Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/B61OFa5NjLeBSEt-0sxFVBxej6s.roa
File:                     B61OFa5NjLeBSEt-0sxFVBxej6s.roa (raw, json)
Hash identifier:          6URe8Cgqr6J69sF3hyMWwMxG4lK+IEHjmhBmfsnckyg=
Subject key identifier:   07:AD:4E:15:AE:4D:8C:B7:81:48:4B:7E:D2:CC:45:54:1C:5E:8F:AB
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018DEB18D08EAD640A8B27CD2974C0D5BBD3
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/B61OFa5NjLeBSEt-0sxFVBxej6s.roa
Signing time:             Tue 27 Feb 2024 15:04:48 +0000
ROA not before:           Tue 27 Feb 2024 15:04:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48330
IP address blocks:        147.45.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:eb:18:d0:8e:ad:64:0a:8b:27:cd:29:74:c0:d5:bb:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Feb 27 15:04:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07ad4e15ae4d8cb781484b7ed2cc45541c5e8fab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:83:76:a1:bf:6b:ca:c8:e2:ca:9d:a5:2e:0d:
                    21:97:07:de:f4:da:91:8d:62:cd:b8:b6:9a:59:58:
                    22:67:ec:c9:52:74:1f:31:58:f2:71:34:78:aa:1c:
                    a4:5a:7b:92:c1:6c:7b:f0:08:0d:07:0b:5d:49:52:
                    63:38:e0:e2:f6:50:d1:f1:88:50:26:e9:5d:d2:41:
                    79:f8:ac:de:a1:a4:88:5b:24:d9:94:04:e3:b0:08:
                    f5:6a:67:9b:8d:bf:3c:9e:0a:3c:73:c9:fd:0d:81:
                    23:1c:fc:e6:53:30:ae:f2:0d:14:6d:97:ce:bc:d6:
                    4e:fb:37:60:08:5f:ac:29:fe:cf:e9:01:3f:84:5e:
                    2a:01:cf:ca:b6:73:63:a4:c3:41:4d:11:fd:02:58:
                    5d:cd:70:65:ea:30:dc:43:af:1b:d4:cf:e5:f6:f5:
                    c9:38:4a:49:6c:c7:46:33:42:57:89:ee:d3:d4:89:
                    6b:b7:a6:41:95:be:ef:3e:9c:30:f7:2c:9d:d2:7a:
                    f8:02:d8:37:c6:ac:55:64:68:a9:ed:f1:dc:29:bc:
                    5a:54:3e:b1:e3:be:66:9c:2b:df:76:a9:c0:8f:91:
                    75:a3:b9:2f:6a:cb:00:bd:af:77:cc:25:56:38:29:
                    eb:2c:bf:7b:71:57:79:1f:d4:ea:1b:9e:7c:77:37:
                    2e:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:AD:4E:15:AE:4D:8C:B7:81:48:4B:7E:D2:CC:45:54:1C:5E:8F:AB
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/B61OFa5NjLeBSEt-0sxFVBxej6s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:b3:65:31:ba:44:a0:90:68:be:3f:df:38:ba:20:8e:1c:75:
         b0:80:bf:4b:5f:26:43:e3:8a:c4:8a:68:b2:56:b0:ad:f0:46:
         63:58:22:9b:71:d9:6e:d8:67:1f:7d:c1:0b:41:0e:54:75:50:
         46:b7:bb:d2:dd:c2:28:b4:37:ea:3d:4b:bc:7e:1f:db:43:56:
         67:85:12:cb:97:56:02:5a:9a:7c:3e:32:89:4f:21:19:42:f8:
         08:0b:a4:95:82:86:14:53:0b:67:dc:94:a8:36:98:ea:dc:3c:
         40:9b:d2:5d:dd:dd:d5:1b:db:02:1b:8b:5e:69:a2:33:ee:da:
         74:ca:f3:6f:9e:c6:db:e2:d7:99:c0:30:6a:5d:bf:04:96:4b:
         b1:5c:7c:7d:ba:15:a8:1b:38:36:0a:d0:32:f0:4a:3c:07:26:
         64:fb:a6:bd:a2:32:99:ee:9d:71:19:21:2f:ca:49:4f:76:48:
         ea:3c:c0:2e:38:4c:4c:18:49:40:73:90:06:05:22:a0:54:4b:
         78:f2:11:42:7a:bd:0c:a0:16:0f:21:19:64:93:7f:fb:a0:7a:
         c9:7f:05:a5:11:5e:1a:a0:93:42:bd:41:68:52:41:34:72:94:
         ff:c8:d5:e4:f6:46:d5:40:64:bc:f8:9a:17:9a:02:bc:a8:17:
         f1:c0:6c:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3rGNCOrWQKiyfNKXTA1bvTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMjI3MTUwNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2FkNGUxNWFlNGQ4Y2I3ODE0ODRiN2VkMmNjNDU1NDFjNWU4ZmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIN2ob9rysjiyp2lLg0hlwfe9NqR
jWLNuLaaWVgiZ+zJUnQfMVjycTR4qhykWnuSwWx78AgNBwtdSVJjOODi9lDR8YhQ
Juld0kF5+KzeoaSIWyTZlATjsAj1amebjb88ngo8c8n9DYEjHPzmUzCu8g0UbZfO
vNZO+zdgCF+sKf7P6QE/hF4qAc/KtnNjpMNBTRH9AlhdzXBl6jDcQ68b1M/l9vXJ
OEpJbMdGM0JXie7T1Ilrt6ZBlb7vPpww9yyd0nr4Atg3xqxVZGip7fHcKbxaVD6x
475mnCvfdqnAj5F1o7kvassAva93zCVWOCnrLL97cVd5H9TqG558dzcu3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAetThWuTYy3gUhLftLMRVQcXo+rMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvQjYxT0ZhNU5qTGVCU0V0LTBzeEZWQnhlajZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAky1zMA0G
CSqGSIb3DQEBCwUAA4IBAQA9s2UxukSgkGi+P984uiCOHHWwgL9LXyZD44rEimiy
VrCt8EZjWCKbcdlu2GcffcELQQ5UdVBGt7vS3cIotDfqPUu8fh/bQ1ZnhRLLl1YC
Wpp8PjKJTyEZQvgIC6SVgoYUUwtn3JSoNpjq3DxAm9Jd3d3VG9sCG4teaaIz7tp0
yvNvnsbb4teZwDBqXb8ElkuxXHx9uhWoGzg2CtAy8Eo8ByZk+6a9ojKZ7p1xGSEv
yklPdkjqPMAuOExMGElAc5AGBSKgVEt48hFCer0MoBYPIRlkk3/7oHrJfwWlEV4a
oJNCvUFoUkE0cpT/yNXk9kbVQGS8+JoXmgK8qBfxwGyS
-----END CERTIFICATE-----