Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/72f6cf-9bd4-467a-a92a-5a64a5fc8a64/1/Tu7t5UxfQZJb9IBinG_zvMo6NNI.roa
File:                     Tu7t5UxfQZJb9IBinG_zvMo6NNI.roa (raw, json)
Hash identifier:          tO2TP/Y6ttoMKa/hNM34Y2g4+LNlU3Prwjmy2KGs0pk=
Subject key identifier:   4E:EE:ED:E5:4C:5F:41:92:5B:F4:80:62:9C:6F:F3:BC:CA:3A:34:D2
Certificate issuer:       /CN=61a5d217759e861696fc77ed9aa63b94edb3be7d
Certificate serial:       018CC64B19F70A631DBDFA144F668426148B
Authority key identifier: 61:A5:D2:17:75:9E:86:16:96:FC:77:ED:9A:A6:3B:94:ED:B3:BE:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YaXSF3WehhaW_HftmqY7lO2zvn0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/72f6cf-9bd4-467a-a92a-5a64a5fc8a64/1/Tu7t5UxfQZJb9IBinG_zvMo6NNI.roa
Signing time:             Mon 01 Jan 2024 18:30:59 +0000
ROA not before:           Mon 01 Jan 2024 18:30:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3356
IP address blocks:        185.27.251.0/24 maxlen: 24
                          185.27.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/72f6cf-9bd4-467a-a92a-5a64a5fc8a64/1/YaXSF3WehhaW_HftmqY7lO2zvn0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/72f6cf-9bd4-467a-a92a-5a64a5fc8a64/1/YaXSF3WehhaW_HftmqY7lO2zvn0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YaXSF3WehhaW_HftmqY7lO2zvn0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:19:f7:0a:63:1d:bd:fa:14:4f:66:84:26:14:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61a5d217759e861696fc77ed9aa63b94edb3be7d
        Validity
            Not Before: Jan  1 18:30:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4eeeede54c5f41925bf480629c6ff3bcca3a34d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:dd:9e:7d:09:72:14:11:d0:9b:60:64:7c:a5:
                    6a:4c:cc:93:e7:5f:49:d6:93:34:94:f2:c0:a6:a5:
                    70:a4:8a:be:e2:59:0e:e5:01:c1:90:f2:d5:6f:fb:
                    7b:3d:0c:aa:2f:eb:d8:73:84:b1:d6:2c:b0:a0:e0:
                    6f:0c:1e:03:94:53:9d:d6:7c:37:bd:15:cd:59:f2:
                    a3:3c:62:d4:9b:ba:11:08:4f:76:f8:00:35:37:c1:
                    93:f5:b5:ea:b0:16:39:f7:81:cf:46:97:66:1e:a9:
                    8a:41:b2:7e:a8:3d:36:6f:8e:29:fc:fa:14:87:50:
                    a1:0d:f3:89:4a:c0:e9:a0:a5:6b:f5:d0:45:17:84:
                    12:34:19:4e:90:c3:ff:99:f7:58:69:15:f7:88:39:
                    a5:86:b6:a9:a7:0b:4d:2c:9d:b0:20:11:46:57:a7:
                    15:a6:64:28:ba:9f:d7:4d:65:27:cb:e7:48:91:bd:
                    fb:bf:fe:fe:39:03:c1:98:f2:d2:99:a3:39:57:10:
                    8e:a4:50:d9:0a:fc:c0:ae:55:bd:23:90:43:a5:be:
                    42:64:f2:40:34:30:80:d0:96:5c:87:c5:2c:c9:7c:
                    f2:ec:c8:46:83:2c:2a:69:9f:d6:77:4f:3d:a2:82:
                    cd:b7:c4:be:fe:fa:6f:4b:fa:6e:7a:f1:8c:fe:39:
                    17:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:EE:ED:E5:4C:5F:41:92:5B:F4:80:62:9C:6F:F3:BC:CA:3A:34:D2
            X509v3 Authority Key Identifier:
                keyid:61:A5:D2:17:75:9E:86:16:96:FC:77:ED:9A:A6:3B:94:ED:B3:BE:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YaXSF3WehhaW_HftmqY7lO2zvn0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/72f6cf-9bd4-467a-a92a-5a64a5fc8a64/1/Tu7t5UxfQZJb9IBinG_zvMo6NNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/72f6cf-9bd4-467a-a92a-5a64a5fc8a64/1/YaXSF3WehhaW_HftmqY7lO2zvn0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.27.249.0/24
                  185.27.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:a4:d2:33:aa:db:f0:9c:86:22:5f:97:f0:88:73:a1:d5:8d:
         1b:f5:57:a4:b3:a4:2b:9c:e8:b3:28:87:4b:7c:68:08:82:e8:
         a1:6d:0b:04:f0:44:14:5b:01:8c:13:59:99:c3:44:a5:69:55:
         a9:e8:f4:44:99:cb:87:86:43:79:af:22:75:fe:e1:88:c7:e0:
         7e:5c:71:aa:a4:71:47:18:80:7f:de:21:42:51:d4:90:76:c6:
         5c:09:bc:c1:d3:f9:99:42:a5:6d:1a:d9:dc:a3:a0:36:f2:20:
         00:55:3e:79:c6:da:f3:e8:2b:0f:1c:e4:d7:38:d4:ef:a9:6b:
         ae:8c:10:68:51:4a:78:5f:02:ad:b6:05:19:de:78:43:35:08:
         c5:9a:75:c5:67:18:49:b3:49:51:ad:9a:b7:98:79:5c:e3:79:
         67:ac:cc:3a:d4:de:2d:8d:e7:24:c0:c7:0d:54:d0:94:41:8c:
         24:e3:1f:87:e0:07:6a:48:6a:16:d4:48:85:c0:68:e4:fd:48:
         14:a5:0c:a7:44:5c:bb:99:76:df:08:a8:cb:e8:c3:ef:b2:b4:
         e2:c5:9b:fa:f7:d4:f1:1b:c3:f4:3c:22:d8:3e:c8:ff:10:ea:
         e5:e0:bc:de:73:2a:0e:3b:35:36:15:17:b5:3c:19:3a:67:04:
         0f:44:c7:ed
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGSxn3CmMdvfoUT2aEJhSLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYTVkMjE3NzU5ZTg2MTY5NmZjNzdlZDlhYTYzYjk0ZWRi
M2JlN2QwHhcNMjQwMTAxMTgzMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWVlZWRlNTRjNWY0MTkyNWJmNDgwNjI5YzZmZjNiY2NhM2EzNGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqt2efQlyFBHQm2BkfKVqTMyT519J
1pM0lPLApqVwpIq+4lkO5QHBkPLVb/t7PQyqL+vYc4Sx1iywoOBvDB4DlFOd1nw3
vRXNWfKjPGLUm7oRCE92+AA1N8GT9bXqsBY594HPRpdmHqmKQbJ+qD02b44p/PoU
h1ChDfOJSsDpoKVr9dBFF4QSNBlOkMP/mfdYaRX3iDmlhrappwtNLJ2wIBFGV6cV
pmQoup/XTWUny+dIkb37v/7+OQPBmPLSmaM5VxCOpFDZCvzArlW9I5BDpb5CZPJA
NDCA0JZch8UsyXzy7MhGgywqaZ/Wd089ooLNt8S+/vpvS/puevGM/jkXWwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE7u7eVMX0GSW/SAYpxv87zKOjTSMB8GA1UdIwQY
MBaAFGGl0hd1noYWlvx37ZqmO5Tts759MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWFYU0YzV2VoaGFXX0hmdG1xWTdsTzJ6dm4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS83MmY2Y2YtOWJkNC00NjdhLWE5MmEt
NWE2NGE1ZmM4YTY0LzEvVHU3dDVVeGZRWkpiOUlCaW5HX3p2TW82Tk5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS83MmY2Y2YtOWJkNC00NjdhLWE5MmEtNWE2NGE1ZmM4YTY0
LzEvWWFYU0YzV2VoaGFXX0hmdG1xWTdsTzJ6dm4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuRv5AwQA
uRv7MA0GCSqGSIb3DQEBCwUAA4IBAQCgpNIzqtvwnIYiX5fwiHOh1Y0b9Veks6Qr
nOizKIdLfGgIguihbQsE8EQUWwGME1mZw0SlaVWp6PREmcuHhkN5ryJ1/uGIx+B+
XHGqpHFHGIB/3iFCUdSQdsZcCbzB0/mZQqVtGtnco6A28iAAVT55xtrz6CsPHOTX
ONTvqWuujBBoUUp4XwKttgUZ3nhDNQjFmnXFZxhJs0lRrZq3mHlc43lnrMw61N4t
jeckwMcNVNCUQYwk4x+H4AdqSGoW1EiFwGjk/UgUpQynRFy7mXbfCKjL6MPvsrTi
xZv699TxG8P0PCLYPsj/EOrl4LzecyoOOzU2FRe1PBk6ZwQPRMft
-----END CERTIFICATE-----