Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/NSYavHGFkjW9fPOW1IOQ-kAXpiw.roa
File:                     NSYavHGFkjW9fPOW1IOQ-kAXpiw.roa (raw, json)
Hash identifier:          bIlwmcqM0xR+NaQTXsekU/G4W1PV6OipwVLIIvkpte8=
Subject key identifier:   35:26:1A:BC:71:85:92:35:BD:7C:F3:96:D4:83:90:FA:40:17:A6:2C
Certificate issuer:       /CN=17067977efd14bc89fb0daba03bb0f600fbb0184
Certificate serial:       0196813AB635352393CE139D6E9EB454B040
Authority key identifier: 17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/NSYavHGFkjW9fPOW1IOQ-kAXpiw.roa
Signing time:             Tue 29 Apr 2025 11:07:10 +0000
ROA not before:           Tue 29 Apr 2025 11:07:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48925
IP address blocks:        86.110.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:81:3a:b6:35:35:23:93:ce:13:9d:6e:9e:b4:54:b0:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17067977efd14bc89fb0daba03bb0f600fbb0184
        Validity
            Not Before: Apr 29 11:07:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=35261abc71859235bd7cf396d48390fa4017a62c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:2b:17:f2:a4:32:61:d8:a4:b6:54:fa:51:28:
                    f3:a1:66:e9:14:ec:cb:7d:0c:51:e1:ab:65:23:29:
                    1e:ad:db:f1:e3:26:49:43:3e:d8:6d:68:56:e3:d5:
                    ec:02:ff:77:66:8a:c8:be:27:72:29:db:cb:36:39:
                    39:7c:ab:2c:75:25:e7:9a:40:1e:4e:1a:af:03:53:
                    f1:ec:6d:2e:e3:34:0e:7c:0e:41:77:7f:46:e3:73:
                    02:bf:70:72:08:53:59:3a:88:34:16:60:68:94:0d:
                    0c:67:6c:28:be:92:6b:b7:70:c5:9a:74:83:78:a4:
                    16:01:b1:1d:3e:69:16:86:aa:3a:4f:46:e0:58:19:
                    45:a6:1d:de:58:a1:5b:6a:e0:29:57:6c:9a:b5:ee:
                    50:cd:54:98:ec:18:f5:f7:2f:47:db:39:99:2d:e1:
                    a1:8e:6b:96:a3:83:ce:d2:1b:97:c0:64:00:ae:c1:
                    0c:3e:dd:f0:6c:fb:83:03:27:07:95:72:74:32:ef:
                    14:3b:58:6f:c3:bf:b9:12:a3:b2:25:2e:46:c1:2a:
                    3d:f0:06:d8:2d:d6:c2:0b:a1:72:a4:9a:ec:ae:a7:
                    88:97:47:c2:d6:0f:43:99:95:ac:c8:bb:b5:5a:18:
                    93:ca:a9:1c:12:26:33:78:94:ae:7c:35:28:6f:02:
                    1f:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:26:1A:BC:71:85:92:35:BD:7C:F3:96:D4:83:90:FA:40:17:A6:2C
            X509v3 Authority Key Identifier:
                keyid:17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/NSYavHGFkjW9fPOW1IOQ-kAXpiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.110.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:3d:f0:0d:69:93:a5:b9:fd:46:d9:0d:8b:dd:e5:c4:6e:7b:
         2d:04:8f:77:41:53:2b:2e:59:4a:be:96:2d:bc:06:af:3b:68:
         db:9c:f1:01:82:03:fb:82:8e:a5:74:b3:5b:76:b6:12:d3:fe:
         64:5f:e3:78:95:12:29:25:7a:b0:69:42:36:d0:d5:d6:80:ae:
         fc:82:78:ed:f2:27:6c:10:1b:b5:95:1e:26:78:13:a3:36:b1:
         0a:b6:84:4d:6b:ea:52:9c:40:8b:2a:0c:a7:25:2e:c5:7c:4c:
         e9:0f:4e:b8:c3:1c:40:20:05:40:4f:f1:c8:69:65:28:e8:13:
         86:ea:c5:bf:7c:9f:52:71:3c:28:c9:2b:11:8d:45:4c:e8:de:
         d1:4a:6b:2e:76:fb:d1:81:5d:5a:eb:c9:fc:ff:2f:e7:ff:7b:
         d5:14:b7:f9:dd:a6:99:56:40:4e:39:8b:3b:2b:98:d0:dd:b3:
         af:85:05:65:af:e8:96:09:d3:30:88:70:23:02:44:cc:d0:a5:
         05:77:b8:b2:66:5b:79:50:91:68:5b:e6:2b:6e:e4:7f:99:5f:
         1a:b1:2a:62:5b:00:da:89:28:be:f5:4f:ad:16:66:e2:dd:43:
         14:08:e1:ae:51:ea:94:73:85:19:c8:94:79:c4:60:5b:d9:0e:
         4b:6e:47:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaBOrY1NSOTzhOdbp60VLBAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MDY3OTc3ZWZkMTRiYzg5ZmIwZGFiYTAzYmIwZjYwMGZi
YjAxODQwHhcNMjUwNDI5MTEwNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTI2MWFiYzcxODU5MjM1YmQ3Y2YzOTZkNDgzOTBmYTQwMTdhNjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3CsX8qQyYdiktlT6USjzoWbpFOzL
fQxR4atlIykerdvx4yZJQz7YbWhW49XsAv93ZorIvidyKdvLNjk5fKssdSXnmkAe
ThqvA1Px7G0u4zQOfA5Bd39G43MCv3ByCFNZOog0FmBolA0MZ2wovpJrt3DFmnSD
eKQWAbEdPmkWhqo6T0bgWBlFph3eWKFbauApV2yate5QzVSY7Bj19y9H2zmZLeGh
jmuWo4PO0huXwGQArsEMPt3wbPuDAycHlXJ0Mu8UO1hvw7+5EqOyJS5GwSo98AbY
LdbCC6FypJrsrqeIl0fC1g9DmZWsyLu1WhiTyqkcEiYzeJSufDUobwIfHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDUmGrxxhZI1vXzzltSDkPpAF6YsMB8GA1UdIwQY
MBaAFBcGeXfv0UvIn7DaugO7D2APuwGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUt
ZDFhNzc3MmRiMDc2LzEvTlNZYXZIR0Zralc5ZlBPVzFJT1Eta0FYcGl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUtZDFhNzc3MmRiMDc2
LzEvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVm41MA0G
CSqGSIb3DQEBCwUAA4IBAQBNPfANaZOluf1G2Q2L3eXEbnstBI93QVMrLllKvpYt
vAavO2jbnPEBggP7go6ldLNbdrYS0/5kX+N4lRIpJXqwaUI20NXWgK78gnjt8ids
EBu1lR4meBOjNrEKtoRNa+pSnECLKgynJS7FfEzpD064wxxAIAVAT/HIaWUo6BOG
6sW/fJ9ScTwoySsRjUVM6N7RSmsudvvRgV1a68n8/y/n/3vVFLf53aaZVkBOOYs7
K5jQ3bOvhQVlr+iWCdMwiHAjAkTM0KUFd7iyZlt5UJFoW+YrbuR/mV8asSpiWwDa
iSi+9U+tFmbi3UMUCOGuUeqUc4UZyJR5xGBb2Q5Lbkef
-----END CERTIFICATE-----