Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/d3dmZhqZMBm8nnUwxeRipF31rF4.roa
File:                     d3dmZhqZMBm8nnUwxeRipF31rF4.roa (raw, json)
Hash identifier:          Wq9QYT7yZowYR4zvxJjwAu28e4Rc6FO3OCTrtL2HZ2k=
Subject key identifier:   77:77:66:66:1A:99:30:19:BC:9E:75:30:C5:E4:62:A4:5D:F5:AC:5E
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       01942220030AF60022C4149F47F24D9F769C
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/d3dmZhqZMBm8nnUwxeRipF31rF4.roa
Signing time:             Wed 01 Jan 2025 13:48:30 +0000
ROA not before:           Wed 01 Jan 2025 13:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64399
IP address blocks:        212.16.70.0/24 maxlen: 24
                          212.16.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 12:15:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:03:0a:f6:00:22:c4:14:9f:47:f2:4d:9f:76:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Jan  1 13:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=777766661a993019bc9e7530c5e462a45df5ac5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:61:a9:17:72:4d:80:bc:37:83:ce:c2:cb:fc:
                    35:bd:d5:a9:d4:99:6b:8e:45:9f:b9:47:d3:ba:e9:
                    09:d3:c2:ef:0f:7b:36:19:dc:ac:e3:57:16:0e:cc:
                    c2:c9:af:b4:13:38:30:9d:4d:5c:8d:73:38:04:de:
                    bd:68:a2:e7:2f:5c:b6:59:e1:d2:ee:45:47:63:2b:
                    2d:5f:6e:75:9d:77:5e:1c:08:f3:30:29:97:2f:71:
                    c6:9b:b7:d7:9d:84:14:a5:19:16:96:50:cd:33:33:
                    f2:86:3f:ed:fe:a5:62:46:e9:58:a1:a0:46:14:92:
                    97:d8:44:f2:08:2b:10:57:bc:8c:63:c6:f0:18:e6:
                    34:5b:b9:ce:66:a0:e9:25:96:c6:0a:a4:47:f8:84:
                    b4:dd:ee:f4:99:c3:5d:01:83:66:e1:0b:d0:1d:9c:
                    19:5c:9f:30:a8:15:b2:06:42:e6:39:50:81:18:f2:
                    5f:5b:21:f2:68:d7:17:1f:11:8d:97:65:6e:f7:dd:
                    ec:e2:9e:27:75:d5:1a:62:17:14:06:53:36:29:87:
                    43:d1:72:2f:8e:f0:d5:a1:4d:33:ab:5d:ab:80:fb:
                    91:76:a7:f1:24:69:c4:9e:86:cb:37:13:65:ee:3a:
                    3f:07:94:43:25:ab:d3:f1:ce:66:35:1d:2f:6a:d2:
                    64:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:77:66:66:1A:99:30:19:BC:9E:75:30:C5:E4:62:A4:5D:F5:AC:5E
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/d3dmZhqZMBm8nnUwxeRipF31rF4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.16.70.0/24
                  212.16.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:e7:4c:ea:7c:1d:29:ab:af:fe:97:34:d8:30:78:6a:16:dd:
         ab:71:b2:5a:4f:43:6a:a4:a6:5d:fd:80:67:23:85:8d:1a:4b:
         fb:3d:ec:62:a4:4c:23:48:ce:22:ef:c3:d7:8d:bf:25:73:09:
         0e:c7:68:12:74:2c:0e:96:3a:cc:f6:e8:2d:6b:61:9f:31:c8:
         29:f9:68:65:e5:d6:8d:36:18:cc:1e:b3:a6:86:33:80:1a:a0:
         29:da:94:9a:44:50:a2:7b:62:5c:b9:4d:c8:f1:0a:cc:14:1c:
         49:ec:f2:b4:fd:d0:2c:a5:58:bf:e9:c4:dc:86:ea:6a:30:0e:
         12:d0:15:5b:55:a2:e1:b9:9f:b4:71:07:4f:df:e8:fd:53:36:
         88:6f:71:68:9d:09:11:20:ed:55:76:f4:bc:f9:37:9e:f3:2a:
         7f:e3:f2:a3:8a:07:02:9b:08:e2:5a:51:7d:3d:01:ab:b6:45:
         a9:de:95:bf:1c:ea:e8:07:0b:6f:f9:f5:a2:64:1f:19:da:10:
         79:4e:8e:33:f3:78:a2:33:f2:dc:ae:0c:e8:44:d2:ef:58:83:
         8f:46:07:a8:e6:b4:98:49:1a:9f:91:23:fd:ec:05:e3:cf:4c:
         2e:1f:55:ed:6c:57:ce:a5:93:a1:83:c6:ed:c6:21:65:87:80:
         32:95:64:73
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiIAMK9gAixBSfR/JNn3acMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjUwMTAxMTM0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Nzc3NjY2NjFhOTkzMDE5YmM5ZTc1MzBjNWU0NjJhNDVkZjVhYzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2GpF3JNgLw3g87Cy/w1vdWp1Jlr
jkWfuUfTuukJ08LvD3s2Gdys41cWDszCya+0EzgwnU1cjXM4BN69aKLnL1y2WeHS
7kVHYystX251nXdeHAjzMCmXL3HGm7fXnYQUpRkWllDNMzPyhj/t/qViRulYoaBG
FJKX2ETyCCsQV7yMY8bwGOY0W7nOZqDpJZbGCqRH+IS03e70mcNdAYNm4QvQHZwZ
XJ8wqBWyBkLmOVCBGPJfWyHyaNcXHxGNl2Vu993s4p4nddUaYhcUBlM2KYdD0XIv
jvDVoU0zq12rgPuRdqfxJGnEnobLNxNl7jo/B5RDJavT8c5mNR0vatJkYwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHd3ZmYamTAZvJ51MMXkYqRd9axeMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvZDNkbVpocVpNQm04bm5Vd3hlUmlwRjMxckY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1BBGAwQA
1BBJMA0GCSqGSIb3DQEBCwUAA4IBAQCs50zqfB0pq6/+lzTYMHhqFt2rcbJaT0Nq
pKZd/YBnI4WNGkv7PexipEwjSM4i78PXjb8lcwkOx2gSdCwOljrM9ugta2GfMcgp
+Whl5daNNhjMHrOmhjOAGqAp2pSaRFCie2JcuU3I8QrMFBxJ7PK0/dAspVi/6cTc
hupqMA4S0BVbVaLhuZ+0cQdP3+j9UzaIb3FonQkRIO1VdvS8+Tee8yp/4/KjigcC
mwjiWlF9PQGrtkWp3pW/HOroBwtv+fWiZB8Z2hB5To4z83iiM/LcrgzoRNLvWIOP
Rgeo5rSYSRqfkSP97AXjz0wuH1XtbFfOpZOhg8btxiFlh4AylWRz
-----END CERTIFICATE-----