Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/cc4fe9-e48c-42da-97ea-ab57cabc18f7/1/9aVuxmNAtqyxlU-ql9VTZiP80-0.roa
File:                     9aVuxmNAtqyxlU-ql9VTZiP80-0.roa (raw, json)
Hash identifier:          nzkLDX+XoqC0FODbMgwCTFLOnHtexEzj09CD+ATPgyk=
Subject key identifier:   F5:A5:6E:C6:63:40:B6:AC:B1:95:4F:AA:97:D5:53:66:23:FC:D3:ED
Certificate issuer:       /CN=35b03ec85d08607a6b1ddf1fe79dc651ccfe3f37
Certificate serial:       018CC56ED139E7BF06ECDE68ED302EB729DB
Authority key identifier: 35:B0:3E:C8:5D:08:60:7A:6B:1D:DF:1F:E7:9D:C6:51:CC:FE:3F:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NbA-yF0IYHprHd8f553GUcz-Pzc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/cc4fe9-e48c-42da-97ea-ab57cabc18f7/1/9aVuxmNAtqyxlU-ql9VTZiP80-0.roa
Signing time:             Mon 01 Jan 2024 14:30:23 +0000
ROA not before:           Mon 01 Jan 2024 14:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44134
IP address blocks:        217.71.0.0/20 maxlen: 20
                          79.142.224.0/20 maxlen: 20
                          2a02:2190::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/cc4fe9-e48c-42da-97ea-ab57cabc18f7/1/NbA-yF0IYHprHd8f553GUcz-Pzc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/cc4fe9-e48c-42da-97ea-ab57cabc18f7/1/NbA-yF0IYHprHd8f553GUcz-Pzc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NbA-yF0IYHprHd8f553GUcz-Pzc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:d1:39:e7:bf:06:ec:de:68:ed:30:2e:b7:29:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35b03ec85d08607a6b1ddf1fe79dc651ccfe3f37
        Validity
            Not Before: Jan  1 14:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5a56ec66340b6acb1954faa97d5536623fcd3ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:2a:0d:9b:ee:28:d9:0a:a8:cd:d2:b4:d8:a1:
                    34:97:23:9b:69:10:26:ce:85:b3:c0:dc:db:1d:f9:
                    8f:dd:9a:9b:c5:96:36:c9:65:7e:d5:ea:a0:12:cf:
                    63:cf:e2:d3:e6:a0:a9:48:6a:83:99:5c:2a:43:21:
                    3f:c8:5e:2c:0d:5d:9f:9e:60:7f:d1:fb:91:3b:9d:
                    5a:f3:64:47:97:5a:a1:c3:50:12:15:3d:12:37:e0:
                    b0:9d:83:a1:ea:87:4e:35:bb:ba:45:84:f4:af:3b:
                    79:8d:85:58:07:81:96:5e:d1:66:06:39:b2:91:ca:
                    d2:9f:cc:6d:57:c2:be:8b:6e:a1:b1:3c:77:77:36:
                    f3:e9:9f:8e:68:1c:b3:ed:b6:cf:48:63:78:1c:3b:
                    be:a3:6c:79:50:23:60:fb:97:fb:fa:57:44:bb:72:
                    99:62:c3:df:1c:0a:a5:74:1d:c1:e2:21:5e:ca:27:
                    f5:98:0f:ef:24:b6:e8:28:e9:a9:20:24:c7:75:97:
                    31:96:13:15:e9:dc:3d:89:81:3f:59:df:57:93:48:
                    48:8a:0d:2f:b2:e6:00:81:1e:12:fc:e4:f0:d5:ed:
                    0d:b6:a5:59:7d:fd:17:d3:65:2e:61:fc:0f:91:10:
                    eb:9b:72:e0:e3:db:b1:5b:c5:fe:4c:67:fe:fb:45:
                    8b:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:A5:6E:C6:63:40:B6:AC:B1:95:4F:AA:97:D5:53:66:23:FC:D3:ED
            X509v3 Authority Key Identifier:
                keyid:35:B0:3E:C8:5D:08:60:7A:6B:1D:DF:1F:E7:9D:C6:51:CC:FE:3F:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NbA-yF0IYHprHd8f553GUcz-Pzc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/cc4fe9-e48c-42da-97ea-ab57cabc18f7/1/9aVuxmNAtqyxlU-ql9VTZiP80-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/cc4fe9-e48c-42da-97ea-ab57cabc18f7/1/NbA-yF0IYHprHd8f553GUcz-Pzc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.142.224.0/20
                  217.71.0.0/20
                IPv6:
                  2a02:2190::/29

    Signature Algorithm: sha256WithRSAEncryption
         11:45:c2:85:8b:60:0b:db:76:df:40:bd:b8:f2:a9:3b:be:1a:
         46:47:62:b0:bd:c4:7a:dd:dd:74:a1:14:c0:bb:d7:1c:6b:3d:
         69:d9:8c:0a:c0:63:81:df:56:09:8b:3d:a4:28:e7:3a:a2:0f:
         d6:eb:2a:91:4a:7f:d9:34:97:34:93:f9:09:41:d5:a9:91:14:
         99:0e:c0:05:d8:5a:cf:7b:4c:c4:5c:b8:0d:b3:58:10:73:51:
         c9:df:1d:8c:b9:b4:51:56:b9:8c:6a:5b:23:ea:8b:d2:3e:07:
         b6:fa:ff:3a:56:7c:67:d1:7b:74:3c:1b:1c:08:b8:07:81:52:
         59:37:e5:14:c1:d7:d4:d3:fc:74:15:f8:f8:19:47:0c:c1:81:
         c9:57:eb:35:08:c4:e7:d7:cc:b3:ed:cc:2a:c1:6e:43:61:47:
         6d:04:67:0f:cf:e2:86:20:df:c1:09:e3:d4:4b:0d:a3:69:a7:
         ed:b6:93:30:c2:7e:2f:e7:e7:65:87:71:3d:03:3b:15:af:5a:
         c6:7d:0b:c3:e9:07:ac:16:44:6d:74:e8:2c:5e:81:b5:82:d6:
         a2:b5:47:10:5a:b8:32:3d:46:93:6a:7d:c1:82:a4:fc:d3:4c:
         d2:c8:72:de:28:1c:cc:32:52:7b:f6:1f:c4:f2:62:e6:37:a2:
         29:be:9a:1f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzFbtE5578G7N5o7TAutynbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1YjAzZWM4NWQwODYwN2E2YjFkZGYxZmU3OWRjNjUxY2Nm
ZTNmMzcwHhcNMjQwMTAxMTQzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWE1NmVjNjYzNDBiNmFjYjE5NTRmYWE5N2Q1NTM2NjIzZmNkM2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmCoNm+4o2QqozdK02KE0lyObaRAm
zoWzwNzbHfmP3ZqbxZY2yWV+1eqgEs9jz+LT5qCpSGqDmVwqQyE/yF4sDV2fnmB/
0fuRO51a82RHl1qhw1ASFT0SN+CwnYOh6odONbu6RYT0rzt5jYVYB4GWXtFmBjmy
kcrSn8xtV8K+i26hsTx3dzbz6Z+OaByz7bbPSGN4HDu+o2x5UCNg+5f7+ldEu3KZ
YsPfHAqldB3B4iFeyif1mA/vJLboKOmpICTHdZcxlhMV6dw9iYE/Wd9Xk0hIig0v
suYAgR4S/OTw1e0NtqVZff0X02UuYfwPkRDrm3Lg49uxW8X+TGf++0WLiQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFPWlbsZjQLassZVPqpfVU2Yj/NPtMB8GA1UdIwQY
MBaAFDWwPshdCGB6ax3fH+edxlHM/j83MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmJBLXlGMElZSHBySGQ4ZjU1M0dVY3otUHpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9jYzRmZTktZTQ4Yy00MmRhLTk3ZWEt
YWI1N2NhYmMxOGY3LzEvOWFWdXhtTkF0cXl4bFUtcWw5VlRaaVA4MC0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9jYzRmZTktZTQ4Yy00MmRhLTk3ZWEtYWI1N2NhYmMxOGY3
LzEvTmJBLXlGMElZSHBySGQ4ZjU1M0dVY3otUHpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQET47gAwQE
2UcAMA0EAgACMAcDBQMqAiGQMA0GCSqGSIb3DQEBCwUAA4IBAQARRcKFi2AL23bf
QL248qk7vhpGR2KwvcR63d10oRTAu9ccaz1p2YwKwGOB31YJiz2kKOc6og/W6yqR
Sn/ZNJc0k/kJQdWpkRSZDsAF2FrPe0zEXLgNs1gQc1HJ3x2MubRRVrmMalsj6ovS
Pge2+v86Vnxn0Xt0PBscCLgHgVJZN+UUwdfU0/x0Ffj4GUcMwYHJV+s1CMTn18yz
7cwqwW5DYUdtBGcPz+KGIN/BCePUSw2jaafttpMwwn4v5+dlh3E9AzsVr1rGfQvD
6QesFkRtdOgsXoG1gtaitUcQWrgyPUaTan3BgqT800zSyHLeKBzMMlJ79h/E8mLm
N6Ipvpof
-----END CERTIFICATE-----