Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/c3a000-f233-4e6d-bd92-5ff07c3b6f88/1/CA35m5WMms6O4W7e8D9YzEtsByw.roa
File:                     CA35m5WMms6O4W7e8D9YzEtsByw.roa (raw, json)
Hash identifier:          RzdQ07EUmt3nlteAn7Hu19bqZoX53PQtupROg6ghhdg=
Subject key identifier:   08:0D:F9:9B:95:8C:9A:CE:8E:E1:6E:DE:F0:3F:58:CC:4B:6C:07:2C
Certificate issuer:       /CN=fd904f5409fe5435f1fbf5cf46e4ce95880b613c
Certificate serial:       018DA78FCEA6EB0435B4EC0E38C21AE579E2
Authority key identifier: FD:90:4F:54:09:FE:54:35:F1:FB:F5:CF:46:E4:CE:95:88:0B:61:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_ZBPVAn-VDXx-_XPRuTOlYgLYTw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/c3a000-f233-4e6d-bd92-5ff07c3b6f88/1/CA35m5WMms6O4W7e8D9YzEtsByw.roa
Signing time:             Wed 14 Feb 2024 12:20:36 +0000
ROA not before:           Wed 14 Feb 2024 12:20:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197889
IP address blocks:        193.111.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/c3a000-f233-4e6d-bd92-5ff07c3b6f88/1/_ZBPVAn-VDXx-_XPRuTOlYgLYTw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/c3a000-f233-4e6d-bd92-5ff07c3b6f88/1/_ZBPVAn-VDXx-_XPRuTOlYgLYTw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_ZBPVAn-VDXx-_XPRuTOlYgLYTw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a7:8f:ce:a6:eb:04:35:b4:ec:0e:38:c2:1a:e5:79:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd904f5409fe5435f1fbf5cf46e4ce95880b613c
        Validity
            Not Before: Feb 14 12:20:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=080df99b958c9ace8ee16edef03f58cc4b6c072c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:a7:50:ff:00:c3:0a:ba:f3:9a:fd:d8:89:28:
                    6f:6d:df:d4:1e:d3:39:de:5d:ed:ce:75:38:8d:0b:
                    6d:2a:92:44:27:df:20:f1:7f:90:69:d3:32:79:c8:
                    82:6b:3f:e9:6a:81:3f:e9:89:b9:84:d8:23:f1:8b:
                    16:db:24:d1:8d:b1:1e:c4:36:da:d8:24:ea:f4:2a:
                    85:57:58:3c:2c:f3:af:6e:9f:3d:b5:53:f8:c2:87:
                    87:f7:71:6d:ba:b7:06:63:bf:2e:7f:6a:9e:4a:bc:
                    c6:19:f6:cf:14:98:e2:68:cb:d3:3f:d3:cc:2e:dd:
                    45:47:4d:63:02:d7:cf:0c:5b:3e:4c:d6:d2:7b:2f:
                    6d:63:fb:37:7d:7e:2b:e9:39:84:ec:47:21:28:61:
                    72:4c:4e:02:10:1f:6e:9f:c9:25:e3:f7:dd:74:7e:
                    f3:21:4d:e2:dd:4e:7b:1a:34:db:2c:91:d0:78:d5:
                    46:5a:02:c8:fa:61:3a:fe:33:f5:40:9a:3c:9e:16:
                    94:ee:0c:a8:29:2e:d7:98:2f:c4:2c:65:61:28:06:
                    e1:e1:3c:70:00:4f:37:56:fd:80:60:5c:43:d9:4a:
                    73:eb:3e:b9:26:f1:a4:83:3f:00:8c:f2:d6:c1:7a:
                    52:df:a9:65:c1:d7:ad:7e:9a:fc:17:5b:0c:86:81:
                    9d:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:0D:F9:9B:95:8C:9A:CE:8E:E1:6E:DE:F0:3F:58:CC:4B:6C:07:2C
            X509v3 Authority Key Identifier:
                keyid:FD:90:4F:54:09:FE:54:35:F1:FB:F5:CF:46:E4:CE:95:88:0B:61:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_ZBPVAn-VDXx-_XPRuTOlYgLYTw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/c3a000-f233-4e6d-bd92-5ff07c3b6f88/1/CA35m5WMms6O4W7e8D9YzEtsByw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/c3a000-f233-4e6d-bd92-5ff07c3b6f88/1/_ZBPVAn-VDXx-_XPRuTOlYgLYTw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:30:52:c6:85:ad:a8:20:96:ab:91:e9:2b:f4:d2:95:5f:31:
         b1:ba:c6:8a:4a:37:7e:de:4e:eb:49:7f:b2:86:53:42:fc:87:
         95:b2:40:a3:40:ac:4f:95:da:4b:06:0f:65:73:f5:bc:5e:c8:
         32:d9:e0:55:1e:1a:d6:f2:62:dc:5e:fc:35:bf:d4:cb:87:41:
         04:54:96:e0:53:37:7b:3e:22:a4:1b:29:2a:ad:6f:77:2a:f8:
         58:75:f8:04:d6:63:d4:d3:11:9f:f8:3f:1a:d0:e5:0a:99:21:
         e9:4a:ae:5d:d0:40:46:d5:c2:ce:46:74:c6:be:5e:35:e0:9f:
         ef:91:a7:c5:e4:37:78:1e:2f:66:a0:5f:bf:6d:ee:00:3d:1e:
         d5:e4:67:27:ea:ae:1a:d6:a1:4e:34:63:66:43:20:59:0e:42:
         88:02:7d:2b:bb:30:54:6e:1f:68:ca:80:fc:30:83:aa:44:b2:
         1a:7b:3b:ec:b6:f0:f3:20:84:02:66:72:ed:7b:84:41:73:d0:
         c2:6c:e6:1e:d2:1d:aa:dc:9d:76:c7:cc:9f:1c:86:d6:6a:58:
         a1:84:17:97:55:0d:2f:3a:ef:65:79:b5:f1:23:92:e0:04:2b:
         ee:11:e7:b9:dc:a1:32:4c:94:c6:f7:f6:2f:87:6e:89:4f:4d:
         c3:fe:8e:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2nj86m6wQ1tOwOOMIa5XniMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkOTA0ZjU0MDlmZTU0MzVmMWZiZjVjZjQ2ZTRjZTk1ODgw
YjYxM2MwHhcNMjQwMjE0MTIyMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODBkZjk5Yjk1OGM5YWNlOGVlMTZlZGVmMDNmNThjYzRiNmMwNzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkadQ/wDDCrrzmv3YiShvbd/UHtM5
3l3tznU4jQttKpJEJ98g8X+QadMyeciCaz/paoE/6Ym5hNgj8YsW2yTRjbEexDba
2CTq9CqFV1g8LPOvbp89tVP4woeH93FturcGY78uf2qeSrzGGfbPFJjiaMvTP9PM
Lt1FR01jAtfPDFs+TNbSey9tY/s3fX4r6TmE7EchKGFyTE4CEB9un8kl4/fddH7z
IU3i3U57GjTbLJHQeNVGWgLI+mE6/jP1QJo8nhaU7gyoKS7XmC/ELGVhKAbh4Txw
AE83Vv2AYFxD2Upz6z65JvGkgz8AjPLWwXpS36llwdetfpr8F1sMhoGdJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAgN+ZuVjJrOjuFu3vA/WMxLbAcsMB8GA1UdIwQY
MBaAFP2QT1QJ/lQ18fv1z0bkzpWIC2E8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1pCUFZBbi1WRFh4LV9YUFJ1VE9sWWdMWVR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9jM2EwMDAtZjIzMy00ZTZkLWJkOTIt
NWZmMDdjM2I2Zjg4LzEvQ0EzNW01V01tczZPNFc3ZThEOVl6RXRzQnl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9jM2EwMDAtZjIzMy00ZTZkLWJkOTItNWZmMDdjM2I2Zjg4
LzEvX1pCUFZBbi1WRFh4LV9YUFJ1VE9sWWdMWVR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW/gMA0G
CSqGSIb3DQEBCwUAA4IBAQA4MFLGha2oIJarkekr9NKVXzGxusaKSjd+3k7rSX+y
hlNC/IeVskCjQKxPldpLBg9lc/W8Xsgy2eBVHhrW8mLcXvw1v9TLh0EEVJbgUzd7
PiKkGykqrW93KvhYdfgE1mPU0xGf+D8a0OUKmSHpSq5d0EBG1cLORnTGvl414J/v
kafF5Dd4Hi9moF+/be4APR7V5Gcn6q4a1qFONGNmQyBZDkKIAn0ruzBUbh9oyoD8
MIOqRLIaezvstvDzIIQCZnLte4RBc9DCbOYe0h2q3J12x8yfHIbWalihhBeXVQ0v
Ou9lebXxI5LgBCvuEee53KEyTJTG9/Yvh26JT03D/o5u
-----END CERTIFICATE-----