Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/d9b450-729d-48de-ab8f-cec40e425264/1/UbR91Lh79TeOKSL7HjA3VnMOrus.roa
File:                     UbR91Lh79TeOKSL7HjA3VnMOrus.roa (raw, json)
Hash identifier:          5VVT75cHk7MV6sSZuMktUj5YHXLh6pZyxjKNqlUtG3k=
Subject key identifier:   51:B4:7D:D4:B8:7B:F5:37:8E:29:22:FB:1E:30:37:56:73:0E:AE:EB
Certificate issuer:       /CN=3f947c4fd2396d9edb8bc454405e57558d8b9502
Certificate serial:       018CC26D5084A2F383358EFE0358BF5A497E
Authority key identifier: 3F:94:7C:4F:D2:39:6D:9E:DB:8B:C4:54:40:5E:57:55:8D:8B:95:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P5R8T9I5bZ7bi8RUQF5XVY2LlQI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/d9b450-729d-48de-ab8f-cec40e425264/1/UbR91Lh79TeOKSL7HjA3VnMOrus.roa
Signing time:             Mon 01 Jan 2024 00:29:53 +0000
ROA not before:           Mon 01 Jan 2024 00:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        185.1.35.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/d9b450-729d-48de-ab8f-cec40e425264/1/P5R8T9I5bZ7bi8RUQF5XVY2LlQI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/d9b450-729d-48de-ab8f-cec40e425264/1/P5R8T9I5bZ7bi8RUQF5XVY2LlQI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P5R8T9I5bZ7bi8RUQF5XVY2LlQI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Apr 2024 07:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:50:84:a2:f3:83:35:8e:fe:03:58:bf:5a:49:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f947c4fd2396d9edb8bc454405e57558d8b9502
        Validity
            Not Before: Jan  1 00:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51b47dd4b87bf5378e2922fb1e303756730eaeeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:86:2c:6f:31:fa:9b:d6:80:ce:b8:42:01:b6:
                    f3:23:f0:7a:83:9f:cd:c5:63:88:07:2d:2d:21:fe:
                    9f:d1:fd:e9:b4:1c:7c:fb:b4:c7:66:76:92:56:b9:
                    95:e1:3f:12:76:a2:db:72:d1:fa:55:0d:e1:46:c0:
                    e2:67:7c:9c:84:2b:fa:d0:9f:39:35:0e:6c:85:52:
                    05:9f:e6:2f:c2:02:f3:f5:04:8e:70:6e:70:9d:66:
                    81:cb:58:eb:c3:2b:14:89:05:fb:72:dc:4a:57:49:
                    23:e0:10:78:8b:81:c5:6d:8c:33:b6:3e:3d:64:8c:
                    ad:63:06:d4:30:0c:73:44:8b:77:a7:00:0c:11:d9:
                    8f:17:49:e3:1e:9d:28:cd:2d:c3:c5:34:53:5a:07:
                    ff:d4:f7:4a:b6:b1:16:72:93:e2:39:09:e9:d8:50:
                    34:85:7a:5f:c6:e6:fd:f7:a8:9b:39:69:12:a9:97:
                    b8:9e:e6:34:aa:7e:68:e6:a9:b3:99:b8:81:5b:90:
                    72:f5:54:13:ff:10:cc:88:e6:91:c9:c0:58:1c:ce:
                    fd:04:c0:3a:f2:46:a2:20:a6:a1:9c:8d:e8:f5:74:
                    d9:94:19:ee:f3:0a:4d:6c:73:63:54:e7:66:c3:b8:
                    e4:30:ba:72:f5:6a:dd:d4:3a:29:8c:9b:79:58:28:
                    83:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:B4:7D:D4:B8:7B:F5:37:8E:29:22:FB:1E:30:37:56:73:0E:AE:EB
            X509v3 Authority Key Identifier:
                keyid:3F:94:7C:4F:D2:39:6D:9E:DB:8B:C4:54:40:5E:57:55:8D:8B:95:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P5R8T9I5bZ7bi8RUQF5XVY2LlQI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/d9b450-729d-48de-ab8f-cec40e425264/1/UbR91Lh79TeOKSL7HjA3VnMOrus.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/d9b450-729d-48de-ab8f-cec40e425264/1/P5R8T9I5bZ7bi8RUQF5XVY2LlQI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:a9:28:94:68:44:0f:a2:7e:20:d2:e0:84:c1:69:42:87:5a:
         de:5c:2c:9e:32:7c:cd:1b:d7:09:be:e4:f8:d7:fe:a5:a8:6e:
         7f:79:fa:11:d2:24:8f:b1:b7:70:cd:8d:b5:ab:89:e4:35:3e:
         59:48:ab:81:53:04:9a:a2:15:55:38:24:fe:83:a3:00:88:55:
         6d:45:d7:76:9d:f2:fb:d5:16:73:7a:6e:8a:0f:1f:f8:6f:88:
         10:19:f8:6d:0a:76:f2:d0:0f:d9:f7:0b:08:19:62:29:d1:07:
         59:96:26:03:3a:e2:53:5d:e5:5f:50:f4:cc:46:c8:b3:85:8b:
         1c:f0:35:63:3d:93:8e:16:95:e1:e7:4a:b8:da:67:36:a8:0b:
         f5:7c:d1:5e:8a:cb:eb:bc:ad:a2:9c:ff:59:91:ea:84:4f:b2:
         44:f5:a9:d0:7e:f8:6b:d3:9a:56:30:a5:a3:91:dd:6e:40:b4:
         0f:18:70:57:08:41:3e:02:0e:a1:e8:8e:1b:48:fd:4b:00:3e:
         78:70:46:a0:a2:44:03:0d:b5:6f:ab:29:d4:fb:7b:5e:e2:f9:
         fa:66:b7:97:7b:e5:85:ba:5d:cb:de:c0:b0:67:f3:63:53:da:
         5d:92:09:25:2d:c7:c2:a1:6d:b7:62:e9:82:8f:8c:84:cc:6a:
         96:c8:17:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbVCEovODNY7+A1i/Wkl+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmOTQ3YzRmZDIzOTZkOWVkYjhiYzQ1NDQwNWU1NzU1OGQ4
Yjk1MDIwHhcNMjQwMTAxMDAyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWI0N2RkNGI4N2JmNTM3OGUyOTIyZmIxZTMwMzc1NjczMGVhZWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnoYsbzH6m9aAzrhCAbbzI/B6g5/N
xWOIBy0tIf6f0f3ptBx8+7THZnaSVrmV4T8SdqLbctH6VQ3hRsDiZ3ychCv60J85
NQ5shVIFn+YvwgLz9QSOcG5wnWaBy1jrwysUiQX7ctxKV0kj4BB4i4HFbYwztj49
ZIytYwbUMAxzRIt3pwAMEdmPF0njHp0ozS3DxTRTWgf/1PdKtrEWcpPiOQnp2FA0
hXpfxub996ibOWkSqZe4nuY0qn5o5qmzmbiBW5By9VQT/xDMiOaRycBYHM79BMA6
8kaiIKahnI3o9XTZlBnu8wpNbHNjVOdmw7jkMLpy9Wrd1DopjJt5WCiDdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFG0fdS4e/U3jiki+x4wN1ZzDq7rMB8GA1UdIwQY
MBaAFD+UfE/SOW2e24vEVEBeV1WNi5UCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDVSOFQ5STViWjdiaThSVVFGNVhWWTJMbFFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9kOWI0NTAtNzI5ZC00OGRlLWFiOGYt
Y2VjNDBlNDI1MjY0LzEvVWJSOTFMaDc5VGVPS1NMN0hqQTNWbk1PcnVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9kOWI0NTAtNzI5ZC00OGRlLWFiOGYtY2VjNDBlNDI1MjY0
LzEvUDVSOFQ5STViWjdiaThSVVFGNVhWWTJMbFFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQEjMA0G
CSqGSIb3DQEBCwUAA4IBAQAqqSiUaEQPon4g0uCEwWlCh1reXCyeMnzNG9cJvuT4
1/6lqG5/efoR0iSPsbdwzY21q4nkNT5ZSKuBUwSaohVVOCT+g6MAiFVtRdd2nfL7
1RZzem6KDx/4b4gQGfhtCnby0A/Z9wsIGWIp0QdZliYDOuJTXeVfUPTMRsizhYsc
8DVjPZOOFpXh50q42mc2qAv1fNFeisvrvK2inP9ZkeqET7JE9anQfvhr05pWMKWj
kd1uQLQPGHBXCEE+Ag6h6I4bSP1LAD54cEagokQDDbVvqynU+3te4vn6ZreXe+WF
ul3L3sCwZ/NjU9pdkgklLcfCoW23YumCj4yEzGqWyBcw
-----END CERTIFICATE-----