Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/r363Q1qsYQxBbhvSqPJLPh5DahU.roa
File:                     r363Q1qsYQxBbhvSqPJLPh5DahU.roa (raw, json)
Hash identifier:          JjtZM7LfR0UP5uN1iSohb3UO/TmdB39LPJkQd8VgySw=
Subject key identifier:   AF:7E:B7:43:5A:AC:61:0C:41:6E:1B:D2:A8:F2:4B:3E:1E:43:6A:15
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       0194222006D247C26A696658E836EEB87FB3
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/r363Q1qsYQxBbhvSqPJLPh5DahU.roa
Signing time:             Wed 01 Jan 2025 13:48:31 +0000
ROA not before:           Wed 01 Jan 2025 13:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212667
IP address blocks:        46.38.128.0/24 maxlen: 24
                          46.38.130.0/24 maxlen: 24
                          212.16.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 21:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:06:d2:47:c2:6a:69:66:58:e8:36:ee:b8:7f:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Jan  1 13:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af7eb7435aac610c416e1bd2a8f24b3e1e436a15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:90:8d:af:ca:a1:37:6b:a8:4c:40:3e:41:90:
                    5a:32:db:56:2d:96:fa:cf:43:73:ce:b1:13:25:6b:
                    c5:9a:27:88:81:08:73:35:1d:02:86:03:3c:58:79:
                    77:95:76:3f:63:e3:17:27:a3:fd:8f:8d:cc:49:6f:
                    fc:61:76:da:48:6b:ff:bf:14:59:b2:da:55:56:90:
                    c6:62:d8:09:31:6a:8f:d3:22:db:db:f1:0c:63:a7:
                    63:8b:ca:6f:08:dc:aa:3b:60:d5:03:5a:26:a9:de:
                    e0:c3:b9:97:fe:4b:48:a9:43:25:64:89:03:c9:9b:
                    20:ec:65:be:a1:4f:72:40:36:33:59:84:9d:19:2d:
                    4a:6e:a2:f8:39:e4:3c:25:8d:43:5e:3c:53:42:ab:
                    cc:ee:cd:8c:2e:22:40:4a:6c:18:f3:3d:31:85:7f:
                    e5:05:fe:4f:54:9d:9a:62:1a:31:7e:b8:81:01:ef:
                    2e:0c:ac:52:25:0e:1d:40:83:40:3b:1a:2a:11:00:
                    5a:07:69:20:6f:29:8f:64:d7:8f:29:db:7a:5c:9a:
                    0d:60:5d:48:ab:ec:cd:23:3f:e0:77:1c:82:c1:03:
                    d2:01:d6:09:ac:72:28:98:aa:f4:ef:b4:bd:98:69:
                    55:9d:ed:1c:99:7e:1c:3d:64:89:a3:a4:1b:2f:9e:
                    45:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:7E:B7:43:5A:AC:61:0C:41:6E:1B:D2:A8:F2:4B:3E:1E:43:6A:15
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/r363Q1qsYQxBbhvSqPJLPh5DahU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.38.128.0/24
                  46.38.130.0/24
                  212.16.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:13:b2:86:23:18:ce:f6:bb:5f:9d:97:0f:db:c9:12:54:be:
         09:ac:65:25:b7:d2:ea:db:8f:b7:22:b5:6b:5c:78:c3:c5:89:
         f3:53:f9:0d:71:60:9b:ef:3a:15:ba:8f:6a:35:d9:db:bf:bb:
         eb:2a:d7:aa:ce:a0:61:24:59:4a:72:78:73:1e:a6:3a:dc:bb:
         6d:54:ce:95:4a:1d:af:eb:1c:4a:e8:d9:f5:f8:04:f1:29:e7:
         09:db:38:ae:b2:40:8d:e5:71:27:c0:6c:15:b8:8f:03:ce:4a:
         a7:d7:d1:3a:82:7d:98:39:20:ae:a5:e5:24:ae:dc:03:c8:dc:
         ec:bb:a1:39:71:2a:90:d7:1e:70:87:3c:bd:c5:7a:7a:92:bc:
         55:0a:40:f8:5a:de:1e:00:84:9f:d9:46:2d:12:fc:1c:06:54:
         41:11:ce:4f:ba:07:b7:42:0e:ae:da:30:3b:cc:ec:df:9e:2f:
         ea:40:82:00:62:98:a0:ac:04:51:17:af:0a:89:7d:53:8a:4f:
         5a:31:bb:3f:d5:83:2b:c5:2e:8b:da:65:04:4b:dd:4e:91:35:
         08:89:1b:1a:63:bd:a5:8f:e3:cf:e1:bf:b9:cd:06:60:31:6d:
         5b:f3:9f:4e:52:ef:da:49:ae:83:10:76:2f:4d:4b:1f:ab:63:
         5f:08:6a:ab
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQiIAbSR8JqaWZY6DbuuH+zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjUwMTAxMTM0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjdlYjc0MzVhYWM2MTBjNDE2ZTFiZDJhOGYyNGIzZTFlNDM2YTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjZCNr8qhN2uoTEA+QZBaMttWLZb6
z0NzzrETJWvFmieIgQhzNR0ChgM8WHl3lXY/Y+MXJ6P9j43MSW/8YXbaSGv/vxRZ
stpVVpDGYtgJMWqP0yLb2/EMY6dji8pvCNyqO2DVA1omqd7gw7mX/ktIqUMlZIkD
yZsg7GW+oU9yQDYzWYSdGS1KbqL4OeQ8JY1DXjxTQqvM7s2MLiJASmwY8z0xhX/l
Bf5PVJ2aYhoxfriBAe8uDKxSJQ4dQINAOxoqEQBaB2kgbymPZNePKdt6XJoNYF1I
q+zNIz/gdxyCwQPSAdYJrHIomKr077S9mGlVne0cmX4cPWSJo6QbL55FDwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFK9+t0NarGEMQW4b0qjySz4eQ2oVMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvcjM2M1ExcXNZUXhCYmh2U3FQSkxQaDVEYWhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALiaAAwQA
LiaCAwQA1BBQMA0GCSqGSIb3DQEBCwUAA4IBAQA7E7KGIxjO9rtfnZcP28kSVL4J
rGUlt9Lq24+3IrVrXHjDxYnzU/kNcWCb7zoVuo9qNdnbv7vrKteqzqBhJFlKcnhz
HqY63LttVM6VSh2v6xxK6Nn1+ATxKecJ2ziuskCN5XEnwGwVuI8Dzkqn19E6gn2Y
OSCupeUkrtwDyNzsu6E5cSqQ1x5whzy9xXp6krxVCkD4Wt4eAISf2UYtEvwcBlRB
Ec5Puge3Qg6u2jA7zOzfni/qQIIAYpigrARRF68KiX1Tik9aMbs/1YMrxS6L2mUE
S91OkTUIiRsaY72lj+PP4b+5zQZgMW1b859OUu/aSa6DEHYvTUsfq2NfCGqr
-----END CERTIFICATE-----