Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/0bab1f-92d6-42f0-b952-442c080ae541/1/cIHgPQfkeGGkH1YH0us6u-BItEw.roa
File:                     cIHgPQfkeGGkH1YH0us6u-BItEw.roa (raw, json)
Hash identifier:          J09w581HYGMBFoQ3t1ZjBOEodf50+DAwxqhQZWajtY0=
Subject key identifier:   70:81:E0:3D:07:E4:78:61:A4:1F:56:07:D2:EB:3A:BB:E0:48:B4:4C
Certificate issuer:       /CN=36261c261756fa03ac57d1bfc4db856ef808975a
Certificate serial:       018CC86F6A7135867859290F3ECE06E646A4
Authority key identifier: 36:26:1C:26:17:56:FA:03:AC:57:D1:BF:C4:DB:85:6E:F8:08:97:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NiYcJhdW-gOsV9G_xNuFbvgIl1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/0bab1f-92d6-42f0-b952-442c080ae541/1/cIHgPQfkeGGkH1YH0us6u-BItEw.roa
Signing time:             Tue 02 Jan 2024 04:29:54 +0000
ROA not before:           Tue 02 Jan 2024 04:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20860
IP address blocks:        185.35.77.0/24 maxlen: 24
                          2a00:e120::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/0bab1f-92d6-42f0-b952-442c080ae541/1/NiYcJhdW-gOsV9G_xNuFbvgIl1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/0bab1f-92d6-42f0-b952-442c080ae541/1/NiYcJhdW-gOsV9G_xNuFbvgIl1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NiYcJhdW-gOsV9G_xNuFbvgIl1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:6a:71:35:86:78:59:29:0f:3e:ce:06:e6:46:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36261c261756fa03ac57d1bfc4db856ef808975a
        Validity
            Not Before: Jan  2 04:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7081e03d07e47861a41f5607d2eb3abbe048b44c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:61:10:1c:8c:5c:f1:d4:fe:b7:43:08:e7:8a:
                    21:aa:fe:96:27:0e:79:13:1e:34:f8:63:8d:73:ba:
                    3b:eb:0f:39:13:da:53:8c:bf:34:45:37:5e:59:fe:
                    77:c0:7e:76:65:9d:a8:29:a8:50:b1:3f:4b:f4:67:
                    f5:52:a1:e2:e0:79:8f:97:bb:17:2c:08:a8:e2:06:
                    56:b7:a3:6c:72:94:02:52:bd:ca:26:4d:d4:1f:62:
                    35:e9:d5:0a:a0:63:ff:31:2c:e4:d4:5b:f3:48:b6:
                    c6:89:f6:db:70:f8:48:c7:c9:82:77:ac:db:5b:8f:
                    21:c1:15:db:12:03:dc:61:2a:85:30:41:fa:9d:8d:
                    c9:7d:f9:9a:8c:34:77:33:75:6d:96:a3:60:83:1d:
                    ba:6e:70:82:bc:cd:66:3c:78:2b:20:c5:2f:68:92:
                    84:ca:a7:3e:9b:c5:02:96:58:d1:f6:42:e0:b9:f2:
                    76:ae:a0:12:40:3f:95:c8:9b:fa:3d:73:94:00:a4:
                    2e:c0:01:23:ba:d2:12:02:0a:2b:e6:74:d0:6c:f6:
                    4f:a4:b5:27:25:f7:2a:c0:cd:57:db:a5:28:97:4b:
                    c0:19:d9:1e:90:a3:af:ea:35:0e:a2:f7:a2:00:69:
                    7e:b9:6b:2a:f6:91:66:bd:60:f1:46:cf:35:cc:60:
                    ad:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:81:E0:3D:07:E4:78:61:A4:1F:56:07:D2:EB:3A:BB:E0:48:B4:4C
            X509v3 Authority Key Identifier:
                keyid:36:26:1C:26:17:56:FA:03:AC:57:D1:BF:C4:DB:85:6E:F8:08:97:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NiYcJhdW-gOsV9G_xNuFbvgIl1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/0bab1f-92d6-42f0-b952-442c080ae541/1/cIHgPQfkeGGkH1YH0us6u-BItEw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/0bab1f-92d6-42f0-b952-442c080ae541/1/NiYcJhdW-gOsV9G_xNuFbvgIl1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.35.77.0/24
                IPv6:
                  2a00:e120::/32

    Signature Algorithm: sha256WithRSAEncryption
         45:b0:23:3a:e5:bd:c8:db:f3:4b:6b:93:e5:8e:08:24:1e:c9:
         bb:b2:f0:b6:37:08:63:8c:b2:df:2e:8b:44:5c:6c:67:74:2a:
         a5:80:67:cf:90:a7:6a:38:6f:bd:5b:2b:52:2f:d1:76:22:68:
         0e:1d:97:d2:23:94:71:84:a0:db:c0:90:1c:5a:af:3d:d4:f4:
         78:02:8e:13:71:10:d5:1b:55:93:56:df:f0:83:a9:a5:9d:30:
         96:0a:11:44:36:bd:b7:64:e7:5b:d8:e7:77:1f:a3:92:7f:a0:
         58:e4:3c:7e:69:56:78:59:be:97:ba:29:b7:ba:2a:1a:83:8e:
         7f:0f:45:ea:84:9b:62:85:a2:8a:10:b0:e4:73:f9:c1:56:c4:
         6b:b2:94:9f:cb:3f:96:21:84:e7:c7:47:16:cf:8e:7b:1e:ce:
         53:8b:76:15:ce:19:18:44:6e:7e:a0:ac:9b:14:f9:22:c6:3c:
         50:01:c4:72:2e:39:79:44:4e:50:a5:6b:d4:78:04:68:45:86:
         1c:67:a9:77:d4:c8:40:c8:a1:d3:7b:af:3b:25:29:f2:ac:f6:
         ac:f3:ff:85:67:a2:3f:9f:e1:f5:26:8e:01:13:28:a8:8c:b6:
         89:fd:1f:a8:4e:10:d3:c5:ba:79:89:eb:3c:76:a0:be:c8:bf:
         51:6d:83:22
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIb2pxNYZ4WSkPPs4G5kakMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MjYxYzI2MTc1NmZhMDNhYzU3ZDFiZmM0ZGI4NTZlZjgw
ODk3NWEwHhcNMjQwMTAyMDQyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDgxZTAzZDA3ZTQ3ODYxYTQxZjU2MDdkMmViM2FiYmUwNDhiNDRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2EQHIxc8dT+t0MI54ohqv6WJw55
Ex40+GONc7o76w85E9pTjL80RTdeWf53wH52ZZ2oKahQsT9L9Gf1UqHi4HmPl7sX
LAio4gZWt6NscpQCUr3KJk3UH2I16dUKoGP/MSzk1FvzSLbGifbbcPhIx8mCd6zb
W48hwRXbEgPcYSqFMEH6nY3JffmajDR3M3VtlqNggx26bnCCvM1mPHgrIMUvaJKE
yqc+m8UClljR9kLgufJ2rqASQD+VyJv6PXOUAKQuwAEjutISAgor5nTQbPZPpLUn
JfcqwM1X26Uol0vAGdkekKOv6jUOoveiAGl+uWsq9pFmvWDxRs81zGCtaQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHCB4D0H5HhhpB9WB9LrOrvgSLRMMB8GA1UdIwQY
MBaAFDYmHCYXVvoDrFfRv8TbhW74CJdaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmlZY0poZFctZ09zVjlHX3hOdUZidmdJbDFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS8wYmFiMWYtOTJkNi00MmYwLWI5NTIt
NDQyYzA4MGFlNTQxLzEvY0lIZ1BRZmtlR0drSDFZSDB1czZ1LUJJdEV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS8wYmFiMWYtOTJkNi00MmYwLWI5NTItNDQyYzA4MGFlNTQx
LzEvTmlZY0poZFctZ09zVjlHX3hOdUZidmdJbDFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuSNNMA0E
AgACMAcDBQAqAOEgMA0GCSqGSIb3DQEBCwUAA4IBAQBFsCM65b3I2/NLa5Pljggk
Hsm7svC2NwhjjLLfLotEXGxndCqlgGfPkKdqOG+9WytSL9F2ImgOHZfSI5RxhKDb
wJAcWq891PR4Ao4TcRDVG1WTVt/wg6mlnTCWChFENr23ZOdb2Od3H6OSf6BY5Dx+
aVZ4Wb6Xuim3uioag45/D0XqhJtihaKKELDkc/nBVsRrspSfyz+WIYTnx0cWz457
Hs5Ti3YVzhkYRG5+oKybFPkixjxQAcRyLjl5RE5QpWvUeARoRYYcZ6l31MhAyKHT
e687JSnyrPas8/+FZ6I/n+H1Jo4BEyiojLaJ/R+oThDTxbp5ies8dqC+yL9RbYMi
-----END CERTIFICATE-----