Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/0abb8a-9798-4bf8-bae1-c1c05cdb7841/1/sVzqlUVXrHqVsVw4yhzSu1oYIjM.roa
File:                     sVzqlUVXrHqVsVw4yhzSu1oYIjM.roa (raw, json)
Hash identifier:          HaD8do3X9duYtx96VIyzNjLwjQlO2MrTlBSjfqbB5ec=
Subject key identifier:   B1:5C:EA:95:45:57:AC:7A:95:B1:5C:38:CA:1C:D2:BB:5A:18:22:33
Certificate issuer:       /CN=3797e039f025a25aa6e992391d924260699ba67b
Certificate serial:       019424B31186E11FD60D3AE0997CF297483B
Authority key identifier: 37:97:E0:39:F0:25:A2:5A:A6:E9:92:39:1D:92:42:60:69:9B:A6:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N5fgOfAlolqm6ZI5HZJCYGmbpns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/0abb8a-9798-4bf8-bae1-c1c05cdb7841/1/sVzqlUVXrHqVsVw4yhzSu1oYIjM.roa
Signing time:             Thu 02 Jan 2025 01:48:22 +0000
ROA not before:           Thu 02 Jan 2025 01:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61006
IP address blocks:        185.96.72.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/0abb8a-9798-4bf8-bae1-c1c05cdb7841/1/N5fgOfAlolqm6ZI5HZJCYGmbpns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/0abb8a-9798-4bf8-bae1-c1c05cdb7841/1/N5fgOfAlolqm6ZI5HZJCYGmbpns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N5fgOfAlolqm6ZI5HZJCYGmbpns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:11:86:e1:1f:d6:0d:3a:e0:99:7c:f2:97:48:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3797e039f025a25aa6e992391d924260699ba67b
        Validity
            Not Before: Jan  2 01:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b15cea954557ac7a95b15c38ca1cd2bb5a182233
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:7d:10:63:e7:4a:ec:5a:8c:ed:ef:cc:82:bc:
                    a9:a7:34:84:c9:a8:5d:2d:e8:a2:55:ee:be:a3:0a:
                    e8:72:ff:5a:48:a6:d7:8f:d4:a3:38:7a:20:63:9c:
                    ab:89:29:71:27:ac:19:09:4c:85:ef:d0:dd:a1:cc:
                    42:5f:89:a7:fa:66:e6:f7:b3:e0:da:72:e6:5b:3d:
                    cb:9e:b9:49:aa:67:2c:69:1f:f8:db:47:c9:45:96:
                    be:52:d3:bd:e8:e8:67:c8:d5:1a:72:f1:e9:61:0f:
                    ee:f6:c5:53:9e:90:db:63:c1:77:50:d5:06:71:bd:
                    24:13:21:17:40:a2:4e:40:b9:1c:c6:86:b6:ea:43:
                    85:21:1c:b3:ee:95:d5:73:74:8c:6e:c5:65:5e:9f:
                    ce:59:35:19:0c:18:20:99:58:ec:70:29:c4:c9:e7:
                    3e:a4:34:06:8e:b2:a8:e4:6f:0d:16:aa:ed:c9:1b:
                    d5:3d:f3:50:94:70:d7:91:2e:be:77:81:4d:4d:9f:
                    04:63:9c:32:f8:79:96:71:27:c0:bd:4a:92:c6:7f:
                    33:53:61:6a:4b:19:11:0a:d1:c0:4d:ba:36:07:a3:
                    41:6f:4c:1a:91:c3:95:00:83:9c:ec:7f:87:4c:3a:
                    69:8a:06:6c:19:f5:58:3d:ea:69:4f:0c:48:21:03:
                    a6:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:5C:EA:95:45:57:AC:7A:95:B1:5C:38:CA:1C:D2:BB:5A:18:22:33
            X509v3 Authority Key Identifier:
                keyid:37:97:E0:39:F0:25:A2:5A:A6:E9:92:39:1D:92:42:60:69:9B:A6:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N5fgOfAlolqm6ZI5HZJCYGmbpns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0abb8a-9798-4bf8-bae1-c1c05cdb7841/1/sVzqlUVXrHqVsVw4yhzSu1oYIjM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0abb8a-9798-4bf8-bae1-c1c05cdb7841/1/N5fgOfAlolqm6ZI5HZJCYGmbpns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.96.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2f:ad:4d:62:ab:6d:7c:78:d3:85:9b:ac:bf:b7:5c:ad:a7:2a:
         5a:f8:95:af:84:64:34:46:04:3a:d5:14:4f:65:62:3a:95:ef:
         e8:f3:df:10:7c:4d:a7:28:ee:51:cb:37:e9:da:16:11:37:63:
         6a:1f:66:3a:98:1d:a7:b7:c7:0d:9a:c1:7b:06:95:5e:f4:c6:
         b6:78:d0:5b:5c:40:c6:0a:5f:38:11:ee:ad:d9:bf:30:85:bf:
         ff:5e:35:c8:10:51:b4:52:0b:8f:ea:10:f9:a0:ef:80:bb:31:
         11:46:5c:dc:0f:a3:2c:b0:a6:b2:2b:c1:fb:1e:48:7a:80:b9:
         94:ec:25:89:28:57:63:4b:2d:d6:5e:55:37:d0:04:41:a3:7d:
         05:be:fa:26:8c:8e:87:ed:4e:d7:db:3e:92:c6:03:1b:80:70:
         28:76:32:f6:f5:83:13:4c:51:a8:0f:57:f1:dc:59:3f:52:cd:
         d6:80:0b:1c:cc:2e:d7:f0:d1:29:af:7b:48:1e:e0:f1:5e:f5:
         f5:cb:1d:3d:0b:00:e0:ea:10:a7:90:52:26:0c:a8:04:65:d4:
         a4:ad:a4:44:7a:81:f9:42:e5:f2:c7:c7:e6:d0:9c:92:80:4a:
         34:47:c3:12:cf:f8:68:81:88:96:2e:02:51:cf:02:1e:37:61:
         46:4d:66:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQksxGG4R/WDTrgmXzyl0g7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3OTdlMDM5ZjAyNWEyNWFhNmU5OTIzOTFkOTI0MjYwNjk5
YmE2N2IwHhcNMjUwMTAyMDE0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTVjZWE5NTQ1NTdhYzdhOTViMTVjMzhjYTFjZDJiYjVhMTgyMjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0n0QY+dK7FqM7e/MgryppzSEyahd
LeiiVe6+owrocv9aSKbXj9SjOHogY5yriSlxJ6wZCUyF79DdocxCX4mn+mbm97Pg
2nLmWz3LnrlJqmcsaR/420fJRZa+UtO96OhnyNUacvHpYQ/u9sVTnpDbY8F3UNUG
cb0kEyEXQKJOQLkcxoa26kOFIRyz7pXVc3SMbsVlXp/OWTUZDBggmVjscCnEyec+
pDQGjrKo5G8NFqrtyRvVPfNQlHDXkS6+d4FNTZ8EY5wy+HmWcSfAvUqSxn8zU2Fq
SxkRCtHATbo2B6NBb0wakcOVAIOc7H+HTDppigZsGfVYPeppTwxIIQOm5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLFc6pVFV6x6lbFcOMoc0rtaGCIzMB8GA1UdIwQY
MBaAFDeX4DnwJaJapumSOR2SQmBpm6Z7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjVmZ09mQWxvbHFtNlpJNUhaSkNZR21icG5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8wYWJiOGEtOTc5OC00YmY4LWJhZTEt
YzFjMDVjZGI3ODQxLzEvc1Z6cWxVVlhySHFWc1Z3NHloelN1MW9ZSWpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8wYWJiOGEtOTc5OC00YmY4LWJhZTEtYzFjMDVjZGI3ODQx
LzEvTjVmZ09mQWxvbHFtNlpJNUhaSkNZR21icG5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWBIMA0G
CSqGSIb3DQEBCwUAA4IBAQAvrU1iq218eNOFm6y/t1ytpypa+JWvhGQ0RgQ61RRP
ZWI6le/o898QfE2nKO5Ryzfp2hYRN2NqH2Y6mB2nt8cNmsF7BpVe9Ma2eNBbXEDG
Cl84Ee6t2b8whb//XjXIEFG0UguP6hD5oO+AuzERRlzcD6MssKayK8H7Hkh6gLmU
7CWJKFdjSy3WXlU30ARBo30FvvomjI6H7U7X2z6SxgMbgHAodjL29YMTTFGoD1fx
3Fk/Us3WgAsczC7X8NEpr3tIHuDxXvX1yx09CwDg6hCnkFImDKgEZdSkraREeoH5
QuXyx8fm0JySgEo0R8MSz/hogYiWLgJRzwIeN2FGTWYT
-----END CERTIFICATE-----