Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/0bab1f-92d6-42f0-b952-442c080ae541/1/dYJMd1xHra4qPvxWQ63pWL2NPkE.roa
File:                     dYJMd1xHra4qPvxWQ63pWL2NPkE.roa (raw, json)
Hash identifier:          lMxX8BkZ02l91WMGdaFajJSu4NcGeGtSFmauEg/qSlI=
Subject key identifier:   75:82:4C:77:5C:47:AD:AE:2A:3E:FC:56:43:AD:E9:58:BD:8D:3E:41
Certificate issuer:       /CN=36261c261756fa03ac57d1bfc4db856ef808975a
Certificate serial:       0194266B99207CBC306D2056F421BA07C102
Authority key identifier: 36:26:1C:26:17:56:FA:03:AC:57:D1:BF:C4:DB:85:6E:F8:08:97:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NiYcJhdW-gOsV9G_xNuFbvgIl1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/0bab1f-92d6-42f0-b952-442c080ae541/1/dYJMd1xHra4qPvxWQ63pWL2NPkE.roa
Signing time:             Thu 02 Jan 2025 09:49:33 +0000
ROA not before:           Thu 02 Jan 2025 09:49:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20860
IP address blocks:        185.35.77.0/24 maxlen: 24
                          2a00:e120::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/0bab1f-92d6-42f0-b952-442c080ae541/1/NiYcJhdW-gOsV9G_xNuFbvgIl1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/0bab1f-92d6-42f0-b952-442c080ae541/1/NiYcJhdW-gOsV9G_xNuFbvgIl1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NiYcJhdW-gOsV9G_xNuFbvgIl1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:99:20:7c:bc:30:6d:20:56:f4:21:ba:07:c1:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36261c261756fa03ac57d1bfc4db856ef808975a
        Validity
            Not Before: Jan  2 09:49:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=75824c775c47adae2a3efc5643ade958bd8d3e41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:6a:30:cf:ac:9b:a4:b7:e1:61:37:a4:36:48:
                    34:e4:41:b5:57:ab:78:52:d3:3a:7a:06:1e:2a:7b:
                    e5:8e:d2:8b:70:9d:bb:05:98:e8:1d:64:9f:70:fb:
                    e3:28:5a:6e:a5:3e:95:fe:b8:07:29:95:49:1d:09:
                    b8:a7:21:fd:a6:42:6b:9f:04:be:d2:10:40:0b:59:
                    8c:48:03:d9:72:36:f2:ae:d8:bf:6f:e1:2b:a3:87:
                    69:f7:78:3e:ed:17:f1:b9:a5:1b:ed:00:fa:28:84:
                    cb:81:cf:9f:7e:32:9b:62:7c:96:05:be:46:f9:e1:
                    64:e0:72:71:09:32:d6:bb:6d:07:4d:b3:a8:b6:e1:
                    f8:03:93:ff:bf:34:24:12:6b:c0:f3:b6:52:b4:4b:
                    65:9a:00:3d:b2:bd:f8:43:0d:dd:93:7b:93:7c:67:
                    3c:20:48:82:34:2e:da:1f:66:81:58:6e:81:16:68:
                    ac:e3:dc:a7:c1:90:f3:74:e2:26:0d:ec:b7:55:3d:
                    a7:67:9c:80:26:eb:75:f1:53:96:b6:64:45:b1:6b:
                    b2:ce:43:95:ec:ff:f2:b6:6a:7a:41:3c:c3:02:52:
                    f2:f0:39:27:c4:54:d3:3e:0b:4f:0a:0f:46:c1:40:
                    52:92:89:5a:4b:95:f9:14:b9:1f:04:d0:22:df:26:
                    5a:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:82:4C:77:5C:47:AD:AE:2A:3E:FC:56:43:AD:E9:58:BD:8D:3E:41
            X509v3 Authority Key Identifier:
                keyid:36:26:1C:26:17:56:FA:03:AC:57:D1:BF:C4:DB:85:6E:F8:08:97:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NiYcJhdW-gOsV9G_xNuFbvgIl1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/0bab1f-92d6-42f0-b952-442c080ae541/1/dYJMd1xHra4qPvxWQ63pWL2NPkE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/0bab1f-92d6-42f0-b952-442c080ae541/1/NiYcJhdW-gOsV9G_xNuFbvgIl1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.35.77.0/24
                IPv6:
                  2a00:e120::/32

    Signature Algorithm: sha256WithRSAEncryption
         56:d5:50:95:d8:ff:17:55:aa:8c:0f:20:00:aa:67:2f:a6:d7:
         21:6a:5c:b1:3b:d4:42:ae:fe:d1:3d:fd:79:e0:54:20:84:43:
         e3:70:f2:7a:52:37:45:d8:be:ae:10:a0:ca:12:ff:d3:44:9f:
         3a:7a:29:c4:01:fe:8f:ae:86:25:d5:63:f8:22:32:08:59:04:
         fa:e8:a8:64:30:05:55:a6:fc:f9:8a:dc:5e:4b:ce:9f:2d:f3:
         5f:b6:93:84:f2:ab:e0:b0:29:c1:00:14:9b:9c:ac:0f:56:6d:
         85:25:c4:75:ef:f9:6b:f8:a4:6c:bb:5a:c0:47:f0:4f:49:d6:
         34:6b:b9:8c:95:b1:f8:5b:91:54:0e:c2:3a:ea:f7:32:d2:48:
         17:b3:38:61:d4:c6:7a:ab:15:f3:53:df:90:7f:eb:21:26:2f:
         dc:6b:9c:fd:c7:72:0f:c2:6a:76:0f:17:4f:2a:f7:f3:81:44:
         a0:88:58:ac:96:bf:f8:45:0a:cd:d5:ad:f5:04:9a:b2:3e:34:
         ba:8f:17:19:0a:8e:86:94:95:b2:17:44:f2:9d:bc:80:0f:06:
         91:0f:67:52:2b:67:94:37:fc:d2:10:68:78:d8:9b:db:7c:41:
         c4:e4:7a:fa:8e:ee:09:a1:57:6d:ad:f3:90:ac:f0:3f:77:05:
         f9:bf:ce:3d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQma5kgfLwwbSBW9CG6B8ECMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MjYxYzI2MTc1NmZhMDNhYzU3ZDFiZmM0ZGI4NTZlZjgw
ODk3NWEwHhcNMjUwMTAyMDk0OTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTgyNGM3NzVjNDdhZGFlMmEzZWZjNTY0M2FkZTk1OGJkOGQzZTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Wowz6ybpLfhYTekNkg05EG1V6t4
UtM6egYeKnvljtKLcJ27BZjoHWSfcPvjKFpupT6V/rgHKZVJHQm4pyH9pkJrnwS+
0hBAC1mMSAPZcjbyrti/b+Ero4dp93g+7RfxuaUb7QD6KITLgc+ffjKbYnyWBb5G
+eFk4HJxCTLWu20HTbOotuH4A5P/vzQkEmvA87ZStEtlmgA9sr34Qw3dk3uTfGc8
IEiCNC7aH2aBWG6BFmis49ynwZDzdOImDey3VT2nZ5yAJut18VOWtmRFsWuyzkOV
7P/ytmp6QTzDAlLy8DknxFTTPgtPCg9GwUBSkolaS5X5FLkfBNAi3yZayQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHWCTHdcR62uKj78VkOt6Vi9jT5BMB8GA1UdIwQY
MBaAFDYmHCYXVvoDrFfRv8TbhW74CJdaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmlZY0poZFctZ09zVjlHX3hOdUZidmdJbDFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS8wYmFiMWYtOTJkNi00MmYwLWI5NTIt
NDQyYzA4MGFlNTQxLzEvZFlKTWQxeEhyYTRxUHZ4V1E2M3BXTDJOUGtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS8wYmFiMWYtOTJkNi00MmYwLWI5NTItNDQyYzA4MGFlNTQx
LzEvTmlZY0poZFctZ09zVjlHX3hOdUZidmdJbDFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuSNNMA0E
AgACMAcDBQAqAOEgMA0GCSqGSIb3DQEBCwUAA4IBAQBW1VCV2P8XVaqMDyAAqmcv
ptchalyxO9RCrv7RPf154FQghEPjcPJ6UjdF2L6uEKDKEv/TRJ86einEAf6ProYl
1WP4IjIIWQT66KhkMAVVpvz5itxeS86fLfNftpOE8qvgsCnBABSbnKwPVm2FJcR1
7/lr+KRsu1rAR/BPSdY0a7mMlbH4W5FUDsI66vcy0kgXszhh1MZ6qxXzU9+Qf+sh
Ji/ca5z9x3IPwmp2DxdPKvfzgUSgiFislr/4RQrN1a31BJqyPjS6jxcZCo6GlJWy
F0TynbyADwaRD2dSK2eUN/zSEGh42JvbfEHE5Hr6ju4JoVdtrfOQrPA/dwX5v849
-----END CERTIFICATE-----