Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/61d213-2a0f-4348-893c-e726374330ce/1/Ud6nKLiJFls8hZPdqKWd6NCKx4s.roa
File:                     Ud6nKLiJFls8hZPdqKWd6NCKx4s.roa (raw, json)
Hash identifier:          kpoSIP2t/VsuSH/WtPeiMloh7UaJwisV5mVhg29LqS8=
Subject key identifier:   51:DE:A7:28:B8:89:16:5B:3C:85:93:DD:A8:A5:9D:E8:D0:8A:C7:8B
Certificate issuer:       /CN=b61b7974e97ab93791240734a19fb9ae7445cbd9
Certificate serial:       018CC8DE9D80C2D68113A328D1008E3DAC26
Authority key identifier: B6:1B:79:74:E9:7A:B9:37:91:24:07:34:A1:9F:B9:AE:74:45:CB:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tht5dOl6uTeRJAc0oZ-5rnRFy9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/61d213-2a0f-4348-893c-e726374330ce/1/Ud6nKLiJFls8hZPdqKWd6NCKx4s.roa
Signing time:             Tue 02 Jan 2024 06:31:21 +0000
ROA not before:           Tue 02 Jan 2024 06:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203041
IP address blocks:        185.147.2.0/24 maxlen: 24
                          185.147.3.0/24 maxlen: 24
                          185.147.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/61d213-2a0f-4348-893c-e726374330ce/1/tht5dOl6uTeRJAc0oZ-5rnRFy9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/61d213-2a0f-4348-893c-e726374330ce/1/tht5dOl6uTeRJAc0oZ-5rnRFy9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tht5dOl6uTeRJAc0oZ-5rnRFy9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:9d:80:c2:d6:81:13:a3:28:d1:00:8e:3d:ac:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b61b7974e97ab93791240734a19fb9ae7445cbd9
        Validity
            Not Before: Jan  2 06:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51dea728b889165b3c8593dda8a59de8d08ac78b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:da:ad:6f:d1:2e:d7:ed:be:29:6b:dc:79:1c:
                    ec:fe:f6:b8:b0:78:1b:6f:57:1d:bf:15:0b:c1:a2:
                    86:35:c3:83:e4:7c:b0:7a:70:f5:21:72:a3:8a:10:
                    94:70:1e:88:5a:74:7f:83:f2:56:41:e5:06:74:5b:
                    7e:5f:fe:f4:4c:e9:ac:bc:e4:e6:9b:99:3e:7a:81:
                    5c:f6:72:b3:ef:48:d2:55:70:e0:ad:78:08:15:f9:
                    a3:04:26:cf:a0:8d:7c:d8:1a:89:b8:d0:62:43:7a:
                    52:ce:42:41:36:fb:83:85:69:8e:69:7e:fc:5b:c2:
                    f6:cd:f0:56:cf:a1:82:95:70:24:c2:54:d7:bd:f1:
                    21:50:14:a8:2e:cb:f2:20:00:69:fe:87:6d:11:b3:
                    05:d8:30:f2:fc:ea:a2:74:48:5d:ba:30:91:c1:15:
                    0e:0b:20:9c:74:ba:0b:f2:18:78:ed:80:8c:ed:67:
                    ba:9d:89:4a:e4:b3:59:a9:ab:d1:90:36:1a:a9:94:
                    de:7e:20:c0:b5:81:78:a0:79:58:9c:38:e8:73:1e:
                    57:39:53:85:ec:8d:f0:27:29:56:c9:47:09:49:1f:
                    ca:63:71:15:48:af:ba:89:3f:3b:1b:a6:df:76:14:
                    5a:ea:e7:a2:96:bc:c7:26:35:c3:62:98:d0:22:55:
                    ff:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:DE:A7:28:B8:89:16:5B:3C:85:93:DD:A8:A5:9D:E8:D0:8A:C7:8B
            X509v3 Authority Key Identifier:
                keyid:B6:1B:79:74:E9:7A:B9:37:91:24:07:34:A1:9F:B9:AE:74:45:CB:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tht5dOl6uTeRJAc0oZ-5rnRFy9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/61d213-2a0f-4348-893c-e726374330ce/1/Ud6nKLiJFls8hZPdqKWd6NCKx4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/61d213-2a0f-4348-893c-e726374330ce/1/tht5dOl6uTeRJAc0oZ-5rnRFy9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.147.1.0-185.147.3.255

    Signature Algorithm: sha256WithRSAEncryption
         3b:8b:71:24:e5:ef:e6:9c:fe:c7:b0:6c:e3:1f:ac:68:5a:af:
         cd:35:e7:73:da:16:7e:85:8a:72:a8:dd:22:2a:b2:6e:98:c1:
         f2:29:2d:91:bc:99:3d:f0:c5:46:2d:60:d7:7e:ce:83:5d:1d:
         60:cf:46:f2:d4:65:f4:da:87:a9:37:f3:7d:dd:cb:67:62:5b:
         37:cf:ae:38:a4:74:9f:6b:d7:48:8f:33:90:27:b9:f0:2b:e0:
         64:37:44:d3:21:fa:c9:0d:65:29:79:91:6e:c1:6e:0b:34:e2:
         30:e3:62:14:fa:10:c9:39:18:be:d2:c2:99:f5:dc:94:41:43:
         c7:90:57:23:63:01:ed:c1:83:8f:21:87:4b:e4:28:64:fd:31:
         e9:05:a0:63:95:7c:69:82:a4:5f:02:6b:a5:ae:0b:6f:f5:9c:
         1b:8e:fd:bc:68:10:33:34:34:4d:8f:6a:a8:09:4c:fa:f3:2e:
         a1:2b:72:87:c3:64:56:01:d4:76:17:8f:62:69:9c:12:aa:e1:
         9b:0e:02:f8:61:e6:78:4a:6b:63:48:b9:7d:f1:6d:83:79:14:
         c0:30:26:1e:21:9a:e3:d8:55:8b:2a:78:fa:68:1c:7b:4d:5e:
         07:ea:96:d4:d6:c1:b0:24:0d:90:82:37:f1:a8:0e:b4:f6:48:
         ea:1e:c6:f9
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzI3p2AwtaBE6Mo0QCOPawmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2MWI3OTc0ZTk3YWI5Mzc5MTI0MDczNGExOWZiOWFlNzQ0
NWNiZDkwHhcNMjQwMTAyMDYzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWRlYTcyOGI4ODkxNjViM2M4NTkzZGRhOGE1OWRlOGQwOGFjNzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu9qtb9Eu1+2+KWvceRzs/va4sHgb
b1cdvxULwaKGNcOD5HywenD1IXKjihCUcB6IWnR/g/JWQeUGdFt+X/70TOmsvOTm
m5k+eoFc9nKz70jSVXDgrXgIFfmjBCbPoI182BqJuNBiQ3pSzkJBNvuDhWmOaX78
W8L2zfBWz6GClXAkwlTXvfEhUBSoLsvyIABp/odtEbMF2DDy/OqidEhdujCRwRUO
CyCcdLoL8hh47YCM7We6nYlK5LNZqavRkDYaqZTefiDAtYF4oHlYnDjocx5XOVOF
7I3wJylWyUcJSR/KY3EVSK+6iT87G6bfdhRa6ueilrzHJjXDYpjQIlX/pQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFHepyi4iRZbPIWT3ailnejQiseLMB8GA1UdIwQY
MBaAFLYbeXTperk3kSQHNKGfua50RcvZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGh0NWRPbDZ1VGVSSkFjMG9aLTVyblJGeTlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi82MWQyMTMtMmEwZi00MzQ4LTg5M2Mt
ZTcyNjM3NDMzMGNlLzEvVWQ2bktMaUpGbHM4aFpQZHFLV2Q2TkNLeDRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi82MWQyMTMtMmEwZi00MzQ4LTg5M2MtZTcyNjM3NDMzMGNl
LzEvdGh0NWRPbDZ1VGVSSkFjMG9aLTVyblJGeTlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5kwED
BAK5kwAwDQYJKoZIhvcNAQELBQADggEBADuLcSTl7+ac/sewbOMfrGhar80153Pa
Fn6FinKo3SIqsm6YwfIpLZG8mT3wxUYtYNd+zoNdHWDPRvLUZfTah6k3833dy2di
WzfPrjikdJ9r10iPM5AnufAr4GQ3RNMh+skNZSl5kW7Bbgs04jDjYhT6EMk5GL7S
wpn13JRBQ8eQVyNjAe3Bg48hh0vkKGT9MekFoGOVfGmCpF8Ca6WuC2/1nBuO/bxo
EDM0NE2PaqgJTPrzLqErcofDZFYB1HYXj2JpnBKq4ZsOAvhh5nhKa2NIuX3xbYN5
FMAwJh4hmuPYVYsqePpoHHtNXgfqltTWwbAkDZCCN/GoDrT2SOoexvk=
-----END CERTIFICATE-----