Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/SC9yZhU9PNS8QTNjN_qrNv_eW3Q.roa
File:                     SC9yZhU9PNS8QTNjN_qrNv_eW3Q.roa (raw, json)
Hash identifier:          U3jGOjd33mOISo0lcKw17gPp1Hb2/jkFzcISZ7nMSSw=
Subject key identifier:   48:2F:72:66:15:3D:3C:D4:BC:41:33:63:37:FA:AB:36:FF:DE:5B:74
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       01958F2E9689CFC4570659F12425127784A2
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/SC9yZhU9PNS8QTNjN_qrNv_eW3Q.roa
Signing time:             Thu 13 Mar 2025 11:05:49 +0000
ROA not before:           Thu 13 Mar 2025 11:05:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400536
IP address blocks:        185.24.148.0/24 maxlen: 24
                          212.16.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:8f:2e:96:89:cf:c4:57:06:59:f1:24:25:12:77:84:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Mar 13 11:05:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=482f7266153d3cd4bc41336337faab36ffde5b74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:8e:9f:66:91:30:91:f1:50:f0:72:b1:28:3d:
                    e7:02:f8:b7:82:f1:f8:58:a9:af:a2:0e:8f:29:6a:
                    47:6f:64:7f:18:7c:99:b2:74:49:ef:c6:d3:c6:d2:
                    e9:aa:dd:e5:8e:9e:31:02:80:4a:e1:11:0e:33:6d:
                    d7:cc:6f:44:5c:81:e7:22:d9:e5:d7:55:b5:94:06:
                    1d:c1:41:9e:83:90:ee:e2:eb:f7:03:da:6f:12:85:
                    a9:0e:85:0a:e0:83:84:a2:b1:6f:2b:57:bc:bf:cd:
                    c5:38:a5:48:e0:1b:a7:98:cc:87:4a:49:16:43:4f:
                    54:68:01:e9:fc:79:e1:9f:5e:8b:65:5b:c8:50:9e:
                    4b:51:99:8c:86:12:0d:ff:7a:31:62:49:29:58:39:
                    35:7c:45:70:53:47:1b:19:a9:15:e2:77:57:35:eb:
                    f3:78:91:9c:b1:38:91:1f:9a:df:a9:29:a4:52:33:
                    df:57:b8:69:99:ec:b7:9c:02:a3:7e:8f:58:11:73:
                    09:0f:ea:0e:b3:97:38:39:80:69:1f:ae:23:b0:17:
                    e3:50:4b:13:47:bf:92:39:a3:d3:e9:6f:26:58:f8:
                    65:af:50:78:8e:80:a4:88:ee:47:ab:d0:37:b6:7c:
                    72:12:f8:2e:e8:41:93:1f:da:5b:a9:ea:93:f5:e4:
                    02:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:2F:72:66:15:3D:3C:D4:BC:41:33:63:37:FA:AB:36:FF:DE:5B:74
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/SC9yZhU9PNS8QTNjN_qrNv_eW3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.24.148.0/24
                  212.16.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:8a:23:1e:d9:6e:eb:a7:0c:cb:ae:92:05:c3:5b:37:6e:8e:
         9d:14:c8:40:04:9d:ff:96:31:d0:b1:bc:c0:b5:d3:68:2b:6e:
         40:53:25:1e:f9:8b:fa:91:d6:4c:ff:8c:02:52:d6:79:76:58:
         33:ee:fb:07:bf:98:95:50:9f:4c:cf:f6:57:13:12:1b:7f:8d:
         fc:d4:be:b6:9d:35:71:ca:df:82:c5:a3:84:11:c4:00:0d:d1:
         0b:a6:bc:33:45:b4:f2:58:df:dc:96:04:37:67:74:95:34:c3:
         da:dc:89:29:0d:54:68:e0:fc:51:66:99:3b:65:7f:7e:1a:aa:
         8f:c4:77:9d:7b:e7:cc:b7:76:1f:e7:d3:09:27:93:36:2d:e3:
         50:53:2c:cb:9d:e3:6b:5c:a9:df:55:04:f1:7c:69:b4:83:bc:
         b7:4e:ed:d9:99:e5:94:b3:98:88:51:2d:b0:ee:d9:a9:18:44:
         25:ab:fa:2e:92:82:04:a0:53:b0:1a:09:f9:80:ae:ae:dd:55:
         8c:7d:68:ed:79:2a:8b:da:72:47:47:53:a2:fc:de:52:4b:d8:
         3e:13:c4:a3:ba:a7:81:d1:2e:8a:6b:b8:0f:54:28:81:0f:15:
         00:d9:89:3c:55:93:5f:49:ef:d6:b4:66:be:b9:d9:b7:ae:db:
         d7:61:6e:73
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZWPLpaJz8RXBlnxJCUSd4SiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjUwMzEzMTEwNTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODJmNzI2NjE1M2QzY2Q0YmM0MTMzNjMzN2ZhYWIzNmZmZGU1Yjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmo6fZpEwkfFQ8HKxKD3nAvi3gvH4
WKmvog6PKWpHb2R/GHyZsnRJ78bTxtLpqt3ljp4xAoBK4REOM23XzG9EXIHnItnl
11W1lAYdwUGeg5Du4uv3A9pvEoWpDoUK4IOEorFvK1e8v83FOKVI4BunmMyHSkkW
Q09UaAHp/Hnhn16LZVvIUJ5LUZmMhhIN/3oxYkkpWDk1fEVwU0cbGakV4ndXNevz
eJGcsTiRH5rfqSmkUjPfV7hpmey3nAKjfo9YEXMJD+oOs5c4OYBpH64jsBfjUEsT
R7+SOaPT6W8mWPhlr1B4joCkiO5Hq9A3tnxyEvgu6EGTH9pbqeqT9eQCFQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEgvcmYVPTzUvEEzYzf6qzb/3lt0MB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvU0M5eVpoVTlQTlM4UVROak5fcXJOdl9lVzNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuRiUAwQA
1BBPMA0GCSqGSIb3DQEBCwUAA4IBAQBhiiMe2W7rpwzLrpIFw1s3bo6dFMhABJ3/
ljHQsbzAtdNoK25AUyUe+Yv6kdZM/4wCUtZ5dlgz7vsHv5iVUJ9Mz/ZXExIbf438
1L62nTVxyt+CxaOEEcQADdELprwzRbTyWN/clgQ3Z3SVNMPa3IkpDVRo4PxRZpk7
ZX9+GqqPxHede+fMt3Yf59MJJ5M2LeNQUyzLneNrXKnfVQTxfGm0g7y3Tu3ZmeWU
s5iIUS2w7tmpGEQlq/oukoIEoFOwGgn5gK6u3VWMfWjteSqL2nJHR1Oi/N5SS9g+
E8SjuqeB0S6Ka7gPVCiBDxUA2Yk8VZNfSe/WtGa+udm3rtvXYW5z
-----END CERTIFICATE-----