Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/N35cwOFRStDUJRyXuO_399JO2PU.roa
File:                     N35cwOFRStDUJRyXuO_399JO2PU.roa (raw, json)
Hash identifier:          HCpJnY6FsWOkonGQN8mRAgUD0OuNELEJXk3mk6/aii4=
Subject key identifier:   37:7E:5C:C0:E1:51:4A:D0:D4:25:1C:97:B8:EF:F7:F7:D2:4E:D8:F5
Certificate issuer:       /CN=bf84113545d9000760f66062a4221933a2e959d8
Certificate serial:       018EC335E341187E4D4592D300824A3524F4
Authority key identifier: BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/N35cwOFRStDUJRyXuO_399JO2PU.roa
Signing time:             Tue 09 Apr 2024 14:14:32 +0000
ROA not before:           Tue 09 Apr 2024 14:14:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        2a10:2ec0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c3:35:e3:41:18:7e:4d:45:92:d3:00:82:4a:35:24:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf84113545d9000760f66062a4221933a2e959d8
        Validity
            Not Before: Apr  9 14:14:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=377e5cc0e1514ad0d4251c97b8eff7f7d24ed8f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:af:d8:b7:11:6b:00:47:fc:4f:78:13:fc:51:
                    f3:e8:34:44:47:6a:19:02:10:a3:5a:7d:3e:91:16:
                    e6:b3:1e:f7:ee:dc:71:c3:a1:44:78:d4:ff:c4:ae:
                    48:6b:59:f5:65:93:d5:6f:87:e3:2c:43:4c:48:e6:
                    2d:8e:bd:48:0f:ac:e4:32:61:75:9f:43:ff:71:0c:
                    e3:0c:34:6f:57:ec:12:3e:73:47:f5:bd:f6:89:91:
                    39:05:6a:08:0f:3d:65:a6:a3:d1:b4:8f:eb:05:df:
                    e6:7b:cc:a2:bd:64:0d:d2:eb:dd:7a:5c:84:83:24:
                    85:31:2f:ce:29:a5:cc:04:b7:f9:a3:3d:59:e5:1a:
                    72:2a:b8:eb:35:c6:f3:f9:88:e1:31:1d:2f:e1:53:
                    03:de:6f:d1:cb:c6:8c:a7:8f:0b:e7:e1:09:d2:3f:
                    0f:8a:78:2b:5d:07:a3:e3:78:72:dc:6d:d4:58:a5:
                    a5:85:76:3c:5f:88:13:55:45:1b:3b:7e:db:d7:f3:
                    26:a9:5e:f9:98:06:a7:ca:02:50:63:8a:c4:d4:a1:
                    84:61:4d:eb:c5:e2:08:be:1c:53:58:74:0c:0c:c0:
                    f3:60:7b:4a:4b:2a:c2:50:b5:ee:8a:72:1d:00:7f:
                    ea:88:4e:c7:ba:d9:0b:cf:7c:a8:a6:af:33:d7:07:
                    08:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:7E:5C:C0:E1:51:4A:D0:D4:25:1C:97:B8:EF:F7:F7:D2:4E:D8:F5
            X509v3 Authority Key Identifier:
                keyid:BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/N35cwOFRStDUJRyXuO_399JO2PU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2ec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         59:0d:2c:8f:da:a3:b6:d2:10:45:04:94:10:3e:de:8e:f7:36:
         50:71:3f:b7:db:74:eb:64:85:02:d7:5c:d9:43:da:6e:f4:3c:
         e1:0e:e6:65:21:0d:80:e7:45:18:ed:8a:ed:2b:d8:eb:b2:8b:
         ce:8b:58:e6:31:58:a2:92:f7:f4:17:52:e6:c2:62:a8:13:88:
         c4:82:3c:95:48:97:11:72:d9:23:ce:a9:ed:ba:e4:47:52:d5:
         9f:c5:9c:88:a2:0f:33:9b:81:bb:4f:64:a1:85:9f:3b:e6:1b:
         ea:64:f8:ac:16:bb:13:24:1c:3d:a1:e0:b7:0b:86:0d:b6:60:
         57:df:35:3e:01:d4:3e:4a:be:e2:fa:38:1a:35:b0:52:36:5b:
         8c:4c:77:06:d6:ae:0b:25:17:9f:81:1c:bb:1e:c9:63:50:8c:
         7b:81:64:1f:62:1d:0f:87:f0:37:47:94:f0:2c:5f:6c:bb:8f:
         7c:cd:ce:be:7e:fa:ac:0e:f6:59:4a:8f:1d:d9:a3:8d:05:01:
         9d:40:fa:a5:16:d7:d1:2e:7d:a6:cc:b8:43:4a:6a:51:89:80:
         55:4d:84:c8:cc:32:a4:ce:2d:8a:f9:a9:38:9b:37:e4:46:3f:
         02:ce:48:26:7c:0c:29:3b:4c:e1:87:cb:17:32:2b:1b:8e:d3:
         a9:48:9e:28
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY7DNeNBGH5NRZLTAIJKNST0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODQxMTM1NDVkOTAwMDc2MGY2NjA2MmE0MjIxOTMzYTJl
OTU5ZDgwHhcNMjQwNDA5MTQxNDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzdlNWNjMGUxNTE0YWQwZDQyNTFjOTdiOGVmZjdmN2QyNGVkOGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1q/YtxFrAEf8T3gT/FHz6DRER2oZ
AhCjWn0+kRbmsx737txxw6FEeNT/xK5Ia1n1ZZPVb4fjLENMSOYtjr1ID6zkMmF1
n0P/cQzjDDRvV+wSPnNH9b32iZE5BWoIDz1lpqPRtI/rBd/me8yivWQN0uvdelyE
gySFMS/OKaXMBLf5oz1Z5RpyKrjrNcbz+YjhMR0v4VMD3m/Ry8aMp48L5+EJ0j8P
ingrXQej43hy3G3UWKWlhXY8X4gTVUUbO37b1/MmqV75mAanygJQY4rE1KGEYU3r
xeIIvhxTWHQMDMDzYHtKSyrCULXuinIdAH/qiE7HutkLz3yopq8z1wcIHQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDd+XMDhUUrQ1CUcl7jv9/fSTtj1MB8GA1UdIwQY
MBaAFL+EETVF2QAHYPZgYqQiGTOi6VnYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEt
NGJkNjNhZGM3MzU0LzEvTjM1Y3dPRlJTdERVSlJ5WHVPXzM5OUpPMlBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEtNGJkNjNhZGM3MzU0
LzEvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhAuwDAN
BgkqhkiG9w0BAQsFAAOCAQEAWQ0sj9qjttIQRQSUED7ejvc2UHE/t9t062SFAtdc
2UPabvQ84Q7mZSENgOdFGO2K7SvY67KLzotY5jFYopL39BdS5sJiqBOIxII8lUiX
EXLZI86p7brkR1LVn8WciKIPM5uBu09koYWfO+Yb6mT4rBa7EyQcPaHgtwuGDbZg
V981PgHUPkq+4vo4GjWwUjZbjEx3BtauCyUXn4Ecux7JY1CMe4FkH2IdD4fwN0eU
8CxfbLuPfM3Ovn76rA72WUqPHdmjjQUBnUD6pRbX0S59psy4Q0pqUYmAVU2EyMwy
pM4tivmpOJs35EY/As5IJnwMKTtM4YfLFzIrG47TqUieKA==
-----END CERTIFICATE-----