Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/61VlCk-Vz2JmwNmlTjV0tKwkJaQ.roa
File:                     61VlCk-Vz2JmwNmlTjV0tKwkJaQ.roa (raw, json)
Hash identifier:          Tcvrdc7rHYowh7js121tHE39+TZIAhAOXTxh3daMRak=
Subject key identifier:   EB:55:65:0A:4F:95:CF:62:66:C0:D9:A5:4E:35:74:B4:AC:24:25:A4
Certificate issuer:       /CN=e909ee3d618974da0cbd805a2da80410a4989881
Certificate serial:       018CC64B582A948816C913D9F82591E2276F
Authority key identifier: E9:09:EE:3D:61:89:74:DA:0C:BD:80:5A:2D:A8:04:10:A4:98:98:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/61VlCk-Vz2JmwNmlTjV0tKwkJaQ.roa
Signing time:             Mon 01 Jan 2024 18:31:15 +0000
ROA not before:           Mon 01 Jan 2024 18:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199575
IP address blocks:        31.172.163.0/24 maxlen: 24
                          212.18.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 07:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:58:2a:94:88:16:c9:13:d9:f8:25:91:e2:27:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e909ee3d618974da0cbd805a2da80410a4989881
        Validity
            Not Before: Jan  1 18:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eb55650a4f95cf6266c0d9a54e3574b4ac2425a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:98:cb:48:8a:1e:a1:a4:15:b3:43:51:33:a2:
                    f0:0b:93:10:9f:7b:41:0c:0e:49:79:29:57:8f:bf:
                    b1:79:ab:f6:0e:f0:3f:ed:ac:34:2b:74:c6:ff:57:
                    62:d2:0a:53:14:ce:1e:59:88:5f:ff:76:09:02:9d:
                    af:c3:1f:8d:c3:45:96:78:ec:7c:11:ad:8f:1c:8a:
                    de:2d:ce:a4:a4:37:5a:9f:2f:b8:4c:15:b1:40:6f:
                    18:2a:11:0e:3a:a0:d6:67:06:23:b3:c4:87:6c:4d:
                    c0:0f:03:c7:30:b5:c2:6b:35:82:fb:cb:48:9c:19:
                    f4:44:1a:4f:b7:d9:4e:66:9d:e1:58:82:66:7d:1f:
                    29:8a:db:57:eb:6a:84:08:17:32:f8:28:a0:28:0e:
                    5e:68:53:40:55:bc:4f:54:45:ba:30:7f:b6:93:a3:
                    e7:0b:9f:0a:a5:19:26:39:2d:b0:d9:75:e5:17:14:
                    45:ba:60:30:b9:0d:07:f2:5f:9d:29:da:d5:77:80:
                    8e:32:eb:4b:44:ef:71:e6:eb:55:f8:2d:44:7c:01:
                    db:ca:80:4a:21:6b:49:38:1d:3d:e5:dd:1f:20:87:
                    1e:dd:4b:9b:82:fa:36:e1:07:5b:05:6c:c6:49:e7:
                    2b:96:ac:d1:46:87:fe:d2:5f:cb:28:36:36:b6:6f:
                    ca:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:55:65:0A:4F:95:CF:62:66:C0:D9:A5:4E:35:74:B4:AC:24:25:A4
            X509v3 Authority Key Identifier:
                keyid:E9:09:EE:3D:61:89:74:DA:0C:BD:80:5A:2D:A8:04:10:A4:98:98:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/61VlCk-Vz2JmwNmlTjV0tKwkJaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.172.163.0/24
                  212.18.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:df:ff:43:c6:ed:bd:70:08:e6:f7:31:5f:82:f0:1b:f0:ad:
         22:23:af:5d:92:93:74:f5:3f:03:71:e4:20:8a:8c:e1:6c:21:
         83:9a:38:d6:65:73:07:cf:af:66:98:04:68:86:0c:8b:31:e2:
         28:f5:28:f2:5c:1f:8a:3e:27:61:84:32:56:f8:e1:27:e0:d9:
         80:91:3e:fe:cd:82:11:43:8c:c5:eb:45:b8:1f:8c:37:fc:9a:
         5f:d7:59:eb:09:b6:3d:7c:f0:89:1b:f3:ac:ff:5e:d1:c1:71:
         dd:1f:1d:b3:0e:5c:0e:18:5c:cd:8a:27:17:80:45:72:0a:5d:
         2f:60:46:78:9c:7c:9e:29:71:f0:01:a8:2a:37:15:29:72:ff:
         3d:f5:38:ce:7d:27:f4:c0:aa:5d:76:35:dc:e3:ba:e8:a5:c8:
         34:e1:9d:3a:8c:c8:2b:2a:06:4c:a9:69:5b:c5:84:a3:b7:3b:
         a8:2a:83:8f:d1:1d:3e:84:41:54:eb:ac:00:c2:c0:e4:b1:16:
         47:34:47:f2:b0:1c:7b:b4:f9:db:9b:81:a6:83:f3:8d:08:a6:
         89:d8:8f:65:3b:18:66:66:86:58:b3:00:5e:4a:c2:07:63:17:
         f6:63:bf:29:85:26:fe:39:98:47:2d:bb:1b:b5:ac:20:6f:f4:
         c9:a1:15:cd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGS1gqlIgWyRPZ+CWR4idvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MDllZTNkNjE4OTc0ZGEwY2JkODA1YTJkYTgwNDEwYTQ5
ODk4ODEwHhcNMjQwMTAxMTgzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjU1NjUwYTRmOTVjZjYyNjZjMGQ5YTU0ZTM1NzRiNGFjMjQyNWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgpjLSIoeoaQVs0NRM6LwC5MQn3tB
DA5JeSlXj7+xeav2DvA/7aw0K3TG/1di0gpTFM4eWYhf/3YJAp2vwx+Nw0WWeOx8
Ea2PHIreLc6kpDdany+4TBWxQG8YKhEOOqDWZwYjs8SHbE3ADwPHMLXCazWC+8tI
nBn0RBpPt9lOZp3hWIJmfR8pittX62qECBcy+CigKA5eaFNAVbxPVEW6MH+2k6Pn
C58KpRkmOS2w2XXlFxRFumAwuQ0H8l+dKdrVd4COMutLRO9x5utV+C1EfAHbyoBK
IWtJOB095d0fIIce3Uubgvo24QdbBWzGSecrlqzRRof+0l/LKDY2tm/KTQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOtVZQpPlc9iZsDZpU41dLSsJCWkMB8GA1UdIwQY
MBaAFOkJ7j1hiXTaDL2AWi2oBBCkmJiBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlFudVBXR0pkTm9NdllCYUxhZ0VFS1NZbUlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8yYjVmNWYtYmI5Ni00YjMxLThhNmEt
ZGQxMTVmOWUzMzAxLzEvNjFWbENrLVZ6Mkptd05tbFRqVjB0S3drSmFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8yYjVmNWYtYmI5Ni00YjMxLThhNmEtZGQxMTVmOWUzMzAx
LzEvNlFudVBXR0pkTm9NdllCYUxhZ0VFS1NZbUlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAH6yjAwQA
1BL2MA0GCSqGSIb3DQEBCwUAA4IBAQCr3/9Dxu29cAjm9zFfgvAb8K0iI69dkpN0
9T8DceQgiozhbCGDmjjWZXMHz69mmARohgyLMeIo9SjyXB+KPidhhDJW+OEn4NmA
kT7+zYIRQ4zF60W4H4w3/Jpf11nrCbY9fPCJG/Os/17RwXHdHx2zDlwOGFzNiicX
gEVyCl0vYEZ4nHyeKXHwAagqNxUpcv899TjOfSf0wKpddjXc47ropcg04Z06jMgr
KgZMqWlbxYSjtzuoKoOP0R0+hEFU66wAwsDksRZHNEfysBx7tPnbm4Gmg/ONCKaJ
2I9lOxhmZoZYswBeSsIHYxf2Y78phSb+OZhHLbsbtawgb/TJoRXN
-----END CERTIFICATE-----