Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/a1923f-26d7-44be-a2be-03cbdb8ff960/1/bjnOU2JwIyBhG3a2k5FUAWGDatE.roa
File:                     bjnOU2JwIyBhG3a2k5FUAWGDatE.roa (raw, json)
Hash identifier:          qBdlY6EWSQACgnafmgz/gnCk4zq1L3YPmsFgf+M1bHo=
Subject key identifier:   6E:39:CE:53:62:70:23:20:61:1B:76:B6:93:91:54:01:61:83:6A:D1
Certificate issuer:       /CN=01f649b9d0546227b1d4626c2081e4d3da850efe
Certificate serial:       0194258FB0D000512073CA767DE6FD3D427A
Authority key identifier: 01:F6:49:B9:D0:54:62:27:B1:D4:62:6C:20:81:E4:D3:DA:85:0E:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AfZJudBUYiex1GJsIIHk09qFDv4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/a1923f-26d7-44be-a2be-03cbdb8ff960/1/bjnOU2JwIyBhG3a2k5FUAWGDatE.roa
Signing time:             Thu 02 Jan 2025 05:49:21 +0000
ROA not before:           Thu 02 Jan 2025 05:49:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207143
IP address blocks:        185.35.28.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/a1923f-26d7-44be-a2be-03cbdb8ff960/1/AfZJudBUYiex1GJsIIHk09qFDv4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/a1923f-26d7-44be-a2be-03cbdb8ff960/1/AfZJudBUYiex1GJsIIHk09qFDv4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AfZJudBUYiex1GJsIIHk09qFDv4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 11:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:b0:d0:00:51:20:73:ca:76:7d:e6:fd:3d:42:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01f649b9d0546227b1d4626c2081e4d3da850efe
        Validity
            Not Before: Jan  2 05:49:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6e39ce5362702320611b76b69391540161836ad1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:f0:50:81:66:78:3b:fa:2b:b9:10:56:ce:8d:
                    d8:21:6a:2d:7f:44:1f:e6:ca:fe:42:30:ee:b6:3e:
                    69:d5:44:51:fc:5d:13:71:b6:2c:f5:6d:a1:f2:e9:
                    4f:f3:77:6d:aa:85:0d:ee:fe:5b:2b:24:8f:52:fa:
                    1a:ea:a3:58:cf:66:82:0c:11:52:db:d6:81:9c:92:
                    e7:3e:ff:57:b6:c1:32:c9:dd:9b:98:0e:b0:31:3a:
                    06:2e:6a:4f:48:94:bd:bc:30:f6:c0:1a:26:bd:19:
                    74:0d:37:4f:17:30:1b:93:75:de:64:62:95:51:23:
                    e4:7c:b5:f8:80:1a:59:50:9e:86:d3:94:b8:4e:9e:
                    c9:c3:99:fe:dd:95:56:4c:4f:54:84:bb:dd:a4:4f:
                    cc:a5:1c:48:c2:7a:f6:c4:e1:72:32:ad:e4:cb:fa:
                    fc:1a:ca:f8:cf:bb:cb:27:b3:ad:ff:cd:78:b6:b7:
                    8d:13:d4:d0:5d:7b:46:4f:1c:9f:f3:46:3a:40:0c:
                    95:25:49:6d:30:84:fc:b4:4d:81:05:0f:6a:f2:b8:
                    91:8b:f4:ad:68:ac:de:20:b2:1d:c6:3b:60:5b:db:
                    f9:5a:2b:8a:01:23:f5:45:cb:19:11:9b:43:83:99:
                    ae:c9:4c:ac:cd:c8:2e:4f:1e:e0:d4:36:cc:2d:0c:
                    31:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:39:CE:53:62:70:23:20:61:1B:76:B6:93:91:54:01:61:83:6A:D1
            X509v3 Authority Key Identifier:
                keyid:01:F6:49:B9:D0:54:62:27:B1:D4:62:6C:20:81:E4:D3:DA:85:0E:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AfZJudBUYiex1GJsIIHk09qFDv4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/a1923f-26d7-44be-a2be-03cbdb8ff960/1/bjnOU2JwIyBhG3a2k5FUAWGDatE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/a1923f-26d7-44be-a2be-03cbdb8ff960/1/AfZJudBUYiex1GJsIIHk09qFDv4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.35.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         39:ac:ed:4b:1e:4f:2c:b3:d0:38:c9:67:07:84:c7:30:bc:90:
         ca:40:1b:a3:59:63:fa:ba:77:e8:02:ca:c5:c2:ec:12:33:24:
         7a:5a:65:34:a3:51:2c:e2:24:37:ba:7c:0b:b2:43:f5:ad:d3:
         b8:91:dd:8a:8a:25:69:fd:c4:04:2d:6a:78:54:12:2f:a2:15:
         21:9b:d3:2e:b1:35:fc:1b:5d:32:39:e5:d8:3c:1a:67:7f:fe:
         d7:fd:27:c2:ea:e1:0a:a5:dc:1d:22:d4:c9:8d:ce:4c:e0:c3:
         2d:5a:a6:bd:1f:9e:75:73:6f:0e:0e:1a:6c:0e:2c:b0:a9:19:
         31:93:e5:38:d4:de:c5:97:63:42:51:dc:6f:3c:70:0a:bc:c0:
         0a:fa:ff:6d:45:b4:a2:1e:49:d5:1d:25:3c:c0:b7:ba:20:84:
         4e:55:6a:7b:1c:eb:b3:18:8b:dc:d5:ef:8c:1d:71:51:08:5d:
         51:f8:71:77:35:37:53:35:cb:d0:64:b9:d8:f1:4e:ec:4d:1b:
         41:fd:a7:16:a0:cd:f6:e9:30:6f:d7:20:32:e2:c2:29:9e:bf:
         9c:01:92:97:b5:2f:ef:96:b3:90:fe:dd:dd:28:6f:4d:88:0c:
         37:0a:9a:68:99:53:53:04:de:29:51:f9:d5:6f:93:0b:71:88:
         e8:23:2c:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj7DQAFEgc8p2feb9PUJ6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxZjY0OWI5ZDA1NDYyMjdiMWQ0NjI2YzIwODFlNGQzZGE4
NTBlZmUwHhcNMjUwMTAyMDU0OTIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTM5Y2U1MzYyNzAyMzIwNjExYjc2YjY5MzkxNTQwMTYxODM2YWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fBQgWZ4O/oruRBWzo3YIWotf0Qf
5sr+QjDutj5p1URR/F0TcbYs9W2h8ulP83dtqoUN7v5bKySPUvoa6qNYz2aCDBFS
29aBnJLnPv9XtsEyyd2bmA6wMToGLmpPSJS9vDD2wBomvRl0DTdPFzAbk3XeZGKV
USPkfLX4gBpZUJ6G05S4Tp7Jw5n+3ZVWTE9UhLvdpE/MpRxIwnr2xOFyMq3ky/r8
Gsr4z7vLJ7Ot/814treNE9TQXXtGTxyf80Y6QAyVJUltMIT8tE2BBQ9q8riRi/St
aKzeILIdxjtgW9v5WiuKASP1RcsZEZtDg5muyUyszcguTx7g1DbMLQwx3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG45zlNicCMgYRt2tpORVAFhg2rRMB8GA1UdIwQY
MBaAFAH2SbnQVGInsdRibCCB5NPahQ7+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWZaSnVkQlVZaWV4MUdKc0lJSGswOXFGRHY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9hMTkyM2YtMjZkNy00NGJlLWEyYmUt
MDNjYmRiOGZmOTYwLzEvYmpuT1UySndJeUJoRzNhMms1RlVBV0dEYXRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9hMTkyM2YtMjZkNy00NGJlLWEyYmUtMDNjYmRiOGZmOTYw
LzEvQWZaSnVkQlVZaWV4MUdKc0lJSGswOXFGRHY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSMcMA0G
CSqGSIb3DQEBCwUAA4IBAQA5rO1LHk8ss9A4yWcHhMcwvJDKQBujWWP6unfoAsrF
wuwSMyR6WmU0o1Es4iQ3unwLskP1rdO4kd2KiiVp/cQELWp4VBIvohUhm9MusTX8
G10yOeXYPBpnf/7X/SfC6uEKpdwdItTJjc5M4MMtWqa9H551c28ODhpsDiywqRkx
k+U41N7Fl2NCUdxvPHAKvMAK+v9tRbSiHknVHSU8wLe6IIROVWp7HOuzGIvc1e+M
HXFRCF1R+HF3NTdTNcvQZLnY8U7sTRtB/acWoM326TBv1yAy4sIpnr+cAZKXtS/v
lrOQ/t3dKG9NiAw3CppomVNTBN4pUfnVb5MLcYjoIyxT
-----END CERTIFICATE-----