Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/Yf30QVSO2ocMHA5EW0f4DP5Qt1o.roa
File:                     Yf30QVSO2ocMHA5EW0f4DP5Qt1o.roa (raw, json)
Hash identifier:          32zz/SesO8BibqU6AhXd0H5KAG4NwMXgCvIzhG9KI60=
Subject key identifier:   61:FD:F4:41:54:8E:DA:87:0C:1C:0E:44:5B:47:F8:0C:FE:50:B7:5A
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       019425FD30C386AA19627B50B72E13DE7101
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/Yf30QVSO2ocMHA5EW0f4DP5Qt1o.roa
Signing time:             Thu 02 Jan 2025 07:48:57 +0000
ROA not before:           Thu 02 Jan 2025 07:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     329225
IP address blocks:        64.137.30.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:30:c3:86:aa:19:62:7b:50:b7:2e:13:de:71:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Jan  2 07:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=61fdf441548eda870c1c0e445b47f80cfe50b75a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:82:be:27:40:5e:4d:fb:99:77:49:2a:f5:60:
                    77:ec:5b:49:7d:58:b6:e2:0f:cb:23:c5:73:98:eb:
                    f8:09:ea:5d:47:d0:1b:8a:a2:6e:bf:fc:ff:40:14:
                    53:d3:8b:21:fe:bc:66:a6:12:ef:17:0e:0e:2e:3b:
                    bf:91:9c:82:e6:d0:62:8f:d3:4f:23:45:7f:45:2f:
                    e3:f0:1f:85:aa:dc:01:ce:7a:26:47:bb:c2:91:ab:
                    82:43:b1:0e:0c:b7:d6:e2:4f:08:ab:56:4f:33:2e:
                    23:d4:85:38:98:98:47:29:61:f7:8c:77:17:72:3d:
                    a2:52:b8:05:03:09:c0:20:de:3d:cf:ee:61:4b:f4:
                    b6:c3:5e:16:8f:3b:c1:74:7f:eb:bc:09:22:e9:35:
                    7c:1c:c8:d9:4e:31:fb:2b:31:b4:4a:56:d8:03:be:
                    68:0c:6a:9a:e0:2d:9f:0d:39:e2:d4:26:fa:47:8d:
                    ee:37:26:e2:5c:3b:61:0b:47:1a:eb:5e:0c:7e:8a:
                    b8:80:8d:7a:73:37:e5:d6:d5:24:22:04:e4:d1:83:
                    5f:68:4e:24:53:8a:72:62:fd:6b:0e:f7:a9:aa:be:
                    0d:39:8e:9b:ae:a2:b0:f0:93:ba:a3:9d:35:c4:24:
                    11:bd:68:bb:ce:eb:c3:6a:46:86:de:db:59:67:04:
                    c4:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:FD:F4:41:54:8E:DA:87:0C:1C:0E:44:5B:47:F8:0C:FE:50:B7:5A
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/Yf30QVSO2ocMHA5EW0f4DP5Qt1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.137.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3f:d0:5c:55:e0:f7:11:0b:c4:45:68:44:b8:5d:06:bf:1e:e3:
         85:45:fa:1a:fb:e3:09:27:e4:37:42:82:52:e6:6d:c5:cc:10:
         6a:53:21:e5:ea:6c:c9:ab:c0:89:28:d9:71:ad:94:12:55:63:
         02:fa:cf:df:48:6b:66:54:58:8e:65:72:75:ff:5c:32:90:cf:
         72:76:25:46:bb:7b:b6:09:ae:dc:69:c3:da:73:fd:ad:f5:5d:
         d7:ba:fa:8c:83:cf:80:c4:39:a1:15:fe:09:4b:09:d1:6e:22:
         81:96:a0:d9:d1:d6:7e:13:47:6c:b2:54:3d:b2:c4:9a:3b:cb:
         f5:9b:a4:b7:46:a9:34:b8:ec:c1:86:ff:b2:ad:50:4d:22:f7:
         b0:a7:18:46:9a:e7:a5:8c:22:d2:31:79:f5:11:2f:3b:e6:92:
         ec:3e:e9:c9:ed:d8:f2:2d:3b:4f:12:24:fa:f4:a5:d6:e1:3e:
         c5:b2:c4:97:41:10:f0:ec:5c:a1:14:84:1a:48:eb:59:5b:dd:
         a5:de:95:3c:5d:1a:a7:fd:58:87:7d:24:8e:3c:48:32:71:9f:
         cc:40:dd:5a:c4:28:99:02:91:a7:d2:c3:8e:95:46:f5:7a:a1:
         d4:19:1e:03:fe:4e:15:00:42:7c:3a:25:cd:ce:d9:0a:33:06:
         78:5d:a9:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/TDDhqoZYntQty4T3nEBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjUwMTAyMDc0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWZkZjQ0MTU0OGVkYTg3MGMxYzBlNDQ1YjQ3ZjgwY2ZlNTBiNzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApoK+J0BeTfuZd0kq9WB37FtJfVi2
4g/LI8VzmOv4CepdR9AbiqJuv/z/QBRT04sh/rxmphLvFw4OLju/kZyC5tBij9NP
I0V/RS/j8B+FqtwBznomR7vCkauCQ7EODLfW4k8Iq1ZPMy4j1IU4mJhHKWH3jHcX
cj2iUrgFAwnAIN49z+5hS/S2w14WjzvBdH/rvAki6TV8HMjZTjH7KzG0SlbYA75o
DGqa4C2fDTni1Cb6R43uNybiXDthC0ca614Mfoq4gI16czfl1tUkIgTk0YNfaE4k
U4pyYv1rDvepqr4NOY6brqKw8JO6o501xCQRvWi7zuvDakaG3ttZZwTECwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGH99EFUjtqHDBwORFtH+Az+ULdaMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvWWYzMFFWU08yb2NNSEE1RVcwZjREUDVRdDFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBQIkeMA0G
CSqGSIb3DQEBCwUAA4IBAQA/0FxV4PcRC8RFaES4XQa/HuOFRfoa++MJJ+Q3QoJS
5m3FzBBqUyHl6mzJq8CJKNlxrZQSVWMC+s/fSGtmVFiOZXJ1/1wykM9ydiVGu3u2
Ca7cacPac/2t9V3XuvqMg8+AxDmhFf4JSwnRbiKBlqDZ0dZ+E0dsslQ9ssSaO8v1
m6S3Rqk0uOzBhv+yrVBNIvewpxhGmueljCLSMXn1ES875pLsPunJ7djyLTtPEiT6
9KXW4T7FssSXQRDw7FyhFIQaSOtZW92l3pU8XRqn/ViHfSSOPEgycZ/MQN1axCiZ
ApGn0sOOlUb1eqHUGR4D/k4VAEJ8OiXNztkKMwZ4Xakb
-----END CERTIFICATE-----