Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/iu1uLDkjA2lC4iCmh3mgoTg-ECs.roa
File:                     iu1uLDkjA2lC4iCmh3mgoTg-ECs.roa (raw, json)
Hash identifier:          J1M6seCPFdUQmcH1n+B1kmRcatuaeOrkFhV5roQrzQ8=
Subject key identifier:   8A:ED:6E:2C:39:23:03:69:42:E2:20:A6:87:79:A0:A1:38:3E:10:2B
Certificate issuer:       /CN=81a2d0dcd50a682f975ea3d8c38e5e67bb0322f9
Certificate serial:       019422FB9EAD2CE44CF681D74FB65B7A8EFC
Authority key identifier: 81:A2:D0:DC:D5:0A:68:2F:97:5E:A3:D8:C3:8E:5E:67:BB:03:22:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/iu1uLDkjA2lC4iCmh3mgoTg-ECs.roa
Signing time:             Wed 01 Jan 2025 17:48:22 +0000
ROA not before:           Wed 01 Jan 2025 17:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        209.35.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:9e:ad:2c:e4:4c:f6:81:d7:4f:b6:5b:7a:8e:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81a2d0dcd50a682f975ea3d8c38e5e67bb0322f9
        Validity
            Not Before: Jan  1 17:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8aed6e2c3923036942e220a68779a0a1383e102b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:ea:c1:7d:f7:8e:a0:87:1a:70:2d:42:53:67:
                    8c:40:d1:90:10:0a:53:5a:4c:ca:36:b1:5a:3e:33:
                    5f:3d:1a:12:10:14:36:5a:1b:1b:62:f9:3f:40:13:
                    f1:c5:01:65:4e:80:c4:ca:9a:9a:62:3e:a9:4c:23:
                    a8:27:56:9e:46:71:eb:82:93:9f:83:4d:19:a5:b0:
                    da:18:79:24:9e:2b:36:f0:fb:b4:e9:34:e2:5e:73:
                    5a:28:fb:29:52:66:9e:8c:64:1b:43:63:1f:01:1f:
                    cf:d2:26:fd:66:a1:16:1a:18:f2:49:17:e1:ce:b8:
                    9d:48:a0:b0:e0:48:1e:fd:35:31:9f:74:e0:db:89:
                    78:2d:7b:a7:62:88:16:59:67:5f:d0:b1:cf:81:16:
                    72:68:34:ab:fc:ee:ce:2f:58:77:6c:63:bf:d3:40:
                    a6:c8:e3:cc:40:6b:75:bc:5f:23:ae:ec:39:b9:ca:
                    4d:d1:14:61:de:8d:04:d6:3f:22:eb:9b:47:55:3d:
                    21:1c:49:71:f5:9c:ed:a4:f7:40:e3:93:72:54:4c:
                    15:29:ff:32:41:b0:7b:e3:ba:12:a6:ad:60:01:cb:
                    f9:4e:10:a6:6e:96:2b:66:bc:1e:5f:a4:45:13:af:
                    15:c7:47:76:74:f0:74:0e:16:18:73:1b:18:19:39:
                    0d:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:ED:6E:2C:39:23:03:69:42:E2:20:A6:87:79:A0:A1:38:3E:10:2B
            X509v3 Authority Key Identifier:
                keyid:81:A2:D0:DC:D5:0A:68:2F:97:5E:A3:D8:C3:8E:5E:67:BB:03:22:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/iu1uLDkjA2lC4iCmh3mgoTg-ECs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/d25a72-bbe3-4ab0-9564-fe45d5160c39/1/gaLQ3NUKaC-XXqPYw45eZ7sDIvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.35.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:56:3c:b2:58:3b:5b:f2:49:34:48:f9:b7:06:77:d9:f3:14:
         80:42:73:3b:af:bb:a3:97:31:bf:1b:b0:b0:f2:58:77:23:32:
         46:88:d2:86:33:98:05:0c:8e:f8:22:e6:e5:b1:5f:cd:28:61:
         44:2c:2a:a9:e1:25:d8:86:c9:27:8c:0a:f1:6b:64:8d:4a:02:
         9f:20:53:99:9d:0c:74:65:3e:77:b0:b6:9f:f4:e6:e6:b5:27:
         29:54:70:df:01:2f:a4:f7:cc:30:dd:d3:99:16:63:e4:b5:29:
         06:21:62:d3:a5:c7:5b:c5:37:bf:b8:24:8d:33:ee:17:0b:ce:
         2c:70:7a:6d:6c:7f:b8:fd:4c:1f:5b:79:06:11:88:a7:a0:aa:
         c4:6d:f6:81:15:a9:e5:ea:b5:80:90:eb:53:d8:5f:f1:8b:40:
         11:fc:2a:ef:18:63:98:cf:ca:f2:d7:bb:f1:96:20:e0:01:b5:
         2e:c9:57:84:b6:e1:e9:11:ee:11:1f:e5:e4:9f:17:8a:2e:86:
         74:64:ad:cf:fe:f3:a0:71:51:cd:75:ce:73:22:5a:2c:90:c7:
         e1:23:13:75:9c:98:09:34:ea:65:16:36:1d:a4:d6:c2:2e:82:
         0d:9b:26:05:70:21:bc:17:31:4a:4c:79:21:4e:42:a3:d1:d6:
         7b:fd:bc:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+56tLORM9oHXT7Zbeo78MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxYTJkMGRjZDUwYTY4MmY5NzVlYTNkOGMzOGU1ZTY3YmIw
MzIyZjkwHhcNMjUwMTAxMTc0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWVkNmUyYzM5MjMwMzY5NDJlMjIwYTY4Nzc5YTBhMTM4M2UxMDJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8urBffeOoIcacC1CU2eMQNGQEApT
WkzKNrFaPjNfPRoSEBQ2WhsbYvk/QBPxxQFlToDEypqaYj6pTCOoJ1aeRnHrgpOf
g00ZpbDaGHkknis28Pu06TTiXnNaKPspUmaejGQbQ2MfAR/P0ib9ZqEWGhjySRfh
zridSKCw4Ege/TUxn3Tg24l4LXunYogWWWdf0LHPgRZyaDSr/O7OL1h3bGO/00Cm
yOPMQGt1vF8jruw5ucpN0RRh3o0E1j8i65tHVT0hHElx9ZztpPdA45NyVEwVKf8y
QbB747oSpq1gAcv5ThCmbpYrZrweX6RFE68Vx0d2dPB0DhYYcxsYGTkN1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIrtbiw5IwNpQuIgpod5oKE4PhArMB8GA1UdIwQY
MBaAFIGi0NzVCmgvl16j2MOOXme7AyL5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2FMUTNOVUthQy1YWHFQWXc0NWVaN3NESXZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9kMjVhNzItYmJlMy00YWIwLTk1NjQt
ZmU0NWQ1MTYwYzM5LzEvaXUxdUxEa2pBMmxDNGlDbWgzbWdvVGctRUNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9kMjVhNzItYmJlMy00YWIwLTk1NjQtZmU0NWQ1MTYwYzM5
LzEvZ2FMUTNOVUthQy1YWHFQWXc0NWVaN3NESXZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA0SPoMA0G
CSqGSIb3DQEBCwUAA4IBAQAIVjyyWDtb8kk0SPm3BnfZ8xSAQnM7r7ujlzG/G7Cw
8lh3IzJGiNKGM5gFDI74IublsV/NKGFELCqp4SXYhsknjArxa2SNSgKfIFOZnQx0
ZT53sLaf9ObmtScpVHDfAS+k98ww3dOZFmPktSkGIWLTpcdbxTe/uCSNM+4XC84s
cHptbH+4/UwfW3kGEYinoKrEbfaBFanl6rWAkOtT2F/xi0AR/CrvGGOYz8ry17vx
liDgAbUuyVeEtuHpEe4RH+XknxeKLoZ0ZK3P/vOgcVHNdc5zIloskMfhIxN1nJgJ
NOplFjYdpNbCLoINmyYFcCG8FzFKTHkhTkKj0dZ7/bwr
-----END CERTIFICATE-----