Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/270a91-cbfd-4503-b960-4c21a505f346/1/w6nRqqLinLORL7W_fsNehh2pePE.roa
File:                     w6nRqqLinLORL7W_fsNehh2pePE.roa (raw, json)
Hash identifier:          hnUVitPfz7Hljib/HgZzf6AtllwvuxtgqDf0jZ0Pk10=
Subject key identifier:   C3:A9:D1:AA:A2:E2:9C:B3:91:2F:B5:BF:7E:C3:5E:86:1D:A9:78:F1
Certificate issuer:       /CN=a952d0d266557385836aab7ae3fdced4ca74ad89
Certificate serial:       019422FBACFECD46894EC3364B48E95E665D
Authority key identifier: A9:52:D0:D2:66:55:73:85:83:6A:AB:7A:E3:FD:CE:D4:CA:74:AD:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qVLQ0mZVc4WDaqt64_3O1Mp0rYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/270a91-cbfd-4503-b960-4c21a505f346/1/w6nRqqLinLORL7W_fsNehh2pePE.roa
Signing time:             Wed 01 Jan 2025 17:48:26 +0000
ROA not before:           Wed 01 Jan 2025 17:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61424
IP address blocks:        5.35.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/270a91-cbfd-4503-b960-4c21a505f346/1/qVLQ0mZVc4WDaqt64_3O1Mp0rYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/270a91-cbfd-4503-b960-4c21a505f346/1/qVLQ0mZVc4WDaqt64_3O1Mp0rYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qVLQ0mZVc4WDaqt64_3O1Mp0rYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:ac:fe:cd:46:89:4e:c3:36:4b:48:e9:5e:66:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a952d0d266557385836aab7ae3fdced4ca74ad89
        Validity
            Not Before: Jan  1 17:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c3a9d1aaa2e29cb3912fb5bf7ec35e861da978f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:cd:14:50:ce:fb:44:c8:5d:44:50:18:15:5c:
                    ba:e1:df:f5:73:bb:5a:34:6f:3c:d5:dd:29:d6:b0:
                    c4:17:de:14:5e:30:d5:fb:7b:e2:20:6a:21:8f:f3:
                    ef:f7:33:d8:1a:ab:d8:04:46:74:ea:e6:57:83:31:
                    6e:cb:85:3a:c9:47:39:4b:89:ba:ca:42:a6:7d:3b:
                    a2:38:d0:a6:32:4f:5a:65:f5:e2:cf:74:63:49:aa:
                    ca:37:fd:82:3d:1e:78:0c:66:00:cd:32:a6:d6:71:
                    87:7d:bb:1a:fa:97:8f:a7:86:a1:90:97:d3:e4:d0:
                    d9:15:38:00:80:c5:0e:2f:3b:1f:c7:65:23:38:74:
                    74:93:2d:44:73:d9:3f:d0:92:33:47:bb:c5:04:95:
                    4b:9b:e4:0d:5b:84:22:09:85:d9:2c:36:00:6c:e4:
                    bc:15:d1:48:9e:82:86:50:8f:99:8e:95:51:d3:b1:
                    94:27:7d:78:f6:dd:f3:aa:b8:eb:74:6f:c6:54:fa:
                    5c:de:38:ed:dc:4a:5b:73:50:05:33:99:95:51:5e:
                    e6:51:88:79:98:17:4a:4a:76:87:d1:82:b7:cd:31:
                    f2:ce:d5:d2:6d:47:dc:35:6f:bf:b9:78:5e:43:2a:
                    96:73:78:de:11:40:71:26:e0:8f:04:86:3d:6c:f8:
                    d7:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:A9:D1:AA:A2:E2:9C:B3:91:2F:B5:BF:7E:C3:5E:86:1D:A9:78:F1
            X509v3 Authority Key Identifier:
                keyid:A9:52:D0:D2:66:55:73:85:83:6A:AB:7A:E3:FD:CE:D4:CA:74:AD:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qVLQ0mZVc4WDaqt64_3O1Mp0rYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/270a91-cbfd-4503-b960-4c21a505f346/1/w6nRqqLinLORL7W_fsNehh2pePE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/270a91-cbfd-4503-b960-4c21a505f346/1/qVLQ0mZVc4WDaqt64_3O1Mp0rYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.35.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:38:63:64:09:d4:27:e8:e6:3d:8c:32:e0:ba:8c:a2:42:7a:
         25:f5:e6:70:c8:30:3d:04:4c:f6:cb:6e:2e:a4:2b:17:96:de:
         d3:9c:43:d4:ed:41:60:22:c3:02:de:c3:93:90:bc:0a:b4:08:
         9a:24:f5:1c:42:99:1f:e0:af:68:f3:8c:88:91:e6:e2:22:f6:
         8f:0b:c4:78:d1:27:2e:7d:91:ab:24:ee:e7:47:5d:40:d7:6c:
         4d:93:37:95:7d:93:3f:ee:24:84:eb:e0:75:d9:a1:13:94:bc:
         ac:a1:a7:8c:a8:06:90:f1:0d:41:b4:15:2a:9c:41:ac:2e:72:
         ae:48:a8:53:00:b9:85:df:c0:bc:b4:f4:04:0a:36:e5:9c:e0:
         3e:51:90:65:66:7e:7f:42:e2:59:cf:34:a8:38:bb:ad:c1:8b:
         74:34:e8:d2:55:13:ce:5e:5f:15:1b:69:b3:73:70:7a:f4:3e:
         99:30:52:34:f6:76:54:a2:c7:0a:b0:d1:89:08:b2:73:b6:41:
         d9:ae:de:79:61:df:93:ff:d3:93:88:70:b9:2f:1c:a4:e8:33:
         79:78:f0:7b:a5:e7:6a:ae:72:47:d9:e7:e6:ba:0e:20:d2:c5:
         77:92:b0:1f:a9:18:8a:af:37:33:67:ab:e1:5f:74:b0:76:62:
         0d:81:4a:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+6z+zUaJTsM2S0jpXmZdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5NTJkMGQyNjY1NTczODU4MzZhYWI3YWUzZmRjZWQ0Y2E3
NGFkODkwHhcNMjUwMTAxMTc0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2E5ZDFhYWEyZTI5Y2IzOTEyZmI1YmY3ZWMzNWU4NjFkYTk3OGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnM0UUM77RMhdRFAYFVy64d/1c7ta
NG881d0p1rDEF94UXjDV+3viIGohj/Pv9zPYGqvYBEZ06uZXgzFuy4U6yUc5S4m6
ykKmfTuiONCmMk9aZfXiz3RjSarKN/2CPR54DGYAzTKm1nGHfbsa+pePp4ahkJfT
5NDZFTgAgMUOLzsfx2UjOHR0ky1Ec9k/0JIzR7vFBJVLm+QNW4QiCYXZLDYAbOS8
FdFInoKGUI+ZjpVR07GUJ3149t3zqrjrdG/GVPpc3jjt3Epbc1AFM5mVUV7mUYh5
mBdKSnaH0YK3zTHyztXSbUfcNW+/uXheQyqWc3jeEUBxJuCPBIY9bPjXwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMOp0aqi4pyzkS+1v37DXoYdqXjxMB8GA1UdIwQY
MBaAFKlS0NJmVXOFg2qreuP9ztTKdK2JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVZMUTBtWlZjNFdEYXF0NjRfM08xTXAwcllrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi8yNzBhOTEtY2JmZC00NTAzLWI5NjAt
NGMyMWE1MDVmMzQ2LzEvdzZuUnFxTGluTE9STDdXX2ZzTmVoaDJwZVBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi8yNzBhOTEtY2JmZC00NTAzLWI5NjAtNGMyMWE1MDVmMzQ2
LzEvcVZMUTBtWlZjNFdEYXF0NjRfM08xTXAwcllrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABSNnMA0G
CSqGSIb3DQEBCwUAA4IBAQAVOGNkCdQn6OY9jDLguoyiQnol9eZwyDA9BEz2y24u
pCsXlt7TnEPU7UFgIsMC3sOTkLwKtAiaJPUcQpkf4K9o84yIkebiIvaPC8R40Scu
fZGrJO7nR11A12xNkzeVfZM/7iSE6+B12aETlLysoaeMqAaQ8Q1BtBUqnEGsLnKu
SKhTALmF38C8tPQECjblnOA+UZBlZn5/QuJZzzSoOLutwYt0NOjSVRPOXl8VG2mz
c3B69D6ZMFI09nZUoscKsNGJCLJztkHZrt55Yd+T/9OTiHC5Lxyk6DN5ePB7pedq
rnJH2efmug4g0sV3krAfqRiKrzczZ6vhX3SwdmINgUoL
-----END CERTIFICATE-----