Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/61vRkExsI62jJ48irmkSDqW7AqQ.roa
File:                     61vRkExsI62jJ48irmkSDqW7AqQ.roa (raw, json)
Hash identifier:          JvZBuIGS2vn+dO3Q9/C07cjmDLxdJUfuxzakaBvC2Ms=
Subject key identifier:   EB:5B:D1:90:4C:6C:23:AD:A3:27:8F:22:AE:69:12:0E:A5:BB:02:A4
Certificate issuer:       /CN=1c7b06bf41300dc4d30f3d0e180c9b95d2bcddff
Certificate serial:       019421442F46679C797B58F348687B4CD2CE
Authority key identifier: 1C:7B:06:BF:41:30:0D:C4:D3:0F:3D:0E:18:0C:9B:95:D2:BC:DD:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/61vRkExsI62jJ48irmkSDqW7AqQ.roa
Signing time:             Wed 01 Jan 2025 09:48:23 +0000
ROA not before:           Wed 01 Jan 2025 09:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205405
IP address blocks:        145.14.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:2f:46:67:9c:79:7b:58:f3:48:68:7b:4c:d2:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7b06bf41300dc4d30f3d0e180c9b95d2bcddff
        Validity
            Not Before: Jan  1 09:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb5bd1904c6c23ada3278f22ae69120ea5bb02a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:2a:84:32:d0:1c:b6:fe:82:61:4d:72:7f:a4:
                    07:45:67:34:da:e7:0e:1e:a0:d6:16:80:83:14:1d:
                    21:0d:d1:34:28:93:ce:80:df:03:d1:48:3d:43:39:
                    d9:44:c9:66:19:f0:0e:45:29:f6:2f:9e:67:f4:46:
                    34:1d:a5:e0:72:bd:a6:b0:9b:c9:09:0d:84:cb:e6:
                    d6:c5:da:af:5e:ad:14:c8:24:a0:6d:b2:52:91:6c:
                    f4:f6:9e:2c:69:25:57:59:ee:45:c9:e1:35:f1:13:
                    a8:34:76:88:f8:66:59:c0:62:20:83:12:20:62:c1:
                    04:ce:d6:34:48:24:74:07:e7:12:66:13:87:3b:98:
                    ee:f6:f8:11:4d:6f:f4:33:c8:d9:e7:ad:cf:cf:36:
                    cd:62:15:1a:ea:a5:dd:28:02:0e:fc:9f:34:51:48:
                    93:78:e9:5f:7d:9a:4f:ed:9a:7e:6d:8a:bb:43:7a:
                    41:ff:83:b5:31:bd:0a:cd:81:06:9e:ee:59:f8:1a:
                    2c:47:70:41:8a:da:5c:56:ec:f0:a9:1a:3f:da:0d:
                    56:21:11:5e:db:da:85:d8:6e:4d:67:28:b1:59:5b:
                    6f:f9:c5:fb:97:a1:a3:ee:c3:3a:a4:4d:ad:04:ee:
                    b5:6c:9a:0e:74:5f:78:aa:0a:b8:9d:ed:33:fd:db:
                    7d:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:5B:D1:90:4C:6C:23:AD:A3:27:8F:22:AE:69:12:0E:A5:BB:02:A4
            X509v3 Authority Key Identifier:
                keyid:1C:7B:06:BF:41:30:0D:C4:D3:0F:3D:0E:18:0C:9B:95:D2:BC:DD:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/61vRkExsI62jJ48irmkSDqW7AqQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.14.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:1b:57:96:7d:e7:30:c4:eb:eb:d3:d8:12:fa:7e:1e:72:24:
         7b:14:93:85:c1:8c:83:e4:c0:d5:ab:4c:6a:a9:f7:0f:b7:d5:
         0a:ed:98:20:bd:11:08:39:36:fe:71:3a:0d:54:f8:c8:e3:37:
         e3:73:6f:9a:85:16:48:40:05:1a:90:0b:42:3c:7a:e2:b6:a2:
         f3:5e:a1:51:77:9b:8c:34:de:18:a8:91:44:aa:89:a6:32:2f:
         44:a1:a6:9c:62:e9:9e:97:81:22:a6:c4:96:50:a7:29:d7:88:
         37:9b:32:29:6b:18:4f:74:74:05:c0:9d:e0:c7:57:5f:9c:f0:
         20:f5:2c:97:0b:c5:46:a7:02:1f:e9:c4:03:7b:77:46:a4:e4:
         ea:18:33:f3:fd:d5:b6:f9:1d:c3:a7:ac:b9:0b:13:34:c8:e6:
         84:d7:55:c2:ed:58:a3:34:92:1f:6e:26:76:a1:b8:97:80:f6:
         ff:45:6e:9b:50:8b:e5:14:d8:62:85:80:03:3e:07:bc:60:42:
         12:95:48:c9:b4:35:25:33:db:05:26:b9:57:2c:75:cd:84:62:
         c6:3b:18:44:a6:78:08:5c:a6:eb:c3:cb:b5:4a:c2:53:4b:d4:
         54:69:6a:95:3a:a2:be:bf:2e:7c:25:a0:20:10:d6:fa:cb:24:
         d9:58:3d:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRC9GZ5x5e1jzSGh7TNLOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2IwNmJmNDEzMDBkYzRkMzBmM2QwZTE4MGM5Yjk1ZDJi
Y2RkZmYwHhcNMjUwMTAxMDk0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjViZDE5MDRjNmMyM2FkYTMyNzhmMjJhZTY5MTIwZWE1YmIwMmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSqEMtActv6CYU1yf6QHRWc02ucO
HqDWFoCDFB0hDdE0KJPOgN8D0Ug9QznZRMlmGfAORSn2L55n9EY0HaXgcr2msJvJ
CQ2Ey+bWxdqvXq0UyCSgbbJSkWz09p4saSVXWe5FyeE18ROoNHaI+GZZwGIggxIg
YsEEztY0SCR0B+cSZhOHO5ju9vgRTW/0M8jZ563PzzbNYhUa6qXdKAIO/J80UUiT
eOlffZpP7Zp+bYq7Q3pB/4O1Mb0KzYEGnu5Z+BosR3BBitpcVuzwqRo/2g1WIRFe
29qF2G5NZyixWVtv+cX7l6Gj7sM6pE2tBO61bJoOdF94qgq4ne0z/dt9GQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOtb0ZBMbCOtoyePIq5pEg6luwKkMB8GA1UdIwQY
MBaAFBx7Br9BMA3E0w89DhgMm5XSvN3/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhzR3YwRXdEY1RURHowT0dBeWJsZEs4M2Y4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83MDJiMjgtZTE1OC00MGMwLTgzMzAt
MjRmZGRjNmQxNDdiLzEvNjF2UmtFeHNJNjJqSjQ4aXJta1NEcVc3QXFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83MDJiMjgtZTE1OC00MGMwLTgzMzAtMjRmZGRjNmQxNDdi
LzEvSEhzR3YwRXdEY1RURHowT0dBeWJsZEs4M2Y4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkQ4EMA0G
CSqGSIb3DQEBCwUAA4IBAQAHG1eWfecwxOvr09gS+n4eciR7FJOFwYyD5MDVq0xq
qfcPt9UK7ZggvREIOTb+cToNVPjI4zfjc2+ahRZIQAUakAtCPHritqLzXqFRd5uM
NN4YqJFEqommMi9EoaacYumel4EipsSWUKcp14g3mzIpaxhPdHQFwJ3gx1dfnPAg
9SyXC8VGpwIf6cQDe3dGpOTqGDPz/dW2+R3Dp6y5CxM0yOaE11XC7VijNJIfbiZ2
obiXgPb/RW6bUIvlFNhihYADPge8YEISlUjJtDUlM9sFJrlXLHXNhGLGOxhEpngI
XKbrw8u1SsJTS9RUaWqVOqK+vy58JaAgENb6yyTZWD3Y
-----END CERTIFICATE-----