Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/3WPaQaeTdmntK5izSsUGm25Ynd0.roa
File:                     3WPaQaeTdmntK5izSsUGm25Ynd0.roa (raw, json)
Hash identifier:          GyiWTK+w6u6ne5SVMQYVthIyhJqTA+ukFgOGPV6Rz7w=
Subject key identifier:   DD:63:DA:41:A7:93:76:69:ED:2B:98:B3:4A:C5:06:9B:6E:58:9D:DD
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       0194222002172241B683EE3C30C66829BEC8
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/3WPaQaeTdmntK5izSsUGm25Ynd0.roa
Signing time:             Wed 01 Jan 2025 13:48:30 +0000
ROA not before:           Wed 01 Jan 2025 13:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58678
IP address blocks:        185.24.149.0/24 maxlen: 24
                          212.16.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 12:15:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:02:17:22:41:b6:83:ee:3c:30:c6:68:29:be:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Jan  1 13:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd63da41a7937669ed2b98b34ac5069b6e589ddd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:4b:6d:89:fc:f2:03:7c:03:5f:f3:9d:b5:2d:
                    7d:8a:49:b6:15:26:05:56:d3:09:4c:7b:d2:e7:33:
                    ae:01:fd:71:ac:51:2b:92:08:00:34:dc:28:3d:ed:
                    81:1f:bf:05:22:0f:26:a3:c1:b3:b5:c5:f0:aa:e3:
                    00:ff:fd:bd:dc:d9:6c:31:10:b1:81:39:81:4f:b9:
                    a9:f2:29:96:ef:98:5f:4a:76:d0:8b:f5:35:e0:1a:
                    44:6c:8d:dd:d5:ab:42:eb:cf:1b:8d:b7:3a:be:99:
                    b7:7e:84:43:eb:31:be:9d:92:4e:0e:fb:c8:6b:ab:
                    4d:c6:2c:29:e7:f0:23:ff:1c:6b:ab:9f:f8:ed:01:
                    9f:aa:88:e9:b3:12:7a:a5:9e:1a:57:60:37:53:d7:
                    af:7d:c4:df:44:54:6d:28:83:1c:02:bf:30:84:8b:
                    32:1d:22:53:24:08:a8:d3:2e:bf:6e:65:d7:74:95:
                    fc:20:2d:c1:c0:a2:64:7b:f6:e1:ed:11:5b:d1:a6:
                    82:7e:39:65:ad:49:87:33:35:df:a6:b9:87:b3:d2:
                    30:60:19:9a:cc:b4:4f:52:53:86:e5:7c:25:76:b4:
                    38:ae:e5:a9:bf:bd:9b:47:5e:ca:b2:19:a7:96:46:
                    2c:1f:1f:e2:99:63:dd:f7:75:b6:1c:8d:9d:26:cf:
                    72:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:63:DA:41:A7:93:76:69:ED:2B:98:B3:4A:C5:06:9B:6E:58:9D:DD
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/3WPaQaeTdmntK5izSsUGm25Ynd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.24.149.0/24
                  212.16.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:0b:93:5e:55:37:20:6a:08:c2:20:73:ef:b6:36:e3:aa:d2:
         a2:b4:43:04:d4:e9:02:fb:28:03:a0:c1:2e:62:9a:44:64:49:
         4c:6f:47:1e:2f:c3:99:0b:62:83:12:bc:a0:4a:ee:26:8d:1f:
         66:e6:85:49:1a:6b:fc:e7:fe:8f:30:5d:bf:8d:ed:c2:75:e6:
         d7:18:56:1a:ab:e6:06:a6:29:ef:b8:07:df:d6:0c:97:64:31:
         2a:45:c2:52:f8:ae:8f:6e:ba:15:8e:d4:68:23:d5:45:34:8c:
         f8:dd:e1:b6:fe:2f:33:9b:e8:ff:e2:35:0c:df:f3:9d:e4:34:
         e3:48:e2:68:37:81:4d:26:f8:41:a0:a2:74:83:51:54:6d:1f:
         8c:fa:ab:8d:69:4e:b2:39:ed:24:64:78:db:51:b3:61:5b:13:
         e6:c7:6c:85:01:b2:25:27:23:74:78:a7:be:e8:a9:37:d4:d7:
         f1:1d:60:cb:6b:7b:0b:79:79:aa:cb:cb:71:cf:eb:43:ce:cc:
         71:97:8f:5a:b5:7f:01:57:2d:5c:95:f3:e0:47:aa:24:55:4c:
         7e:61:1a:64:04:00:cb:a9:79:92:aa:ac:f3:ac:9b:0f:67:7f:
         58:54:80:98:6f:f2:d3:c4:2e:67:7a:19:48:f0:dc:cd:da:5f:
         77:6e:c7:05
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiIAIXIkG2g+48MMZoKb7IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjUwMTAxMTM0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDYzZGE0MWE3OTM3NjY5ZWQyYjk4YjM0YWM1MDY5YjZlNTg5ZGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskttifzyA3wDX/OdtS19ikm2FSYF
VtMJTHvS5zOuAf1xrFErkggANNwoPe2BH78FIg8mo8GztcXwquMA//293NlsMRCx
gTmBT7mp8imW75hfSnbQi/U14BpEbI3d1atC688bjbc6vpm3foRD6zG+nZJODvvI
a6tNxiwp5/Aj/xxrq5/47QGfqojpsxJ6pZ4aV2A3U9evfcTfRFRtKIMcAr8whIsy
HSJTJAio0y6/bmXXdJX8IC3BwKJke/bh7RFb0aaCfjllrUmHMzXfprmHs9IwYBma
zLRPUlOG5XwldrQ4ruWpv72bR17KshmnlkYsHx/imWPd93W2HI2dJs9y8wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN1j2kGnk3Zp7SuYs0rFBptuWJ3dMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvM1dQYVFhZVRkbW50SzVpelNzVUdtMjVZbmQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuRiVAwQA
1BBdMA0GCSqGSIb3DQEBCwUAA4IBAQCCC5NeVTcgagjCIHPvtjbjqtKitEME1OkC
+ygDoMEuYppEZElMb0ceL8OZC2KDErygSu4mjR9m5oVJGmv85/6PMF2/je3CdebX
GFYaq+YGpinvuAff1gyXZDEqRcJS+K6PbroVjtRoI9VFNIz43eG2/i8zm+j/4jUM
3/Od5DTjSOJoN4FNJvhBoKJ0g1FUbR+M+quNaU6yOe0kZHjbUbNhWxPmx2yFAbIl
JyN0eKe+6Kk31NfxHWDLa3sLeXmqy8txz+tDzsxxl49atX8BVy1clfPgR6okVUx+
YRpkBADLqXmSqqzzrJsPZ39YVICYb/LTxC5nehlI8NzN2l93bscF
-----END CERTIFICATE-----