Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/91548b-bab5-454c-b60b-19f2a1d16033/1/hJbdYVF-sB2ARWcr3wLM-Bolskc.roa
File:                     hJbdYVF-sB2ARWcr3wLM-Bolskc.roa (raw, json)
Hash identifier:          p8HLFjhLNYXJBjvp0Ydq3UNKZlQk3vcyaOZBKxCq5jw=
Subject key identifier:   84:96:DD:61:51:7E:B0:1D:80:45:67:2B:DF:02:CC:F8:1A:25:B2:47
Certificate issuer:       /CN=66a1d1a017802e5c57da5978544fc537403da73a
Certificate serial:       019424B3DFAE8FC89D2CBBC9382F9FF9BA94
Authority key identifier: 66:A1:D1:A0:17:80:2E:5C:57:DA:59:78:54:4F:C5:37:40:3D:A7:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZqHRoBeALlxX2ll4VE_FN0A9pzo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/91548b-bab5-454c-b60b-19f2a1d16033/1/hJbdYVF-sB2ARWcr3wLM-Bolskc.roa
Signing time:             Thu 02 Jan 2025 01:49:15 +0000
ROA not before:           Thu 02 Jan 2025 01:49:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61029
IP address blocks:        37.72.96.0/20 maxlen: 24
                          213.232.253.0/24 maxlen: 24
                          2a00:8240::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/91548b-bab5-454c-b60b-19f2a1d16033/1/ZqHRoBeALlxX2ll4VE_FN0A9pzo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/91548b-bab5-454c-b60b-19f2a1d16033/1/ZqHRoBeALlxX2ll4VE_FN0A9pzo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZqHRoBeALlxX2ll4VE_FN0A9pzo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 13:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:df:ae:8f:c8:9d:2c:bb:c9:38:2f:9f:f9:ba:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66a1d1a017802e5c57da5978544fc537403da73a
        Validity
            Not Before: Jan  2 01:49:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8496dd61517eb01d8045672bdf02ccf81a25b247
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:81:31:4f:50:30:5a:7a:70:9c:7f:c2:a0:80:
                    75:a8:61:f5:dd:82:20:e1:a1:33:16:3b:ea:e5:de:
                    06:e1:48:31:99:45:39:c7:ce:a7:4f:ad:d5:ec:8d:
                    e5:a4:3e:1b:fb:e6:b3:f7:3c:d7:b8:73:fc:61:e2:
                    2d:91:8d:fc:bf:37:79:a2:71:0e:c3:e0:cf:3c:15:
                    ce:9f:b3:4d:d1:23:48:38:c0:b7:8c:f8:81:dd:9f:
                    2a:61:c7:07:42:c0:13:e8:ca:58:72:6d:ae:a6:a7:
                    da:ad:ca:19:0f:07:a4:1e:02:d1:27:23:5c:3a:5e:
                    65:6b:ac:36:e8:3d:e3:39:c5:06:1f:7b:b9:24:07:
                    c3:4e:29:1f:bd:25:9e:00:d6:97:d8:08:d7:d2:8c:
                    92:97:af:b8:e8:d2:f8:41:dc:f3:3a:ec:6d:7c:61:
                    9c:1a:a5:34:86:05:17:07:e7:70:70:69:29:1f:0b:
                    cd:2a:23:9a:b6:3e:00:24:c0:cf:96:58:37:10:6f:
                    bb:c4:5e:2e:8e:3b:e4:72:07:c6:e6:09:16:53:2f:
                    53:62:7f:80:ae:d1:db:27:68:8f:d7:1d:51:4a:c1:
                    b5:14:c8:01:1e:3e:05:f2:15:84:8f:d6:eb:d7:34:
                    52:1c:36:2a:11:4e:32:24:4a:48:f5:64:ac:72:c6:
                    f2:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:96:DD:61:51:7E:B0:1D:80:45:67:2B:DF:02:CC:F8:1A:25:B2:47
            X509v3 Authority Key Identifier:
                keyid:66:A1:D1:A0:17:80:2E:5C:57:DA:59:78:54:4F:C5:37:40:3D:A7:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZqHRoBeALlxX2ll4VE_FN0A9pzo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/91548b-bab5-454c-b60b-19f2a1d16033/1/hJbdYVF-sB2ARWcr3wLM-Bolskc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/91548b-bab5-454c-b60b-19f2a1d16033/1/ZqHRoBeALlxX2ll4VE_FN0A9pzo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.72.96.0/20
                  213.232.253.0/24
                IPv6:
                  2a00:8240::/29

    Signature Algorithm: sha256WithRSAEncryption
         1c:7e:c1:4c:bb:11:b3:ed:c9:3b:d2:72:b6:f3:a9:e8:87:24:
         c2:80:b3:cf:48:9a:7d:0e:7c:88:6d:d2:35:70:6f:08:1e:10:
         34:e4:c2:b2:64:8e:01:dc:eb:9a:e0:c5:56:00:3c:e0:7b:8a:
         ae:e2:19:08:98:77:40:60:87:71:7e:2b:d9:18:ac:20:52:3c:
         50:be:43:8a:2c:99:60:9d:5d:2f:58:bd:a5:e4:fb:bd:86:b4:
         b6:b1:41:f3:19:3c:21:32:37:da:b1:6b:c7:ad:e8:10:c5:79:
         ab:6a:6c:ff:aa:c6:01:6a:83:ef:73:fb:e9:ce:b1:5a:a0:77:
         eb:78:9f:1a:5a:78:32:99:7d:3b:1c:ee:d3:90:32:00:a1:91:
         e2:58:d4:da:08:82:bc:1d:d5:61:33:a3:85:9f:71:4f:ce:44:
         92:7b:0e:6d:be:e1:f5:b4:83:b2:8b:40:d3:5f:ec:81:e0:48:
         f2:c7:f9:21:4a:b3:ad:00:ea:98:2a:f2:b6:f2:b1:38:4a:4a:
         69:8a:8e:45:bf:e5:87:df:33:8e:d9:84:d4:62:5e:47:ba:15:
         33:fe:50:e4:c2:3a:22:be:e7:44:a1:fc:9f:aa:e7:d3:30:fe:
         63:07:9d:10:37:a5:8c:f4:60:9d:d8:89:55:a0:cc:66:d3:59:
         5f:b8:fa:0f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQks9+uj8idLLvJOC+f+bqUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2YTFkMWEwMTc4MDJlNWM1N2RhNTk3ODU0NGZjNTM3NDAz
ZGE3M2EwHhcNMjUwMTAyMDE0OTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDk2ZGQ2MTUxN2ViMDFkODA0NTY3MmJkZjAyY2NmODFhMjViMjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0IExT1AwWnpwnH/CoIB1qGH13YIg
4aEzFjvq5d4G4UgxmUU5x86nT63V7I3lpD4b++az9zzXuHP8YeItkY38vzd5onEO
w+DPPBXOn7NN0SNIOMC3jPiB3Z8qYccHQsAT6MpYcm2upqfarcoZDwekHgLRJyNc
Ol5la6w26D3jOcUGH3u5JAfDTikfvSWeANaX2AjX0oySl6+46NL4QdzzOuxtfGGc
GqU0hgUXB+dwcGkpHwvNKiOatj4AJMDPllg3EG+7xF4ujjvkcgfG5gkWUy9TYn+A
rtHbJ2iP1x1RSsG1FMgBHj4F8hWEj9br1zRSHDYqEU4yJEpI9WSscsbycQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFISW3WFRfrAdgEVnK98CzPgaJbJHMB8GA1UdIwQY
MBaAFGah0aAXgC5cV9pZeFRPxTdAPac6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnFIUm9CZUFMbHhYMmxsNFZFX0ZOMEE5cHpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85MTU0OGItYmFiNS00NTRjLWI2MGIt
MTlmMmExZDE2MDMzLzEvaEpiZFlWRi1zQjJBUldjcjN3TE0tQm9sc2tjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85MTU0OGItYmFiNS00NTRjLWI2MGItMTlmMmExZDE2MDMz
LzEvWnFIUm9CZUFMbHhYMmxsNFZFX0ZOMEE5cHpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEJUhgAwQA
1ej9MA0EAgACMAcDBQMqAIJAMA0GCSqGSIb3DQEBCwUAA4IBAQAcfsFMuxGz7ck7
0nK286nohyTCgLPPSJp9DnyIbdI1cG8IHhA05MKyZI4B3Oua4MVWADzge4qu4hkI
mHdAYIdxfivZGKwgUjxQvkOKLJlgnV0vWL2l5Pu9hrS2sUHzGTwhMjfasWvHregQ
xXmramz/qsYBaoPvc/vpzrFaoHfreJ8aWngymX07HO7TkDIAoZHiWNTaCIK8HdVh
M6OFn3FPzkSSew5tvuH1tIOyi0DTX+yB4Ejyx/khSrOtAOqYKvK28rE4Skppio5F
v+WH3zOO2YTUYl5HuhUz/lDkwjoivudEofyfqufTMP5jB50QN6WM9GCd2IlVoMxm
01lfuPoP
-----END CERTIFICATE-----