Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/c5708b-faf9-42a4-bf48-4b8578715154/1/uttZJDL3LQ7QDxUT6eilC7zrvqs.roa
File:                     uttZJDL3LQ7QDxUT6eilC7zrvqs.roa (raw, json)
Hash identifier:          w5gBSlKjA5Lu1HULnBbNVdum/zMpOaAXAiNTMSLvzE0=
Subject key identifier:   BA:DB:59:24:32:F7:2D:0E:D0:0F:15:13:E9:E8:A5:0B:BC:EB:BE:AB
Certificate issuer:       /CN=e75bce163cb502a657f272f79fd3e487fbbd4b88
Certificate serial:       019424B384B48AE3C48AAE5F0A3FD0AF7B75
Authority key identifier: E7:5B:CE:16:3C:B5:02:A6:57:F2:72:F7:9F:D3:E4:87:FB:BD:4B:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/51vOFjy1AqZX8nL3n9Pkh_u9S4g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/c5708b-faf9-42a4-bf48-4b8578715154/1/uttZJDL3LQ7QDxUT6eilC7zrvqs.roa
Signing time:             Thu 02 Jan 2025 01:48:52 +0000
ROA not before:           Thu 02 Jan 2025 01:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206377
IP address blocks:        185.35.84.0/22 maxlen: 22
                          2a00:f280::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/c5708b-faf9-42a4-bf48-4b8578715154/1/51vOFjy1AqZX8nL3n9Pkh_u9S4g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/c5708b-faf9-42a4-bf48-4b8578715154/1/51vOFjy1AqZX8nL3n9Pkh_u9S4g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/51vOFjy1AqZX8nL3n9Pkh_u9S4g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:84:b4:8a:e3:c4:8a:ae:5f:0a:3f:d0:af:7b:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e75bce163cb502a657f272f79fd3e487fbbd4b88
        Validity
            Not Before: Jan  2 01:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=badb592432f72d0ed00f1513e9e8a50bbcebbeab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:5c:30:fd:7a:0e:ee:e4:c2:22:5b:8a:7d:41:
                    80:8d:aa:58:82:fe:30:a0:93:28:2c:42:3e:7b:80:
                    56:b8:a9:9f:ed:e5:97:65:00:3b:3e:9d:90:6a:e1:
                    a7:90:a3:d6:5b:35:96:71:60:cb:0b:2b:7f:3a:51:
                    0a:b9:41:ca:5e:8c:e6:b6:3a:aa:a4:a7:bf:8f:0e:
                    d3:4b:28:d4:4c:5b:28:2e:da:95:48:e2:d8:1d:5e:
                    80:bf:18:68:06:38:24:74:bb:3b:2b:03:e0:1b:8a:
                    5c:75:11:05:68:da:5c:3b:64:00:a1:f5:35:d6:15:
                    b1:f6:a9:66:9f:de:03:44:71:ac:42:76:e9:73:73:
                    de:e1:21:bb:52:52:e2:fb:7c:4a:7a:2c:65:57:96:
                    91:00:86:51:15:4b:f6:09:e4:d2:fb:12:79:f2:e0:
                    a3:c8:97:10:5a:86:5f:f2:72:9c:08:aa:12:e2:ad:
                    b4:e8:f3:c6:49:17:f9:a2:89:57:92:7f:d9:e1:19:
                    c2:4a:6a:df:76:32:de:78:37:17:32:82:d9:71:cb:
                    01:8b:a0:eb:d6:c1:df:c2:fa:05:6b:e0:ff:97:61:
                    b8:7b:f9:89:21:03:f4:76:2a:be:f1:19:c4:d7:3a:
                    3e:76:d9:6e:9a:8f:bb:11:65:cf:4a:a2:37:4b:fe:
                    3a:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:DB:59:24:32:F7:2D:0E:D0:0F:15:13:E9:E8:A5:0B:BC:EB:BE:AB
            X509v3 Authority Key Identifier:
                keyid:E7:5B:CE:16:3C:B5:02:A6:57:F2:72:F7:9F:D3:E4:87:FB:BD:4B:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/51vOFjy1AqZX8nL3n9Pkh_u9S4g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/c5708b-faf9-42a4-bf48-4b8578715154/1/uttZJDL3LQ7QDxUT6eilC7zrvqs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/c5708b-faf9-42a4-bf48-4b8578715154/1/51vOFjy1AqZX8nL3n9Pkh_u9S4g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.35.84.0/22
                IPv6:
                  2a00:f280::/32

    Signature Algorithm: sha256WithRSAEncryption
         52:c8:0e:aa:aa:69:21:81:12:74:0c:f7:82:85:28:90:2d:13:
         db:b1:dd:5a:58:a6:bd:b8:6f:a1:de:e1:b4:85:38:ba:6e:08:
         c6:31:47:e6:23:61:e6:29:89:fc:fc:f2:6d:d4:a0:4a:85:6a:
         6e:7e:0b:05:b5:a7:2d:0d:2a:55:98:84:13:6f:17:63:8a:79:
         9f:2e:37:4e:7f:20:2b:1d:9a:e9:a5:12:dd:39:0c:72:2e:dd:
         a1:4c:bf:72:02:5d:0a:52:26:ba:75:af:b4:1c:ea:20:1f:75:
         7e:4c:54:7a:1f:bb:67:4f:bc:84:74:cf:2b:8d:4f:78:cc:86:
         2d:0e:a6:dc:e6:95:09:01:93:77:59:0a:a3:fd:c8:e2:5d:4b:
         5d:bd:78:0a:9b:21:a0:13:8a:3c:59:5c:15:a1:0a:48:a3:26:
         07:39:a3:c7:eb:ee:db:d5:e1:56:2c:2e:63:dd:1b:f4:5a:d0:
         61:c0:f9:e1:14:f1:68:c8:fb:9e:a6:4e:18:3b:5d:98:a8:94:
         1d:89:20:2b:de:bc:c6:d1:fb:9c:de:0d:f8:95:e5:4d:e4:ad:
         f7:d7:c7:4e:db:54:a1:2a:e1:82:5f:67:dd:7d:99:00:ae:02:
         76:92:4e:ef:5e:8b:45:d0:19:26:ae:e0:b5:30:ee:13:5c:8b:
         cb:8b:b0:f0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQks4S0iuPEiq5fCj/Qr3t1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NWJjZTE2M2NiNTAyYTY1N2YyNzJmNzlmZDNlNDg3ZmJi
ZDRiODgwHhcNMjUwMTAyMDE0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWRiNTkyNDMyZjcyZDBlZDAwZjE1MTNlOWU4YTUwYmJjZWJiZWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv1ww/XoO7uTCIluKfUGAjapYgv4w
oJMoLEI+e4BWuKmf7eWXZQA7Pp2QauGnkKPWWzWWcWDLCyt/OlEKuUHKXozmtjqq
pKe/jw7TSyjUTFsoLtqVSOLYHV6AvxhoBjgkdLs7KwPgG4pcdREFaNpcO2QAofU1
1hWx9qlmn94DRHGsQnbpc3Pe4SG7UlLi+3xKeixlV5aRAIZRFUv2CeTS+xJ58uCj
yJcQWoZf8nKcCKoS4q206PPGSRf5oolXkn/Z4RnCSmrfdjLeeDcXMoLZccsBi6Dr
1sHfwvoFa+D/l2G4e/mJIQP0diq+8RnE1zo+dtlumo+7EWXPSqI3S/46EQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLrbWSQy9y0O0A8VE+nopQu8676rMB8GA1UdIwQY
MBaAFOdbzhY8tQKmV/Jy95/T5If7vUuIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTF2T0ZqeTFBcVpYOG5MM245UGtoX3U5UzRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9jNTcwOGItZmFmOS00MmE0LWJmNDgt
NGI4NTc4NzE1MTU0LzEvdXR0WkpETDNMUTdRRHhVVDZlaWxDN3pydnFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9jNTcwOGItZmFmOS00MmE0LWJmNDgtNGI4NTc4NzE1MTU0
LzEvNTF2T0ZqeTFBcVpYOG5MM245UGtoX3U5UzRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSNUMA0E
AgACMAcDBQAqAPKAMA0GCSqGSIb3DQEBCwUAA4IBAQBSyA6qqmkhgRJ0DPeChSiQ
LRPbsd1aWKa9uG+h3uG0hTi6bgjGMUfmI2HmKYn8/PJt1KBKhWpufgsFtactDSpV
mIQTbxdjinmfLjdOfyArHZrppRLdOQxyLt2hTL9yAl0KUia6da+0HOogH3V+TFR6
H7tnT7yEdM8rjU94zIYtDqbc5pUJAZN3WQqj/cjiXUtdvXgKmyGgE4o8WVwVoQpI
oyYHOaPH6+7b1eFWLC5j3Rv0WtBhwPnhFPFoyPuepk4YO12YqJQdiSAr3rzG0fuc
3g34leVN5K3318dO21ShKuGCX2fdfZkArgJ2kk7vXotF0BkmruC1MO4TXIvLi7Dw
-----END CERTIFICATE-----