Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/5fd273-f3a9-4755-b23a-3bbd887d05c2/1/THXmZVSKHV8u_UQdMKmuKcpn4Pw.roa
File:                     THXmZVSKHV8u_UQdMKmuKcpn4Pw.roa (raw, json)
Hash identifier:          6CnZqtKH7cj3AFt5jH9acLBs6DtYmrjmRKt0L1gPZvQ=
Subject key identifier:   4C:75:E6:65:54:8A:1D:5F:2E:FD:44:1D:30:A9:AE:29:CA:67:E0:FC
Certificate issuer:       /CN=3aa9e9832ed25de78c3ce0501208261066281f51
Certificate serial:       018CC94E5837359024EB8E65E484877390C9
Authority key identifier: 3A:A9:E9:83:2E:D2:5D:E7:8C:3C:E0:50:12:08:26:10:66:28:1F:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Oqnpgy7SXeeMPOBQEggmEGYoH1E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/5fd273-f3a9-4755-b23a-3bbd887d05c2/1/THXmZVSKHV8u_UQdMKmuKcpn4Pw.roa
Signing time:             Tue 02 Jan 2024 08:33:23 +0000
ROA not before:           Tue 02 Jan 2024 08:33:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203409
IP address blocks:        185.217.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/5fd273-f3a9-4755-b23a-3bbd887d05c2/1/Oqnpgy7SXeeMPOBQEggmEGYoH1E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/5fd273-f3a9-4755-b23a-3bbd887d05c2/1/Oqnpgy7SXeeMPOBQEggmEGYoH1E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Oqnpgy7SXeeMPOBQEggmEGYoH1E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:58:37:35:90:24:eb:8e:65:e4:84:87:73:90:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aa9e9832ed25de78c3ce0501208261066281f51
        Validity
            Not Before: Jan  2 08:33:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c75e665548a1d5f2efd441d30a9ae29ca67e0fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ef:00:93:12:08:33:20:86:63:04:a2:25:77:
                    c5:67:a5:47:4d:04:cd:8b:16:be:c7:69:df:c4:06:
                    2b:ac:fa:0f:53:c9:c4:0c:48:23:8c:c7:60:2c:aa:
                    8e:ce:e9:7d:7b:a0:35:4b:9b:d1:bb:8a:bc:e7:ff:
                    75:5b:77:1b:9b:86:83:52:f4:16:6c:09:a8:82:30:
                    3c:17:87:1e:89:76:5a:be:3d:8d:f7:6c:b9:ea:c4:
                    d1:5b:9e:cf:96:1a:55:d8:e4:2c:2d:46:32:94:e8:
                    41:34:6d:68:90:ee:a0:b9:f2:89:a1:80:cb:67:3e:
                    cf:97:aa:ea:29:8e:63:8b:a5:d2:eb:ea:61:97:63:
                    a4:27:79:34:cc:20:c8:c6:27:04:b2:6d:4d:fc:0c:
                    4b:2e:a6:fc:68:e4:91:74:27:3f:b5:a8:e3:3d:53:
                    09:e9:e8:1d:9a:9e:21:62:f7:08:62:bc:dc:4f:6f:
                    38:00:a2:1f:f3:d6:8d:5d:e5:d4:ee:31:00:73:26:
                    06:f6:8f:f9:29:38:29:ce:be:3f:8b:f3:ec:60:d7:
                    af:f0:fd:c9:77:30:94:7d:ef:1b:16:c9:f1:64:66:
                    ee:fd:9a:35:2d:27:ce:00:2c:b5:5d:a5:c6:0a:e6:
                    fa:9d:f9:d3:97:45:c1:7a:a5:36:70:27:4a:6f:6c:
                    09:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:75:E6:65:54:8A:1D:5F:2E:FD:44:1D:30:A9:AE:29:CA:67:E0:FC
            X509v3 Authority Key Identifier:
                keyid:3A:A9:E9:83:2E:D2:5D:E7:8C:3C:E0:50:12:08:26:10:66:28:1F:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Oqnpgy7SXeeMPOBQEggmEGYoH1E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/5fd273-f3a9-4755-b23a-3bbd887d05c2/1/THXmZVSKHV8u_UQdMKmuKcpn4Pw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/5fd273-f3a9-4755-b23a-3bbd887d05c2/1/Oqnpgy7SXeeMPOBQEggmEGYoH1E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:30:5c:f0:0b:a8:d0:dd:fb:84:07:90:33:94:a4:fc:3c:97:
         0d:0a:7c:31:90:0d:96:9b:08:7b:75:d0:bd:71:63:8f:23:e4:
         81:64:d0:bf:77:d9:37:7d:83:82:1a:ec:79:dd:6a:11:21:4f:
         d1:b9:c8:9c:c1:d4:21:0a:8e:85:e7:79:17:c7:39:dc:1b:e9:
         43:2a:8e:fb:66:4c:b5:4c:52:3b:c9:45:e6:8b:37:15:31:c1:
         f1:3f:62:22:5a:e0:8e:26:20:a6:33:a1:16:29:6a:bf:8e:e6:
         3a:46:72:4e:30:0b:67:64:1f:18:b3:f2:bd:cc:52:e4:6b:cd:
         d0:90:af:d2:17:ec:7a:1a:ae:2a:8c:65:c2:39:5b:c0:02:e8:
         20:69:a3:b5:47:1b:06:62:5e:72:5f:76:db:32:cc:43:d4:01:
         1d:4a:9b:cb:57:55:6e:2f:3f:44:d7:ed:ac:39:13:67:66:87:
         7f:5e:b0:85:62:74:f6:0e:a8:58:a7:83:31:6e:af:12:35:23:
         86:f8:18:de:58:1d:ae:15:e3:b3:2a:1d:9f:5a:13:95:af:4b:
         e7:94:74:a1:6c:3d:44:6d:10:e2:af:7b:8e:ac:2b:62:cf:97:
         d3:33:c2:b6:2f:7e:5b:e1:f8:ee:ad:7a:9b:f2:72:6d:98:f8:
         09:0e:9e:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTlg3NZAk645l5ISHc5DJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYTllOTgzMmVkMjVkZTc4YzNjZTA1MDEyMDgyNjEwNjYy
ODFmNTEwHhcNMjQwMTAyMDgzMzIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Yzc1ZTY2NTU0OGExZDVmMmVmZDQ0MWQzMGE5YWUyOWNhNjdlMGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+8AkxIIMyCGYwSiJXfFZ6VHTQTN
ixa+x2nfxAYrrPoPU8nEDEgjjMdgLKqOzul9e6A1S5vRu4q85/91W3cbm4aDUvQW
bAmogjA8F4ceiXZavj2N92y56sTRW57PlhpV2OQsLUYylOhBNG1okO6gufKJoYDL
Zz7Pl6rqKY5ji6XS6+phl2OkJ3k0zCDIxicEsm1N/AxLLqb8aOSRdCc/tajjPVMJ
6egdmp4hYvcIYrzcT284AKIf89aNXeXU7jEAcyYG9o/5KTgpzr4/i/PsYNev8P3J
dzCUfe8bFsnxZGbu/Zo1LSfOACy1XaXGCub6nfnTl0XBeqU2cCdKb2wJMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEx15mVUih1fLv1EHTCprinKZ+D8MB8GA1UdIwQY
MBaAFDqp6YMu0l3njDzgUBIIJhBmKB9RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3FucGd5N1NYZWVNUE9CUUVnZ21FR1lvSDFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy81ZmQyNzMtZjNhOS00NzU1LWIyM2Et
M2JiZDg4N2QwNWMyLzEvVEhYbVpWU0tIVjh1X1VRZE1LbXVLY3BuNFB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy81ZmQyNzMtZjNhOS00NzU1LWIyM2EtM2JiZDg4N2QwNWMy
LzEvT3FucGd5N1NYZWVNUE9CUUVnZ21FR1lvSDFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudk9MA0G
CSqGSIb3DQEBCwUAA4IBAQAeMFzwC6jQ3fuEB5AzlKT8PJcNCnwxkA2Wmwh7ddC9
cWOPI+SBZNC/d9k3fYOCGux53WoRIU/RucicwdQhCo6F53kXxzncG+lDKo77Zky1
TFI7yUXmizcVMcHxP2IiWuCOJiCmM6EWKWq/juY6RnJOMAtnZB8Ys/K9zFLka83Q
kK/SF+x6Gq4qjGXCOVvAAuggaaO1RxsGYl5yX3bbMsxD1AEdSpvLV1VuLz9E1+2s
ORNnZod/XrCFYnT2DqhYp4Mxbq8SNSOG+BjeWB2uFeOzKh2fWhOVr0vnlHShbD1E
bRDir3uOrCtiz5fTM8K2L35b4fjurXqb8nJtmPgJDp49
-----END CERTIFICATE-----