Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/72f6cf-9bd4-467a-a92a-5a64a5fc8a64/1/z3s2kSvc4H2ywLCnLljgXCeMKHc.roa
File:                     z3s2kSvc4H2ywLCnLljgXCeMKHc.roa (raw, json)
Hash identifier:          pgMrP+tE9sQxVvQRywnzdq3UOn28MH01XXGUWXVHask=
Subject key identifier:   CF:7B:36:91:2B:DC:E0:7D:B2:C0:B0:A7:2E:58:E0:5C:27:8C:28:77
Certificate issuer:       /CN=61a5d217759e861696fc77ed9aa63b94edb3be7d
Certificate serial:       01941F8C4FD9E7B03E4CCCCB3443D1AB2C4B
Authority key identifier: 61:A5:D2:17:75:9E:86:16:96:FC:77:ED:9A:A6:3B:94:ED:B3:BE:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YaXSF3WehhaW_HftmqY7lO2zvn0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/72f6cf-9bd4-467a-a92a-5a64a5fc8a64/1/z3s2kSvc4H2ywLCnLljgXCeMKHc.roa
Signing time:             Wed 01 Jan 2025 01:47:56 +0000
ROA not before:           Wed 01 Jan 2025 01:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3356
IP address blocks:        185.27.249.0/24 maxlen: 24
                          185.27.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/72f6cf-9bd4-467a-a92a-5a64a5fc8a64/1/YaXSF3WehhaW_HftmqY7lO2zvn0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/72f6cf-9bd4-467a-a92a-5a64a5fc8a64/1/YaXSF3WehhaW_HftmqY7lO2zvn0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YaXSF3WehhaW_HftmqY7lO2zvn0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 14:35:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:4f:d9:e7:b0:3e:4c:cc:cb:34:43:d1:ab:2c:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61a5d217759e861696fc77ed9aa63b94edb3be7d
        Validity
            Not Before: Jan  1 01:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cf7b36912bdce07db2c0b0a72e58e05c278c2877
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:8b:72:36:88:ae:02:05:cd:b8:92:b8:bc:b4:
                    64:99:c3:ea:f4:00:07:d9:15:f5:4c:cd:a4:7b:ce:
                    b0:b6:c0:1c:f1:0c:ec:3d:5f:d1:7a:6b:00:5f:d0:
                    39:b0:31:e2:a8:b4:b1:5d:85:da:1c:64:9f:70:c6:
                    93:44:a3:b2:05:0d:a6:2f:63:cd:7a:dd:eb:fa:83:
                    6f:9c:f0:fc:69:61:04:fd:5e:27:18:8a:61:e2:4f:
                    64:d3:d0:fc:91:47:94:d0:dd:60:7f:2a:c3:f5:d7:
                    cc:ce:44:25:ff:7a:6c:88:2f:54:48:22:18:49:51:
                    6e:2b:a2:db:23:66:40:80:58:02:b6:ed:aa:e3:9b:
                    77:bd:cb:17:27:1c:bf:46:c3:d8:d5:a2:54:96:9b:
                    af:30:af:d2:66:f2:cb:fb:84:64:82:02:07:59:fd:
                    71:48:77:b2:70:75:70:66:a4:b6:9a:10:63:d9:a5:
                    3c:87:65:21:3f:d7:14:bf:16:87:71:86:ba:dc:06:
                    d0:4d:46:dc:fe:14:c6:da:2a:ae:5d:3b:b8:f1:1d:
                    e3:23:d5:43:8b:06:d1:f5:e1:17:a4:ef:fb:09:9f:
                    cf:1f:c6:be:c3:97:a7:af:11:cd:86:c6:56:f1:a0:
                    8a:0d:86:0f:c1:80:15:cd:c2:8a:0f:33:f9:aa:33:
                    14:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:7B:36:91:2B:DC:E0:7D:B2:C0:B0:A7:2E:58:E0:5C:27:8C:28:77
            X509v3 Authority Key Identifier:
                keyid:61:A5:D2:17:75:9E:86:16:96:FC:77:ED:9A:A6:3B:94:ED:B3:BE:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YaXSF3WehhaW_HftmqY7lO2zvn0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/72f6cf-9bd4-467a-a92a-5a64a5fc8a64/1/z3s2kSvc4H2ywLCnLljgXCeMKHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/72f6cf-9bd4-467a-a92a-5a64a5fc8a64/1/YaXSF3WehhaW_HftmqY7lO2zvn0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.27.249.0/24
                  185.27.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:30:29:9e:5b:17:f0:49:cc:61:82:7f:eb:66:04:e4:7f:9c:
         dc:de:08:63:1a:da:fb:40:71:35:34:3b:94:7b:9a:5d:33:2c:
         00:94:6e:36:26:76:5e:04:2d:a3:af:c4:8a:93:b3:2e:f7:05:
         19:37:fa:c5:d4:51:d4:c7:79:e5:da:8f:c7:23:ea:98:a7:8e:
         e1:a1:48:1f:6b:4f:c0:8c:71:c6:28:6f:db:85:57:8f:37:34:
         36:2c:59:8e:02:eb:df:f0:cf:7c:d0:41:f4:1a:c0:14:7d:10:
         6d:fa:37:e0:e8:78:16:bd:4c:f0:99:13:86:dc:64:2b:3d:66:
         47:b0:3d:4f:62:7d:65:04:6d:e6:c7:11:a6:1b:98:86:e2:b2:
         33:2a:a1:e2:2e:5f:7d:25:fb:f5:b9:17:f8:97:15:a0:eb:ca:
         31:12:33:67:ae:bf:aa:ff:2f:30:79:35:25:80:0f:5b:65:fd:
         7d:40:9d:11:40:bb:b9:ea:85:be:07:58:87:19:d3:c7:b0:e0:
         58:8f:7b:75:ef:b0:11:16:5f:52:7a:c7:3d:dd:4b:61:53:9f:
         c1:6a:85:a5:8f:51:23:2a:cd:e1:b3:b9:2b:00:01:8b:39:fb:
         1a:3b:8a:c7:96:c5:70:fe:12:12:c2:9b:4b:18:ce:68:9c:80:
         43:e2:75:c4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQfjE/Z57A+TMzLNEPRqyxLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYTVkMjE3NzU5ZTg2MTY5NmZjNzdlZDlhYTYzYjk0ZWRi
M2JlN2QwHhcNMjUwMTAxMDE0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjdiMzY5MTJiZGNlMDdkYjJjMGIwYTcyZTU4ZTA1YzI3OGMyODc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn4tyNoiuAgXNuJK4vLRkmcPq9AAH
2RX1TM2ke86wtsAc8QzsPV/RemsAX9A5sDHiqLSxXYXaHGSfcMaTRKOyBQ2mL2PN
et3r+oNvnPD8aWEE/V4nGIph4k9k09D8kUeU0N1gfyrD9dfMzkQl/3psiC9USCIY
SVFuK6LbI2ZAgFgCtu2q45t3vcsXJxy/RsPY1aJUlpuvMK/SZvLL+4RkggIHWf1x
SHeycHVwZqS2mhBj2aU8h2UhP9cUvxaHcYa63AbQTUbc/hTG2iquXTu48R3jI9VD
iwbR9eEXpO/7CZ/PH8a+w5enrxHNhsZW8aCKDYYPwYAVzcKKDzP5qjMUGQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM97NpEr3OB9ssCwpy5Y4FwnjCh3MB8GA1UdIwQY
MBaAFGGl0hd1noYWlvx37ZqmO5Tts759MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWFYU0YzV2VoaGFXX0hmdG1xWTdsTzJ6dm4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS83MmY2Y2YtOWJkNC00NjdhLWE5MmEt
NWE2NGE1ZmM4YTY0LzEvejNzMmtTdmM0SDJ5d0xDbkxsamdYQ2VNS0hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS83MmY2Y2YtOWJkNC00NjdhLWE5MmEtNWE2NGE1ZmM4YTY0
LzEvWWFYU0YzV2VoaGFXX0hmdG1xWTdsTzJ6dm4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuRv5AwQA
uRv7MA0GCSqGSIb3DQEBCwUAA4IBAQBzMCmeWxfwScxhgn/rZgTkf5zc3ghjGtr7
QHE1NDuUe5pdMywAlG42JnZeBC2jr8SKk7Mu9wUZN/rF1FHUx3nl2o/HI+qYp47h
oUgfa0/AjHHGKG/bhVePNzQ2LFmOAuvf8M980EH0GsAUfRBt+jfg6HgWvUzwmROG
3GQrPWZHsD1PYn1lBG3mxxGmG5iG4rIzKqHiLl99Jfv1uRf4lxWg68oxEjNnrr+q
/y8weTUlgA9bZf19QJ0RQLu56oW+B1iHGdPHsOBYj3t177ARFl9Sesc93UthU5/B
aoWlj1EjKs3hs7krAAGLOfsaO4rHlsVw/hISwptLGM5onIBD4nXE
-----END CERTIFICATE-----