Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/e8bd0b-f36d-45f5-b985-09bb5287531b/1/l2mJ2vDiZEGZ9reDUvY6AG0y4d0.roa
File:                     l2mJ2vDiZEGZ9reDUvY6AG0y4d0.roa (raw, json)
Hash identifier:          RcjhgoUZ18MHZezqa+3BAgKoYEAP9PyRdyRLaeiendQ=
Subject key identifier:   97:69:89:DA:F0:E2:64:41:99:F6:B7:83:52:F6:3A:00:6D:32:E1:DD
Certificate issuer:       /CN=e53ad9b432bb83d141c480dee78bc35ff47cb72c
Certificate serial:       018CC5DBED38CBFCF9FB97435A9CEB4E2DD5
Authority key identifier: E5:3A:D9:B4:32:BB:83:D1:41:C4:80:DE:E7:8B:C3:5F:F4:7C:B7:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5TrZtDK7g9FBxIDe54vDX_R8tyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/e8bd0b-f36d-45f5-b985-09bb5287531b/1/l2mJ2vDiZEGZ9reDUvY6AG0y4d0.roa
Signing time:             Mon 01 Jan 2024 16:29:33 +0000
ROA not before:           Mon 01 Jan 2024 16:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29484
IP address blocks:        192.35.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/e8bd0b-f36d-45f5-b985-09bb5287531b/1/5TrZtDK7g9FBxIDe54vDX_R8tyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/e8bd0b-f36d-45f5-b985-09bb5287531b/1/5TrZtDK7g9FBxIDe54vDX_R8tyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5TrZtDK7g9FBxIDe54vDX_R8tyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:51:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:ed:38:cb:fc:f9:fb:97:43:5a:9c:eb:4e:2d:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e53ad9b432bb83d141c480dee78bc35ff47cb72c
        Validity
            Not Before: Jan  1 16:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=976989daf0e2644199f6b78352f63a006d32e1dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:92:99:d9:5a:d3:4f:21:db:7d:04:cd:c4:3e:
                    ea:89:2b:e6:ca:5d:ee:3f:bf:9a:f1:4e:f2:86:f8:
                    09:30:14:1d:7f:0a:89:67:ec:f0:ae:85:28:4f:93:
                    76:de:dc:de:6e:97:a4:b8:03:fe:1f:25:e3:7f:4a:
                    cb:0f:c6:e4:c9:81:bb:30:dc:45:be:65:dc:16:d1:
                    7a:75:f9:65:71:e2:a1:dd:10:66:b9:12:25:ee:55:
                    fe:23:54:1d:37:49:cd:46:0c:74:e5:f8:b9:af:90:
                    02:5a:1b:2e:2e:cd:24:2a:bf:f6:7b:89:6e:6c:f4:
                    bf:22:48:22:8d:12:f6:f2:6d:3e:e7:67:2b:41:2d:
                    63:c0:62:64:d8:54:4e:1e:11:09:b9:43:ec:e5:d0:
                    a0:4e:12:da:ec:90:3f:e9:f3:bf:09:0b:99:75:65:
                    7a:02:5b:26:ca:d8:2c:2d:f0:07:ba:8a:10:73:68:
                    36:74:47:de:b6:95:63:8f:d7:9b:12:b3:88:6c:40:
                    c9:6b:85:91:6b:cf:99:fb:26:28:6e:df:51:8a:66:
                    59:44:b9:6c:ee:57:e6:d5:eb:49:31:e0:93:21:81:
                    d5:45:25:5c:ed:fd:c3:3c:a8:41:9c:f9:cb:7d:40:
                    1e:67:0b:fb:d0:45:b7:3b:3d:93:89:71:65:31:b0:
                    24:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:69:89:DA:F0:E2:64:41:99:F6:B7:83:52:F6:3A:00:6D:32:E1:DD
            X509v3 Authority Key Identifier:
                keyid:E5:3A:D9:B4:32:BB:83:D1:41:C4:80:DE:E7:8B:C3:5F:F4:7C:B7:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5TrZtDK7g9FBxIDe54vDX_R8tyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/e8bd0b-f36d-45f5-b985-09bb5287531b/1/l2mJ2vDiZEGZ9reDUvY6AG0y4d0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/e8bd0b-f36d-45f5-b985-09bb5287531b/1/5TrZtDK7g9FBxIDe54vDX_R8tyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.35.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:22:7a:9d:0e:f2:70:d3:57:10:03:06:4b:39:9d:a6:c9:f6:
         83:26:db:82:25:88:0f:c2:d0:70:b8:de:5f:e9:eb:33:aa:d7:
         36:56:9b:e0:41:04:78:2b:3d:77:5d:db:80:36:d9:54:82:64:
         32:82:43:ac:b9:b5:89:9b:12:66:44:1f:7b:12:fe:7c:81:ac:
         38:10:6d:90:14:7d:97:b2:09:e9:a5:e4:cc:51:1e:79:18:e2:
         4c:75:10:e9:1b:86:4e:b4:02:7e:bc:fb:e1:83:1d:6c:86:75:
         d4:9e:22:81:76:f7:af:3e:0e:8a:11:1a:6a:44:bc:60:b0:e5:
         57:24:8d:4b:2b:21:2d:a9:4c:4c:6a:2e:02:ee:41:86:35:02:
         ca:df:21:5b:43:e7:2c:7a:4b:ea:74:90:2e:4f:3a:fa:38:92:
         e5:5b:37:2e:0d:8f:4a:fc:29:66:f5:20:e8:8d:33:c6:40:e4:
         a6:e2:e9:b2:0a:2a:b4:8a:02:e2:f9:e1:fb:e6:af:8e:96:ac:
         50:b5:c5:14:63:27:1d:07:88:4b:87:4d:bd:66:c4:66:df:9c:
         ec:62:b4:99:3f:16:30:3e:98:63:91:fa:d9:3f:b2:92:26:2e:
         d0:89:80:87:ac:c4:90:f0:99:ea:8d:50:c7:93:b8:f0:d9:de:
         ce:79:20:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2+04y/z5+5dDWpzrTi3VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1M2FkOWI0MzJiYjgzZDE0MWM0ODBkZWU3OGJjMzVmZjQ3
Y2I3MmMwHhcNMjQwMTAxMTYyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzY5ODlkYWYwZTI2NDQxOTlmNmI3ODM1MmY2M2EwMDZkMzJlMWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4pKZ2VrTTyHbfQTNxD7qiSvmyl3u
P7+a8U7yhvgJMBQdfwqJZ+zwroUoT5N23tzebpekuAP+HyXjf0rLD8bkyYG7MNxF
vmXcFtF6dfllceKh3RBmuRIl7lX+I1QdN0nNRgx05fi5r5ACWhsuLs0kKr/2e4lu
bPS/IkgijRL28m0+52crQS1jwGJk2FROHhEJuUPs5dCgThLa7JA/6fO/CQuZdWV6
AlsmytgsLfAHuooQc2g2dEfetpVjj9ebErOIbEDJa4WRa8+Z+yYobt9RimZZRLls
7lfm1etJMeCTIYHVRSVc7f3DPKhBnPnLfUAeZwv70EW3Oz2TiXFlMbAkrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJdpidrw4mRBmfa3g1L2OgBtMuHdMB8GA1UdIwQY
MBaAFOU62bQyu4PRQcSA3ueLw1/0fLcsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVRyWnRESzdnOUZCeElEZTU0dkRYX1I4dHl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9lOGJkMGItZjM2ZC00NWY1LWI5ODUt
MDliYjUyODc1MzFiLzEvbDJtSjJ2RGlaRUdaOXJlRFV2WTZBRzB5NGQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9lOGJkMGItZjM2ZC00NWY1LWI5ODUtMDliYjUyODc1MzFi
LzEvNVRyWnRESzdnOUZCeElEZTU0dkRYX1I4dHl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwCNIMA0G
CSqGSIb3DQEBCwUAA4IBAQCPInqdDvJw01cQAwZLOZ2myfaDJtuCJYgPwtBwuN5f
6eszqtc2VpvgQQR4Kz13XduANtlUgmQygkOsubWJmxJmRB97Ev58gaw4EG2QFH2X
sgnppeTMUR55GOJMdRDpG4ZOtAJ+vPvhgx1shnXUniKBdvevPg6KERpqRLxgsOVX
JI1LKyEtqUxMai4C7kGGNQLK3yFbQ+csekvqdJAuTzr6OJLlWzcuDY9K/Clm9SDo
jTPGQOSm4umyCiq0igLi+eH75q+OlqxQtcUUYycdB4hLh029ZsRm35zsYrSZPxYw
PphjkfrZP7KSJi7QiYCHrMSQ8JnqjVDHk7jw2d7OeSDb
-----END CERTIFICATE-----