Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/3347f7-5259-4238-adb6-835de0f5892e/1/61GY1R8wYDxa_lyBZ9hmT1qgG2k.roa
File:                     61GY1R8wYDxa_lyBZ9hmT1qgG2k.roa (raw, json)
Hash identifier:          aG+XDaW77/Td5w26SqmAR9HeWY1Ds0VsYkAE7IRG8D0=
Subject key identifier:   EB:51:98:D5:1F:30:60:3C:5A:FE:5C:81:67:D8:66:4F:5A:A0:1B:69
Certificate issuer:       /CN=c76e03ff7d0bfde32839c28fec81c6275c04d33f
Certificate serial:       018CC8DF294E1D256FEE15348D85E42D1A71
Authority key identifier: C7:6E:03:FF:7D:0B:FD:E3:28:39:C2:8F:EC:81:C6:27:5C:04:D3:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x24D_30L_eMoOcKP7IHGJ1wE0z8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/3347f7-5259-4238-adb6-835de0f5892e/1/61GY1R8wYDxa_lyBZ9hmT1qgG2k.roa
Signing time:             Tue 02 Jan 2024 06:31:57 +0000
ROA not before:           Tue 02 Jan 2024 06:31:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48972
IP address blocks:        185.107.120.0/22 maxlen: 22
                          2a00:cb40::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/3347f7-5259-4238-adb6-835de0f5892e/1/x24D_30L_eMoOcKP7IHGJ1wE0z8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/3347f7-5259-4238-adb6-835de0f5892e/1/x24D_30L_eMoOcKP7IHGJ1wE0z8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x24D_30L_eMoOcKP7IHGJ1wE0z8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 09:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:29:4e:1d:25:6f:ee:15:34:8d:85:e4:2d:1a:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c76e03ff7d0bfde32839c28fec81c6275c04d33f
        Validity
            Not Before: Jan  2 06:31:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eb5198d51f30603c5afe5c8167d8664f5aa01b69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:18:c7:b4:6f:32:dc:87:ad:08:8d:d2:07:46:
                    a8:83:2c:61:a8:4e:65:55:56:5f:6e:c4:3c:5e:7c:
                    60:da:a1:58:15:97:81:52:5f:e9:e9:07:8f:67:3d:
                    9a:22:6b:f8:93:a6:44:d3:08:15:2d:e3:97:b1:d2:
                    0b:33:cc:8e:f0:41:11:fd:d9:0c:80:e0:5a:13:a4:
                    a8:34:e8:3e:66:3a:eb:93:2c:f3:f2:df:95:ae:07:
                    14:3e:c0:d7:dd:42:53:ff:26:a1:28:c7:3e:30:99:
                    0d:86:6e:e6:f6:49:e6:43:09:fe:a2:76:c0:4f:f6:
                    f5:2b:fb:a8:18:9c:cd:44:9b:8d:ce:68:08:6b:86:
                    31:b3:c7:83:2f:0a:0f:aa:63:5b:99:21:60:b2:06:
                    93:b5:54:7c:e7:08:10:80:79:3c:23:f8:12:9b:a3:
                    6f:5f:84:b9:79:39:cb:df:cf:36:e7:ce:59:da:ae:
                    49:2f:06:3a:aa:74:13:cc:50:c3:7f:94:63:ae:63:
                    31:45:5f:32:f0:6e:0f:75:72:74:34:11:69:81:83:
                    86:c9:4d:ec:3f:05:1d:27:3a:84:f9:d0:ba:85:f3:
                    87:9c:b1:75:63:29:17:3b:cd:63:35:60:05:98:c7:
                    ba:21:c1:be:81:1a:dc:1e:78:fe:6f:83:f6:cb:a6:
                    ad:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:51:98:D5:1F:30:60:3C:5A:FE:5C:81:67:D8:66:4F:5A:A0:1B:69
            X509v3 Authority Key Identifier:
                keyid:C7:6E:03:FF:7D:0B:FD:E3:28:39:C2:8F:EC:81:C6:27:5C:04:D3:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x24D_30L_eMoOcKP7IHGJ1wE0z8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/3347f7-5259-4238-adb6-835de0f5892e/1/61GY1R8wYDxa_lyBZ9hmT1qgG2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/3347f7-5259-4238-adb6-835de0f5892e/1/x24D_30L_eMoOcKP7IHGJ1wE0z8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.107.120.0/22
                IPv6:
                  2a00:cb40::/32

    Signature Algorithm: sha256WithRSAEncryption
         54:6f:16:3b:73:e2:32:e8:37:4b:05:56:54:84:a3:d2:58:b2:
         01:d1:43:07:f6:39:ae:f7:9d:c6:db:59:3e:d6:b5:de:b7:16:
         2b:ac:b9:da:37:a4:6b:7a:7d:89:5c:b7:98:7b:b7:15:d9:c1:
         dd:62:ce:ce:53:cb:f0:8a:e5:93:e5:61:34:ad:eb:e9:cd:7f:
         c2:ef:ed:1d:d8:8e:15:c4:57:5f:13:94:ac:27:99:c1:8f:b4:
         db:35:9f:b0:72:d7:e3:63:05:84:d8:cb:96:9a:57:a8:00:59:
         f9:86:47:d0:11:3e:a0:9f:6d:36:5e:b9:d0:b3:dc:3e:09:9e:
         aa:0f:24:c8:26:ee:9f:3c:e2:82:7f:b5:5a:01:a3:82:ee:6d:
         f1:46:1d:40:f3:81:db:af:c5:f2:02:25:0c:e2:1d:72:9b:c3:
         77:36:6b:58:f8:61:d8:da:29:09:84:30:dd:71:0b:8a:c4:75:
         b8:0c:bd:c6:d7:03:0a:93:9c:ab:32:f5:13:e5:ff:d7:62:9c:
         68:6b:9b:0f:d4:4f:f2:a7:24:4b:52:6f:5c:9a:34:a6:73:e2:
         fe:5e:90:32:31:47:85:ef:f6:dc:05:59:2e:fc:80:83:7c:d1:
         6c:14:71:1a:5f:ce:36:e0:db:46:01:94:2d:3a:84:87:26:d4:
         fc:56:a2:fe
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3ylOHSVv7hU0jYXkLRpxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NmUwM2ZmN2QwYmZkZTMyODM5YzI4ZmVjODFjNjI3NWMw
NGQzM2YwHhcNMjQwMTAyMDYzMTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjUxOThkNTFmMzA2MDNjNWFmZTVjODE2N2Q4NjY0ZjVhYTAxYjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiBjHtG8y3IetCI3SB0aogyxhqE5l
VVZfbsQ8Xnxg2qFYFZeBUl/p6QePZz2aImv4k6ZE0wgVLeOXsdILM8yO8EER/dkM
gOBaE6SoNOg+Zjrrkyzz8t+VrgcUPsDX3UJT/yahKMc+MJkNhm7m9knmQwn+onbA
T/b1K/uoGJzNRJuNzmgIa4Yxs8eDLwoPqmNbmSFgsgaTtVR85wgQgHk8I/gSm6Nv
X4S5eTnL3882585Z2q5JLwY6qnQTzFDDf5RjrmMxRV8y8G4PdXJ0NBFpgYOGyU3s
PwUdJzqE+dC6hfOHnLF1YykXO81jNWAFmMe6IcG+gRrcHnj+b4P2y6atnwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOtRmNUfMGA8Wv5cgWfYZk9aoBtpMB8GA1UdIwQY
MBaAFMduA/99C/3jKDnCj+yBxidcBNM/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDI0RF8zMExfZU1vT2NLUDdJSEdKMXdFMHo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8zMzQ3ZjctNTI1OS00MjM4LWFkYjYt
ODM1ZGUwZjU4OTJlLzEvNjFHWTFSOHdZRHhhX2x5Qlo5aG1UMXFnRzJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8zMzQ3ZjctNTI1OS00MjM4LWFkYjYtODM1ZGUwZjU4OTJl
LzEveDI0RF8zMExfZU1vT2NLUDdJSEdKMXdFMHo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWt4MA0E
AgACMAcDBQAqAMtAMA0GCSqGSIb3DQEBCwUAA4IBAQBUbxY7c+Iy6DdLBVZUhKPS
WLIB0UMH9jmu953G21k+1rXetxYrrLnaN6Rren2JXLeYe7cV2cHdYs7OU8vwiuWT
5WE0revpzX/C7+0d2I4VxFdfE5SsJ5nBj7TbNZ+wctfjYwWE2MuWmleoAFn5hkfQ
ET6gn202XrnQs9w+CZ6qDyTIJu6fPOKCf7VaAaOC7m3xRh1A84Hbr8XyAiUM4h1y
m8N3NmtY+GHY2ikJhDDdcQuKxHW4DL3G1wMKk5yrMvUT5f/XYpxoa5sP1E/ypyRL
Um9cmjSmc+L+XpAyMUeF7/bcBVku/ICDfNFsFHEaX8424NtGAZQtOoSHJtT8VqL+
-----END CERTIFICATE-----