Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/66f379-f598-4e60-b493-f9ca7124f098/1/0h3Xfcral2IubnxmY9_tstWMwfs.roa
File:                     0h3Xfcral2IubnxmY9_tstWMwfs.roa (raw, json)
Hash identifier:          1nhiOKUXN9GzK8aVndHDOX8caRYt3h/1uQ8akkf2jNw=
Subject key identifier:   D2:1D:D7:7D:CA:DA:97:62:2E:6E:7C:66:63:DF:ED:B2:D5:8C:C1:FB
Certificate issuer:       /CN=35f1fd69e7196aef5e29ba795680dac3e34868c8
Certificate serial:       0194221F93250B0A1757394C51FADCEF5290
Authority key identifier: 35:F1:FD:69:E7:19:6A:EF:5E:29:BA:79:56:80:DA:C3:E3:48:68:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NfH9aecZau9eKbp5VoDaw-NIaMg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/66f379-f598-4e60-b493-f9ca7124f098/1/0h3Xfcral2IubnxmY9_tstWMwfs.roa
Signing time:             Wed 01 Jan 2025 13:48:02 +0000
ROA not before:           Wed 01 Jan 2025 13:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50862
IP address blocks:        91.229.49.0/24 maxlen: 24
                          194.29.73.0/24 maxlen: 24
                          194.29.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/66f379-f598-4e60-b493-f9ca7124f098/1/NfH9aecZau9eKbp5VoDaw-NIaMg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/66f379-f598-4e60-b493-f9ca7124f098/1/NfH9aecZau9eKbp5VoDaw-NIaMg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NfH9aecZau9eKbp5VoDaw-NIaMg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 13:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:93:25:0b:0a:17:57:39:4c:51:fa:dc:ef:52:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35f1fd69e7196aef5e29ba795680dac3e34868c8
        Validity
            Not Before: Jan  1 13:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d21dd77dcada97622e6e7c6663dfedb2d58cc1fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:40:ec:35:c6:4a:7b:87:1a:49:ce:19:28:8b:
                    71:65:c7:f9:76:02:4b:2b:c4:ab:80:c6:41:3a:94:
                    c1:96:45:c4:d7:3b:28:7e:04:ab:61:e8:b9:9f:85:
                    c9:ff:a8:8f:7d:cf:a7:e0:ea:bc:4a:a4:ad:8d:6d:
                    6c:0c:ac:31:04:a3:f0:1f:35:a5:6c:f3:bd:7c:34:
                    8d:5c:ae:86:dd:3f:01:18:64:ef:9f:6f:16:ca:28:
                    d8:75:73:aa:ed:32:48:22:89:1e:d7:d3:42:bc:4f:
                    36:eb:31:fb:17:87:79:be:2d:5a:dc:e9:23:24:18:
                    11:2e:59:b7:ed:94:0d:02:af:af:be:a6:b6:e9:a2:
                    b8:bd:5d:e3:1c:20:97:71:64:27:29:19:e6:bb:eb:
                    71:78:ce:1b:77:a1:9a:e0:e9:0a:0f:12:6a:d0:12:
                    53:4b:60:ef:fe:3e:b6:2e:d6:61:0c:32:4e:dc:39:
                    dd:20:08:aa:c2:47:ad:10:ad:ba:d8:85:cf:01:bd:
                    30:c8:7e:b9:99:57:72:4c:33:c1:be:bd:23:de:c6:
                    dd:cd:85:1e:25:b6:a7:fd:61:8e:90:50:16:5f:2d:
                    a8:66:73:52:c4:24:d2:10:6f:99:09:f8:65:8b:10:
                    67:0c:88:d3:ee:e7:1f:64:86:87:e8:b3:3b:a5:b1:
                    c9:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:1D:D7:7D:CA:DA:97:62:2E:6E:7C:66:63:DF:ED:B2:D5:8C:C1:FB
            X509v3 Authority Key Identifier:
                keyid:35:F1:FD:69:E7:19:6A:EF:5E:29:BA:79:56:80:DA:C3:E3:48:68:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NfH9aecZau9eKbp5VoDaw-NIaMg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/66f379-f598-4e60-b493-f9ca7124f098/1/0h3Xfcral2IubnxmY9_tstWMwfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/66f379-f598-4e60-b493-f9ca7124f098/1/NfH9aecZau9eKbp5VoDaw-NIaMg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.49.0/24
                  194.29.73.0/24
                  194.29.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:24:83:2b:fa:9b:fb:fd:e9:b0:97:9e:60:a1:58:43:cb:65:
         7c:cd:1c:bf:e1:ec:34:e4:14:08:80:3e:3e:9b:9d:b4:46:dc:
         6c:e5:5f:00:36:53:1b:28:9c:e5:8f:52:eb:a9:85:4c:b3:5f:
         b8:b7:b8:ba:14:34:95:63:f0:58:65:fe:9a:bf:4a:98:23:e1:
         c7:ca:35:56:38:32:b5:e3:e3:ab:32:fd:2a:dd:e8:d1:cb:53:
         a7:57:73:3d:d6:d7:b9:cd:a9:80:b4:dc:ff:9c:25:0d:c8:17:
         af:ec:d8:06:82:b0:d7:8e:0e:2d:c6:27:8f:d8:53:a3:4a:30:
         b3:73:47:27:b3:ff:26:da:56:2d:2d:71:f9:30:25:c7:09:1c:
         e7:ff:7f:76:7c:b0:f8:18:80:bf:1d:de:6c:45:43:f9:2e:59:
         52:8a:e4:8b:01:bd:9d:04:d5:c5:3c:6d:d4:0b:9b:65:f6:57:
         10:9a:23:97:7c:2e:92:1d:99:24:17:e7:91:6e:a3:ca:82:a6:
         a1:30:5b:8a:c2:2b:c5:32:a2:3d:d7:0c:0c:cd:3f:1f:5d:aa:
         10:85:b9:d0:d4:43:b3:0b:39:ac:a7:7a:ee:6c:de:57:ef:6b:
         03:92:1f:0f:92:25:d3:98:00:09:0c:06:57:48:a8:3d:51:24:
         ad:55:4a:27
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQiH5MlCwoXVzlMUfrc71KQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1ZjFmZDY5ZTcxOTZhZWY1ZTI5YmE3OTU2ODBkYWMzZTM0
ODY4YzgwHhcNMjUwMTAxMTM0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjFkZDc3ZGNhZGE5NzYyMmU2ZTdjNjY2M2RmZWRiMmQ1OGNjMWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl0DsNcZKe4caSc4ZKItxZcf5dgJL
K8SrgMZBOpTBlkXE1zsofgSrYei5n4XJ/6iPfc+n4Oq8SqStjW1sDKwxBKPwHzWl
bPO9fDSNXK6G3T8BGGTvn28WyijYdXOq7TJIIoke19NCvE826zH7F4d5vi1a3Okj
JBgRLlm37ZQNAq+vvqa26aK4vV3jHCCXcWQnKRnmu+txeM4bd6Ga4OkKDxJq0BJT
S2Dv/j62LtZhDDJO3DndIAiqwketEK262IXPAb0wyH65mVdyTDPBvr0j3sbdzYUe
Jban/WGOkFAWXy2oZnNSxCTSEG+ZCfhlixBnDIjT7ucfZIaH6LM7pbHJWQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNId133K2pdiLm58ZmPf7bLVjMH7MB8GA1UdIwQY
MBaAFDXx/WnnGWrvXim6eVaA2sPjSGjIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmZIOWFlY1phdTllS2JwNVZvRGF3LU5JYU1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy82NmYzNzktZjU5OC00ZTYwLWI0OTMt
ZjljYTcxMjRmMDk4LzEvMGgzWGZjcmFsMkl1Ym54bVk5X3RzdFdNd2ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy82NmYzNzktZjU5OC00ZTYwLWI0OTMtZjljYTcxMjRmMDk4
LzEvTmZIOWFlY1phdTllS2JwNVZvRGF3LU5JYU1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW+UxAwQA
wh1JAwQAwh1OMA0GCSqGSIb3DQEBCwUAA4IBAQATJIMr+pv7/emwl55goVhDy2V8
zRy/4ew05BQIgD4+m520Rtxs5V8ANlMbKJzlj1LrqYVMs1+4t7i6FDSVY/BYZf6a
v0qYI+HHyjVWODK14+OrMv0q3ejRy1OnV3M91te5zamAtNz/nCUNyBev7NgGgrDX
jg4txieP2FOjSjCzc0cns/8m2lYtLXH5MCXHCRzn/392fLD4GIC/Hd5sRUP5LllS
iuSLAb2dBNXFPG3UC5tl9lcQmiOXfC6SHZkkF+eRbqPKgqahMFuKwivFMqI91wwM
zT8fXaoQhbnQ1EOzCzmsp3rubN5X72sDkh8PkiXTmAAJDAZXSKg9USStVUon
-----END CERTIFICATE-----