Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/5fd273-f3a9-4755-b23a-3bbd887d05c2/1/NHwunUYnnBBGaMNGpCSpZ36cT3E.roa
File:                     NHwunUYnnBBGaMNGpCSpZ36cT3E.roa (raw, json)
Hash identifier:          sSxiDvgC6CQ7HiRfJqdX+g5Rkjm+MsXOXUGgfsguDFI=
Subject key identifier:   34:7C:2E:9D:46:27:9C:10:46:68:C3:46:A4:24:A9:67:7E:9C:4F:71
Certificate issuer:       /CN=3aa9e9832ed25de78c3ce0501208261066281f51
Certificate serial:       018CC94E585973B38B630118081E0DDDDFF8
Authority key identifier: 3A:A9:E9:83:2E:D2:5D:E7:8C:3C:E0:50:12:08:26:10:66:28:1F:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Oqnpgy7SXeeMPOBQEggmEGYoH1E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/5fd273-f3a9-4755-b23a-3bbd887d05c2/1/NHwunUYnnBBGaMNGpCSpZ36cT3E.roa
Signing time:             Tue 02 Jan 2024 08:33:24 +0000
ROA not before:           Tue 02 Jan 2024 08:33:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212280
IP address blocks:        185.217.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/5fd273-f3a9-4755-b23a-3bbd887d05c2/1/Oqnpgy7SXeeMPOBQEggmEGYoH1E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/5fd273-f3a9-4755-b23a-3bbd887d05c2/1/Oqnpgy7SXeeMPOBQEggmEGYoH1E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Oqnpgy7SXeeMPOBQEggmEGYoH1E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:58:59:73:b3:8b:63:01:18:08:1e:0d:dd:df:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aa9e9832ed25de78c3ce0501208261066281f51
        Validity
            Not Before: Jan  2 08:33:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=347c2e9d46279c104668c346a424a9677e9c4f71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:e1:b7:cf:2d:d4:50:a2:be:52:11:5b:13:20:
                    41:f7:bf:a8:39:0b:f8:bb:70:d1:f0:6e:29:31:5a:
                    0e:bc:7e:12:53:b2:af:c6:0c:a2:a7:21:c9:5b:23:
                    bd:7d:6b:54:eb:0f:03:a4:5a:1a:ff:ae:43:6f:fb:
                    21:48:f8:8e:42:19:b3:db:93:31:c9:a6:d8:69:cb:
                    22:df:1b:1d:02:c3:01:37:04:46:30:9b:4b:5e:2a:
                    37:0d:fc:3a:b0:6c:13:f3:92:8b:1b:b9:4d:53:44:
                    6a:85:05:89:0b:cb:b9:7d:2b:17:b7:49:f6:5f:3b:
                    56:f5:10:00:41:5a:b3:cf:d3:85:4c:b0:9c:d3:71:
                    02:b8:a2:49:6a:4d:15:1d:80:88:b3:f3:25:fa:b6:
                    96:16:a6:46:36:43:f5:c5:00:f5:c8:d6:72:e3:ae:
                    39:e5:91:aa:bb:44:d9:c7:69:fb:45:af:2e:1f:66:
                    5a:13:ec:f0:d7:e3:bd:98:c5:38:4b:48:bc:12:e4:
                    9c:d8:43:14:f0:4e:ed:d6:4d:a0:ec:2a:a6:e4:57:
                    6d:84:ae:3f:fa:75:4f:2e:2e:80:73:d1:46:73:77:
                    98:e1:a1:43:5b:13:b6:74:d4:51:15:fc:b2:a7:35:
                    8d:d3:57:d9:cd:2c:e9:24:8d:34:c9:70:36:47:35:
                    fb:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:7C:2E:9D:46:27:9C:10:46:68:C3:46:A4:24:A9:67:7E:9C:4F:71
            X509v3 Authority Key Identifier:
                keyid:3A:A9:E9:83:2E:D2:5D:E7:8C:3C:E0:50:12:08:26:10:66:28:1F:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Oqnpgy7SXeeMPOBQEggmEGYoH1E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/5fd273-f3a9-4755-b23a-3bbd887d05c2/1/NHwunUYnnBBGaMNGpCSpZ36cT3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/5fd273-f3a9-4755-b23a-3bbd887d05c2/1/Oqnpgy7SXeeMPOBQEggmEGYoH1E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:49:dd:39:db:c3:f7:a6:cd:c2:79:d0:ae:28:b8:b4:6b:65:
         a8:66:0f:f1:75:3b:81:d0:ea:83:cc:b8:7e:71:9d:30:0d:55:
         3f:09:3b:78:cd:48:ef:16:2a:6e:73:9f:7e:09:42:98:44:eb:
         88:e4:80:8a:cf:74:bf:6b:b9:07:a4:06:e2:0e:d9:6f:77:ef:
         ca:f8:26:ad:31:41:67:09:d8:85:57:4d:d6:dc:22:87:69:28:
         6b:a3:f1:ff:d6:20:6d:a5:1c:4f:12:53:f9:b2:04:67:6a:d5:
         91:9f:11:46:f3:58:db:4a:f1:58:f7:dc:4b:54:c2:ab:5f:5b:
         84:f3:20:0f:7e:7a:b2:7d:87:b0:47:dc:20:8f:28:2a:08:08:
         e6:ac:18:9b:c4:91:7c:d8:29:22:44:ba:56:d2:2f:db:3e:92:
         db:12:45:69:bc:0f:37:a4:a3:36:5e:65:ce:42:b0:1a:05:30:
         59:c7:48:6f:ef:84:27:0e:10:f6:41:36:95:66:67:50:dd:90:
         f9:d7:8a:61:e5:0b:f0:ed:66:0c:f9:46:8a:62:df:95:92:74:
         cb:98:b8:9f:b5:05:9e:a2:8b:8b:28:fa:cd:9f:5d:68:d4:a6:
         91:97:59:c4:0a:f7:61:5b:5e:94:26:3b:6d:60:86:c6:5c:5d:
         4b:31:11:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTlhZc7OLYwEYCB4N3d/4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYTllOTgzMmVkMjVkZTc4YzNjZTA1MDEyMDgyNjEwNjYy
ODFmNTEwHhcNMjQwMTAyMDgzMzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDdjMmU5ZDQ2Mjc5YzEwNDY2OGMzNDZhNDI0YTk2NzdlOWM0ZjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtuG3zy3UUKK+UhFbEyBB97+oOQv4
u3DR8G4pMVoOvH4SU7KvxgyipyHJWyO9fWtU6w8DpFoa/65Db/shSPiOQhmz25Mx
yabYacsi3xsdAsMBNwRGMJtLXio3Dfw6sGwT85KLG7lNU0RqhQWJC8u5fSsXt0n2
XztW9RAAQVqzz9OFTLCc03ECuKJJak0VHYCIs/Ml+raWFqZGNkP1xQD1yNZy4645
5ZGqu0TZx2n7Ra8uH2ZaE+zw1+O9mMU4S0i8EuSc2EMU8E7t1k2g7Cqm5FdthK4/
+nVPLi6Ac9FGc3eY4aFDWxO2dNRRFfyypzWN01fZzSzpJI00yXA2RzX7NwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDR8Lp1GJ5wQRmjDRqQkqWd+nE9xMB8GA1UdIwQY
MBaAFDqp6YMu0l3njDzgUBIIJhBmKB9RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3FucGd5N1NYZWVNUE9CUUVnZ21FR1lvSDFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy81ZmQyNzMtZjNhOS00NzU1LWIyM2Et
M2JiZDg4N2QwNWMyLzEvTkh3dW5VWW5uQkJHYU1OR3BDU3BaMzZjVDNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy81ZmQyNzMtZjNhOS00NzU1LWIyM2EtM2JiZDg4N2QwNWMy
LzEvT3FucGd5N1NYZWVNUE9CUUVnZ21FR1lvSDFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudk9MA0G
CSqGSIb3DQEBCwUAA4IBAQBASd0528P3ps3CedCuKLi0a2WoZg/xdTuB0OqDzLh+
cZ0wDVU/CTt4zUjvFipuc59+CUKYROuI5ICKz3S/a7kHpAbiDtlvd+/K+CatMUFn
CdiFV03W3CKHaShro/H/1iBtpRxPElP5sgRnatWRnxFG81jbSvFY99xLVMKrX1uE
8yAPfnqyfYewR9wgjygqCAjmrBibxJF82CkiRLpW0i/bPpLbEkVpvA83pKM2XmXO
QrAaBTBZx0hv74QnDhD2QTaVZmdQ3ZD514ph5Qvw7WYM+UaKYt+VknTLmLiftQWe
oouLKPrNn11o1KaRl1nECvdhW16UJjttYIbGXF1LMRE9
-----END CERTIFICATE-----