Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/C_ziNaXKn4VDpbrAEu9weVF52JA.roa
File:                     C_ziNaXKn4VDpbrAEu9weVF52JA.roa (raw, json)
Hash identifier:          uW9Tu1YIQ5nRvRVJvhMOdJvsptWQiAhpmFSnfRGl4eY=
Subject key identifier:   0B:FC:E2:35:A5:CA:9F:85:43:A5:BA:C0:12:EF:70:79:51:79:D8:90
Certificate issuer:       /CN=0ce1308ead6adb1d085e7e5910a0cb2de56aa32e
Certificate serial:       0196DEA09F8CC480E676293420E6F8E10BAD
Authority key identifier: 0C:E1:30:8E:AD:6A:DB:1D:08:5E:7E:59:10:A0:CB:2D:E5:6A:A3:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/C_ziNaXKn4VDpbrAEu9weVF52JA.roa
Signing time:             Sat 17 May 2025 14:23:10 +0000
ROA not before:           Sat 17 May 2025 14:23:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34965
IP address blocks:        85.235.0.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 11:24:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:de:a0:9f:8c:c4:80:e6:76:29:34:20:e6:f8:e1:0b:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce1308ead6adb1d085e7e5910a0cb2de56aa32e
        Validity
            Not Before: May 17 14:23:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0bfce235a5ca9f8543a5bac012ef70795179d890
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:16:63:22:0e:3d:8d:3e:dc:cf:8e:11:1c:54:
                    8b:9d:05:32:eb:24:90:2f:8d:88:e6:8b:c6:8c:64:
                    b0:cd:0a:a5:6b:04:d7:af:d7:e6:5c:ef:39:79:67:
                    55:f6:da:e0:77:50:59:14:1e:9d:9f:8b:ac:ea:50:
                    79:dc:50:7f:7d:9f:c2:da:96:e9:6e:d7:5a:c8:9e:
                    2c:79:07:3d:2e:89:15:51:6c:df:ec:7c:83:25:b8:
                    e8:d3:75:84:53:3d:70:f2:50:22:b6:e2:cf:a9:29:
                    12:07:b9:79:60:44:21:a5:b8:27:e2:bd:98:89:3f:
                    77:fa:df:33:1a:df:50:89:5e:3b:e7:cb:6e:f1:5f:
                    6a:d4:35:c7:bd:bd:93:c3:88:89:03:13:6f:be:87:
                    04:7d:41:26:6b:05:bf:f8:a1:9a:ef:04:8e:db:42:
                    f3:0c:5b:92:59:09:c3:d9:ff:83:a7:77:de:f5:21:
                    7b:17:f0:a9:ad:aa:23:72:5f:6a:f1:ca:2c:af:14:
                    97:b9:df:c9:b9:6b:a4:e5:16:c0:f0:6a:60:69:bb:
                    6f:3d:42:68:a4:cb:e3:19:a6:6b:8d:cc:8a:a2:18:
                    f8:c4:56:72:2a:63:d8:3c:41:5f:e8:81:85:b6:7f:
                    8d:c9:29:75:83:f8:76:50:ac:ad:d2:02:f6:8b:c0:
                    b8:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:FC:E2:35:A5:CA:9F:85:43:A5:BA:C0:12:EF:70:79:51:79:D8:90
            X509v3 Authority Key Identifier:
                keyid:0C:E1:30:8E:AD:6A:DB:1D:08:5E:7E:59:10:A0:CB:2D:E5:6A:A3:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/C_ziNaXKn4VDpbrAEu9weVF52JA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.235.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         09:30:b4:69:5b:57:a5:59:32:0f:4c:a5:0b:70:f5:33:17:47:
         67:44:aa:40:49:73:c6:8b:6e:75:91:6a:a5:74:ce:4a:c7:f9:
         f0:b3:50:37:1e:9e:8f:43:64:0e:2c:3f:f7:ef:f2:42:d0:26:
         85:97:bf:14:e1:b6:38:63:90:62:09:a3:c1:55:d1:5b:57:db:
         a1:1b:2e:9f:6c:71:3b:66:02:a9:87:8d:43:cf:a9:66:72:01:
         0b:d4:68:70:ea:33:59:e5:d1:f7:d5:9c:88:49:72:81:f0:fa:
         ce:4b:c8:3c:9c:6b:07:2a:aa:34:b3:8d:d0:48:05:e1:22:50:
         ff:64:11:6c:d0:bc:fd:fe:d5:43:82:fa:6c:e2:c7:76:88:6f:
         3a:7b:f4:cd:c7:f7:87:7e:90:d4:23:b7:b9:2a:91:1d:9b:4b:
         37:5b:85:92:ad:22:49:74:ea:e7:84:75:94:aa:4d:ef:df:6a:
         0f:8e:7d:32:47:ff:02:12:2e:b3:0f:28:4c:a0:33:04:8f:5f:
         c4:fe:91:f3:ea:62:dd:8f:4a:47:da:7e:f5:46:8f:3a:91:2e:
         13:33:ee:40:05:15:4c:5f:b8:2c:83:6a:67:30:16:7d:6d:2a:
         40:86:7c:8b:9f:e4:51:ba:e0:13:85:a5:ff:5a:b9:12:4b:21:
         5f:49:50:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbeoJ+MxIDmdik0IOb44QutMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTEzMDhlYWQ2YWRiMWQwODVlN2U1OTEwYTBjYjJkZTU2
YWEzMmUwHhcNMjUwNTE3MTQyMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmZjZTIzNWE1Y2E5Zjg1NDNhNWJhYzAxMmVmNzA3OTUxNzlkODkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1RZjIg49jT7cz44RHFSLnQUy6ySQ
L42I5ovGjGSwzQqlawTXr9fmXO85eWdV9trgd1BZFB6dn4us6lB53FB/fZ/C2pbp
btdayJ4seQc9LokVUWzf7HyDJbjo03WEUz1w8lAituLPqSkSB7l5YEQhpbgn4r2Y
iT93+t8zGt9QiV4758tu8V9q1DXHvb2Tw4iJAxNvvocEfUEmawW/+KGa7wSO20Lz
DFuSWQnD2f+Dp3fe9SF7F/Cpraojcl9q8cosrxSXud/JuWuk5RbA8GpgabtvPUJo
pMvjGaZrjcyKohj4xFZyKmPYPEFf6IGFtn+NySl1g/h2UKyt0gL2i8C4TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAv84jWlyp+FQ6W6wBLvcHlRediQMB8GA1UdIwQY
MBaAFAzhMI6tatsdCF5+WRCgyy3laqMuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9Fd2pxMXEyeDBJWG41WkVLRExMZVZxb3k0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS84OTkzODAtYWQyNy00NGViLThjMmUt
YjBiYWQxOGYwMmQwLzEvQ196aU5hWEtuNFZEcGJyQUV1OXdlVkY1MkpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS84OTkzODAtYWQyNy00NGViLThjMmUtYjBiYWQxOGYwMmQw
LzEvRE9Fd2pxMXEyeDBJWG41WkVLRExMZVZxb3k0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEVesAMA0G
CSqGSIb3DQEBCwUAA4IBAQAJMLRpW1elWTIPTKULcPUzF0dnRKpASXPGi251kWql
dM5Kx/nws1A3Hp6PQ2QOLD/37/JC0CaFl78U4bY4Y5BiCaPBVdFbV9uhGy6fbHE7
ZgKph41Dz6lmcgEL1Ghw6jNZ5dH31ZyISXKB8PrOS8g8nGsHKqo0s43QSAXhIlD/
ZBFs0Lz9/tVDgvps4sd2iG86e/TNx/eHfpDUI7e5KpEdm0s3W4WSrSJJdOrnhHWU
qk3v32oPjn0yR/8CEi6zDyhMoDMEj1/E/pHz6mLdj0pH2n71Ro86kS4TM+5ABRVM
X7gsg2pnMBZ9bSpAhnyLn+RRuuAThaX/WrkSSyFfSVCw
-----END CERTIFICATE-----