Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/39cb4f-ca88-480e-97d9-073d0d14ddde/1/35pT895rFPfGGgGdlQZKQuPJrR0.roa
File:                     35pT895rFPfGGgGdlQZKQuPJrR0.roa (raw, json)
Hash identifier:          AdJ58aGQtDEjdleM+tpt6uAtjgF+DuwozoTDkormu+M=
Subject key identifier:   DF:9A:53:F3:DE:6B:14:F7:C6:1A:01:9D:95:06:4A:42:E3:C9:AD:1D
Certificate issuer:       /CN=86fa564cf97577c07633ba4e640ea78c76fc17dd
Certificate serial:       019425FC35E07ABF6EAD4DC499FECC018697
Authority key identifier: 86:FA:56:4C:F9:75:77:C0:76:33:BA:4E:64:0E:A7:8C:76:FC:17:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hvpWTPl1d8B2M7pOZA6njHb8F90.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/39cb4f-ca88-480e-97d9-073d0d14ddde/1/35pT895rFPfGGgGdlQZKQuPJrR0.roa
Signing time:             Thu 02 Jan 2025 07:47:53 +0000
ROA not before:           Thu 02 Jan 2025 07:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206515
IP address blocks:        45.82.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/39cb4f-ca88-480e-97d9-073d0d14ddde/1/hvpWTPl1d8B2M7pOZA6njHb8F90.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/39cb4f-ca88-480e-97d9-073d0d14ddde/1/hvpWTPl1d8B2M7pOZA6njHb8F90.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hvpWTPl1d8B2M7pOZA6njHb8F90.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:35:e0:7a:bf:6e:ad:4d:c4:99:fe:cc:01:86:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86fa564cf97577c07633ba4e640ea78c76fc17dd
        Validity
            Not Before: Jan  2 07:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=df9a53f3de6b14f7c61a019d95064a42e3c9ad1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:6c:5a:18:b9:3e:82:7e:c1:07:24:76:97:22:
                    a3:e0:2d:7c:4f:8e:12:0e:da:25:21:15:cb:ae:bd:
                    c3:67:ec:fd:38:57:e7:4e:c5:80:31:0d:55:b3:2c:
                    a5:1a:bb:af:01:d2:92:22:03:7a:43:28:2e:c8:14:
                    a5:a5:41:b4:fb:86:12:9d:9b:96:4b:0a:2b:b4:cf:
                    c7:04:c7:f4:13:0f:db:77:76:04:3c:aa:68:9f:0a:
                    58:be:34:22:75:36:ed:f8:7e:87:d7:e8:b3:5b:67:
                    9c:82:92:f1:9f:8f:64:a4:21:73:38:fb:5b:de:e6:
                    2c:99:d0:09:8a:32:d3:f3:93:f3:80:28:e0:4f:78:
                    15:d4:6b:89:7b:38:90:77:1e:e9:1d:09:61:21:ec:
                    e9:be:b9:6d:eb:94:a1:e6:78:1e:08:18:39:9d:6e:
                    4b:6b:0b:c8:42:bc:c0:48:e7:c8:43:72:12:5a:62:
                    ae:eb:ea:d7:f4:ca:87:d0:63:44:cd:36:ff:ff:e7:
                    45:98:f9:30:7d:21:ca:86:22:ff:4a:b0:4e:38:ec:
                    c0:4d:0d:bf:c5:a5:4c:ce:bc:7a:f3:8a:8a:98:36:
                    4d:e8:3c:78:11:84:9e:8a:f1:90:df:18:01:96:07:
                    4a:be:7c:36:0d:df:f4:ce:5d:60:c8:0a:dc:93:1a:
                    dc:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:9A:53:F3:DE:6B:14:F7:C6:1A:01:9D:95:06:4A:42:E3:C9:AD:1D
            X509v3 Authority Key Identifier:
                keyid:86:FA:56:4C:F9:75:77:C0:76:33:BA:4E:64:0E:A7:8C:76:FC:17:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hvpWTPl1d8B2M7pOZA6njHb8F90.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/39cb4f-ca88-480e-97d9-073d0d14ddde/1/35pT895rFPfGGgGdlQZKQuPJrR0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/39cb4f-ca88-480e-97d9-073d0d14ddde/1/hvpWTPl1d8B2M7pOZA6njHb8F90.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:a7:02:8e:00:5f:4e:57:60:c6:bb:05:5b:dc:74:a2:9b:9a:
         12:74:b1:ae:7e:8d:db:4b:be:c0:92:81:2b:d5:7b:5f:29:45:
         cd:4b:d0:9c:8f:46:2c:a0:3a:94:6d:e0:72:74:a4:c0:8d:4b:
         0b:5a:e2:78:1f:92:5f:b2:d8:9e:63:d6:25:32:3b:f2:6c:2b:
         c2:bc:ff:6a:76:e9:fa:02:c7:c4:ac:eb:c0:be:83:8b:52:18:
         a3:be:fe:cd:f0:cb:46:a6:c3:c2:50:56:3e:80:44:91:91:f5:
         c3:fe:02:f6:58:a0:b5:af:75:12:b4:d6:b2:a0:d1:af:73:f9:
         6f:76:1c:e1:1f:26:05:86:b5:60:cd:b7:78:0e:9b:4b:b4:18:
         3b:dc:7a:b4:9a:dc:e6:c6:22:5d:0c:61:3c:58:97:13:8a:5b:
         7a:af:2d:3b:1e:90:bb:7e:2f:a6:c7:0d:e9:e3:64:60:9d:54:
         46:13:81:5c:06:d4:c2:26:bb:52:09:8c:27:0b:4d:35:3e:5b:
         69:a6:a2:1e:62:7d:37:55:61:4c:67:6d:6b:4e:0b:1a:1e:e9:
         12:53:11:19:f9:a0:e7:45:99:22:25:86:12:a2:c7:0f:16:ee:
         89:14:9d:7f:df:93:ef:f5:5d:20:2e:d7:ac:39:b3:de:25:58:
         59:05:9f:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/DXger9urU3Emf7MAYaXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZmE1NjRjZjk3NTc3YzA3NjMzYmE0ZTY0MGVhNzhjNzZm
YzE3ZGQwHhcNMjUwMTAyMDc0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjlhNTNmM2RlNmIxNGY3YzYxYTAxOWQ5NTA2NGE0MmUzYzlhZDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2xaGLk+gn7BByR2lyKj4C18T44S
DtolIRXLrr3DZ+z9OFfnTsWAMQ1VsyylGruvAdKSIgN6QyguyBSlpUG0+4YSnZuW
SwortM/HBMf0Ew/bd3YEPKponwpYvjQidTbt+H6H1+izW2ecgpLxn49kpCFzOPtb
3uYsmdAJijLT85PzgCjgT3gV1GuJeziQdx7pHQlhIezpvrlt65Sh5ngeCBg5nW5L
awvIQrzASOfIQ3ISWmKu6+rX9MqH0GNEzTb//+dFmPkwfSHKhiL/SrBOOOzATQ2/
xaVMzrx684qKmDZN6Dx4EYSeivGQ3xgBlgdKvnw2Dd/0zl1gyArckxrcIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN+aU/PeaxT3xhoBnZUGSkLjya0dMB8GA1UdIwQY
MBaAFIb6Vkz5dXfAdjO6TmQOp4x2/BfdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHZwV1RQbDFkOEIyTTdwT1pBNm5qSGI4RjkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8zOWNiNGYtY2E4OC00ODBlLTk3ZDkt
MDczZDBkMTRkZGRlLzEvMzVwVDg5NXJGUGZHR2dHZGxRWktRdVBKclIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8zOWNiNGYtY2E4OC00ODBlLTk3ZDktMDczZDBkMTRkZGRl
LzEvaHZwV1RQbDFkOEIyTTdwT1pBNm5qSGI4RjkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVLZMA0G
CSqGSIb3DQEBCwUAA4IBAQBOpwKOAF9OV2DGuwVb3HSim5oSdLGufo3bS77AkoEr
1XtfKUXNS9Ccj0YsoDqUbeBydKTAjUsLWuJ4H5JfstieY9YlMjvybCvCvP9qdun6
AsfErOvAvoOLUhijvv7N8MtGpsPCUFY+gESRkfXD/gL2WKC1r3UStNayoNGvc/lv
dhzhHyYFhrVgzbd4DptLtBg73Hq0mtzmxiJdDGE8WJcTilt6ry07HpC7fi+mxw3p
42RgnVRGE4FcBtTCJrtSCYwnC001PltppqIeYn03VWFMZ21rTgsaHukSUxEZ+aDn
RZkiJYYSoscPFu6JFJ1/35Pv9V0gLtesObPeJVhZBZ/m
-----END CERTIFICATE-----