Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/35i0W-439ceXCAfaqLUm_3h3G24.roa
File:                     35i0W-439ceXCAfaqLUm_3h3G24.roa (raw, json)
Hash identifier:          xuOhVj3IlTLiG4QrKiExJxP+JLiXYysTKsGNlxVTku4=
Subject key identifier:   DF:98:B4:5B:EE:37:F5:C7:97:08:07:DA:A8:B5:26:FF:78:77:1B:6E
Certificate issuer:       /CN=6b3a735d09aaa7970def12c4ac60e827fdb3f825
Certificate serial:       01993439968C9C90435AF5F39B37BA593B4A
Authority key identifier: 6B:3A:73:5D:09:AA:A7:97:0D:EF:12:C4:AC:60:E8:27:FD:B3:F8:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/azpzXQmqp5cN7xLErGDoJ_2z-CU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/35i0W-439ceXCAfaqLUm_3h3G24.roa
Signing time:             Wed 10 Sep 2025 15:23:33 +0000
ROA not before:           Wed 10 Sep 2025 15:23:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213035
IP address blocks:        185.183.244.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/azpzXQmqp5cN7xLErGDoJ_2z-CU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/azpzXQmqp5cN7xLErGDoJ_2z-CU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/azpzXQmqp5cN7xLErGDoJ_2z-CU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Sep 2025 06:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:34:39:96:8c:9c:90:43:5a:f5:f3:9b:37:ba:59:3b:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b3a735d09aaa7970def12c4ac60e827fdb3f825
        Validity
            Not Before: Sep 10 15:23:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=df98b45bee37f5c7970807daa8b526ff78771b6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ef:7f:f6:ba:47:89:64:f3:d0:98:94:1a:30:
                    f3:8c:63:5a:b3:4d:0c:21:08:19:25:b6:ec:c3:90:
                    97:d6:1b:92:04:8f:a3:79:57:6e:30:ee:05:89:4c:
                    0d:21:08:5a:e0:64:e8:d2:f1:0c:9c:3a:95:55:9f:
                    b7:c0:50:03:57:a7:82:49:8c:b7:7d:1f:0f:da:29:
                    78:cb:52:22:81:10:1f:9e:9e:0e:c7:10:95:b4:68:
                    00:c9:10:6c:72:8f:07:f9:2e:7f:c4:05:36:87:1e:
                    ca:6c:1c:d2:e2:a9:bf:5f:91:85:94:91:3d:60:c6:
                    d1:2a:70:e2:03:b3:49:bf:46:7d:4c:e5:9f:3e:da:
                    fb:c9:52:65:1f:9d:41:db:20:50:2e:a0:c1:e5:8a:
                    06:25:7a:db:3e:5e:9f:ca:8e:7e:b2:d5:09:76:c4:
                    31:27:c3:2d:2d:e6:68:98:32:9c:0d:7d:58:50:32:
                    16:81:e0:77:78:b0:82:ed:9f:fb:5a:d4:c6:e3:f6:
                    2d:40:16:e7:44:3c:43:68:0f:c1:9b:89:8b:6e:31:
                    66:23:89:f0:6c:33:e2:70:ad:dd:43:3e:01:5b:7b:
                    a8:b6:67:8d:76:90:c5:5f:9f:36:50:7a:7c:3c:fe:
                    84:4a:eb:da:e8:a0:f3:5d:27:94:0b:c4:2e:74:67:
                    1a:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:98:B4:5B:EE:37:F5:C7:97:08:07:DA:A8:B5:26:FF:78:77:1B:6E
            X509v3 Authority Key Identifier:
                keyid:6B:3A:73:5D:09:AA:A7:97:0D:EF:12:C4:AC:60:E8:27:FD:B3:F8:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/azpzXQmqp5cN7xLErGDoJ_2z-CU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/35i0W-439ceXCAfaqLUm_3h3G24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/cc7247-6f0c-4b74-8690-051076744a65/1/azpzXQmqp5cN7xLErGDoJ_2z-CU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.183.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         00:97:3b:2a:40:f7:01:ca:ad:23:45:8a:c4:8c:a8:1e:52:05:
         28:95:3d:7e:06:dc:f5:3d:0a:c8:79:55:2a:31:b6:0c:32:d6:
         52:62:32:65:93:f0:c6:b3:6c:2c:b8:2b:b8:a3:95:5b:cd:c3:
         ed:eb:7d:77:c7:59:69:9e:79:68:27:97:a5:2a:54:6e:64:e9:
         58:aa:30:c6:c3:1c:dc:24:e2:f5:6a:b8:71:99:7b:f4:20:55:
         4c:d5:57:0f:9c:99:0e:a4:a4:bd:8c:95:90:f9:4c:0f:5a:4a:
         f2:e6:ee:af:d7:87:40:78:68:d1:e7:5e:f0:f5:60:d2:33:d7:
         65:de:b5:a6:6e:ac:da:f7:c0:fb:88:19:8d:80:31:ec:14:3b:
         3f:15:0d:05:6a:ab:a6:2f:64:2f:2a:d6:9b:88:21:ed:b3:a8:
         55:29:1d:fc:e9:03:5e:14:69:92:1a:f4:fe:c6:0e:91:b2:f8:
         97:ab:3a:b9:12:37:74:9c:1a:a4:a5:5c:ac:83:2e:99:ed:0f:
         8a:33:af:7e:56:f7:8c:53:54:b6:99:89:17:27:b0:fc:58:02:
         92:4a:80:af:40:ce:f3:a2:65:4e:6f:fc:a7:ec:49:19:3a:88:
         0e:65:fd:57:ec:76:3b:9e:3c:49:4b:fd:b8:de:bc:04:59:86:
         71:43:65:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZk0OZaMnJBDWvXzmze6WTtKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiM2E3MzVkMDlhYWE3OTcwZGVmMTJjNGFjNjBlODI3ZmRi
M2Y4MjUwHhcNMjUwOTEwMTUyMzMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjk4YjQ1YmVlMzdmNWM3OTcwODA3ZGFhOGI1MjZmZjc4NzcxYjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+9/9rpHiWTz0JiUGjDzjGNas00M
IQgZJbbsw5CX1huSBI+jeVduMO4FiUwNIQha4GTo0vEMnDqVVZ+3wFADV6eCSYy3
fR8P2il4y1IigRAfnp4OxxCVtGgAyRBsco8H+S5/xAU2hx7KbBzS4qm/X5GFlJE9
YMbRKnDiA7NJv0Z9TOWfPtr7yVJlH51B2yBQLqDB5YoGJXrbPl6fyo5+stUJdsQx
J8MtLeZomDKcDX1YUDIWgeB3eLCC7Z/7WtTG4/YtQBbnRDxDaA/Bm4mLbjFmI4nw
bDPicK3dQz4BW3uotmeNdpDFX582UHp8PP6ESuva6KDzXSeUC8QudGcaEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN+YtFvuN/XHlwgH2qi1Jv94dxtuMB8GA1UdIwQY
MBaAFGs6c10JqqeXDe8SxKxg6Cf9s/glMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXpwelhRbXFwNWNON3hMRXJHRG9KXzJ6LUNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9jYzcyNDctNmYwYy00Yjc0LTg2OTAt
MDUxMDc2NzQ0YTY1LzEvMzVpMFctNDM5Y2VYQ0FmYXFMVW1fM2gzRzI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9jYzcyNDctNmYwYy00Yjc0LTg2OTAtMDUxMDc2NzQ0YTY1
LzEvYXpwelhRbXFwNWNON3hMRXJHRG9KXzJ6LUNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubf0MA0G
CSqGSIb3DQEBCwUAA4IBAQAAlzsqQPcByq0jRYrEjKgeUgUolT1+Btz1PQrIeVUq
MbYMMtZSYjJlk/DGs2wsuCu4o5VbzcPt6313x1lpnnloJ5elKlRuZOlYqjDGwxzc
JOL1arhxmXv0IFVM1VcPnJkOpKS9jJWQ+UwPWkry5u6v14dAeGjR517w9WDSM9dl
3rWmbqza98D7iBmNgDHsFDs/FQ0FaqumL2QvKtabiCHts6hVKR386QNeFGmSGvT+
xg6RsviXqzq5Ejd0nBqkpVysgy6Z7Q+KM69+VveMU1S2mYkXJ7D8WAKSSoCvQM7z
omVOb/yn7EkZOogOZf1X7HY7njxJS/243rwEWYZxQ2Xz
-----END CERTIFICATE-----