Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/J1dDrpgmhQc4QUXbkPU5Fix8yLI.roa
File:                     J1dDrpgmhQc4QUXbkPU5Fix8yLI.roa (raw, json)
Hash identifier:          Y3dqMh2GBdEZQYThLmTUubgvst40gaMs4nSNPrEZ02Q=
Subject key identifier:   27:57:43:AE:98:26:85:07:38:41:45:DB:90:F5:39:16:2C:7C:C8:B2
Certificate issuer:       /CN=3a00807698f0b097d69ab3926917d1dcc838a624
Certificate serial:       0191C6CAC38DA7FA6BEADFE158CB7F020FDD
Authority key identifier: 3A:00:80:76:98:F0:B0:97:D6:9A:B3:92:69:17:D1:DC:C8:38:A6:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/J1dDrpgmhQc4QUXbkPU5Fix8yLI.roa
Signing time:             Fri 06 Sep 2024 10:04:22 +0000
ROA not before:           Fri 06 Sep 2024 10:04:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52000
IP address blocks:        45.81.35.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:c6:ca:c3:8d:a7:fa:6b:ea:df:e1:58:cb:7f:02:0f:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a00807698f0b097d69ab3926917d1dcc838a624
        Validity
            Not Before: Sep  6 10:04:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=275743ae98268507384145db90f539162c7cc8b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:a5:aa:64:78:ae:7a:63:ec:97:fd:f3:26:52:
                    d5:e3:40:ae:a2:4e:97:a4:05:53:28:d5:4f:6d:f8:
                    e6:4d:2d:68:55:ea:d1:3d:d8:5b:a0:50:95:e6:ec:
                    4b:3d:dc:e7:aa:1b:93:7a:cd:d8:bb:3b:e3:3d:7f:
                    79:60:b4:79:0f:c0:60:71:72:f2:9c:01:84:88:dd:
                    b0:dc:6c:d3:e3:58:58:d3:a4:47:39:d5:32:4a:8e:
                    69:35:de:c0:90:35:dc:70:e4:28:f2:90:e1:26:ce:
                    40:57:a5:84:e2:68:5f:fd:37:2c:be:fa:1f:00:a3:
                    9f:32:ec:1b:70:e2:09:32:3b:22:7a:87:51:55:a2:
                    ad:15:c3:64:f3:10:8b:3b:b2:7b:ab:2e:d9:ca:36:
                    0c:a3:29:61:af:d8:c5:9c:67:96:31:dc:63:ee:0d:
                    4e:b6:d7:8e:e2:9a:a2:66:69:d8:06:a3:c4:ba:79:
                    0a:06:13:af:7b:66:ec:48:42:fe:23:c5:c9:06:d1:
                    c3:0c:27:f5:3f:32:7c:8f:c8:b0:a6:6f:f1:6d:88:
                    9e:9e:21:49:d9:39:bf:76:cf:a7:89:a4:ab:1e:4b:
                    ef:3b:ff:85:94:bc:2f:f8:c3:39:5a:5c:35:83:ad:
                    0a:4c:a3:5c:16:64:c3:7c:95:84:c6:8e:53:7b:f2:
                    e2:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:57:43:AE:98:26:85:07:38:41:45:DB:90:F5:39:16:2C:7C:C8:B2
            X509v3 Authority Key Identifier:
                keyid:3A:00:80:76:98:F0:B0:97:D6:9A:B3:92:69:17:D1:DC:C8:38:A6:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/J1dDrpgmhQc4QUXbkPU5Fix8yLI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/143d29-cf72-4d01-918c-16afc4dffdd4/1/OgCAdpjwsJfWmrOSaRfR3Mg4piQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:30:a0:da:ca:7d:51:c9:e3:1b:42:42:e0:90:6f:f8:31:c1:
         1f:a8:9b:bc:05:c5:d7:84:8e:2c:e2:9e:1d:6d:26:13:7e:31:
         48:38:b8:1c:7e:01:80:4a:d0:b1:7b:6c:6a:3d:04:1f:d5:31:
         a5:d7:73:37:02:67:af:e3:e1:02:12:21:98:e7:1b:4b:1a:bf:
         7f:d3:ea:89:02:bc:6a:d7:4f:ca:02:58:ea:c8:42:4c:f2:66:
         74:7e:d3:86:66:8a:dc:ee:b7:ad:cc:40:44:80:ed:da:28:00:
         9f:68:48:bb:71:8c:5e:fb:70:1c:49:ec:08:86:ee:e2:da:83:
         b7:ce:e0:41:30:db:cf:28:97:79:6f:af:f1:c0:7f:d8:2b:18:
         3e:3b:5d:89:69:49:59:d6:4a:d9:5c:14:ab:ac:98:1d:65:0e:
         23:c1:c9:56:1e:c4:d0:57:c3:c6:2e:16:fc:df:b9:be:26:99:
         47:bd:c7:49:a8:b7:4e:e4:c6:6d:65:03:71:2d:ae:de:f6:34:
         a8:f0:42:56:57:30:76:0c:f3:28:c4:b6:0f:55:74:2f:bd:60:
         15:bc:b3:3b:8e:e6:00:39:b7:34:e7:d2:e8:ba:dd:b5:48:eb:
         75:84:56:fd:6f:ff:74:68:21:79:bf:e1:ea:3b:83:79:2d:f6:
         a1:fa:05:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHGysONp/pr6t/hWMt/Ag/dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMDA4MDc2OThmMGIwOTdkNjlhYjM5MjY5MTdkMWRjYzgz
OGE2MjQwHhcNMjQwOTA2MTAwNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzU3NDNhZTk4MjY4NTA3Mzg0MTQ1ZGI5MGY1MzkxNjJjN2NjOGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnqWqZHiuemPsl/3zJlLV40Cuok6X
pAVTKNVPbfjmTS1oVerRPdhboFCV5uxLPdznqhuTes3YuzvjPX95YLR5D8BgcXLy
nAGEiN2w3GzT41hY06RHOdUySo5pNd7AkDXccOQo8pDhJs5AV6WE4mhf/Tcsvvof
AKOfMuwbcOIJMjsieodRVaKtFcNk8xCLO7J7qy7ZyjYMoylhr9jFnGeWMdxj7g1O
tteO4pqiZmnYBqPEunkKBhOve2bsSEL+I8XJBtHDDCf1PzJ8j8iwpm/xbYieniFJ
2Tm/ds+niaSrHkvvO/+FlLwv+MM5Wlw1g60KTKNcFmTDfJWExo5Te/LipQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCdXQ66YJoUHOEFF25D1ORYsfMiyMB8GA1UdIwQY
MBaAFDoAgHaY8LCX1pqzkmkX0dzIOKYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dDQWRwandzSmZXbXJPU2FSZlIzTWc0cGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8xNDNkMjktY2Y3Mi00ZDAxLTkxOGMt
MTZhZmM0ZGZmZGQ0LzEvSjFkRHJwZ21oUWM0UVVYYmtQVTVGaXg4eUxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8xNDNkMjktY2Y3Mi00ZDAxLTkxOGMtMTZhZmM0ZGZmZGQ0
LzEvT2dDQWRwandzSmZXbXJPU2FSZlIzTWc0cGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVEjMA0G
CSqGSIb3DQEBCwUAA4IBAQADMKDayn1RyeMbQkLgkG/4McEfqJu8BcXXhI4s4p4d
bSYTfjFIOLgcfgGAStCxe2xqPQQf1TGl13M3Amev4+ECEiGY5xtLGr9/0+qJArxq
10/KAljqyEJM8mZ0ftOGZorc7retzEBEgO3aKACfaEi7cYxe+3AcSewIhu7i2oO3
zuBBMNvPKJd5b6/xwH/YKxg+O12JaUlZ1krZXBSrrJgdZQ4jwclWHsTQV8PGLhb8
37m+JplHvcdJqLdO5MZtZQNxLa7e9jSo8EJWVzB2DPMoxLYPVXQvvWAVvLM7juYA
Obc059Lout21SOt1hFb9b/90aCF5v+HqO4N5Lfah+gUl
-----END CERTIFICATE-----