Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/c3cda5-8a64-4290-a23d-a634791440ca/1/0RltyGXYqOw5Hx9cC0hpgbUGn1M.roa
File:                     0RltyGXYqOw5Hx9cC0hpgbUGn1M.roa (raw, json)
Hash identifier:          mg2bYRQawjXXkuGc/ehoyx4cItI7XGim10ZVkynzOuM=
Subject key identifier:   D1:19:6D:C8:65:D8:A8:EC:39:1F:1F:5C:0B:48:69:81:B5:06:9F:53
Certificate issuer:       /CN=35e3d4bf1bc0f81728205e51de097cf383a0cdc9
Certificate serial:       01941F8C9F8B08D189374C3A3154D0D5129B
Authority key identifier: 35:E3:D4:BF:1B:C0:F8:17:28:20:5E:51:DE:09:7C:F3:83:A0:CD:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NePUvxvA-BcoIF5R3gl884Ogzck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/c3cda5-8a64-4290-a23d-a634791440ca/1/0RltyGXYqOw5Hx9cC0hpgbUGn1M.roa
Signing time:             Wed 01 Jan 2025 01:48:17 +0000
ROA not before:           Wed 01 Jan 2025 01:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        91.231.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/c3cda5-8a64-4290-a23d-a634791440ca/1/NePUvxvA-BcoIF5R3gl884Ogzck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/c3cda5-8a64-4290-a23d-a634791440ca/1/NePUvxvA-BcoIF5R3gl884Ogzck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NePUvxvA-BcoIF5R3gl884Ogzck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:9f:8b:08:d1:89:37:4c:3a:31:54:d0:d5:12:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35e3d4bf1bc0f81728205e51de097cf383a0cdc9
        Validity
            Not Before: Jan  1 01:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d1196dc865d8a8ec391f1f5c0b486981b5069f53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:9a:d2:4f:42:b0:63:f7:d2:45:42:10:18:be:
                    9f:5e:30:df:69:51:b1:4b:e9:51:0c:98:20:8d:7f:
                    17:12:39:f5:c6:a1:39:23:10:fe:80:00:c2:47:2f:
                    e1:c1:db:2a:a4:16:f8:53:17:97:bb:41:ea:eb:65:
                    06:b6:c1:6d:d9:a1:60:79:f7:e8:54:4b:4e:67:b4:
                    08:81:2d:f9:e6:2a:8c:85:eb:c4:d7:01:bc:a5:82:
                    b7:ac:b1:65:95:61:f9:72:53:26:ca:f2:e9:a7:90:
                    fa:73:77:89:85:0c:16:62:1a:a5:70:86:29:8e:0c:
                    e2:da:14:72:b3:1a:9f:f9:fc:e4:76:7f:66:ea:07:
                    c8:a3:43:aa:5b:7e:b8:7b:4f:21:1c:82:7c:14:3c:
                    b7:b5:66:c3:53:91:8f:ec:00:b8:fc:a6:c2:39:6a:
                    16:7c:ad:64:1a:90:ef:a7:a7:01:79:bd:2e:9b:a2:
                    41:6b:cb:88:e2:3e:d6:c5:9e:62:69:22:52:2f:c4:
                    b2:86:b8:ef:29:d2:6f:f0:92:9f:0c:97:79:0a:73:
                    20:0e:4c:d5:b7:5e:7b:6e:fa:8b:de:89:5e:53:74:
                    dd:7b:fa:ee:19:c2:ab:05:27:4b:5d:b8:cc:1a:8c:
                    97:94:18:ba:69:e8:7b:56:b3:25:8f:d3:12:6a:6a:
                    41:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:19:6D:C8:65:D8:A8:EC:39:1F:1F:5C:0B:48:69:81:B5:06:9F:53
            X509v3 Authority Key Identifier:
                keyid:35:E3:D4:BF:1B:C0:F8:17:28:20:5E:51:DE:09:7C:F3:83:A0:CD:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NePUvxvA-BcoIF5R3gl884Ogzck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/c3cda5-8a64-4290-a23d-a634791440ca/1/0RltyGXYqOw5Hx9cC0hpgbUGn1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/c3cda5-8a64-4290-a23d-a634791440ca/1/NePUvxvA-BcoIF5R3gl884Ogzck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:0a:c2:36:04:87:3b:8d:c3:4a:dc:4e:5f:2c:65:53:cd:d7:
         f7:c9:a4:d9:d2:45:47:36:09:19:e0:79:7b:d9:62:7c:b5:21:
         73:aa:d1:f0:50:6c:3c:86:db:78:88:70:a5:24:63:c4:37:5c:
         17:df:65:70:de:48:b2:6c:5e:2f:7d:73:e2:95:ef:43:5d:9e:
         99:68:d5:bf:7a:53:aa:b4:da:67:93:99:f0:df:52:29:41:96:
         f5:9d:2c:aa:7b:61:dd:91:d7:0d:19:fe:6f:29:57:7c:8f:e3:
         38:c8:0c:fe:7e:2b:5b:28:14:4d:28:c9:2f:2b:f4:4f:19:f2:
         46:91:57:c5:b4:56:db:5f:76:52:35:8e:c3:48:71:a7:c2:f9:
         c5:5c:b6:80:ed:7a:22:e4:cd:e0:8d:9f:94:13:8c:05:6c:58:
         76:da:23:fc:e2:dc:f4:2b:ba:5c:b2:d4:88:71:61:fd:c1:f2:
         53:79:9a:df:16:ad:b1:a6:d3:2e:81:cd:02:60:d6:17:7f:b2:
         16:c9:84:4d:1f:19:3d:c8:ae:37:e8:8e:33:2c:c0:a3:66:b4:
         72:0e:aa:9d:97:8a:77:4e:27:51:d7:93:bb:ab:97:6b:a1:16:
         1b:ae:f0:a5:91:9d:bf:20:57:dd:72:e8:8a:cb:04:1b:98:ce:
         34:42:b6:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjJ+LCNGJN0w6MVTQ1RKbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1ZTNkNGJmMWJjMGY4MTcyODIwNWU1MWRlMDk3Y2YzODNh
MGNkYzkwHhcNMjUwMTAxMDE0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTE5NmRjODY1ZDhhOGVjMzkxZjFmNWMwYjQ4Njk4MWI1MDY5ZjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJrST0KwY/fSRUIQGL6fXjDfaVGx
S+lRDJggjX8XEjn1xqE5IxD+gADCRy/hwdsqpBb4UxeXu0Hq62UGtsFt2aFgeffo
VEtOZ7QIgS355iqMhevE1wG8pYK3rLFllWH5clMmyvLpp5D6c3eJhQwWYhqlcIYp
jgzi2hRysxqf+fzkdn9m6gfIo0OqW364e08hHIJ8FDy3tWbDU5GP7AC4/KbCOWoW
fK1kGpDvp6cBeb0um6JBa8uI4j7WxZ5iaSJSL8SyhrjvKdJv8JKfDJd5CnMgDkzV
t157bvqL3oleU3Tde/ruGcKrBSdLXbjMGoyXlBi6aeh7VrMlj9MSampB5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNEZbchl2KjsOR8fXAtIaYG1Bp9TMB8GA1UdIwQY
MBaAFDXj1L8bwPgXKCBeUd4JfPODoM3JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmVQVXZ4dkEtQmNvSUY1UjNnbDg4NE9nemNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS9jM2NkYTUtOGE2NC00MjkwLWEyM2Qt
YTYzNDc5MTQ0MGNhLzEvMFJsdHlHWFlxT3c1SHg5Y0MwaHBnYlVHbjFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS9jM2NkYTUtOGE2NC00MjkwLWEyM2QtYTYzNDc5MTQ0MGNh
LzEvTmVQVXZ4dkEtQmNvSUY1UjNnbDg4NE9nemNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+cjMA0G
CSqGSIb3DQEBCwUAA4IBAQCBCsI2BIc7jcNK3E5fLGVTzdf3yaTZ0kVHNgkZ4Hl7
2WJ8tSFzqtHwUGw8htt4iHClJGPEN1wX32Vw3kiybF4vfXPile9DXZ6ZaNW/elOq
tNpnk5nw31IpQZb1nSyqe2HdkdcNGf5vKVd8j+M4yAz+fitbKBRNKMkvK/RPGfJG
kVfFtFbbX3ZSNY7DSHGnwvnFXLaA7Xoi5M3gjZ+UE4wFbFh22iP84tz0K7pcstSI
cWH9wfJTeZrfFq2xptMugc0CYNYXf7IWyYRNHxk9yK436I4zLMCjZrRyDqqdl4p3
TidR15O7q5droRYbrvClkZ2/IFfdcuiKywQbmM40QrZb
-----END CERTIFICATE-----