Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/a29b95-ccb3-467b-ab7a-ac5b61493e01/1/35bIez4DE4f8IctL5QEgdASB-4Y.roa
File:                     35bIez4DE4f8IctL5QEgdASB-4Y.roa (raw, json)
Hash identifier:          TCPS2vFGt9j3BHs+mf2M0eQppw/ELA+Rm7h4Oyv00F8=
Subject key identifier:   DF:96:C8:7B:3E:03:13:87:FC:21:CB:4B:E5:01:20:74:04:81:FB:86
Certificate issuer:       /CN=ccbf95b47ab2b99c222bfe54521efd1ab67d267f
Certificate serial:       0194228E02177D9905618B6E94DA4C4D4BC1
Authority key identifier: CC:BF:95:B4:7A:B2:B9:9C:22:2B:FE:54:52:1E:FD:1A:B6:7D:26:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zL-VtHqyuZwiK_5UUh79GrZ9Jn8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/a29b95-ccb3-467b-ab7a-ac5b61493e01/1/35bIez4DE4f8IctL5QEgdASB-4Y.roa
Signing time:             Wed 01 Jan 2025 15:48:39 +0000
ROA not before:           Wed 01 Jan 2025 15:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209838
IP address blocks:        213.170.200.0/23 maxlen: 24
                          213.170.202.0/23 maxlen: 24
                          2a03:d2c0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/a29b95-ccb3-467b-ab7a-ac5b61493e01/1/zL-VtHqyuZwiK_5UUh79GrZ9Jn8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/a29b95-ccb3-467b-ab7a-ac5b61493e01/1/zL-VtHqyuZwiK_5UUh79GrZ9Jn8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zL-VtHqyuZwiK_5UUh79GrZ9Jn8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:02:17:7d:99:05:61:8b:6e:94:da:4c:4d:4b:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccbf95b47ab2b99c222bfe54521efd1ab67d267f
        Validity
            Not Before: Jan  1 15:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=df96c87b3e031387fc21cb4be50120740481fb86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:b8:3e:d5:83:ab:7a:79:6d:80:b8:2e:c3:4e:
                    5c:11:f8:61:bb:97:75:fa:b4:d1:de:28:e0:46:88:
                    4a:db:71:1b:ea:4d:09:49:d5:b1:a5:58:eb:48:cf:
                    20:fa:0f:c6:98:16:53:ea:01:0d:3b:d9:58:cf:66:
                    b4:e3:c1:fa:2a:eb:59:4e:86:16:78:25:1c:e8:df:
                    69:00:21:16:2f:01:2c:c9:52:65:41:ca:a3:e7:ae:
                    4f:ec:71:8a:02:0f:77:ff:c7:56:4f:44:60:f5:93:
                    b7:90:72:e1:92:23:e5:86:bd:b4:99:7e:e4:98:98:
                    5e:5a:fe:6c:0f:e4:74:a7:2e:31:e6:04:f4:4a:e3:
                    20:17:d8:c8:c8:02:92:b1:32:3e:ab:2f:9d:17:76:
                    fd:a8:72:92:95:39:f0:96:aa:ea:eb:a0:fb:ff:ba:
                    0f:44:70:9f:99:ae:df:a2:2d:45:8d:66:41:3f:14:
                    78:c8:4c:bd:f0:53:ff:33:ad:dd:89:d5:cd:49:61:
                    48:fe:dc:4c:91:b9:4a:38:a8:d0:d6:60:62:89:98:
                    f3:61:f4:69:bd:dc:e2:08:98:7a:8a:24:f6:ce:b8:
                    e7:d9:d7:64:40:97:2c:26:43:20:36:9b:1a:7b:85:
                    cb:8c:f5:80:80:7c:a1:6c:55:93:a1:12:51:56:ca:
                    75:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:96:C8:7B:3E:03:13:87:FC:21:CB:4B:E5:01:20:74:04:81:FB:86
            X509v3 Authority Key Identifier:
                keyid:CC:BF:95:B4:7A:B2:B9:9C:22:2B:FE:54:52:1E:FD:1A:B6:7D:26:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zL-VtHqyuZwiK_5UUh79GrZ9Jn8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/a29b95-ccb3-467b-ab7a-ac5b61493e01/1/35bIez4DE4f8IctL5QEgdASB-4Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/a29b95-ccb3-467b-ab7a-ac5b61493e01/1/zL-VtHqyuZwiK_5UUh79GrZ9Jn8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.170.200.0/22
                IPv6:
                  2a03:d2c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         37:b5:91:d1:2c:44:b8:3c:c8:a6:30:fa:41:63:8d:60:f8:17:
         9d:9c:ab:e0:84:83:dc:21:13:fb:9e:46:d4:8c:57:06:f6:79:
         1b:19:cf:ae:da:85:dc:3e:eb:e4:7a:26:60:5b:10:a3:7b:1d:
         ea:6e:6a:3c:36:f2:2d:d2:a4:f8:bb:17:86:bb:d7:f5:e5:c7:
         1f:2d:03:b6:a4:bd:3a:8f:86:ae:a1:b3:1a:75:c7:0a:6f:ee:
         4b:05:18:66:32:c4:0f:f4:ae:77:44:b6:82:5a:82:8c:97:5e:
         f2:3b:19:b4:1e:fa:cd:29:ac:7d:84:47:92:30:df:5b:a0:d2:
         85:80:36:96:e2:b8:a9:f1:38:ff:4f:70:1b:04:b1:ff:63:db:
         98:5d:9a:df:ba:37:e0:bc:6a:95:e9:f2:52:dd:48:12:5b:95:
         54:51:6f:e1:0b:62:21:b4:f7:8d:e0:65:a2:e7:7d:4d:e1:e0:
         af:06:65:58:6c:7f:84:77:0a:89:b6:6b:dd:90:70:e5:29:ef:
         a5:83:7e:2a:44:2c:65:72:ad:a1:06:7b:f8:97:f4:c7:cd:12:
         cc:e2:14:2d:fd:71:f1:07:68:5a:f8:dd:7c:1e:5d:fa:57:25:
         dd:e7:2c:1e:23:78:d5:b4:7e:99:da:e6:de:8c:e1:25:92:b0:
         0d:f9:ca:ea
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQijgIXfZkFYYtulNpMTUvBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjYmY5NWI0N2FiMmI5OWMyMjJiZmU1NDUyMWVmZDFhYjY3
ZDI2N2YwHhcNMjUwMTAxMTU0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjk2Yzg3YjNlMDMxMzg3ZmMyMWNiNGJlNTAxMjA3NDA0ODFmYjg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8bg+1YOrenltgLguw05cEfhhu5d1
+rTR3ijgRohK23Eb6k0JSdWxpVjrSM8g+g/GmBZT6gENO9lYz2a048H6KutZToYW
eCUc6N9pACEWLwEsyVJlQcqj565P7HGKAg93/8dWT0Rg9ZO3kHLhkiPlhr20mX7k
mJheWv5sD+R0py4x5gT0SuMgF9jIyAKSsTI+qy+dF3b9qHKSlTnwlqrq66D7/7oP
RHCfma7foi1FjWZBPxR4yEy98FP/M63didXNSWFI/txMkblKOKjQ1mBiiZjzYfRp
vdziCJh6iiT2zrjn2ddkQJcsJkMgNpsae4XLjPWAgHyhbFWToRJRVsp1kQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFN+WyHs+AxOH/CHLS+UBIHQEgfuGMB8GA1UdIwQY
MBaAFMy/lbR6srmcIiv+VFIe/Rq2fSZ/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekwtVnRIcXl1WndpS181VVVoNzlHclo5Sm44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9hMjliOTUtY2NiMy00NjdiLWFiN2Et
YWM1YjYxNDkzZTAxLzEvMzViSWV6NERFNGY4SWN0TDVRRWdkQVNCLTRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9hMjliOTUtY2NiMy00NjdiLWFiN2EtYWM1YjYxNDkzZTAx
LzEvekwtVnRIcXl1WndpS181VVVoNzlHclo5Sm44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQC1arIMA0E
AgACMAcDBQAqA9LAMA0GCSqGSIb3DQEBCwUAA4IBAQA3tZHRLES4PMimMPpBY41g
+BednKvghIPcIRP7nkbUjFcG9nkbGc+u2oXcPuvkeiZgWxCjex3qbmo8NvIt0qT4
uxeGu9f15ccfLQO2pL06j4auobMadccKb+5LBRhmMsQP9K53RLaCWoKMl17yOxm0
HvrNKax9hEeSMN9boNKFgDaW4rip8Tj/T3AbBLH/Y9uYXZrfujfgvGqV6fJS3UgS
W5VUUW/hC2IhtPeN4GWi531N4eCvBmVYbH+EdwqJtmvdkHDlKe+lg34qRCxlcq2h
Bnv4l/THzRLM4hQt/XHxB2ha+N18Hl36VyXd5yweI3jVtH6Z2ubejOElkrAN+crq
-----END CERTIFICATE-----