Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/d97d28-a2e2-401d-8ff0-59fc73d60322/1/avVrdRPNFcMtwTGR2Zab9qIvEIs.roa
File:                     avVrdRPNFcMtwTGR2Zab9qIvEIs.roa (raw, json)
Hash identifier:          B8YMI/WajLnQclAWhZ2JVb5JaRJxPn4UkZ5gdPRrKXc=
Subject key identifier:   6A:F5:6B:75:13:CD:15:C3:2D:C1:31:91:D9:96:9B:F6:A2:2F:10:8B
Certificate issuer:       /CN=eb51359c9989b963e9594c1929c820367de322dd
Certificate serial:       019427B36CE6D80F2D561A27B1F1B6EE8765
Authority key identifier: EB:51:35:9C:99:89:B9:63:E9:59:4C:19:29:C8:20:36:7D:E3:22:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/61E1nJmJuWPpWUwZKcggNn3jIt0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/d97d28-a2e2-401d-8ff0-59fc73d60322/1/avVrdRPNFcMtwTGR2Zab9qIvEIs.roa
Signing time:             Thu 02 Jan 2025 15:47:37 +0000
ROA not before:           Thu 02 Jan 2025 15:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60339
IP address blocks:        92.41.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/d97d28-a2e2-401d-8ff0-59fc73d60322/1/61E1nJmJuWPpWUwZKcggNn3jIt0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/d97d28-a2e2-401d-8ff0-59fc73d60322/1/61E1nJmJuWPpWUwZKcggNn3jIt0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/61E1nJmJuWPpWUwZKcggNn3jIt0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b3:6c:e6:d8:0f:2d:56:1a:27:b1:f1:b6:ee:87:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb51359c9989b963e9594c1929c820367de322dd
        Validity
            Not Before: Jan  2 15:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6af56b7513cd15c32dc13191d9969bf6a22f108b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:49:31:84:c3:68:16:73:f6:65:1f:08:ac:c6:
                    19:c8:e3:d2:ac:f6:3a:8c:ed:33:e2:08:06:68:68:
                    75:80:7d:9f:36:75:3e:60:e9:83:69:5c:d7:ae:f9:
                    a6:65:61:f8:a9:bd:96:a0:b3:60:5e:77:13:8f:0a:
                    10:27:52:8a:4c:9d:35:8b:a2:da:7f:7a:51:44:ed:
                    65:1c:04:18:4e:71:21:50:18:82:0c:0e:94:cf:d0:
                    94:31:f8:6d:b0:c3:0f:0d:bc:cc:87:69:db:d7:8e:
                    d2:41:4c:44:be:3e:ca:7f:1f:d0:ee:d5:cd:81:ba:
                    0f:8b:29:da:02:fa:11:28:c6:38:58:fa:68:58:59:
                    6c:9c:e5:9c:c5:f4:75:66:8f:dc:53:3b:e9:1c:39:
                    b5:1e:9d:fc:6b:1c:db:c6:03:b8:bf:f3:04:32:52:
                    3d:0c:12:6f:80:14:18:f2:c9:94:98:ab:93:11:03:
                    15:15:38:b4:3c:b1:f2:7e:e4:fb:48:bd:32:b6:7a:
                    2d:40:05:c3:c8:cd:ee:02:6b:67:13:f0:76:8b:fa:
                    09:9b:72:5c:35:0c:21:fc:45:5d:ed:3f:52:0c:5f:
                    92:1f:da:72:4c:36:5d:de:29:f1:42:4e:ab:2a:a0:
                    ac:be:0f:dc:d2:e2:20:d0:08:24:31:a9:d3:cc:a6:
                    28:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:F5:6B:75:13:CD:15:C3:2D:C1:31:91:D9:96:9B:F6:A2:2F:10:8B
            X509v3 Authority Key Identifier:
                keyid:EB:51:35:9C:99:89:B9:63:E9:59:4C:19:29:C8:20:36:7D:E3:22:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/61E1nJmJuWPpWUwZKcggNn3jIt0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/d97d28-a2e2-401d-8ff0-59fc73d60322/1/avVrdRPNFcMtwTGR2Zab9qIvEIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/d97d28-a2e2-401d-8ff0-59fc73d60322/1/61E1nJmJuWPpWUwZKcggNn3jIt0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.41.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:2a:f4:a6:82:c0:1d:59:94:29:00:1a:54:de:fa:c0:b4:b9:
         ff:3b:09:20:73:5f:bc:c9:22:9e:4e:a8:67:ee:ee:3a:b7:bc:
         bf:01:f5:63:c1:78:06:38:6b:9e:f3:89:bd:ac:b2:76:61:05:
         82:37:b0:af:74:85:dd:27:34:ba:4a:fe:d5:99:a2:a2:27:e8:
         17:e5:57:51:6d:d5:1f:70:ff:f6:0b:a5:3b:3c:20:87:81:6d:
         49:8c:4c:1c:4e:ea:c1:e6:ed:f8:66:00:8f:0c:89:8d:d0:f2:
         15:1f:93:13:fc:a3:fb:87:39:1f:c9:82:f7:77:48:be:7d:6d:
         66:9c:b1:ce:fe:1f:94:b1:7a:5e:1b:7e:c9:a1:12:0f:83:6e:
         f7:bd:42:59:47:8b:e1:d0:92:1a:12:57:86:58:c7:8f:8e:e1:
         b2:05:c8:a0:7b:5c:3f:2e:33:be:48:c5:a3:89:e9:9a:c7:ac:
         4b:ed:ec:53:78:1c:72:cb:1d:ad:2d:b8:f4:0a:26:6f:2c:50:
         21:45:85:62:d3:16:2f:78:b0:f8:9f:aa:b8:9b:35:05:cc:d1:
         9a:92:65:1c:70:43:52:a2:e1:3a:53:3f:05:26:9f:9a:27:2c:
         51:7e:30:be:c6:35:ee:38:35:97:f7:01:92:79:32:25:20:db:
         57:41:44:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQns2zm2A8tVhonsfG27odlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViNTEzNTljOTk4OWI5NjNlOTU5NGMxOTI5YzgyMDM2N2Rl
MzIyZGQwHhcNMjUwMTAyMTU0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWY1NmI3NTEzY2QxNWMzMmRjMTMxOTFkOTk2OWJmNmEyMmYxMDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtkkxhMNoFnP2ZR8IrMYZyOPSrPY6
jO0z4ggGaGh1gH2fNnU+YOmDaVzXrvmmZWH4qb2WoLNgXncTjwoQJ1KKTJ01i6La
f3pRRO1lHAQYTnEhUBiCDA6Uz9CUMfhtsMMPDbzMh2nb147SQUxEvj7Kfx/Q7tXN
gboPiynaAvoRKMY4WPpoWFlsnOWcxfR1Zo/cUzvpHDm1Hp38axzbxgO4v/MEMlI9
DBJvgBQY8smUmKuTEQMVFTi0PLHyfuT7SL0ytnotQAXDyM3uAmtnE/B2i/oJm3Jc
NQwh/EVd7T9SDF+SH9pyTDZd3inxQk6rKqCsvg/c0uIg0AgkManTzKYofQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGr1a3UTzRXDLcExkdmWm/aiLxCLMB8GA1UdIwQY
MBaAFOtRNZyZiblj6VlMGSnIIDZ94yLdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjFFMW5KbUp1V1BwV1V3WktjZ2dObjNqSXQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC9kOTdkMjgtYTJlMi00MDFkLThmZjAt
NTlmYzczZDYwMzIyLzEvYXZWcmRSUE5GY010d1RHUjJaYWI5cUl2RUlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC9kOTdkMjgtYTJlMi00MDFkLThmZjAtNTlmYzczZDYwMzIy
LzEvNjFFMW5KbUp1V1BwV1V3WktjZ2dObjNqSXQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXCn/MA0G
CSqGSIb3DQEBCwUAA4IBAQA+KvSmgsAdWZQpABpU3vrAtLn/Owkgc1+8ySKeTqhn
7u46t7y/AfVjwXgGOGue84m9rLJ2YQWCN7CvdIXdJzS6Sv7VmaKiJ+gX5VdRbdUf
cP/2C6U7PCCHgW1JjEwcTurB5u34ZgCPDImN0PIVH5MT/KP7hzkfyYL3d0i+fW1m
nLHO/h+UsXpeG37JoRIPg273vUJZR4vh0JIaEleGWMePjuGyBcige1w/LjO+SMWj
iemax6xL7exTeBxyyx2tLbj0CiZvLFAhRYVi0xYveLD4n6q4mzUFzNGakmUccENS
ouE6Uz8FJp+aJyxRfjC+xjXuODWX9wGSeTIlINtXQURN
-----END CERTIFICATE-----