Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/c3cda5-8a64-4290-a23d-a634791440ca/1/9fv7nHkpO-eJ3_aS55An7-PCuXg.roa
File:                     9fv7nHkpO-eJ3_aS55An7-PCuXg.roa (raw, json)
Hash identifier:          /0FT+gAMUBR8R1SpKlqwSrJ35c5fO2CNSsUJPwydYvg=
Subject key identifier:   F5:FB:FB:9C:79:29:3B:E7:89:DF:F6:92:E7:90:27:EF:E3:C2:B9:78
Certificate issuer:       /CN=35e3d4bf1bc0f81728205e51de097cf383a0cdc9
Certificate serial:       018CC7945B6075D6CFFCB4E082C2ED17F7D4
Authority key identifier: 35:E3:D4:BF:1B:C0:F8:17:28:20:5E:51:DE:09:7C:F3:83:A0:CD:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NePUvxvA-BcoIF5R3gl884Ogzck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/c3cda5-8a64-4290-a23d-a634791440ca/1/9fv7nHkpO-eJ3_aS55An7-PCuXg.roa
Signing time:             Tue 02 Jan 2024 00:30:37 +0000
ROA not before:           Tue 02 Jan 2024 00:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        91.231.35.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/c3cda5-8a64-4290-a23d-a634791440ca/1/NePUvxvA-BcoIF5R3gl884Ogzck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/c3cda5-8a64-4290-a23d-a634791440ca/1/NePUvxvA-BcoIF5R3gl884Ogzck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NePUvxvA-BcoIF5R3gl884Ogzck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:5b:60:75:d6:cf:fc:b4:e0:82:c2:ed:17:f7:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35e3d4bf1bc0f81728205e51de097cf383a0cdc9
        Validity
            Not Before: Jan  2 00:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5fbfb9c79293be789dff692e79027efe3c2b978
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:bd:5c:e3:54:bf:75:a0:c1:c2:aa:9c:19:2e:
                    b0:83:e5:c4:f7:55:6e:d3:5c:7b:f6:6a:ba:4b:c9:
                    b1:a4:84:02:ca:35:a3:e7:74:56:87:e7:8f:76:83:
                    47:d2:37:15:d2:81:2b:3f:6f:b2:9a:44:fb:a5:c7:
                    e3:f2:34:b1:c7:b8:c9:b1:47:78:eb:51:0f:86:8d:
                    5d:80:2a:71:d7:13:c8:a4:e4:0e:15:19:98:2c:c1:
                    5c:0d:5c:6d:fd:ee:dd:28:34:2f:ae:59:1d:15:77:
                    a6:49:0b:aa:35:ac:5a:80:e7:65:38:06:c2:fb:69:
                    e7:7b:34:65:e8:dc:61:31:63:1e:89:6c:e1:59:0d:
                    99:9a:71:50:6f:6d:04:86:3a:11:53:28:0c:d5:4f:
                    5c:dd:73:d6:02:c7:f5:3e:8d:18:5d:da:b6:69:22:
                    4d:c4:d7:f0:13:e4:d3:e7:be:76:db:95:63:d4:49:
                    6a:09:5d:ba:c2:8d:c7:52:aa:26:bf:42:b4:50:30:
                    37:4b:21:5c:5b:d3:82:3c:88:51:7d:18:5b:9b:37:
                    14:b9:09:d5:ba:66:ce:a8:1f:2a:7d:49:fb:08:55:
                    23:7a:98:bf:08:4f:61:f1:33:0a:24:e1:ab:2c:52:
                    83:fd:f0:f1:1c:bd:66:12:f6:a0:4f:48:69:cd:c8:
                    d8:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:FB:FB:9C:79:29:3B:E7:89:DF:F6:92:E7:90:27:EF:E3:C2:B9:78
            X509v3 Authority Key Identifier:
                keyid:35:E3:D4:BF:1B:C0:F8:17:28:20:5E:51:DE:09:7C:F3:83:A0:CD:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NePUvxvA-BcoIF5R3gl884Ogzck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/c3cda5-8a64-4290-a23d-a634791440ca/1/9fv7nHkpO-eJ3_aS55An7-PCuXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/c3cda5-8a64-4290-a23d-a634791440ca/1/NePUvxvA-BcoIF5R3gl884Ogzck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:78:fc:07:08:1a:09:38:e6:76:17:a9:76:28:30:be:c3:b7:
         7e:7e:1d:d1:7d:84:f3:f4:10:3e:4e:89:d4:6c:66:5f:69:99:
         c1:3f:dc:47:87:40:fe:51:d5:f1:9b:23:23:01:4f:0d:dd:d3:
         fe:a1:46:e0:2e:3c:8b:c9:de:82:15:6e:2c:11:fa:a4:b5:25:
         a2:ce:4a:3a:2c:c5:05:69:a8:fc:c8:a9:5a:a2:73:b5:1f:27:
         73:ef:ad:68:36:57:18:dc:5f:30:f8:d7:b1:59:2a:9a:eb:93:
         5c:f1:77:59:0b:62:3c:5b:74:40:c1:4f:77:72:40:90:7e:91:
         a6:d1:56:9d:1c:54:e0:93:de:b3:d9:63:df:ef:ae:bc:66:a7:
         b3:a7:1a:0a:07:3a:3c:0b:86:ec:cc:ce:fd:e4:d3:3e:f1:48:
         ac:c4:49:d2:8d:df:6f:35:e2:4d:66:0a:68:35:04:5c:12:d3:
         17:f9:4d:2a:ca:2e:1f:f7:85:0a:a3:eb:44:83:0c:c1:c1:4c:
         02:3e:12:fb:61:63:be:05:eb:29:d5:6b:fe:72:ff:18:3e:c1:
         eb:90:b3:3a:68:1e:94:9d:0b:0a:27:96:82:53:8f:b6:b3:16:
         6f:0e:f9:c5:47:60:2f:ac:c2:b8:26:4e:53:00:8c:51:8d:9a:
         56:e6:c0:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlFtgddbP/LTggsLtF/fUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1ZTNkNGJmMWJjMGY4MTcyODIwNWU1MWRlMDk3Y2YzODNh
MGNkYzkwHhcNMjQwMTAyMDAzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWZiZmI5Yzc5MjkzYmU3ODlkZmY2OTJlNzkwMjdlZmUzYzJiOTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1b1c41S/daDBwqqcGS6wg+XE91Vu
01x79mq6S8mxpIQCyjWj53RWh+ePdoNH0jcV0oErP2+ymkT7pcfj8jSxx7jJsUd4
61EPho1dgCpx1xPIpOQOFRmYLMFcDVxt/e7dKDQvrlkdFXemSQuqNaxagOdlOAbC
+2nnezRl6NxhMWMeiWzhWQ2ZmnFQb20EhjoRUygM1U9c3XPWAsf1Po0YXdq2aSJN
xNfwE+TT575225Vj1ElqCV26wo3HUqomv0K0UDA3SyFcW9OCPIhRfRhbmzcUuQnV
umbOqB8qfUn7CFUjepi/CE9h8TMKJOGrLFKD/fDxHL1mEvagT0hpzcjYGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPX7+5x5KTvnid/2kueQJ+/jwrl4MB8GA1UdIwQY
MBaAFDXj1L8bwPgXKCBeUd4JfPODoM3JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmVQVXZ4dkEtQmNvSUY1UjNnbDg4NE9nemNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS9jM2NkYTUtOGE2NC00MjkwLWEyM2Qt
YTYzNDc5MTQ0MGNhLzEvOWZ2N25Ia3BPLWVKM19hUzU1QW43LVBDdVhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS9jM2NkYTUtOGE2NC00MjkwLWEyM2QtYTYzNDc5MTQ0MGNh
LzEvTmVQVXZ4dkEtQmNvSUY1UjNnbDg4NE9nemNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+cjMA0G
CSqGSIb3DQEBCwUAA4IBAQCPePwHCBoJOOZ2F6l2KDC+w7d+fh3RfYTz9BA+TonU
bGZfaZnBP9xHh0D+UdXxmyMjAU8N3dP+oUbgLjyLyd6CFW4sEfqktSWizko6LMUF
aaj8yKlaonO1Hydz761oNlcY3F8w+NexWSqa65Nc8XdZC2I8W3RAwU93ckCQfpGm
0VadHFTgk96z2WPf7668ZqezpxoKBzo8C4bszM795NM+8UisxEnSjd9vNeJNZgpo
NQRcEtMX+U0qyi4f94UKo+tEgwzBwUwCPhL7YWO+Besp1Wv+cv8YPsHrkLM6aB6U
nQsKJ5aCU4+2sxZvDvnFR2AvrMK4Jk5TAIxRjZpW5sDu
-----END CERTIFICATE-----