Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/2f3c19-56d5-4924-8bcb-bac472ab7b6a/1/ir3MFa14Y0CqCALcmrhq3IejZO4.roa
File:                     ir3MFa14Y0CqCALcmrhq3IejZO4.roa (raw, json)
Hash identifier:          byvQulwEAhU0ItUU8tUsBWdWwL+Y1ph+6UT5KvEXi7I=
Subject key identifier:   8A:BD:CC:15:AD:78:63:40:AA:08:02:DC:9A:B8:6A:DC:87:A3:64:EE
Certificate issuer:       /CN=61b195d13050ff3c468a149778710b53582251d9
Certificate serial:       018CC7956E2D1AB8EBE595A33BDF18A3E25F
Authority key identifier: 61:B1:95:D1:30:50:FF:3C:46:8A:14:97:78:71:0B:53:58:22:51:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbGV0TBQ_zxGihSXeHELU1giUdk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/2f3c19-56d5-4924-8bcb-bac472ab7b6a/1/ir3MFa14Y0CqCALcmrhq3IejZO4.roa
Signing time:             Tue 02 Jan 2024 00:31:48 +0000
ROA not before:           Tue 02 Jan 2024 00:31:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15925
IP address blocks:        87.253.248.0/21 maxlen: 21
                          213.135.192.0/19 maxlen: 19
                          2a01:7f8::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/2f3c19-56d5-4924-8bcb-bac472ab7b6a/1/YbGV0TBQ_zxGihSXeHELU1giUdk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/2f3c19-56d5-4924-8bcb-bac472ab7b6a/1/YbGV0TBQ_zxGihSXeHELU1giUdk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbGV0TBQ_zxGihSXeHELU1giUdk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 15:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:6e:2d:1a:b8:eb:e5:95:a3:3b:df:18:a3:e2:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b195d13050ff3c468a149778710b53582251d9
        Validity
            Not Before: Jan  2 00:31:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8abdcc15ad786340aa0802dc9ab86adc87a364ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:db:39:9d:d9:47:e3:69:4e:e4:f1:ae:83:16:
                    73:55:ca:f7:8b:b7:2b:7e:06:07:6b:f0:c0:93:77:
                    cc:d0:48:91:e7:ac:7d:12:fe:95:dd:14:78:a1:05:
                    92:3f:64:63:4d:19:bd:9f:60:bf:8e:48:64:e8:47:
                    dd:12:4a:a6:cd:d5:64:d2:04:08:25:28:a3:76:41:
                    3e:4a:2f:a4:4c:4a:6c:cd:53:06:5d:4e:a7:be:7a:
                    55:93:a7:d5:1f:08:b3:e7:1f:de:a4:c8:94:a0:de:
                    f5:33:71:5c:2f:98:7c:0d:b9:4c:5c:4f:b5:6a:2d:
                    37:0b:49:5d:0d:e0:df:5b:6b:81:0c:78:a2:9d:40:
                    50:9f:7d:04:74:03:09:af:1e:da:18:c7:b0:56:5e:
                    c4:d4:d6:7a:2c:57:06:12:5d:7a:e6:0d:df:11:5c:
                    3f:19:ea:df:ec:61:2e:c5:00:4d:e1:09:88:76:85:
                    e2:0f:54:5d:d7:de:c9:04:10:e6:27:67:b6:33:f9:
                    fb:27:a5:83:91:10:86:a6:82:1b:70:d8:99:92:0d:
                    3b:1c:37:43:c7:8b:b4:8d:e7:aa:c8:61:51:27:0c:
                    52:c6:7a:fb:46:0a:9a:24:b6:09:84:ae:fc:3f:40:
                    55:dc:e9:6b:69:61:18:cf:c1:59:98:85:85:64:17:
                    91:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:BD:CC:15:AD:78:63:40:AA:08:02:DC:9A:B8:6A:DC:87:A3:64:EE
            X509v3 Authority Key Identifier:
                keyid:61:B1:95:D1:30:50:FF:3C:46:8A:14:97:78:71:0B:53:58:22:51:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbGV0TBQ_zxGihSXeHELU1giUdk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/2f3c19-56d5-4924-8bcb-bac472ab7b6a/1/ir3MFa14Y0CqCALcmrhq3IejZO4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/2f3c19-56d5-4924-8bcb-bac472ab7b6a/1/YbGV0TBQ_zxGihSXeHELU1giUdk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.253.248.0/21
                  213.135.192.0/19
                IPv6:
                  2a01:7f8::/29

    Signature Algorithm: sha256WithRSAEncryption
         1c:3f:70:49:1f:df:16:d7:20:71:31:f1:12:d8:ce:9c:17:1f:
         15:42:47:a1:0b:9f:24:90:9e:80:79:4b:72:dc:2b:ae:06:93:
         90:9c:a2:8f:4c:3a:14:69:5a:54:c1:33:73:95:c3:77:8b:de:
         25:ad:a5:96:7f:ab:9a:02:a4:43:14:3c:da:8e:18:f5:3b:11:
         f4:c5:42:51:fa:b1:20:6a:64:e6:dd:4e:fa:7a:ab:ae:83:eb:
         a7:7e:03:fd:58:3f:45:62:59:7b:53:29:86:cf:10:36:f6:58:
         b5:96:a7:d3:44:64:72:82:57:b9:16:58:82:c9:39:67:8c:2a:
         23:b0:45:d6:47:c5:85:bd:d7:2a:01:e4:78:22:47:86:61:8a:
         b5:5e:09:38:c6:af:32:1d:1f:df:89:70:10:76:d9:24:b7:d3:
         c2:c0:21:5a:3a:97:9d:de:75:aa:ec:9d:8e:45:f7:27:d9:72:
         b4:0e:e2:f3:f9:fa:e9:8c:50:4c:50:7c:6c:71:97:49:46:d1:
         d5:40:a8:fe:10:03:19:d8:4d:97:da:c1:12:96:4c:27:9d:c8:
         3f:fa:68:bd:68:cc:dd:00:5d:d0:a0:6d:ce:1e:1f:f6:7e:17:
         cf:2f:fe:56:b4:36:e1:69:9e:0b:14:c4:86:52:08:6a:d0:e5:
         0c:19:8e:f7
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzHlW4tGrjr5ZWjO98Yo+JfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYjE5NWQxMzA1MGZmM2M0NjhhMTQ5Nzc4NzEwYjUzNTgy
MjUxZDkwHhcNMjQwMTAyMDAzMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWJkY2MxNWFkNzg2MzQwYWEwODAyZGM5YWI4NmFkYzg3YTM2NGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9s5ndlH42lO5PGugxZzVcr3i7cr
fgYHa/DAk3fM0EiR56x9Ev6V3RR4oQWSP2RjTRm9n2C/jkhk6EfdEkqmzdVk0gQI
JSijdkE+Si+kTEpszVMGXU6nvnpVk6fVHwiz5x/epMiUoN71M3FcL5h8DblMXE+1
ai03C0ldDeDfW2uBDHiinUBQn30EdAMJrx7aGMewVl7E1NZ6LFcGEl165g3fEVw/
Gerf7GEuxQBN4QmIdoXiD1Rd197JBBDmJ2e2M/n7J6WDkRCGpoIbcNiZkg07HDdD
x4u0jeeqyGFRJwxSxnr7RgqaJLYJhK78P0BV3OlraWEYz8FZmIWFZBeRwQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIq9zBWteGNAqggC3Jq4atyHo2TuMB8GA1UdIwQY
MBaAFGGxldEwUP88RooUl3hxC1NYIlHZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWJHVjBUQlFfenhHaWhTWGVIRUxVMWdpVWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8yZjNjMTktNTZkNS00OTI0LThiY2It
YmFjNDcyYWI3YjZhLzEvaXIzTUZhMTRZMENxQ0FMY21yaHEzSWVqWk80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8yZjNjMTktNTZkNS00OTI0LThiY2ItYmFjNDcyYWI3YjZh
LzEvWWJHVjBUQlFfenhHaWhTWGVIRUxVMWdpVWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDV/34AwQF
1YfAMA0EAgACMAcDBQMqAQf4MA0GCSqGSIb3DQEBCwUAA4IBAQAcP3BJH98W1yBx
MfES2M6cFx8VQkehC58kkJ6AeUty3CuuBpOQnKKPTDoUaVpUwTNzlcN3i94lraWW
f6uaAqRDFDzajhj1OxH0xUJR+rEgamTm3U76equug+unfgP9WD9FYll7UymGzxA2
9li1lqfTRGRygle5FliCyTlnjCojsEXWR8WFvdcqAeR4IkeGYYq1Xgk4xq8yHR/f
iXAQdtkkt9PCwCFaOped3nWq7J2ORfcn2XK0DuLz+frpjFBMUHxscZdJRtHVQKj+
EAMZ2E2X2sESlkwnncg/+mi9aMzdAF3QoG3OHh/2fhfPL/5WtDbhaZ4LFMSGUghq
0OUMGY73
-----END CERTIFICATE-----