Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/74bf41-d6a7-4fb5-801c-33cc3adb1e78/1/8f1DQEzOmVOlZREX0FzyX7_KlmU.roa
File:                     8f1DQEzOmVOlZREX0FzyX7_KlmU.roa (raw, json)
Hash identifier:          vPG/1XLUFUdmTpDY8V/ZQr1qcuxaKozSqJOdcnOMn8g=
Subject key identifier:   F1:FD:43:40:4C:CE:99:53:A5:65:11:17:D0:5C:F2:5F:BF:CA:96:65
Certificate issuer:       /CN=61e6ea83926bc478c785471d805a5c1210a8c993
Certificate serial:       0194CAE0A12FF08CAB8320F143264E899AA9
Authority key identifier: 61:E6:EA:83:92:6B:C4:78:C7:85:47:1D:80:5A:5C:12:10:A8:C9:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yebqg5JrxHjHhUcdgFpcEhCoyZM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/74bf41-d6a7-4fb5-801c-33cc3adb1e78/1/8f1DQEzOmVOlZREX0FzyX7_KlmU.roa
Signing time:             Mon 03 Feb 2025 08:15:06 +0000
ROA not before:           Mon 03 Feb 2025 08:15:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35273
IP address blocks:        195.238.112.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/74bf41-d6a7-4fb5-801c-33cc3adb1e78/1/Yebqg5JrxHjHhUcdgFpcEhCoyZM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/74bf41-d6a7-4fb5-801c-33cc3adb1e78/1/Yebqg5JrxHjHhUcdgFpcEhCoyZM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yebqg5JrxHjHhUcdgFpcEhCoyZM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ca:e0:a1:2f:f0:8c:ab:83:20:f1:43:26:4e:89:9a:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61e6ea83926bc478c785471d805a5c1210a8c993
        Validity
            Not Before: Feb  3 08:15:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f1fd43404cce9953a5651117d05cf25fbfca9665
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e3:ca:24:ff:e3:58:fe:eb:1b:15:fd:82:71:
                    47:bd:23:bd:e4:77:c8:67:95:02:8d:f3:ba:0f:01:
                    e0:c3:b3:eb:05:c2:89:12:94:98:67:47:3b:f2:4b:
                    93:0d:9f:1c:f9:8c:a2:8d:9d:ef:6a:43:14:b8:61:
                    13:0c:4b:da:c0:0b:5a:ad:ff:15:52:27:5a:c4:e7:
                    58:32:ed:be:29:0e:19:6b:c8:b8:8c:0d:07:9e:2c:
                    60:bf:0a:73:5c:ca:32:80:51:9b:af:f3:7f:d8:00:
                    90:a6:e7:3d:83:ee:3f:69:e1:b3:a3:09:fd:8a:f3:
                    a8:cd:3f:7d:b1:bf:6e:71:42:a9:51:a0:e6:c8:a8:
                    bb:aa:2c:74:39:f3:41:2c:b7:78:d9:af:31:c3:84:
                    5c:7b:13:7a:73:dc:be:4d:9c:fd:b0:4f:a4:b3:45:
                    a7:d0:73:71:5c:bb:7e:8c:d3:6d:f2:fb:c9:90:89:
                    7a:a4:9b:77:5e:5d:e4:cf:9a:de:3c:76:65:47:f5:
                    a4:02:fb:5c:1e:77:e3:ae:34:ab:54:ab:a8:83:ae:
                    fb:86:3e:01:a6:c4:80:43:4e:13:f4:9a:62:07:8f:
                    4e:9d:45:d3:98:50:7f:e5:c3:c7:ed:a1:3a:05:4c:
                    70:58:b9:6e:d8:d8:56:54:47:2a:45:3c:0f:55:39:
                    48:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:FD:43:40:4C:CE:99:53:A5:65:11:17:D0:5C:F2:5F:BF:CA:96:65
            X509v3 Authority Key Identifier:
                keyid:61:E6:EA:83:92:6B:C4:78:C7:85:47:1D:80:5A:5C:12:10:A8:C9:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yebqg5JrxHjHhUcdgFpcEhCoyZM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/74bf41-d6a7-4fb5-801c-33cc3adb1e78/1/8f1DQEzOmVOlZREX0FzyX7_KlmU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/74bf41-d6a7-4fb5-801c-33cc3adb1e78/1/Yebqg5JrxHjHhUcdgFpcEhCoyZM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.238.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9e:09:f9:8e:cc:86:d8:bb:17:71:2d:35:d0:7e:9f:c9:00:f6:
         05:99:51:d3:09:10:6e:bd:66:29:7d:4e:dd:95:5f:5f:f7:df:
         43:af:2d:d4:5f:fe:52:cb:fe:a2:f8:76:7d:9c:46:dd:15:c5:
         45:0c:a7:a7:cf:1b:0e:bf:4c:9b:47:40:eb:7a:e7:79:2b:99:
         c5:5c:72:30:b8:ab:cc:fb:b9:66:5a:f0:63:e6:f6:24:0b:09:
         61:f6:b9:97:c5:35:22:5e:b2:0e:22:ca:7a:14:21:d8:b0:ac:
         49:8d:7f:a8:3b:1e:7f:02:76:91:0f:0a:aa:72:ed:6a:52:4a:
         d2:e9:1c:b2:c0:ad:76:62:e5:4a:d0:77:75:89:70:7a:83:b8:
         77:65:ba:02:ed:ce:5e:65:4e:3a:db:92:bc:6c:64:00:f7:34:
         0c:d0:e3:b5:c7:19:bf:14:1b:bc:c3:0b:89:08:f4:46:7a:69:
         da:d3:63:0e:85:f4:91:4f:4e:47:7e:44:eb:25:63:76:6c:4c:
         46:a9:a5:48:a2:40:40:43:10:48:71:83:ee:7f:95:5e:4c:e5:
         ef:19:be:ad:4f:3d:d6:b1:dd:f3:be:a3:cf:bc:02:39:2a:58:
         c8:65:1a:da:dd:ef:0f:40:f0:c3:50:1d:f6:4a:21:58:df:94:
         78:4a:9a:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTK4KEv8IyrgyDxQyZOiZqpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxZTZlYTgzOTI2YmM0NzhjNzg1NDcxZDgwNWE1YzEyMTBh
OGM5OTMwHhcNMjUwMjAzMDgxNTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWZkNDM0MDRjY2U5OTUzYTU2NTExMTdkMDVjZjI1ZmJmY2E5NjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOPKJP/jWP7rGxX9gnFHvSO95HfI
Z5UCjfO6DwHgw7PrBcKJEpSYZ0c78kuTDZ8c+YyijZ3vakMUuGETDEvawAtarf8V
UidaxOdYMu2+KQ4Za8i4jA0HnixgvwpzXMoygFGbr/N/2ACQpuc9g+4/aeGzown9
ivOozT99sb9ucUKpUaDmyKi7qix0OfNBLLd42a8xw4RcexN6c9y+TZz9sE+ks0Wn
0HNxXLt+jNNt8vvJkIl6pJt3Xl3kz5rePHZlR/WkAvtcHnfjrjSrVKuog677hj4B
psSAQ04T9JpiB49OnUXTmFB/5cPH7aE6BUxwWLlu2NhWVEcqRTwPVTlIlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPH9Q0BMzplTpWURF9Bc8l+/ypZlMB8GA1UdIwQY
MBaAFGHm6oOSa8R4x4VHHYBaXBIQqMmTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWVicWc1SnJ4SGpIaFVjZGdGcGNFaENveVpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC83NGJmNDEtZDZhNy00ZmI1LTgwMWMt
MzNjYzNhZGIxZTc4LzEvOGYxRFFFek9tVk9sWlJFWDBGenlYN19LbG1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC83NGJmNDEtZDZhNy00ZmI1LTgwMWMtMzNjYzNhZGIxZTc4
LzEvWWVicWc1SnJ4SGpIaFVjZGdGcGNFaENveVpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw+5wMA0G
CSqGSIb3DQEBCwUAA4IBAQCeCfmOzIbYuxdxLTXQfp/JAPYFmVHTCRBuvWYpfU7d
lV9f999Dry3UX/5Sy/6i+HZ9nEbdFcVFDKenzxsOv0ybR0Dreud5K5nFXHIwuKvM
+7lmWvBj5vYkCwlh9rmXxTUiXrIOIsp6FCHYsKxJjX+oOx5/AnaRDwqqcu1qUkrS
6RyywK12YuVK0Hd1iXB6g7h3ZboC7c5eZU4625K8bGQA9zQM0OO1xxm/FBu8wwuJ
CPRGemna02MOhfSRT05HfkTrJWN2bExGqaVIokBAQxBIcYPuf5VeTOXvGb6tTz3W
sd3zvqPPvAI5KljIZRra3e8PQPDDUB32SiFY35R4SppX
-----END CERTIFICATE-----