Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/35df0a-8af6-4ff0-b345-0d27767374ec/1/1-vZaZiQvGimbD0PABrjj5n5gFII.roa
File:                     1-vZaZiQvGimbD0PABrjj5n5gFII.roa (raw, json)
Hash identifier:          nfA+SJ882PqLFvaj0p83cV0UAVeXVLiIh4kmKSIFv+k=
Subject key identifier:   FA:F6:5A:66:24:2F:1A:29:9B:0F:43:C0:06:B8:E3:E6:7E:60:14:82
Certificate issuer:       /CN=121f13882dd06d098ec49a759101329b1f201f1d
Certificate serial:       018CC56DDDA4A5B8A44437BB64DAB41CF29F
Authority key identifier: 12:1F:13:88:2D:D0:6D:09:8E:C4:9A:75:91:01:32:9B:1F:20:1F:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Eh8TiC3QbQmOxJp1kQEymx8gHx0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/35df0a-8af6-4ff0-b345-0d27767374ec/1/1-vZaZiQvGimbD0PABrjj5n5gFII.roa
Signing time:             Mon 01 Jan 2024 14:29:20 +0000
ROA not before:           Mon 01 Jan 2024 14:29:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2202
IP address blocks:        147.210.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/35df0a-8af6-4ff0-b345-0d27767374ec/1/Eh8TiC3QbQmOxJp1kQEymx8gHx0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/35df0a-8af6-4ff0-b345-0d27767374ec/1/Eh8TiC3QbQmOxJp1kQEymx8gHx0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Eh8TiC3QbQmOxJp1kQEymx8gHx0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:dd:a4:a5:b8:a4:44:37:bb:64:da:b4:1c:f2:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=121f13882dd06d098ec49a759101329b1f201f1d
        Validity
            Not Before: Jan  1 14:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=faf65a66242f1a299b0f43c006b8e3e67e601482
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:f9:e4:f9:da:62:21:de:dc:c1:7d:eb:f2:d2:
                    7d:a7:78:ad:b2:6e:ae:c9:1a:75:23:71:a4:cd:45:
                    f2:5e:8c:35:2f:61:07:32:48:19:d8:e4:5e:fc:cd:
                    12:c3:22:a2:41:c4:f4:6e:d5:13:f0:0b:54:70:1b:
                    88:57:2f:00:be:ba:70:8e:89:55:e0:4c:96:02:14:
                    5f:98:33:67:31:a9:99:fa:5e:d7:e6:d3:46:d0:bd:
                    b4:cf:7a:72:72:32:21:44:8a:43:62:fc:f8:79:17:
                    e4:44:d0:13:94:a0:f2:44:cf:e7:e9:9f:08:5a:9e:
                    69:42:d4:90:fb:04:8a:e6:cf:0d:75:a4:29:7b:06:
                    93:0a:b7:9f:af:03:1d:d0:fb:d4:73:2c:e7:ac:0f:
                    38:51:03:07:03:00:e5:36:73:7e:64:2a:49:48:2d:
                    42:36:0f:a0:bb:8f:f5:98:c6:c3:79:cc:d9:0a:bc:
                    3f:1f:fa:29:18:5c:5a:0e:42:ab:6e:97:e7:6e:e2:
                    1f:21:4d:7c:6c:1a:60:0d:a3:af:82:5a:7c:2c:13:
                    55:a5:86:d8:1e:28:ef:08:4f:d0:91:da:4b:4e:af:
                    f9:d9:35:41:3a:08:1b:89:70:d0:61:c8:66:64:ef:
                    ea:f5:3a:fc:32:96:92:09:e5:e0:b0:e9:0a:ad:17:
                    98:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:F6:5A:66:24:2F:1A:29:9B:0F:43:C0:06:B8:E3:E6:7E:60:14:82
            X509v3 Authority Key Identifier:
                keyid:12:1F:13:88:2D:D0:6D:09:8E:C4:9A:75:91:01:32:9B:1F:20:1F:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Eh8TiC3QbQmOxJp1kQEymx8gHx0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/35df0a-8af6-4ff0-b345-0d27767374ec/1/1-vZaZiQvGimbD0PABrjj5n5gFII.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/35df0a-8af6-4ff0-b345-0d27767374ec/1/Eh8TiC3QbQmOxJp1kQEymx8gHx0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.210.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         35:ed:93:fa:12:5f:04:51:af:26:84:04:59:8b:19:f2:97:95:
         d6:bf:2c:06:34:d9:89:4b:0a:aa:37:a5:0e:72:66:3d:1e:a1:
         37:a4:5d:80:41:ac:66:65:10:d5:8e:bb:93:42:4c:14:fb:0c:
         2a:49:9f:42:5a:0a:7e:37:66:9f:31:32:e0:64:90:7d:a5:bb:
         ae:ec:dd:5b:c4:a2:11:46:cb:60:ed:f5:9f:1f:4f:93:d5:ca:
         49:80:3c:62:69:73:9a:92:e1:0b:67:92:5c:be:f9:ec:33:3b:
         91:36:4b:89:c7:ec:13:96:c7:a9:a0:f0:86:03:1b:f7:48:79:
         1e:04:df:d7:76:e0:65:e4:d7:72:7e:8b:45:23:6b:44:29:cd:
         87:07:57:d0:2a:d8:cf:dd:60:36:47:b9:78:91:29:8b:97:cc:
         1b:78:93:d8:74:f9:b1:06:1b:b1:5e:ba:b5:88:79:20:a3:9e:
         e3:32:a6:85:8c:dc:d3:69:73:ea:25:b9:60:dd:24:d6:82:88:
         c9:b9:d1:da:46:60:d9:39:2c:27:d6:88:c4:79:55:b1:23:06:
         da:e5:ea:9a:54:5b:be:31:44:f4:51:dc:56:ee:e7:22:6c:9f:
         0c:0b:56:d5:c6:c3:39:6f:fb:d4:09:bf:8d:f0:cc:9b:97:9c:
         6a:cf:53:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbd2kpbikRDe7ZNq0HPKfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMWYxMzg4MmRkMDZkMDk4ZWM0OWE3NTkxMDEzMjliMWYy
MDFmMWQwHhcNMjQwMTAxMTQyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWY2NWE2NjI0MmYxYTI5OWIwZjQzYzAwNmI4ZTNlNjdlNjAxNDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6fnk+dpiId7cwX3r8tJ9p3itsm6u
yRp1I3GkzUXyXow1L2EHMkgZ2ORe/M0SwyKiQcT0btUT8AtUcBuIVy8AvrpwjolV
4EyWAhRfmDNnMamZ+l7X5tNG0L20z3pycjIhRIpDYvz4eRfkRNATlKDyRM/n6Z8I
Wp5pQtSQ+wSK5s8NdaQpewaTCrefrwMd0PvUcyznrA84UQMHAwDlNnN+ZCpJSC1C
Ng+gu4/1mMbDeczZCrw/H/opGFxaDkKrbpfnbuIfIU18bBpgDaOvglp8LBNVpYbY
HijvCE/QkdpLTq/52TVBOggbiXDQYchmZO/q9Tr8MpaSCeXgsOkKrReYqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPr2WmYkLxopmw9DwAa44+Z+YBSCMB8GA1UdIwQY
MBaAFBIfE4gt0G0JjsSadZEBMpsfIB8dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWg4VGlDM1FiUW1PeEpwMWtRRXlteDhnSHgwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi8zNWRmMGEtOGFmNi00ZmYwLWIzNDUt
MGQyNzc2NzM3NGVjLzEvMS12WmFaaVF2R2ltYkQwUEFCcmpqNW41Z0ZJSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzIvMzVkZjBhLThhZjYtNGZmMC1iMzQ1LTBkMjc3NjczNzRl
Yy8xL0VoOFRpQzNRYlFtT3hKcDFrUUV5bXg4Z0h4MC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAJPSMA0G
CSqGSIb3DQEBCwUAA4IBAQA17ZP6El8EUa8mhARZixnyl5XWvywGNNmJSwqqN6UO
cmY9HqE3pF2AQaxmZRDVjruTQkwU+wwqSZ9CWgp+N2afMTLgZJB9pbuu7N1bxKIR
Rstg7fWfH0+T1cpJgDxiaXOakuELZ5JcvvnsMzuRNkuJx+wTlsepoPCGAxv3SHke
BN/XduBl5NdyfotFI2tEKc2HB1fQKtjP3WA2R7l4kSmLl8wbeJPYdPmxBhuxXrq1
iHkgo57jMqaFjNzTaXPqJblg3STWgojJudHaRmDZOSwn1ojEeVWxIwba5eqaVFu+
MUT0UdxW7ucibJ8MC1bVxsM5b/vUCb+N8Mybl5xqz1OJ
-----END CERTIFICATE-----