:26:bc:a6:87:85:d6:6e:3a:c1:8b:
         47:e4:9e:73:e6:f5:c8:c2:ec:8b:40:70:07:08:19:a5:c7:fa:
         f5:79:d4:aa:0d:3b:3b:bc:53:17:bc:c2:6b:ca:6b:5c:a9:63:
         91:74:29:eb:39:de:60:20:aa:97:03:9e:c3:aa:1e:4b:46:b0:
         13:14:c7:c6:7d:3a:04:b9:61:ab:81:f5:d9:37:d1:ac:48:76:
         23:17:83:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma4aD2g6q0U23ToIIa8PJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MmFlMzNiMTFiMzZhMzE5YmE4MTM0N2Q4NTI0ODBkOGU3
NGM4N2QwHhcNMjUwMTAyMDk0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzc4Zjg3N2IxMGRlZWIwZDk4OGQyY2E4MDZjNDJhY2ZmMzRkYTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyYkooxwwmRFHQsg6sFJ+DU6I+zQk
viAoqbkc0XHrEUNuFIuloHl/i5Bc1HG4rtHPqs13tlVvpn8Jm9RoiSpe2suMWoC8
3AAoYDhOkR64yH9OOZDTGSfjakoACVHPc0rh5CTjGUDum82dUpNBYfsrb97jYxOL
9FzaAoj/KDMLmn7+BBZup7YtYS5QvuHV+l2Fz6EcEZM5P9Eb00J0QuSdQa3lM8Dw
BGMbFk4PKZJPjyxXMR5rB/Cy97BDwtli7Ubf8CT+gyQw3kLZaKuuR+LmJ2YUvRm3
m8SHXky1gCOP8I9uBB7Q7UhFp8GW0oqODQL3psq6DrtaTXGvpfqyKqf3gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKd4+HexDe6w2YjSyoBsQqz/NNo6MB8GA1UdIwQY
MBaAFDUq4zsRs2oxm6gTR9hSSA2OdMh9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMt
MjUwNTBjNTkzYWExLzEvcDNqNGQ3RU43ckRaaU5MS2dHeENyUDgwMmpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMtMjUwNTBjNTkzYWEx
LzEvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvFWMMA0G
CSqGSIb3DQEBCwUAA4IBAQAdLK6je+cKAikzY7Rr+VQiuSpNyO1wD5gcTVor6A3o
Uv2AD5i5WXhUkCbpvSunQ6aL4YcE9ZdOn9sqeyzBIcvYArci1Zr+EBznUv5dgvu2
iy7tY1Y7/vCNdY3qkFp/25ijbh+O/3kUnU3yR25uPKkEmuWhCZ/xE11Zxv1f/dgK
wtZ2t+Nymw5vqKI2F4vMe2qM8tnWjfQv/AAZQS0+MIzyRPHvl4yasexd7Ca8poeF
1m46wYtH5J5z5vXIwuyLQHAHCBmlx/r1edSqDTs7vFMXvMJrymtcqWORdCnrOd5g
IKqXA57Dqh5LRrATFMfGfToEuWGrgfXZN9GsSHYjF4P3
-----END CERTIFICATE-----