Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/1-bbMCI3xod0gOUPFmgFsyOO30Bw.roa
File:                     1-bbMCI3xod0gOUPFmgFsyOO30Bw.roa (raw, json)
Hash identifier:          LKqJzBII7MGbUijDJ1j/lwoVixYqcdKqwxqkwNRG00c=
Subject key identifier:   F9:B6:CC:08:8D:F1:A1:DD:20:39:43:C5:9A:01:6C:C8:E3:B7:D0:1C
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       019424454E196D86C168C46BFAEDA57AB8DA
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/1-bbMCI3xod0gOUPFmgFsyOO30Bw.roa
Signing time:             Wed 01 Jan 2025 23:48:29 +0000
ROA not before:           Wed 01 Jan 2025 23:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61317
IP address blocks:        62.233.54.0/24 maxlen: 24
                          185.226.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 10:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:4e:19:6d:86:c1:68:c4:6b:fa:ed:a5:7a:b8:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Jan  1 23:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f9b6cc088df1a1dd203943c59a016cc8e3b7d01c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:33:d7:e1:8e:66:48:f2:63:ff:9c:97:d8:e9:
                    7d:10:d7:0a:e6:cb:a8:c0:16:87:c3:60:a1:5b:1e:
                    75:75:9a:76:18:80:c8:bf:25:cb:9d:9b:00:e4:1a:
                    3a:da:1c:d8:b4:94:dc:fa:b5:e9:52:ea:62:aa:fa:
                    25:03:af:5f:b0:c4:e8:2f:28:4e:3b:ce:7f:e8:cf:
                    e6:f7:b3:d6:1b:b7:d6:79:18:83:c5:32:f6:98:2a:
                    00:74:cd:a0:74:d2:7d:16:53:8d:ba:5a:32:e2:c7:
                    a3:5f:95:94:cc:69:5d:50:69:54:ae:31:b7:11:5b:
                    0d:8d:af:b3:03:d0:bd:4b:2b:8f:f7:7e:7f:b1:b4:
                    e8:37:c9:29:e4:8c:5f:50:a2:12:51:d3:18:a8:c7:
                    5f:26:db:37:81:5e:0d:37:c6:5e:18:2f:00:e5:80:
                    4e:d1:2f:00:32:ee:cb:d6:4b:bf:65:5b:fe:b4:4d:
                    29:e1:8b:2f:fd:e8:d6:1a:74:ff:e2:c7:a7:4a:13:
                    fc:c6:f0:35:8b:d2:3b:1c:86:62:f6:27:ed:21:44:
                    61:18:e3:0e:54:e9:34:dd:3a:b5:c5:a5:fa:35:84:
                    2f:04:14:8b:cd:13:50:56:89:57:1a:27:16:4f:40:
                    7c:e7:61:3f:d5:82:a0:e7:44:a4:cf:56:c9:b7:4b:
                    5f:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:B6:CC:08:8D:F1:A1:DD:20:39:43:C5:9A:01:6C:C8:E3:B7:D0:1C
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/1-bbMCI3xod0gOUPFmgFsyOO30Bw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.233.54.0/24
                  185.226.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:d2:68:71:83:cf:43:ca:4d:76:4f:aa:5e:f7:64:66:59:10:
         2c:71:1d:db:a5:bc:4a:57:87:52:ce:4f:e5:a3:05:28:a0:20:
         3a:af:3c:88:f3:b5:22:ec:a3:40:b1:0c:b7:e4:9f:dd:ea:86:
         1b:b4:42:74:48:96:87:ad:8d:30:61:1d:5c:a3:d2:92:44:18:
         a2:dd:72:1d:40:7d:db:11:ce:f9:5b:61:32:87:70:1b:af:51:
         7d:92:7d:aa:20:03:ea:d0:e4:d5:e7:e3:06:12:fa:61:11:eb:
         d2:cc:7a:57:46:13:ab:fb:da:8b:f8:be:7c:c1:65:60:01:f0:
         1f:7c:69:1b:e2:e5:07:8e:d0:3d:dc:7d:da:2c:f2:f8:f1:fc:
         98:60:cc:b6:5e:16:0a:ba:16:2f:c7:4c:20:98:f2:df:d5:43:
         3b:7f:08:7a:33:c0:ef:f0:38:cb:d2:06:12:d2:9d:6e:02:b4:
         e3:8e:ec:dd:57:17:c8:0f:38:ca:43:f3:5b:b0:fe:31:39:47:
         c7:42:df:2f:fc:fd:22:59:13:d5:d7:28:f7:ef:67:fa:89:fd:
         af:a2:44:d0:02:6c:ed:af:b6:1b:07:20:09:19:a1:7d:9c:93:
         cb:3c:db:97:fd:fe:94:0b:a8:72:b2:b6:cb:c8:f5:b6:84:02:
         37:12:9c:ce
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZQkRU4ZbYbBaMRr+u2lerjaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjUwMTAxMjM0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWI2Y2MwODhkZjFhMWRkMjAzOTQzYzU5YTAxNmNjOGUzYjdkMDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3TPX4Y5mSPJj/5yX2Ol9ENcK5suo
wBaHw2ChWx51dZp2GIDIvyXLnZsA5Bo62hzYtJTc+rXpUupiqvolA69fsMToLyhO
O85/6M/m97PWG7fWeRiDxTL2mCoAdM2gdNJ9FlONuloy4sejX5WUzGldUGlUrjG3
EVsNja+zA9C9SyuP935/sbToN8kp5IxfUKISUdMYqMdfJts3gV4NN8ZeGC8A5YBO
0S8AMu7L1ku/ZVv+tE0p4Ysv/ejWGnT/4senShP8xvA1i9I7HIZi9iftIURhGOMO
VOk03Tq1xaX6NYQvBBSLzRNQVolXGicWT0B852E/1YKg50Skz1bJt0tfUQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPm2zAiN8aHdIDlDxZoBbMjjt9AcMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvMS1iYk1DSTN4b2QwZ09VUEZtZ0ZzeU9PMzBCdy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzUvYWE1OGMzLWU3MDYtNGE0OS1hN2M1LTBhZTJlOTIyYTI5
Mi8xL05vdjdpbDd1U1FndXBpamZKYVNsMVE4NnFiTS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAD7pNgME
ALnitzANBgkqhkiG9w0BAQsFAAOCAQEAgdJocYPPQ8pNdk+qXvdkZlkQLHEd26W8
SleHUs5P5aMFKKAgOq88iPO1IuyjQLEMt+Sf3eqGG7RCdEiWh62NMGEdXKPSkkQY
ot1yHUB92xHO+VthModwG69RfZJ9qiAD6tDk1efjBhL6YRHr0sx6V0YTq/vai/i+
fMFlYAHwH3xpG+LlB47QPdx92izy+PH8mGDMtl4WCroWL8dMIJjy39VDO38IejPA
7/A4y9IGEtKdbgK0447s3VcXyA84ykPzW7D+MTlHx0LfL/z9IlkT1dco9+9n+on9
r6JE0AJs7a+2GwcgCRmhfZyTyzzbl/3+lAuocrK2y8j1toQCNxKczg==
-----END CERTIFICATE-----