Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/H6YPxi-HSbjrRSbjwDXdLc9KmSs.roa
File:                     H6YPxi-HSbjrRSbjwDXdLc9KmSs.roa (raw, json)
Hash identifier:          46pPCU2n51ldbTEaxBdK49rVH0GxZU/37x7D77pt+TE=
Subject key identifier:   1F:A6:0F:C6:2F:87:49:B8:EB:45:26:E3:C0:35:DD:2D:CF:4A:99:2B
Certificate issuer:       /CN=b343514630dc17f3fe9b51dd434184d0b62b03c0
Certificate serial:       018CC5DC04E8DFB1C9ED049716CDEFC7D0FC
Authority key identifier: B3:43:51:46:30:DC:17:F3:FE:9B:51:DD:43:41:84:D0:B6:2B:03:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/H6YPxi-HSbjrRSbjwDXdLc9KmSs.roa
Signing time:             Mon 01 Jan 2024 16:29:39 +0000
ROA not before:           Mon 01 Jan 2024 16:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3227
IP address blocks:        185.37.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:04:e8:df:b1:c9:ed:04:97:16:cd:ef:c7:d0:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b343514630dc17f3fe9b51dd434184d0b62b03c0
        Validity
            Not Before: Jan  1 16:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1fa60fc62f8749b8eb4526e3c035dd2dcf4a992b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:59:b7:d3:79:6a:cc:99:fb:97:82:5b:ce:90:
                    00:41:21:cf:a7:d6:ac:38:b0:45:cc:ff:43:5f:0a:
                    66:4f:82:a6:8e:9d:73:82:d8:c4:db:d6:4d:08:e7:
                    d8:5a:e2:90:bb:f0:58:0a:6d:65:bc:b7:ee:53:fd:
                    aa:8f:e4:65:1d:cf:97:e5:08:3e:3a:8e:ee:42:c7:
                    6d:ca:de:9c:1b:9b:bb:03:c9:ae:17:d5:40:bf:01:
                    3e:25:6a:b8:a7:e7:0e:94:65:b7:11:8b:1b:a4:87:
                    21:88:c5:6f:f6:a7:e7:9d:7f:52:e7:b5:6f:3d:81:
                    c1:bb:d0:85:d6:6e:15:12:6e:4a:fe:6e:f8:08:44:
                    bb:c6:36:1e:88:dc:35:e4:94:bb:20:e7:e3:09:90:
                    8c:0e:64:44:6d:c3:84:b2:b5:eb:76:a8:f6:b1:6c:
                    8c:fd:4f:8c:62:62:17:af:66:a1:07:fd:3f:42:15:
                    59:a2:70:90:1a:91:dd:ab:67:3a:d4:19:a2:04:e9:
                    c3:e0:97:6a:e6:9c:67:20:ea:90:c1:89:ac:15:b5:
                    65:b2:03:cf:09:e4:6f:ef:47:67:4d:83:82:6e:2d:
                    41:03:48:ed:6b:d8:08:e9:4f:6c:cf:6a:4f:fb:94:
                    3b:2a:1a:09:c8:c8:4d:e8:f9:e8:90:a5:e6:51:bc:
                    35:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:A6:0F:C6:2F:87:49:B8:EB:45:26:E3:C0:35:DD:2D:CF:4A:99:2B
            X509v3 Authority Key Identifier:
                keyid:B3:43:51:46:30:DC:17:F3:FE:9B:51:DD:43:41:84:D0:B6:2B:03:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/H6YPxi-HSbjrRSbjwDXdLc9KmSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.37.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:a3:41:94:3a:bf:c8:e5:f7:fc:65:1e:94:c9:6d:6a:2a:8e:
         e5:83:9c:37:19:33:bf:e8:04:a5:96:ed:9b:10:52:2e:56:86:
         20:5d:5a:ff:78:9f:ba:fa:3b:6e:00:d3:60:79:5b:96:10:9b:
         a9:e0:9e:66:4c:b9:9f:0a:77:e5:18:ea:b2:83:81:e6:3e:94:
         cd:b5:37:10:2b:e8:d8:47:72:24:b1:bd:6f:75:76:3f:6c:47:
         81:b3:9e:51:31:39:3a:27:fd:04:cd:a4:4b:75:5d:9a:4d:59:
         b4:fb:66:77:56:07:10:cc:b3:e8:0c:dd:cf:b4:fe:7d:1a:7b:
         15:ee:1a:92:b0:5b:56:43:50:95:28:63:38:6a:95:8f:27:d4:
         f0:83:68:66:af:ed:1a:d0:94:8d:f5:61:1d:ad:67:87:f4:0a:
         6c:32:ac:f2:c0:9d:96:15:64:4d:47:55:c7:2e:bc:cf:39:b9:
         77:ea:de:60:c4:d0:1f:2b:87:15:fb:37:95:f2:82:a1:5e:8e:
         4d:27:37:06:62:ff:c3:1d:de:04:fd:4d:a7:68:f6:39:4a:39:
         de:d9:84:fa:f9:a7:1d:c4:8f:12:17:8c:15:f1:d4:29:05:de:
         42:08:ee:6f:3a:5a:88:08:0f:8b:4d:93:87:bf:b2:d6:03:70:
         27:8e:4e:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3ATo37HJ7QSXFs3vx9D8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzNDM1MTQ2MzBkYzE3ZjNmZTliNTFkZDQzNDE4NGQwYjYy
YjAzYzAwHhcNMjQwMTAxMTYyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmE2MGZjNjJmODc0OWI4ZWI0NTI2ZTNjMDM1ZGQyZGNmNGE5OTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn1m303lqzJn7l4JbzpAAQSHPp9as
OLBFzP9DXwpmT4Kmjp1zgtjE29ZNCOfYWuKQu/BYCm1lvLfuU/2qj+RlHc+X5Qg+
Oo7uQsdtyt6cG5u7A8muF9VAvwE+JWq4p+cOlGW3EYsbpIchiMVv9qfnnX9S57Vv
PYHBu9CF1m4VEm5K/m74CES7xjYeiNw15JS7IOfjCZCMDmREbcOEsrXrdqj2sWyM
/U+MYmIXr2ahB/0/QhVZonCQGpHdq2c61BmiBOnD4Jdq5pxnIOqQwYmsFbVlsgPP
CeRv70dnTYOCbi1BA0jta9gI6U9sz2pP+5Q7KhoJyMhN6PnokKXmUbw1kQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB+mD8Yvh0m460Um48A13S3PSpkrMB8GA1UdIwQY
MBaAFLNDUUYw3Bfz/ptR3UNBhNC2KwPAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczBOUlJqRGNGX1AtbTFIZFEwR0UwTFlyQThBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMzgwNDYtN2JlMC00MDE3LWE5OGIt
YTcyNDdlOWQ1ZjNhLzEvSDZZUHhpLUhTYmpyUlNiandEWGRMYzlLbVNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMzgwNDYtN2JlMC00MDE3LWE5OGItYTcyNDdlOWQ1ZjNh
LzEvczBOUlJqRGNGX1AtbTFIZFEwR0UwTFlyQThBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSU9MA0G
CSqGSIb3DQEBCwUAA4IBAQBGo0GUOr/I5ff8ZR6UyW1qKo7lg5w3GTO/6ASllu2b
EFIuVoYgXVr/eJ+6+jtuANNgeVuWEJup4J5mTLmfCnflGOqyg4HmPpTNtTcQK+jY
R3Iksb1vdXY/bEeBs55RMTk6J/0EzaRLdV2aTVm0+2Z3VgcQzLPoDN3PtP59GnsV
7hqSsFtWQ1CVKGM4apWPJ9Twg2hmr+0a0JSN9WEdrWeH9ApsMqzywJ2WFWRNR1XH
LrzPObl36t5gxNAfK4cV+zeV8oKhXo5NJzcGYv/DHd4E/U2naPY5Sjne2YT6+acd
xI8SF4wV8dQpBd5CCO5vOlqICA+LTZOHv7LWA3Anjk6j
-----END CERTIFICATE-----